Proxy Servers

January 9, 2008

A proxy server, also known as an application gateway, provides protection for your network at the application layer. Although packet filters make decisions based on the header information in a packet, they do not understand the application protocols, such as FTP or HTTP. Because of this, it’s relatively easy for a hacker to exploit known problems with application protocols, and problems can ensue if the packet filter allows the packet to enter the network.

A proxy server can perform this function by managing connections to and from the outside world. A proxy server acts as a “man in the middle” by accepting requests for an application for your users and making that request for them. A proxy server never allows a packet to pass through the firewall; instead, a proxy server follows these steps:

1. Receives an outgoing request from one of your users. It creates a new packet and substitutes the proxy server’s own address as the source address, replacing the user’s actual source address.
2. The proxy server sends this new packet out onto the Internet on behalf of the user.
3. When a response is received from the Internet server, the proxy server examines the packet to determine whether the data contained in the packet is appropriate for the particular application. If so, it creates a new packet, inserts the data, and place the Internet server’s address in the source address field. The packet then is sent back to the original user.
4. The user receives the packet and assumes that it’s actually communicating directly with Internet server – after all, it has the correct addressing information in the header.

Proxy servers also can be used to provide authentication, logging, content filtering, and other security measures. There are two kinds of proxy servers: classical proxy servers and transparent proxy servers.

A Classical Proxy Server can be used with any application. The user needs to take a few extra steps to use the proxy server because the application itself was not written to understand the proxy process. A classical proxy server works in the following manner:

1. A client executes a command, such as the Telnet command, to connect to the proxy server.
2. The proxy server receives this request and sends a packet back to the user, prompting for authentication information, such as a username and password.
3. The user interacts with this man-in-the-middle by entering the required information.
4. If the proxy server has been configured to allow this user to make use of the service, it prompts the user to enter the target system for the service.
5. The proxy server proceeds to create a packet containing the Telnet request, and sends it out onto the Internet. The Internet server sends back a packet requesting a password (if required) for the service.
6. The proxy server prompts the user to enter the password and passes it back to the Internet server. If the authentication succeeds, the proxy server begins operating as described earlier, by intercepting packets to and from the Internet server, substituting its own address for the user’s address when sending packets to the Internet server, and substituting the Internet server’s address for packets returned to the client.

A Transparent Proxy Server works a little differently. In this case, the application is modified so that it understands that a proxy server is being used. For this to work, you must tell the application the address of the proxy server for each service you want to use.


Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: