As your business becomes more mature in its approach to Cyber Security you may have a business objective to expose certain web services to the internet, Microsoft Outlook Web Access and ActiveSync being examples.

Although trivial to expose such services via standard perimeter firewall rules, it has become increasingly risky to do so without having extra layers of defence in place to protect business data from abuse.

One method to provide secure access to a web application is to use a Reverse Proxy. Acting as a broker service between the internet-based client (web browser, mobile device etc) and the internal web server the client is able to connect without having any direct line-of-sight to it. Encrypted inbound connections are terminated on the Reverse Proxy and then re-initiated as a separate connection to the server. This two-step process maintains trust between the client-to-proxy and proxy-to-server connections, whilst at the same time reducing exposure.

An additional layer of filtering of inbound traffic can be performed using something called a Web Application Firewall. The Web Application Firewall (WAF) is able to “harden” the traffic that is being sent to the web server, such that any non-legitimate traffic should never reach the internal network.