Proxies – CompTIA Security+ SY0-501 – 2.1

Proxies have been used a security technology for many years. In this video, you’ll learn why proxies maintain this longevity, and you’ll learn the differences between a forward proxy, reverse proxy, and open proxy.

<< Previous Video: Router and Switch Security Next: Load Balancers >>

A security technology that has stood the test of time is a network-based proxy. This is a device that sits between your users and usually the internet to help filter and protect them from the internet communication. The proxy will receive a request from the user, and then the proxy itself will make that request on their behalf, proxying the communication. When it receives the communication, it then provides that answer back to the users. In the meantime, it’s able to provide security capabilities. Not only is it able to cache information to make your network communication more efficient, it’s able to provide access control. You can perform URL filtering, look for viruses inside of the network communication, and much more.

There are usually two modes of operation for a proxy. One of these is an explicit proxy. This means that you need to configure your operating system or your browser to explicitly use a proxy to be able to communicate to the internet. The other type of proxy is a transparent proxy. The end users have no idea there’s a proxy in the middle, and no additional configuration needs to occur on the operating system to be able to take advantage of the proxy.

One of those common network-based proxies in use is a network address translation or NAT. But generally when we think of a proxy, we’re really thinking of an application proxy. This means that the proxy itself understands the way applications operate so that it’s able to take a request for an application and proxy that request on the user’s behalf. Some proxies may only know one type of application. They may be able to take HTTP or browser requests and proxy them on behalf of the user. Other proxies are more advanced and are able to use many different kinds of applications. The functionality will depend on the proxy that you happen to be using.

There are also different proxies that operate in different ways. If we have a proxy on the inside of our network that we’re using to help our users protect themselves from the internet, this is usually a forward proxy. This is something that’s used internally. The user will make a request to the internal proxy. Our internal proxy will then make the proxy request on the user’s behalf to the internet. The device on the internet will respond back. The proxy will analyze the response, make sure that everything in that response is legitimate and secure, and then send that response off to the user.

This is also an opportunity for the proxy to provide URL filtering. So if the user is requesting a URL to a site that they are not allowed to visit, the proxy will immediately send back a response saying that you don’t have permission to visit that URL.

A reverse proxy is one that works in exactly the opposite mode. A reverse proxy is one that is sitting on the outside of the internet, and anyone who needs to gain access to an internal service such as a web server will first connect to a proxy. This reverse proxy will then take all of these communications from people over the internet and then proxy them internally to either a single web server or even multiple web servers. This is usually seen if it’s a very large configuration and you need to make sure that you can provide security before anything is hitting your inbound web servers.

And another type of proxy you should be aware of is an open proxy. This is a proxy that has been set up and configured by a third party. And it’s usually a third party that you have no knowledge of. Open proxies are commonly used to circumvent existing security controls. So if a user inside of your network can’t visit a particular URL because there is URL filtering, they will instead visit the proxy and tell the proxy to visit that URL on their behalf, thereby going around the URL filtering that you have on your network.

A significant security concern we have with open proxies is that the owner of the proxy can add whatever they’d like into the network communication. So they could send the URL request. And as the URL response is coming back, they could add their own malicious code and send it on to your users.