A security platform connected to a
private network permits access to the
private network from a
public network (such as
the Internet) through a variety of mechanisms. A
reverse proxy system operating as part of the security platform provides access to web-enabled applications from a browser connected to the
public network. The
reverse proxy rewrites requests and responses so that the browser directs requests to the
reverse proxy, from which the requests can be directed to the appropriate
server on the
public network or the
private network. Responses come back to the reverse proxy, and are then forwarded to the browser. An SSL tunneling
system permits fat clients to access the private network through an SSL connection. The SSL tunneling
system employs a
server component operating on the security platform and components downloaded to the
client computer from the security platform. The
client components include a control component operating in a browser window, a
server-proxy component that sets up secure communications with the private network, and an adapter component between the server-proxy and the
fat client. The adapter component operates in kernel space. Data is directed from the
fat client to the adapter, and then forwarded to the server-proxy; data from the server-proxy is directed to the adapter, and then forwarded to the
fat client. Security is provided through the use of multiple
authentication realms, each of which provides a set of
authentication stages for authenticating users and providing
client integrity validation.