Basics of a proxy server and means to secure it

A proxy server is a server that acts as a gateway between a client computer and a larger network like the internet.  This can be better understood through an illustration of daily life usage of proxy server. We are familiar with configuring proxy settings in the ‘Network Settings’ tab of our web browsers. We use a proxy in this case. A proxy server receives a web page request from the local internal user. The proxy server then acts as a client on behalf of the user, uses its own IP address to request the page from the server out on the internet. When the page is returned by the internet server, the proxy server relates it to the original request and forwards it on to the local internal user.

Purpose of a proxy

1. Hiding the local machines from the external network
A proxy server works by intercepting connections between sender and receiver. All incoming data enters through one port and is forwarded to the rest of the network via another port. A proxy server uses a network addressing scheme to present one organization-wide IP address to the Internet. By blocking direct access between two networks, proxy servers make it much more difficult for hackers to get internal addresses and details of a private network.

2. Caching
Proxies may also cache web pages. Each time an internal user requests a URL from outside, a temporary copy is stored locally. The next time an internal user requests the same URL, the proxy can serve the local copy instead of retrieving the original across the network, improving performance.

3. Filtering
A proxy server is designed to understand, and act on the data that’s going across it. For example a company’s web proxy server can be configured to restrict access to certain sites is blocked.

4. Activity monitoring
A proxy can also do logging. It might track the surfing activities of employees or scan the returned web pages for viruses.

5. Sharing Internet Connection
Proxy software may be run on the machine with the internet connection. Other machines may be configured to use the proxy server.

How to secure a proxy?

1. Enable only essential proxy services
Unless you have fairly sophisticated needs you probably won’t need to enable anything beyond the following services:
•    HTTP or WWW service – For web browsing
•    POP3 Proxy service – For incoming email.
•    SMTP mapping service – For outgoing email.

Installation of the following services is not recommended unless they are essential for your IT operations:
•    FTP Proxy service – Needed if you run an FTP server to transfer files between your computer and Web site, or maybe if you are using some FTP client programs.(You don’t need to enable this service to FTP files to your computer if you are using your Web browser). If you do enable this service, don’t allow  anonymous FTP unless you really need to.
•    Telnet Proxy service – allows connection to another computer to run programs and access files. If you do enable this service, require anyone Telneting into your  computer to have their own password.
•    DNS service – Needed only if you want to run a DNS server on your LAN.
•    DHCP service – This service automatically assigns IP addresses to machines on your network.

2.   Access Control
Allow service to requests from computers that are on the local (like 192.168.0.*) subnet. If you don’t secure your site, unknown users will be able to access your proxy server for HTTP/WWW service.  Although you might not think this level of service would be harmful, Javascript, Java applets, multimedia files etc. can be transferred using the HTTP protocol.  Even if this does no harm, do you really want your proxy server to be serving users you don’t even know, coming from who knows where? Another access control recommendation will be to shut off the proxy server when not in use.

3.   Logging
Most proxy server software come with logging feature. If you have properly secured your site, then when you read the logs you should see service requests only from IP addresses or computer names that are in your network.  If you see entries from any other addresses, then unknown people are accessing your proxy server.  You should shut off the offending service or just shut down proxy server until you can correct the problem. If you enable more services, it’s a good idea to check the logs occasionally to make sure no unauthorized people are accessing your system.