Concept of Proxy Server and proxy firewall server

Anand Tue, 08/17/2021 - 10:24

Concept of Proxy server

A proxy server is a computer system or router that functions as a relay between client and server. It helps prevent an attacker from invading a private network and is one of several tools used to build a firewall.

The word proxy means "to act on behalf of another," and a proxy server acts on behalf of the user. All requests to the Internet go to the proxy server first, which evaluates the request and forwards it to the Internet. Likewise, responses come back to the proxy server and then to the user.

How proxy servers work

When a proxy server receives a request for an Internet resource (such as a Web page), it looks in its local cache of previously pages. If it finds the page, it returns it to the user without needing to forward the request to the Internet. If the page is not in the cache, the proxy server, acting as a client on behalf of the user, uses one of its own IP addresses to request the page from the server out on the Internet. When the page is returned, the proxy server relates it to the original request and forwards it on to the user.

Proxy servers are used for both legal and illegal purposes. In the enterprise, a proxy server is used to facilitate security, administrative control or caching services, among other purposes. In a personal computing context, proxy servers are used to enable user privacy and anonymous surfing. Proxy servers can also be used for the opposite purpose: To monitor traffic and undermine user privacy.

To the user, the proxy server is invisible; all Internet requests and returned responses appear to be directly with the addressed Internet server. (The proxy is not actually invisible; its IP address has to be specified as a configuration option to the browser or other protocol program.)

Users can access web proxies online or configure web browsers to constantly use a proxy server. Browser settings include automatically detected and manual options for HTTP, SSL, FTP, and SOCKS proxies. Proxy servers may serve many users or just one per server. These options are called shared and dedicated proxies, respectively. There are a number of reasons for proxies and thus a number of types of proxy servers, often in overlapping categories.

Concept of proxy firewall server

A proxy firewall is the most secure form of firewall, which filters messages at the application layer to protect network resources. A proxy firewall, also known as an application firewall or a gateway firewall, limits the applications that a network can support, which increases security levels but can affect functionality and speed. 

Traditional firewalls are not designed to decrypt traffic or inspect application protocol traffic. They typically use an intrusion prevention system (IPS) or antivirus solution to protect against threats, which only covers a small fraction of the threat landscape that organizations now face.

A proxy server addresses this gap by providing a gateway or intermediary between computers and servers on the internet to secure data that goes in and out of a network. It determines which traffic should be allowed and denied and analyzes incoming traffic to detect signs of a potential cyberattack or malware. A proxy server firewall caches, filters, logs, and controls requests from devices to keep networks secure and prevent access to unauthorized parties and cyberattacks.

How Do Proxy Firewalls Work?

A proxy firewall is considered the most secure form of firewall because it prevents networks from directly contacting other systems. It has its own Internet Protocol (IP) address, which means an external network connection cannot receive packets directly from the network. 

A proxy firewall works by providing a single point that enables organizations to assess the threat level of application protocols and implement attack detection, error detection, and validity checks. It uses tactics like deep packet inspection (DPI) and proxy-based architecture to analyze application traffic and discover advanced threats.

A proxy network will likely have one computer directly connected to the internet. Other computers in the network access the internet by using the main computer as a gateway, which enables the proxy to cache documents requested by multiple users. A user attempting to access an external site through a proxy firewall would do so through this process:

  1. The user requests access to the internet through a protocol such as File Transfer Protocol (FTP) or Hypertext Transfer Protocol (HTTP).
  2. The user’s computer attempts to create a session between them and the server, sending a synchronize (SYN) message packet from their IP address to the server’s IP address.
  3. The proxy firewall intercepts the request, and if its policy allows, replies with a synchronize-acknowledge (SYN-ACK) message packet from the requested server’s IP 
  4. When the SYN-ACK packet is received by the user’s computer, it sends a final ACK packet to the server’s IP address. This ensures a connection to the proxy but not a valid Transmission Control Protocol (TCP) connection.
  5. The proxy completes the connection to the external server by sending a SYN packet from its IP address. When it receives the server’s SYN-ACK packet, it responds with an ACK packet. This ensures a valid TCP connection between the proxy and the user’s computer and between the proxy and the external server.
  6. Requests made through the client-to-proxy connection then the proxy-to-server connection will be analyzed to ensure they are correct and comply with the corporate policy until either side terminates the connection. 

This process ensures a highly secure network that provides deep inspection of the contents of every packet that flows in and out of a network.

 

Examples of a Proxy Firewall's Work

Proxy servers are often implemented through bastion hosts, which are systems likely to come under direct cyberattack. Proxy firewalls monitor network traffic for core internet protocols, such as Layer 7 protocols, and must be run against every type of application it supports. These include Domain Name System (DNS), FTP, HTTP, Internet Control Message Protocol (ICMP), and Simple Mail Transfer Protocol (SMTP).

A proxy firewall is essentially a go-between for every connection on a network. Every computer on the network establishes a connection through the proxy, which creates a new network connection. For example, if a user wants to visit an external website, then packets are processed through an HTTP server before they are forwarded to the requested website. Packets from the website are then processed through the server before being forwarded to the user.

Proxy firewalls centralize application activity into one single server. This enables organizations to inspect packets for more than simply source and destination addresses and port numbers. As a result, most firewalls now have some form of proxy server architecture. 

Proxy firewalls will often be deployed within a set of trusted programs that support a specific application protocol. This ensures complete analysis of the protocol’s security risk and offers enhanced security control than is possible through a standard firewall. 

Advantages and Disadvantages of Proxy Firewalls

Proxy firewalls offer advanced network security levels, but at the same time, can impact network speed and performance.

Advantages

The main goal of a proxy firewall is to provide a single point of access. This enables organizations to assess the level of threat posed by application protocols, effectively detect threats, and check the validity of network traffic. A proxy firewall also enables refined setup control, which allows organizations to fine-tune it to their network needs and corporate policies.

A proxy firewall also prevents direct connections between a user’s computer and the external sites they want to visit, which offers substantial security benefits. It offers one of the most secure network connections possible because it provides deep inspection of every data packet in and out of a network. This ensures organizations can prevent the most sophisticated and high-risk malware attacks.

Disadvantages

Despite the extra security a proxy firewall offers, there are drawbacks to the approach. One of the main disadvantages is that a proxy firewall creates a new connection for each outgoing and incoming packet. This can result in the firewall creating a bottleneck in traffic flow, significantly slowing down the process and negatively affecting network performance, and creating a single point of failure. Some proxy firewalls might only support particular network protocols, which limits the applications that the network can support and secure.