Proxy Servers – SY0-601 CompTIA Security+ : 3.3

A proxy can control traffic on complex enterprise networks. In this video, you’ll learn about forward proxies, reverse proxies, and open proxies.

A proxy server is a device that sits between the users and the rest of the network. This proxy server usually receives requests from the users, it creates its own request out to the service on behalf of the users, receives the response to that request, and then it usually performs some type of security checks, and if everything looks good, it provides the answer to that request to the original user. This means that the proxy server since it’s sitting in the middle of this conversation can control quite a bit about these traffic flows. You can perform caching on the proxy server. This might be used for access control so someone would have to put in a username and password for that request to be sent out of the network, and this proxy server may provide your URL filtering or content scanning to be able to keep all of those in safe.

Some proxy servers are configured to be explicit this means that we would have to go into the configuration of each of these user’s devices and tell those devices that our proxy servers located at a particular IP address and uses a particular port number. Or the proxy server may be one the users have no idea exists on the network, no additional configurations are required. We refer to these proxies as transparent proxies, because the end users have no idea that proxy server sitting in the middle of the conversation. Although we don’t often think of it this way, if we’re doing some type of network address translation in a router, we’re effectively creating a network level proxy. But when we refer to proxies on a network, it’s almost always an application level proxy. The proxy understands exactly how the application operates, and it’s able to create application requests on behalf of all of the clients.

The proxy you’re using may only know one individual application, perhaps the proxy is only aware of how HTTP might work, or maybe it’s a proxy that has multiple applications that they can support, so it might support HTTP, HTTPS, FTP, and other applications as well. If you have a proxy in your environment that is used to control the users access to the internet, then you’re probably using a forward proxy. Sometimes this is referred to as an internal proxy, because it’s a proxy that’s used for your internal users. Your users would make a request to the proxy to gain access to a web server on the internet.

The proxy might examine the URL, make sure that you’re not visiting a known malicious site, because if you are it can block that communication. There might also be a series of categories associated with these URLs, so that you can control exactly what type of content a user might be visiting. If all of that passes the check, then the proxy will perform that request for the user, receive the answer from the internet, evaluate that information and make sure it’s safe for the user, and then send the user a copy of that response.

You can also use proxies in the other direction where users from the internet are hitting a proxy so they can gain access to internal services on your network. We refer to this as a reverse proxy, and the process is exactly opposite from what we just described with our forward proxy. The requests come from users on the internet into the proxy server. At this point, the proxy will examine the requests from the users and make sure that none of the requests are malicious. If the requests are valid, it will send those requests to the web server and get a response to those requests. The proxy then receives the answer from the web server and sends a copy of that answer to the user on the internet.

In some environments, there are very tight security controls. And one of the ways that people can get around those security controls is to communicate to a third party proxy that may be controlled by someone else. We refer to these as an open proxy, because these proxies are installed on the internet for anyone to be able to use. This is a significant security concern, primarily because most people are using these proxies to circumvent existing security controls in their environment, but we also are concerned about what the proxy may be doing to the data that’s being sent or received from that proxy server.

It could be that a simple request is being made by your users to the proxy server, the proxies then making that request on the users response. The answer is comings back from the devices on the internet, but then the proxy may change or add additional code into the response and send that response to the users. This might be something very simple like putting an advertisement on the response that’s received, or the proxy could add malicious code into that software and send it directly to your users.