Implement a reverse proxy to secure corporate data

The reason your Web server exists is to enable untrusted, unknown hosts to connect to the machine and retrieve information or conduct business with your company. While you can't deny this untrusted connection, you can secure it.
Just because you must maintain a presence on the Internet doesn't mean that you can ignore network security and allow anyone to directly connect to this high-profile target. It's vital that you take steps to secure these public-facing Web servers, and reverse proxies are your best line of defense.

Let's look at how reverse proxies work. An unknown client opens a browser and enters the URL of your Web site. DNS or Network Address Translation (NAT) at your firewall or router redirects the Web content request to the reverse proxy.
The reverse proxy then checks its cache for the request and sends the content to the unknown client. Or the reverse proxy sends a request to the Web server for content and sends the request back to the unknown client.
Using this model, reverse proxies can provide a boost in performance; the Web server doesn't need to handle any transactions that already reside in the reverse proxy cache. And at the same time, this process better secures your Web servers.
Web server vulnerabilities surface on a fairly regular basis. Most corporate Web sites implement a database back-end that stores the Web content or financial information for Web clients.
You can create another security layer for your data by leaving "trusted" content servers on your internal network and placing the reverse proxy in your demilitarized zone (DMZ). This isolates public servers from private "trusted" servers. This additional security layer forces an attacker to attack the proxy because the firewall allows only the proxy to communicate with the Web content servers.
Most high-end reverse proxies run a proprietary operating system and are immune to Web server attacks, regardless of the type of Web server they protect. An attacker would have to discover the type of reverse proxy you're running and then successfully compromise that machine. And in the event of a successful hack, the black hat will only have access to information involved in a single transaction, rather than to the internal trusted database.