Proxy Servers
If there's one piece of technology that I feel is very confusing today and that is
proxy servers proxy servers been around for decades and they've developed into so
many different things that they can become a massive I.T. security headache.
So I want to take a few moments and make sure we understand conceptually what is a
proxy server what types of proxy servers are out there and what do we do with them.
Be ready for questions on the exam where you might need to add proxy servers to
particular situations.
Don't worry I've got you covered in this episode right here.
First of all there's two kinds of proxy servers there is forward proxy servers and
reverse proxies.
So what I'd like to do is start off with the older school a four word proxy.
Right now if you take a look at this picture a proxy by definition is a device a
box a piece of software running on a computer which acts as an intermediary between
two different devices having a session.
So you're going to have a client.
You're going to have a server and a proxy in the middle.
So if you take a look at this this is a forward proxy with a forward proxy.
The client is aware of the proxy so the client speaks to the proxy and then the
proxy actually does whatever it does to the request and forwards it as the
representative of the client.
So this is a forward proxy.
Now forward proxies have been around like for ever a traditional forward proxy is
usually going to be a dedicated box or it could be a piece of software running on a
server that is in an organization a great example would be schools just about every
school on earth that has an internet connection runs a traditional forward proxy
server.
The idea behind a proxy server like this is it will provide caching.
It provides content filtering.
It will x very much like a firewall and that it will look at the different things
that people are doing and block based on you or L or all kinds of stuff like that
proxy servers are amazing they can take ads out they can block certain parts of Web
sites.
So there's a lot of power in it that takes them WAY beyond a simple firewall.
The reason we see them in schools obviously is we don't want kids going to
inappropriate sites and proxies are very very common in schools.
So the important thing that you have to understand about a proxy First of all is it
proxies by definition are going to be application specific.
So I'm going to set up a web proxy or an FPP proxy or a voice over IP proxy.
�So depending on what type of application I have there is a specific proxy server
for it.
In fact now remember what we said with a traditional forward proxy server the
clients are aware of the proxies.
So let's come up with a situation where we have a web proxy in order to use this
web proxy every single system that wants to use the web proxy has to go through a
configuration.
So what I have up here is my internet options and this is from Windows 10.
Now what I want to do is let me ometer connections already so let's click on land
settings and you'll see right here where it says proxy server.
So I'm going to say use a proxy server for your land and then I have to actually
type in the IP address and it's going to be port 80.
So in this particular situation in order to use a traditional forward web proxy I
actually have to set up all of my individual browsers to use that.
Now if this proxy is designed to filter and prevent people from doing what they
want to do why wouldn't people just go in here and delete this information say I
don't want to use the proxy.
The answer is simple because a well setup system is going to go if you don't go
through the proxy.
We're not going to let you out in the first place so that is a very traditional
one.
Now we have a improvement on that in what we call a transparent proxy transparent
proxies don't have to go through all this configuration stuff but a transparent
proxy has to be literally in the line.
It has to be in line between you and the Internet so that it can grab everything
that nobody has a choice but to go through it.
And a transparent proxy can work that way.
They are out there just as just as common as a more traditional proxy.
The nice part is I don't have to go through this type of configuration information.
So a traditional forward is going to invariably be a box in the Windows world there
are programs that famous programs thing like Wingate and things like that that
provide these forward proxy services the other type of forward proxy that we run
into.
What I'm going to call modern forward proxy is used by people who want to do
nefarious things.
Now I'm not going to say they always do bad things but sometimes they want to hide
themselves.
So we take a look at a diagram like this so what we're doing now is we're going to
move the proxy out of our local in-house and we're going to move it out to the
Internet.
�But it's still going to work the same way in this situation you can see I can
connect my client system and instead of going directly to a web server I can go to
this proxy and then the proxy will take care of it.
So I love Canadian television for example and it's impossible for some of these
Canadian websites to be played in the United States.
Now if I were a nefarious person I could easily find a Canadian proxy.
I could go through that proxy and then dial in and watch shows like Letterkenny and
corner gas and all these great shows that you Americans probably never heard of.
All you could aliens out there going was sure anyway.
So this is the type of thing that we can do with it.
Now I want to look at this diagram one more time.
The problem with this diagram is that the proxy works fine.
But notice that there's a connection from my system to the proxy server that's out
on the Internet.
So the downside to this is that anybody who wants to can easily figure out for
example if the police set your Internet Service Provider a warrant it's fairly easy
for them to figure out oh this goes back to Mike Meyers machine there in Houston
Texas.
So what we do with a lot of these proxies is we create an encrypted tunnel a
connection called a virtual private network or VPN.
We have other episodes that go into VPN and detail but for right now I want you to
understand that if we encrypt everything I mean everything that way nobody can tell
exactly what we're doing.
So we create a VPN connection from our system to the proxy and then the proxy goes
out and acts as our representative and does whatever it wants to do.
There are lots and lots of tools out there that do stuff like this.
So what I'd like to do is show you one tool in particular.
So let's open up a browser a new one up and I'm going to type in a web site.
This is called High Def me.
And what I'd like to do is we're going to use this as a proxy so keep in mind this
isn't unique.
There are thousands of these different types of proxy servers out there.
This is a public proxy server.
Anybody can go to it.
And what I can do is actually go to a Web site.
Now if you look here at the bottom it says I will look as though I'm coming from
�the Netherlands.
This one is just a demo so it only gives a few options.
So I'm going to go to my total CENTCOM site and I'm going to click on this.
I want you to watch what happens here.
Now one of the things you've got to worry about is that all of these types of proxy
tools are slow and that's OK.
So what's happening first of all you'll notice that I'm not actually at total
CENTCOM.
I'm actually connecting to a proxy server at the high dot me web site.
But Heidi doubt me puts this little overlay on top to remind me that I'm not
actually directly on WW not total CENTCOM.
And if there was something important that only people in the Netherlands could do
this would work just fine.
Now that works out pretty good with a couple of little exceptions.
First of all when you make a connection like this there is not just one connection
to a Web site.
You're probably launching Java connections and all kinds of different stuff.
If you can open up one web page and type in net stat usually see that that one web
page is actually making five or six different connections.
And the problem is is a lot of these once they make the connection they will try to
phone home directly back to you.
And that can make some problems so the VPN certainly helps but the VPN doesn't let
anybody know what you're doing.
But the VPN still points back to you.
And there's a situation where we run into a bit of a problem.
So what we do is there are certain types of forward modern forward V-P ends that do
cool stuff like for example the Tor network with Tor.
What it's going to do is you're going to have lots and lots.
Now I only have a few computers here but there could be hundreds or thousands of
these computers which all work together to hide you really well.
So when you make a connection you arbitrarily pick one of these toward nodes as
they're called and then the nodes will make a random group of connections to a
bunch of other computers.
These are all VPN connections and then randomly pick one guy to act as the outward
bound proxy server.
So you can see what's happened here is not only is everything now very much
encrypted through the VPN but it is really hard not impossible.
�But practically impossible to get back to you.
And that's why people use these Tor proxies not just because it's a good proxy
server but because it makes this very complicated backward trail that's almost
impossible for anybody to get out of.
So law enforcement and people like that are often frustrated by Tor networks
because bad guys often use them to hide themselves really really well now that's
forward proxy servers so what I want to do is spin this around a little bit and
talk about a reverse proxy server with a reverse proxy server.
What we do instead is that we have servers let's say web servers where the proxy
server represents the web server not the client.
It's a complete reverse of a forward.
Now these types of proxy servers do very very specific jobs.
Number one their job is to protect the server from evil people like us.
So there's lots of security in these For example these are often designed to handle
denial of service attacks all kinds of different nefarious attacks like that.
It's used for load balancing.
So if I have three or four servers that proxy server can select whatever server is
got the least load on it and goes ahead and it passes jobs to that it can be used
for caching.
Just like a forward does a lot of times web pages will have a certain set of images
that it's always passing out.
Those images don't sit on the wall there on the servers but the reverse proxy
server keeps a copy of any static images no matter what page you go to that Web
site.
Boom they send it really really quick.
It also handles encryption acceleration.
So if you've got a bunch of HTP servers most the time it's the proxy server that
handles all of the HTP encryption and decryption.
A lot of times you'll see that these have different types of modules on board that
are designed to help with the encryption.
And they sit in front and they take a lot of work off of the Web servers.
When you're thinking about proxy servers specially for the exam.
Make sure you're comfortable with the concept of a forward versus a reverse proxy
server.
Remember forward hides the clients and reverse hides the servers.
Forward proxy servers hide the clients from the servers by forwarding the message
to the server
�Forward proxy servers can be configured for caching, content filtering, and
firewall capability
Reverse proxy servers hide the server, and can provide load balancing and cachin
for high activity pages
