wisemonkeys logo
FeedNotificationProfileManage Forms
FeedNotificationSearchSign in
wisemonkeys logo

Blogs

Improving defences Proxy Device(defense in depth)

profile
Mohnishsingh
Oct 01, 2017
0 Likes
0 Discussions
909 Reads

Proxy server  acts as an intermediatary for requests from clients seeking resources from other servers.

A client connects to the proxy server, requesting some service, such as a file, connection, web page, or other resource available from a different server and the proxy server evaluates the request as a way to simplify and control its complexity. Proxies were invented to add structure and encapsulation to distributed systems. Today, most proxies are web proxies, facilitating access to content on the world wide web, providing anonymity and may be used to bypass ip blocking. Proxy modes Explicit mode :we need to manually configure it in our web browser user is aware of the proxy Group policy can be configured for access control . we configure browser to point towards proxy. Transparent mode :Router or firewall redirects request to proxy Which makes request on behalf of users Types A proxy server may reside on the user's local computer, or at various points between the user's computer and destination servers on the Internet. A proxy server that passes requests and responses unmodified is usually called a gateway or sometimes a tunneling proxy. A forward proxy is an Internet-facing proxy used to retrieve from a wide range of sources (in most cases anywhere on the Internet). A reverse proxy is usually an internal-facing proxy used as a front-end to control and protect access to a server on a private network. A reverse proxy commonly also performs tasks such as load-balancing, authentication, decryption or caching. Reverse proxies:A reverse proxy (or surrogate) is a proxy server that appears to clients to be an ordinary server. Requests are forwarded to one or more proxy servers which handle the request. The response from the proxy server is returned as if it came directly from the original server, leaving the client no knowledge of the origin servers. Reverse proxies are installed in the neighborhood of one or more web servers. All traffic coming from the Internet and with a destination of one of the neighborhood's web servers goes through the proxy server. reverse proxy The use of "reverse" originates in its counterpart "forward proxy" since the reverse proxy sits closer to the web server and serves only a restricted set of websites. There are several reasons for installing reverse proxy servers: Encryption / SSL acceleration: when secure web sites are created, the  SSL encryption is often not done by the web server itself, but by a reverse proxy that is equipped with SSL acceleration hardware. Furthermore, a host can provide a single "SSL proxy" to provide SSL encryption for an arbitrary number of hosts; removing the need for a separate SSL Server Certificate for each host, with the downside that all hosts behind the SSL proxy have to share a common DNS name or IP address for SSL connections. This problem can partly be overcome by using the SubjectAltName feature of x.509 certificates. Load balancing: the reverse proxy can distribute the load to several web servers, each web server serving its own application area. In such a case, the reverse proxy may need to rewrite the URLs in each web page (translation from externally known URLs to the internal locations). Serve/cache static content: A reverse proxy can offload the web servers by caching static content like pictures and other static graphical content. Compression: the proxy server can optimize and compress the content to speed up the load time. Spoon feeding: reduces resource usage caused by slow clients on the web servers by caching the content the web server sent and slowly "spoon feeding" it to the client. This especially benefits dynamically generated pages. Security: the proxy server is an additional layer of defence and can protect against some OS and Web Server specific attacks. However, it does not provide any protection from attacks against the web application or service itself, which is generally considered the larger threat. Extranet Publishing: a reverse proxy server facing the Internet can be used to communicate to a firewall server internal to an organization, providing extranet access to some functions while keeping the servers behind the firewalls. If used in this way, security measures should be considered to protect the rest of your infrastructure in case this server is compromised, as its web application is exposed to attack from the Internet. Choosing on proxy for our infrastructure As we can see proxy add a layer to our defence in depth strategy  gives us greater monitoring scope into our infrastructure  and help us enforce security to  restrict content of web sites. When it comes to choosing a proxy we have a variety of options we need to decide upon certain parameters to keep in mind are : Number of users we serve to Processing power of our appliance Memory for performance in real time Disk space allocated for storing the information processed the rules enforced etc.  

Comments ()


Sign in

Read Next

Why Friendship at Work is Important

Blog banner

The Role of Frontline Managers in Driving Workplace Performance and Customer Satisfaction

Blog banner

Amazon

Blog banner

How Sleep Impacts Learning and Behaviour for Toddlers?

Blog banner

Soak knowledge and level up your intellectual potential!!!

Blog banner

Memory managment

Blog banner

USES OF WHATSAPP

Blog banner

Smitten Kitchen Keepers

Blog banner

10 Reasons to Date a South Indian Girl

Blog banner

Cache Memory

Blog banner

Business Intelligence v/s Big Data

Blog banner

Getting started with Android Studio

Blog banner

Khau Galli – Vile Parle

Blog banner

How can parents support a child’s mental health?

Blog banner

MPL and how its effects?

Blog banner

Web browser forensics:Tools,Evidence collection and analysis

Blog banner

Use case of K-means clustering

Blog banner

Guidelines for a low sodium diet.

Blog banner

Mobile Survey

Blog banner

Bit Coins

Blog banner

Dekkers Algorithm : Ensuring Safe Process Synchronization

Blog banner

Webmail

Blog banner

Understanding Toddler Tantrums: What They Really Mean

Blog banner

Understanding Gen Z: A Generation Facing Crisis and Potential

Blog banner

Overcoming the bedtime brushing Battle with Dr. Roxanne Irani, Dentist in Maroubra

Blog banner

Session Hijacking Techniques

Blog banner

Solitary Play Activities for Preschoolers: Types and Benefits

Blog banner

Vikrant’s first blog

Blog banner

Operating system

Blog banner

E-mail security

Blog banner

The Role of Data Provenance and Lineage in Modern Data Science

Blog banner

A Weekend at Oak Tree Hotel: The Best Hotel Experience in Arcadia, Florida

Blog banner

Krishna Rao SAP ID--53003230076

Blog banner

?What Your Dentist Notices The Moment You Sit In The Chair

Blog banner

Mental Health

Blog banner

The Impact of Tolerances and Wall Thickness on Pipeline Integrity

Blog banner

Fitness

Blog banner

Elegant fashion style

Blog banner

Cyber-crime Investigation and Future Directions

Blog banner

TOGETHER WE CAN CONQUER #team

Blog banner

POVERTY:Causes and solutions to problems

Blog banner

What is a Dumpster Diving Attack?

Blog banner