Secure HTTP/HTTPS Proxy
The common industry practice where networks are partitioned into security zones using conventional firewalls creates a problem for HTTP and HTTPS users, requiring them to choose between two equally unacceptable alternatives: prevent HTTP and HTTPS from passing through the firewall, accepting limited ability to access the devices beyond, or allow HTTP and HTTPS to pass through the firewall, accepting the associated security risks.
ZoneRanger resolves this dilemma, acting as a transport-layer proxy for HTTP and HTTPS traffic, enabling management applications to extend their reach beyond firewalls, while mitigating the associated security risks in a variety of ways:
- ZoneRanger effectively breaks the underlying TCP transport connection that carries the HTTP and/or HTTPS traffic into two connections, helping to protect the management application from TCP-based attacks.
- ZoneRanger allows management applications to originate HTTP or HTTPS sessions with managed devices, but connections in the reverse direction are not allowed.
- ZoneRanger can be configured to restrict HTTP and HTTPS traffic to specified devices and ports.
- ZoneRanger can be configured to perform destination port translation, allowing management applications to initiate HTTP or HTTPS sessions using standard well-known ports, to devices that have been configured to use non-standard ports as a security precaution (i.e. to fool/confuse port scanners).
- NetFlow / sFlow
- TACACS+ / RADIUS
- Telnet / SSH