Scribd
Upload
784 views

Proxy Server

Proxy servers sit between a local network and an external network. They act as an intermediary for requests from the local network, hiding the internal IP addresses and improving performance through caching of frequently requested files. Proxy servers can be transparent, where the connection is proxied without the parties' knowledge, or opaque, where client software must be configured to use the proxy. Circuit-level proxies use the SOCKS protocol to establish TCP connections and relay UDP data for applications that require a direct connection like media players or IRC clients. Proxy servers provide anonymity, filtering, and security but introduce a single point of failure and require client configuration.

Uploaded by

ambrose
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPT, PDF, TXT or read online on Scribd
784 views

Proxy Server

Proxy servers sit between a local network and an external network. They act as an intermediary for requests from the local network, hiding the internal IP addresses and improving performance through caching of frequently requested files. Proxy servers can be transparent, where the connection is proxied without the parties' knowledge, or opaque, where client software must be configured to use the proxy. Circuit-level proxies use the SOCKS protocol to establish TCP connections and relay UDP data for applications that require a direct connection like media players or IRC clients. Proxy servers provide anonymity, filtering, and security but introduce a single point of failure and require client configuration.

Uploaded by

ambrose
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPT, PDF, TXT or read online on Scribd
You are on page 1/ 12

By

Poonarjeev Ambrose
B16IT001
Proxy Servers
 Part of an overall Firewall strategy
 Sits between the local network and the external network
◦ Originally used primarily as a caching strategy to minimize
outgoing URL requests and increase perceived browser
performance
◦ Primary mission is now to insure anonymity of internal users
 Still used for caching of frequently requested files
 Also used for content filtering
 Acts as a go-between, submitting your requests to the
external network
◦ Requests are translated from your IP address to the Proxy’s IP
address
◦ E-mail addresses of internal users are removed from request
headers
◦ Cause an actual break in the flow of communications
Performance Aspects
 Caching
 By keeping local copies of frequently accessed file the proxy can
serve those files back to a requesting browser without going to
the external site each time, this dramatically improves the
performance seen by the end user
 Only makes sense to implement this at the ISP rather than the
small business level because of the number of pages available
 Because of dynamic content many pages are invalidated in the
cache right away
 Load balancing
 A proxy can be used in a reverse direction to balance the load
amongst a set of identical servers (servers inside the firewall and
users outside)
 Used especially with web dynamic content (.asp, .php,.cfm,.jsp)
Transparent / Opaque
 Transparent – both parties (local/remote) are unaware that
the connection is being proxied
 Zorp - application layer proxy is transparent

 Opaque – the local party must configure client software to


use the proxy
 client software must be proxy-aware software
 Netscape proxy server is opaque

 With all of the things modern firewalls can do in the area of


redirection you could configure the firewall to redirect all http
requests to a proxy
 no user configuration required (transparent)
Circuit Level Proxies
 Since some protocols require a real connection between
the client and server, a regular proxy can’t be used
◦ Windows Media Player, Internet Relay Chat (IRC), or Telnet
 Circuit-level proxy servers were devised to simplify matters.
◦ Instead of operating at the Application layer, they work as a "shim" between
the Application layer and the Transport layer, monitoring TCP handshaking
between packets from trusted clients or servers to untrusted hosts, and vice
versa. The proxy server is still an intermediary between the two parties, but
this time it establishes a virtual circuit between them.
 By using SOCKS (RFC 1928) this can be done
◦ SOCKS defines a cross-platform standard for accessing circuit-level proxies
◦ SOCKS Version 5 also supports both username/password (RFC 1929) and
API-based (RFC 1961) authentication. It also supports both public and
private key encryption.
◦ SOCKS 5 is capable of solving this problem by establishing TCP
connections and then using these to relay UDP data.
SOCKS based Proxying
 RFC 1928
 Not a true application layer proxy
 SOCKS protocol provides a framework for developing
secure communications by easily integrating other security
technologies
 SOCKS includes two components
◦ SOCKS server
 implemented at the application layer
◦ SOCKS client
 implemented between the application and transport layers
 The basic purpose of the protocol is to enable hosts on one
side of a SOCKS server to gain access to hosts on the
other side of a SOCKS Server, without requiring direct IP-
reachability.
 Copies packet payloads through the proxy
Socks Architecture
Socks Functionality
Advantages
 Terminates the TCP connection before relaying to target host (in and
out)

 Hide internal clients from external network

 Blocking of dangerous URLs

 Filter dangerous content

 Check consistency of retrieved content

 Eliminate need for transport layer routing between networks

 Single point of access, control and logging


Disadvantages
 Single point of failure
 if the proxy dies , no one can get to the external network

 Client software must usually be designed to use a proxy

 Proxies must exist for each service

 Doesn’t protect the OS


 proxies run at the application level

 Usually optimized for performance rather than security


Conclusion

 Use a Real Firewall

 Disable Routing

 Secure the Base Operating System


 harden the OS
Thank
you

You might also like