Proxy Presentation

download Proxy Presentation

If you can't read please download the document

  • date post

  • Category


  • view

  • download


Embed Size (px)

Transcript of Proxy Presentation

Proxy Servers and Application Level Firewalls

Proxy Servers and Application Level Firewalls

Overview of Proxy ServersProxy serversAlso called proxy services, application-level gateways, or application proxiesSpecialized firewall software applicationsEvaluate the application-layer data buried in the data portion of an IP packet Most common to dedicate a device to a single application HTTP for Web traffic, SMTP for e-mail, etc.Proxies can:Conceal the end users in a networkFilter out undesirable Web sitesBlock harmful content

How Proxy Servers WorkFunction as a software go-betweenScreen all traffic into and out of the relevant ports Decide whether to block or allow traffic based on rules set up by the proxy server administratorQuestion: What is a concern with proxy servers?

How Proxy Servers Differ from Packet FiltersCreate much more detailed log file listings than packet filters

Rebuild the packet with new source IP informationShields internal users from those on the outside

Attacks that can start with mangled packet data never reach the internal host

Far more critical to network communications than packet filters

Sample Proxy Server ConfigurationsComputer that has two separate network interfaces, one to the external Internet and one to the internal LAN

Packet filter has an interface on the Internet Configured so that external traffic is allowed to pass only if it is destined for a service provided on the proxy serverSits on the protected side of the perimeter

Benefits of Proxy ServersConceal internal clients from external clientsExternal clients see a single machineCommonly used to share Internet connections

Block URLsBlock users from accessing certain URLsConfigure either IP addresses or DNS namesSecurity policy More effective method of preventing employees from visiting certain Web sitesURLs can easily be changed

Block and Filter ContentConfigure to scan packets for questionable contentJava applets or ActiveX controlsExecutable files attached to e-mail messagesParameters: time, IP address, and port numberAll proxy server products scan the payload of a packet Provide some sort of content-filtering system

Proxy servers provide very complete log filesMost proxy server products can prompt users who connect to the server for a username and password

Configuring Proxy ServersMake sure proxy server has enough capacity If it gets overloaded, client performance will suffer

Must configure the environment properlyConfiguration of the proxy server itself May need to configure each piece of client software that uses the proxy server

Potential security vulnerabilitiesPresent a single point of failure for the networkSusceptible to various forms of attack

Configuring ClientsConfigure each client program to work with the proxy serverSpecify for FTP and Gopher connectionsBrowser can use the SOCKS standard

Configuration file Browsers on your network can automatically retrieve the proxy settings

Types of ProxiesTransparent ProxyTotally invisible to end usersSits between two networks like a routerFirewall intercepts outgoing trafficDirects it to a specific computer, such as a proxy server

Nontransparent ProxyAlso called explicit proxiesRequire that the client software be configuredAll target traffic is forwarded to the proxy at a single target portTypically by means of the SOCKS protocolRequire more labor to configure than transparent proxiesEach client program must be set up to route all requests to a single port Provide greater security than transparent proxies

SOCKS ProxyTotally invisible to end usersSits between two networks like a routerFirewall intercepts outgoing trafficDirects it to a specific computer, such as a proxy server

Reverse ProxiesActs as a proxy for inbound connectionsUsed outside the firewall as a secure content server to outside clientsPrevent direct, unmonitored access to your servers data from outside your companyBenefitsPerformance Cut down on unnecessary requestsReduces the load on the companys Web serverPrivacyStand-in for a Web server can protect sensitive information stored on that Web server that must remain secure

When a Proxy Server Isnt the Correct ChoiceSome organizations find that a proxy server slows down traffic excessively

Might use ISP proxy serverBut better off installing and configuring own proxy server even for small home or business network