ISSM 535Q Week 3B PDF

Firewall Fundamentals
ISSM 535Q
Week 3B
Proxy Servers and Application-level
Firewalls
© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company

www.jblearning.com
All rights reserved.
Learning Objective
▪ Understand how proxy servers can acts as an
Intermediary.
▪ Understand what proxy servers are, how they
work and in what ways they are vulnerable.
▪ Determine what type of proxy server will best
meet your organization goals.

Network Security, Firewalls, and VPNs www.jblearning.com Page 2
Key Concepts
▪ Good concepts of different proxy protocols.
▪ Benefits of proxy server
▪ Types of proxy servers
▪ Proxy server configuration
▪ Difference between Application-level proxy and
Deep packet Inspection.

Proxies
▪ It acts as intermediary between two end systems.
▪ It is also called Proxy servers, Proxy firewall or

Application proxy.
▪ It operate at the application layer of a connection

by forcing both sides of the conversation to
conduct the communication through the proxy.
▪ It avoid direct communication between client and

the server.

Application Layer of an IP Packets
Reference: “Guide to Firewalls, VPNs, 3rd Edition”

Proxy Servers
Some TCP/IP application protocols already have
some specific services that follows this form of
network communication. Examples are:
▪ A DNS Resolver for Name service
▪ A SMTP Proxy for Email
▪ HTTP Proxy for Web Service
▪ An FTP Proxy for File Transfer

Proxy Servers
▪ If there are no proxy capabilities for a specific
service running on the firewall,
▪ the firewall utilized other technology like circuit-

level filtering commonly known as SOCKS generic
proxy.
▪ It is mostly common to dedicate a device to a

single application service to prevent the device
from overwhelmed when dealing with multiple
protocols.

Advantages of Proxy Firewalls over
Packet Filter Firewalls
▪ A proxy firewall examine the application layer
buried in the data portion of an IP Packet to
determine whether to allow or drop the packet into
or out of the network.
▪ Proxies can often do more extensive logging, since
they often process data at the application layer
▪ Proxies hides from the server, client operating
system specific features of network
communications.
Advantages of Proxy firewalls over
packet filter firewalls
▪ Thus it might be more difficult to passively finger
print the client operating system to know what
service is running.
▪ Also, to protect the client’s operating system from

any vulnerable TCP/IP stack implementation.
▪ So attacks that start with malformed packet data

will never reach the internal host.

Disadvantages of Proxy firewalls over
packet filter firewalls
▪ The downside of proxy firewall can be from their
delay. Time they take to inspect, compare and
rebuild packets and also process client request.
▪ They spend more time processing a packet which
results in increase latency in the delivering of
data.
▪ Another downside is its complexity when it comes
to configuration.
▪ They are more expensive due to the huge amount
of hardware requirement.
Benefits of Proxy firewalls
▪ Concealing Internal Clients – Ability to conceal
internal clients from external clients who try to gain
access to the internal network.
▪ This helps to prevent initiation of direct attacks

against the internal host.
▪ Block URLs – Ability to prevent users from visiting

websites that offer contents that management
regards as unsuitable.

▪ Blocking & Filtering Contents– Ability to scan
packets for questionable contents.
▪ It can delete any executable files attached to email

messages.
▪ It can be setup not to only block but also remove

any Java applets or ActiveX control that you don’t
want them to enter your internal network.

▪ Provides User Authentication – Ability to prompt
users who connect to a server for a username and
password which the server then checks against a
database in your system.
▪ Redirecting URLs – Ability to scan specific part of

the data portion of an HTTP packet and redirect to
a specific location.
▪ Improve performance – speed up access to a

document that has been requested repeatedly
because they store web pages in disk cache.
Configuring Proxy Servers
▪ Proxy servers requires special handling.
▪ Configuration must be implemented with
precautions.
▪ Firstly, Make sure the proxy server has enough
capacity.
o If it gets exhausted, the client performance will
suffer.
▪ Secondly, must configure the environment with
due care. This involve:
o Configuration of the proxy server itself with
proper care.
Configuring Proxy Servers
o If require to configure each client that uses the
proxy server, do it with due care.
o If possible, maintain a separate server to
represent and be configured for each proxy
service.
Providing for Scalability
▪ As the number of users on the network increases,
machine that is hosting the proxy server must be
upgraded.
▪ Capacity of the server must match the amount of
traffic that has to flow through each gateway.
Working with Client Configuration
▪ A proxy settings can either be configured manually
or automatically.
▪ For an example, a client web browser can be setup
to support the connection when you have a proxy
server running.
▪ Some proxy server can be setup to allow the client
to download a config file that contains the proxy
settings.

Working with Server Configuration
▪ A network must have one or more proxy servers
available for each service protocol proxied on the
network.
▪ General purpose firewall includes a proxy server
that monitors all inbound and outbound traffic.
▪ Most commonly services essential to a network are
HTTP, DNS and SMTP for email.
▪ Services for which a proxy server is not available
can make use of a SOCKs generic proxy.

Recognizing the Single Point of Failure
▪ Potential to be a single point of failure for the
network
▪ Network could be totally cut off from the internet.
▪ Most network architects usually include alternative
means of enabling traffic flow when proxy goes
down.
▪ You can as well use concept of Network Load
Balancing to allow multiple systems to take turns
handling requests preventing one system to get
overloaded.

Recognizing the Single Point of Failure
▪ Care must be taken to avoid an attacker to assume
admin right for any of the proxy server.
▪ This can be avoided by installing latest security
patches.

Types of a proxy server
There are three major types of Proxy servers:
▪ Transparent Proxy
▪ Nontransparent Proxy
▪ SOCKS-Based Proxy

Transparent Proxy
▪ Totally invisible to end users.
▪ Firewall intercepts outgoing traffic and directs it to a
specific computer such as proxy.
▪ The client software does not have to be configured
which makes them unaware of the existence of
Proxy server.
▪ The transparent proxy deployment also comes with
caching feature that many other proxy have it in an
integrated way.

Nontransparent Proxy
▪ Is also commonly known as Explicit Proxy
▪ It require configuration of the client to be able forward
all the client explicit traffic to the proxy server.
▪ This is done by configuring the internet options of all
the clients in the network and keeping in mind the
different operating systems and browsers being used
across the IT environment.
▪ Require more labor to configure than transparent
proxies.
▪ Provide greater security than transparent proxies.

Comparison between Transparent and
Explicit Proxy

SOCKS-Based Proxy
▪ SOCKS is derived from Sockets, a TCP/IP Protocol
used to establish a communication session.
▪ It is a protocol that enables the establishment of
generic proxy applications.
▪ Applications designed to act on behalf of many
different services.
▪ Used to direct all traffic from the client to the proxy
using a target port of TCP/1080.
▪ It provides a number of security-related
advantages.
SOCKS-Based Proxy
▪ There are two versions of SOCKS.
▪ SOCKS4 – This supports only TCP and filters only
on IP’s and TCP Ports.
▪ SOCKS5 – This supports UDP, ICMP, User
authentication and will also do host name resolution
on behalf of the client.

Reverse Proxy
▪ Is a service that acts as a proxy for inbound
connection.
▪ It prevents direct, unmonitored access to your
server’s data from outside your organization
network.
▪ Why do we use a reverse proxy when the primary
clients you want to protect are those on the internal
network rather than those on the external internet?
▪ You can deploy reverse proxy to support load
balancing or load distribution across multiple
internal resource hosts.
Benefits of Reverse Proxy
▪ Performance
• Cut down on unnecessary request.
• Reduces the load on the company’s web server.
▪ Privacy
• Stand-in for a web server can protect sensitive
stored on that web server that must remain secure.

Summary
▪ Most proxies act primary on behalf of their
internal hosts.
▪ Some are reverse proxies that act as proxies for
inbound connection.


ISSM 535Q Week 3B PDF

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

ISSM 535Q Week 3B PDF

Uploaded by

Copyright:

Available Formats

Firewall Fundamentals

© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company

© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company

© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company

▪ It is also called Proxy servers, Proxy firewall or

▪ It operate at the application layer of a connection

▪ It avoid direct communication between client and

© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company

Reference: “Guide to Firewalls, VPNs, 3rd Edition”

▪ A DNS Resolver for Name service

▪ A SMTP Proxy for Email

▪ HTTP Proxy for Web Service

▪ An FTP Proxy for File Transfer

© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company

▪ the firewall utilized other technology like circuit-

▪ It is mostly common to dedicate a device to a

© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company

▪ Also, to protect the client’s operating system from

▪ So attacks that start with malformed packet data

© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company

▪ This helps to prevent initiation of direct attacks

▪ Block URLs – Ability to prevent users from visiting

© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company

▪ It can delete any executable files attached to email

▪ It can be setup not to only block but also remove

© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company

▪ Redirecting URLs – Ability to scan specific part of

▪ Improve performance – speed up access to a

© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company

© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company

© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company

© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company

© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company

© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company

© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company

© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company

© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company

© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company

© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company

You might also like