Proxy Servers: Unlocking the Keys to Enterprise Security
Proxy servers have been in the news as of late, both as a result of the Iran putative election and a new legal case where Microsoft is suing alleged purveyors of advertising click fraud. This article will explain what prox servers are, how they can be used for both good and evil, and what all the fuss is about.This venerable Web technology remains a primary way of securing the data perimeter -- nefarious means notwithstanding.
First, a little background is in order. When you bring up your Web browser, you are asked how you want it to connect to the Internet. Most of us that have home PCs don't use any proxy, and go out to the raw Internet without any fuss or bother.
But enterprises that want to cut down on their bandwidth usage, improve performance and security, and have control over what employees see use them all the time. Each browser first checks and sees if the Web page that is being requested is on the proxy's cache, or memory, and if so, it saves a few milliseconds or more by grabbing the page directly, without having to traverse the Internet at all.
So proxies are often combined with caching servers to deliver the best combination of features and management. As far as the browsing user is concerned, this happens without any notification, other than the pages seem to load quicker on her PC. About the only configuration option is the IP address of the server, which is placed inside the browser options or network settings. And proxies are available for more than just Web protocols, although that is their most popular use case.
That is the good side of proxies. What about the evil side? Proxies are supposed to be for internal users of an enterprise, but if a hacker can find out the IP address of an internal proxy, he can gain access to lots of network resources.
This was a common MO for the hacker Adrian Lamo, among others, and you still find corporations that haven't locked their proxies down with the appropriate security. It is also possible for proxies to operate on a user's PC without the owner's knowledge, which is a common way botnets are created.
Some proxies can be used to make browsing history anonymous. This too can be used for both good and evil, depending on the information you are trying to hide.
Now to the news: Microsoft filed a suit in federal court yesterday against three people it claims were defrauding Internet advertisers by having automated programs mimic users clickstreams. They found the fraudulent activities by tracing the actions to two proxy servers. Once they blocked the particular IP addresses of the proxies, the fraudsters would simply alter them in a continual game of cat and mouse. The fraud involved is significant, and ClickForensics estimates that 14 percent of the total ad clickstream is faked.
When the Iranian government wanted to block Internet access, several private individuals from around the globe took it upon themselves to set up the open source proxy Squid (squid-cache.org) and other tools on their own networks to get around these blocks. They then publicized (via Twitter) the IP address of their Squid PCs so that anyone could connect to the open Internet, rather than be blocked. Of course, as the government learns of these addresses, it adds them to the block list, so another cat and mouse game ensues.
p> David Strom is an expert on Internet and networking technologies who was the former editor-in-chief at Network Computing, Tom's Hardware.com, and DigitalLanding.com. He currently writes regularly for PC World, Baseline Magazine, and the New York Times and is also a professional speaker, podcaster and blogs at strominator.com and WebInformant.tv
Article courtesy of Datamation