this post was submitted on 25 Dec 2023
31 points (97.0% liked)

homelab

6720 readers
5 users here now

founded 4 years ago
MODERATORS
 

Without SSL on the LAN side of a reverse proxy, I presume that all traffic between the server and the reverse proxy is unencrypted and, thus, accessible to any device on the LAN.

Which specific scenarios result in this being a concern? The primary concern that I can come up with is if you know that there are untrustworthy entities connected to the LAN (untrustworthy devices, or perhaps malicious individuals).

you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 5 points 1 year ago

One use case I've seen professionally is that if you're in a datacenter shared with other people, one could easily plug a laptop or change your switch ports or whatever and see your database traffic or whatever. Or in the case of the cloud, it makes it so nobody can snoop on your traffic at the router or hypervisor level.

I've seen VMs getting traffic they shouldn't be getting, so even if you trust your provider, bugs happen.


On smaller, regular LAN, some devices are pretty innocent on their own but may have vulnerable firmware and become part of a botnet, which then can be used for attacks like ARP spoofing.

I've had a conference room IP phone with a public IPv6, from another country, that triggered CPU warnings. It was being used to crawl our website and it was hitting some heavier pages and was trying all sorts of known exploits.


On my own home LAN, I just have VLANs and SSIDs based on trust level, but for the most part nothing that would be sensitive. I guess you could copy all of my Linux ISOs.