1) how good is the idea to use of reverse proxy as a layer of defense while accessing a web portal .
It is a good only if you implement it properly. It certainly plays a
major role in the layered-defense of the web portals.
5) What are some best known and used Revrse Proxy products apart from the well known open source one .
This mainly depends on your user base. Is this a webportal that will
be accessible by anyone in the world or is limited to an enterprise.
For limited single enterprise use:
Take a look at Citrix solutions (URLs below). They have the Netscaler
product which might fit you needs. It is a essentially a SSL VPN
solution.
Another possible solution is to use graphical firewall. This is useful
if you really want to secure the your Datastore. In a graphical
firewall the content never gets transmitted to the client, instead
just the pixel that represent the content get transferred. Citrix can
provide this graphical firewall.
The Citrix Presentation server + HTTP server (WebPortal) + DataStore
will be inside the firewall. You open only one port (ICA protocol) on
the firewall that connects to the Citrix server. Publish Firefox on
the Citrix server such that it can only access the web application and
nothing else.
Then the user outside the firewall will use the web based / java based
/ active X based ICA client to access the published the firefox with
your web application. One key thing to note is that the user is only
seeing the graphical output of the web app, so it is a lot more secure
then pushing actual content out to the user's browser.
saqib
http://www.full-disk-encryption.net
