This essay has been submitted by a student. This is not an example of the work written by our professional essay writers.
Abstract- Proxy servers or known as proxy services, application-level gateways and application proxies is software that functions on behalf of end users within a network, reading the data part of IP packets and acting on behalf of the end users. Proxy servers receive requests and passes on replies. In the process, the gateway shields internal hosts from direct contact with external hosts on the Internet.
What is a proxy server?
Proxy severs have been around for quite a while now. Most likely, the history of proxy servers dates back to the beginnings of networking and the internet itself. Proxy servers were originally developed as a tool for caching frequently accessed Web pages. A proxy server is a server that acts as an intermediary for requests from clients seeking resources from other servers. A client connects to the proxy server, requesting some service, such as a file, connection, web page, or other resource, available from a different server. The proxy server evaluates the request according to its filtering rules. It may filter traffic by Internet Protocol (IP) address or protocol. If the request is validated by the filter, the proxy provides the resource by connecting to the relevant server and requesting the service on behalf of the client. A proxy server may optionally alter the client's request or the server's response, and sometimes it may serve the request without contacting the specified server. In this case, it 'caches' responses from the remote server, and returns subsequent requests for the same content directly.
How Proxy servers work
Proxy servers functions as a middle-man (See Figure 1.) between the public internet and internal network. An example is an internal host makes a request to access a website. The request goes to the proxy server, which examines the packet including the header and data against rules that are pre-configured by the administrator. The proxy server recreates the packet with a different IP address. The proxy server then sends the packet to its destination (the IP has now changed to by the proxy server to the receiver). The returned packet is sent to the proxy server which inspects the packet again and compares the packet against the rule base. The returned packet is rebuilt by the proxy server after inspection and sent to the originating host appearing as if it has been sent by the external host and not the proxy server.
A proxy server uses ports to filter connections between your computer and other networks. When you set your internet to use a proxy, your computer's data is sent to the proxy to be filtered, rather than directly to the internet (See Figure 2.).
Example of a proxy server.
In turn, the proxy server receives the data, filters it for you and then sends it to the internet using a different port. Proxy servers use network addressing schemes to show one general IP address to the filter-out network. The proxy server acts like a funnel; it takes a lot of information from various sources, and filters it all into one specific address. Proxy servers can also be used backwards, as a way to restrict your computer from reaching certain places on the internet. Proxy servers are capable of performing many complex tasks such as masking an IP address. Every computer is assigned an IP address. Proxy servers allow you to go through them in order to mask your computer info. Once you are connected to a proxy, it filters your IP address and masks it as a different IP address. Web pages will not load as fast due to the fact that the data is being filtered each time you request a web page. All that is required is that you find a proxy, enter the information about the proxy, and activate it. There are several different types of proxy servers, designed for different purposes.
Example of Web traffic.
Functions and different types of proxy servers
The different types of proxy servers are WinProxy, Caching proxy server, Web proxy/content filtering web proxy, Anonymizing proxy server, Transparent and non-transparent proxy server, Intercepting proxy server, and Forward proxy/Reverse proxy server.
WinProxy is one of the most popular proxy servers available for Windows based services. WinProxy is so popular because it requires that no software has to be installed on the client systems. How to configure Winproxy:
1) Install the Transmission Control Protocol and Internet Protocol (TCP/IP) on all systems connected to the network.
2) Run the Install Wizard. The first screen is the product registration screen which requires you to enter the product key.
3) The next two screens require information about your Internet connection. Select the type of connection and the name of your connection.
4) Enter the username and password of the Internet connection to be used.
WinProxy then configures the internal and external IP addresses. It automatically assigns a unique address to each device on the Local Area Network (LAN) as internal addresses. The IP address assigned to the modem/router by your Internet Service Provider (ISP) is taken as the external address. WinProxy then prompts you to disconnect from the Internet if you are already connected. In the final step, WinProxy works through all the steps and verifies that all operations have been performed properly.
Caching Proxy Server
Caching proxies were the first kind of proxy server. Caching proxy server speeds up service requests by recover content saved from a previous request made by the same client or even other clients. These servers keep local copies of frequently requested resources. This allows large organizations to reduce their upstream bandwidth usage and cost, but it also increases performance. Caching proxy servers are the most common type servers that ISP's and large businesses use. They were the first kind of proxy server. These kind of servers help reduce the cost of hardware.
Proxy Server performs two types of caching, passive caching and active caching. Passive caching occurs on behalf of every Web Proxy service request for content. As browsers request content, the service consults the cache to see whether a current copy of the object exists. If no copy exists, the service downloads a fresh copy from the Web server and serves it to the client. Active caching is caching that the proxy server performs during its idle periods. This proxy server proactively downloads the most frequently requested pages your local proxy server cache learns. Caching proxies provides large organizations to significantly reduce their upstream bandwidth usage and cost. Poorly implemented caching proxies have had downsides, they may have an inability to use user authentication. These are known as http proxy/caching problems.
A web proxy is the heart if the World Wide Web traffic. It is commonly used to serve as a web cache. (Is the caching of web documents to reduce bandwidth usage, server load, and lag). Some proxy programs provide the means to deny access to Uniform Resource Locator (URL) in a blacklist, which provides content filtering. These proxies are mostly used in corporate, educational or library environment, or anywhere that content filtering is needed.
Content Filtering Webproxy
A content filtering web proxy server provides administrator control over the content that may be relayed through the proxy. Content methods used for content filtering include URL or Domain Name System (DNS) blacklist, URL regex filtering, Multipurpose Internet Mail Extensions (MIME) filtering, or content keyword filtering. A content filtering filter can handle user authentication, which controls web access. They can also generate logs that give detailed information about URLs accessed by specific users, and they can monitor bandwidth usage statistics. Another good feature is the ability to communicate with daemon based and Internet Content Adaptation Protocol (ICAP) based antivirus software to provide security against virus and other malware that scans incoming content in real time before it enters the network.
This server provides administrative control over the content that may be relayed through the proxy. A content filtering proxy will often support user authentication, to control web access. It also usually produces logs, either to give detailed information about the URLs accessed by specific users, or to monitor bandwidth usage statistics. Content filtering is commonly used in both commercial and non-commercial organizations to ensure that internet usage is under the acceptable use policy.
Anonymizing Proxy Server
Anonymous proxy server generally tries to utilize unidentified web surfing. There are different variations of anonymizers. The most used anonymizers is the open proxy. They are more difficult track, and open proxies are good for those that are seeking anonymity. Some users are only interested in anonymity for added security, by hiding their identities from potentially malicious websites. An anonymizing server works by receiving the server request from the anonymizing server, but the other server doesn't get information about the end user's address. Even though, the requests are not anonymous to the anonymizing server, which adds a level of trust.
Transparent and non-transparent proxy server
A transparent proxy is a proxy that does not modify the request or response beyond what is required for proxy authentication and identification. A non-transparent proxy is a proxy that modifies the request or response in order to provide some added service to the user agent, such as group annotation services, media type transformation, protocol reduction, or anonymity filtering. Transparent proxy servers have a security flaw that was published by Robert Auger 2009 and advisory by the Computer Emergency Response Team (CERT) was issued listing dozens of affected transparent and intercepting proxy server.
Intercepting proxy server
An intercepting proxy server adds a proxy server with a gateway or router. The connection is made by the client browsers through the gateway are diverted to the proxy without the client side configuration. Connections may also be diverted from a server or other circuit level proxies. Intercepting proxies are commonly known as a transparent proxy or forced proxy, because the existence of the proxy is transparent to the user, or the user is forced to use the proxy regardless of the local settings.
Forward proxy/Reverse proxy server
Forward proxies are proxies that are able to retrieve from a wide range of sources, mostly the anywhere on the internet. Reverse proxies are more specialized sub types of the general forward proxy concept. A reverse proxy is a proxy server that is installed near one or more web servers. All traffic coming from the internet and with a destination of one of the web servers goes through the proxy server. The use of reverse originates in its counterpart forward proxy since the reverse proxy sits closer to the web server and serves only restricted set of websites.
GOALS OF PROXY SERVER
When implementing a proxy server into the company's environment, you have to consider the goals that proxy systems can help the company achieve. Some of these goals are concealing internal clients, blocking and filtering URLs or content, E-Mail protection, improving performance, ensuring security and providing user authentication.
Concealing Internal Clients
One of the biggest benefits a company can achieve by using a proxy server is its ability to conceal internal clients from external clients who try to gain access to the internal network. For Example, three internal hosts with IP address 10.1.1.1, 10.1.1.2 or 10.1.1.3. When the internal hosts make a connection to the external hosts, the external hosts will see the IP address of 208.84.211 which is the proxy server. This process acts like Network Address Translation (NAT), however, unlike NAT proxy servers rebuild the packets and sends to its destination.
Blocking and Filtering Content
Many organizations have strict Internet policies regarding offensive material and employees accessing particular sites during certain hours. For instance, proxies can block and filter this kind of traffic including entertainment, pornography or gaming sites. This can greatly enhance bandwidth in a network.
Most people believe using a proxy server is just for web access; however it can be used to protect the internal Exchange server. For example, a message is sent from an internal user through the Exchange server. The Exchange forwards the message to the Simple Mail Transfer Protocol (SMTP) server. SMTP is used to send mail between servers, which is located in the Demilitarized Zone (DMZ). A DMZ is a network of publicly accessible servers, such as a Web server, that is connected to the firewall but isolated from the internal network. The SMTP server will, strip out the IP source address, then rebuilds the packet and forwards to the external source. External sources will not see the source IP but the "proxy server", which will greatly reduce viruses and spam.
Most people also believe that, proxies slow down a network and provide a single point of failure. However, proxy servers can enhance a networks performance by caching Web pages. Cache is a section of disk space on a drive reserved for storage when applications need resources. Instead of accessing the original Web page for every request (which can cause the network traffic to increase), an internal user can access a cached copy of a Web page. This load balances the Web server, which does not have to keep retrieving the same documents.
Another benefit of using proxy servers is their ability to provide detailed log file information because all data goes through a single checkpoint. A log file contains information about access and events that have occurred on a server, operating system, or specific application. Log files are one of the most important and often-neglected sources of information. If neglected and used improperly, the log file can grow which can become very huge and it should only log the services you consider to be critical. Proxy servers provide a reliable way to monitor network traffic.
Recongizing the Single point of Failure
If a proxy server crashes or fails, because of attackers then your entire network will not have access to the Internet. This problem just does not exist in proxies, however your entire network from firewall, routers and servers. The best way to protect your network from a single point of failure is to have redundancy with load balancing. Load balancing is balancing the load of requests through another proxy server, based on the best response time and lightest load for the request.
Deployment of proxy server
There are various methods when it comes down to how a proxy server will be deployed, because there are so many different types of proxy server they all do not follow the same steps in the deployment phase.
There is the deployment that requires the use of a Group Policy Editor on a Windows domain controller. What this does is that will deploy the proxy settings to all your machines on your network with the use of the Group Policy Editor. First step needed to take would be to login to your domain controller and go to your Group Policy Management also can be found in the Administrative tools.
The Group Policy Management console will load a domain list in your organization; there is a possibility that more than one domain to be shown within your company because there are companies that do have more than one domain. Once your domain is loaded then you will proceed to configure the group policy.
When entering a group policy you will need to right click on the Default Domain Policy then selecting Edit. After selecting Edit, the group policy option will appear for, and then the User Configuration will need to be modified in order to configure the group policy proxy settings. Depending on which proxy script you will be using different settings will need to be modified for each one.
With the standard proxy settings you will need to make sure that the Enable proxy settings is selected as well as the "Use the same proxy server for all addresses is selected". If using the Automatic proxy configuration settings then assure that "Automatically detect configuration settings" and "Enable Automatic Configuration" are both selected.
Example of Standard.
Example of Automatic.
Blocking and Filtering Content
As mentioned before there are different types of proxies that are configured and deployed differently than one another. Some other proxy servers are Transparent Proxy, Anonymous Proxy, Distorting Proxy, High Anonymity Proxy, and these four proxies are referred to the most. They will all differ in their deployments such as the explicit Proxy deployment and the Transparent Proxy deployment.
With an explicit proxy deployment it will ease web requests from users. The explicit proxy deployment is intended for simplistic networks or small companies with low amount of users. This type of configuration is not complex it only needs some small network configurations and you're done. Because it doesn't require too much work with the network it will make much easier to troubleshoot when you run into break fix issues, and that's its greatest advantage.
Explicit proxy deployment can be done by manually configuring each user's or client's browser to send requests directly from the proxy. The proxy may also be configured automatically; the way this is done is by configuring the proxy to download the configuration instructions from a Proxy Auto-Configuration (PAC) file. The PAC is considered to be the method for the deploying of explicit proxies because it ease you job all you need to have is a group policy pointing to the PAC file and its complete. One other method to deploy this proxy is by Web Proxy Auto-Discovery (WPAD), this process downloads the configuration instructions through an Auto-Discovery server.
For the transparent proxy deployment, the client software is never informed that it is communicating with a proxy. The software being the browser most of the time, users do not notice any difference in their internet requests, they make their requests and the proxy provides them with what they requested. In order to successfully deploy a transparent proxy then the feature that permits the proxy's static bypass must be set to work.
The transparent proxy has a requirement of having at least one more network device implemented. Because of the network device it makes the deployment much more complex than the explicit proxy deployment. The implementation of another device in the transparent proxy deployment will cause a few stumbles in the process. When it comes to devices, you will more than likely run into compatibility issues and make it tougher to have all the devices work together in an efficient manner. This proxy deployment calls for a administrator that possesses high network expertise to build and overlook the network.
Timeline to Deploy Proxy Server
Examine the existing network and see what Operating System is being implemented
The first week involves the implementation of a Proxy server
The basic preparation of the proxy server:
- Where the proxy server will be installed
- When will the Proxy be installed
- How will the proxy be installed
When will be the best day to implement the Squid Proxy Server (Week 8)
Find out the funding of the Squid Proxy Server
The proxy server is an additional server on the network,
we will have to properly shutdown the entire server (Over the weekend):
- Shut off the Stored Area Networks (SAN)
- Shut off the Citrix Server
- Shut off the SQL Server
- Shut off the Security server
- Shut off Administration server
- Shut off Security server
Shut down entire server and install a TEST Squid Proxy Server
Create Local testing environment
Configure the Squid Proxy Server to listen for proxy server
requests from internal IP addresses
Establish the Squid Proxy Server on port 8080
Configure Squid Cache Proxy on Linux Fedora Core,
Backup Squid configuration files:
Edit the squid.conf, the Squid Cache Proxy configuration file
Improve Squid performances
Set Proxy to find DNS servers
Adding aux port:
Adding Internal network to ACL:
Step-by-step how to start and using Squid for the first time
Step by step example, start, stop and automatic restart Squid proxy server
Step-by-step configure client browser to use Squid Cache Proxy
After testing the Test Squid Cache Proxy install the Final Squid Cache Proxy
Train and teach the Network Engineers of the network
Teach them how to patch the server for updates
Leave your contact information so that if they have any questions to have yout POC
Example of Automatic.
For this project our team would advise using the content filtering web proxy. It supports user authentication which would control the web access. Also, content filtering web proxies have the ability to produce logs about the different URL's that are accessed by the different users. That would be a good way to monitor what the users of the organization are accessing. Also, the proxy server should be a standalone service if hosting other applications can cause a significant reduction in Web browsing. Another reason why is that it can protect the organization from viruses and malware by scanning the incoming content in real time before it enters the network.
Proxies will examine the packets before allowing it through and if they find something which they see as if it is a risk they will block it. They also keep machines behind it anonymous, speed access to resources, log, audit usage, scan transmitted content.
By implementing proxy servers you can reduce the risk of malicious code and prevent intrusion attacks. However, you cannot rely on one layer of security; the best practice is to create multiple layers achieving each layer harder than the previous.