Important Security Information - Nortel 1000 Release Note

Important Security Information

Important Security Information
16 Release Notes
Improper configuration of the Application Gateway can result in a
security risk. Before you deploy the Application Gateway, verify that it
does not have access to protected intranet sites.
Be aware of the following security considerations:
Protected servers
•
Do not put the Application Gateway on the same subnet as protected
servers if the Application Gateway is configured to proxy all web
pages. As a result, the Application Gateway will provide access to
computers on the same subnet as the web servers that are configured
to work with the Application Gateway. For example, suppose an
Application Gateway has an external IP address of 24.221.1.1 and an
internal IP address of 192.168.1.31. On the same subnet, you have an
intranet server protected from outside access, with an IP address of
192.168.1.20. You can access all ports on the protected intranet server
through the Application Gateway by using this URL:
http://24.221.1.1/http://192.168.1.20.
IP phone/Application Gateway connection
•
We recommend that you locate the connection between an IP phone
and the Application Gateway behind a firewall.
SSL to non-SSL redirects
•
When a web page in Design Studio is redirected to an SSL site (HTTPS)
from a non-SSL site (HTTP), the connection between Design Studio
and the Application Gateway is not secure. We recommend that you
locate the connection between Design Studio and the Application
Gateway behind a firewall.