A proxy server is a server that acts as a gateway between a client computer and a larger network like the internet.\u00a0 This can be better understood through an illustration of daily life usage of proxy server. We are familiar with configuring proxy settings in the \u2018Network Settings\u2019 tab of our web browsers. We use a proxy in this case. A proxy server receives a web page request from the local internal user. The proxy server then acts as a client on behalf of the user, uses its own IP address to request the page from the server out on the internet. When the page is returned by the internet server, the proxy server relates it to the original request and forwards it on to the local internal user.<\/p>\n
Purpose of a proxy<\/strong><\/em><\/p>\n \n 1. Hiding the local machines from the external network<\/em> 2. Caching<\/em> 3. Filtering<\/em> 4. Activity monitoring<\/em> 5. Sharing Internet Connection<\/em> How to secure a proxy?<\/strong><\/em><\/span><\/p>\n 1. Enable only essential proxy services<\/em> Installation of the following services is not recommended unless they are essential for your IT operations: 2.\u00a0\u00a0 Access Control<\/em> 3.\u00a0\u00a0 Logging<\/em> A proxy server is a server that acts as a gateway between a client computer and a larger network like the internet.\u00a0 This can be better understood through an illustration of daily life usage of proxy server. We are familiar with configuring proxy settings in the \u2018Network Settings\u2019 tab of our web browsers. We use … <\/p>\n
\nA proxy server works by intercepting connections between sender and receiver. All incoming data enters through one port and is forwarded to the rest of the network via another port. A proxy server uses a network addressing scheme to present one organization-wide IP address to the Internet. By blocking direct access between two networks, proxy servers make it much more difficult for hackers to get internal addresses and details of a private network.<\/p>\n
\nProxies may also cache web pages. Each time an internal user requests a URL from outside, a temporary copy is stored locally. The next time an internal user requests the same URL, the proxy can serve the local copy instead of retrieving the original across the network, improving performance.<\/p>\n
\nA proxy server is designed to understand, and act on the data that’s going across it. For example a company’s web proxy server can be configured to restrict access to certain sites is blocked.<\/p>\n
\nA proxy can also do logging. It might track the surfing activities of employees or scan the returned web pages for viruses.<\/p>\n
\nProxy software may be run on the machine with the internet connection. Other machines may be configured to use the proxy server.<\/p>\n
\nUnless you have fairly sophisticated needs you probably won’t need to enable anything beyond the following services:
\n\u2022\u00a0\u00a0\u00a0 HTTP or WWW service \u2013 For web browsing
\n\u2022\u00a0\u00a0\u00a0 POP3 Proxy service – For incoming email.
\n\u2022\u00a0\u00a0\u00a0 SMTP mapping service – For outgoing email.<\/p>\n
\n\u2022\u00a0\u00a0\u00a0 FTP Proxy service – Needed if you run an FTP server to transfer files between your computer and Web site, or maybe if you are using some FTP client programs.(You don’t need to enable this service to FTP files to your computer if you are using your Web browser). If you do enable this service, don’t allow\u00a0 anonymous FTP unless you really need to.
\n\u2022\u00a0\u00a0\u00a0 Telnet Proxy service – allows connection to another computer to run programs and access files. If you do enable this service, require anyone Telneting into your\u00a0 computer to have their own password.
\n\u2022\u00a0\u00a0\u00a0 DNS service – Needed only if you want to run a DNS server on your LAN.
\n\u2022\u00a0\u00a0\u00a0 DHCP service – This service automatically assigns IP addresses to machines on your network.<\/p>\n
\nAllow service to requests from computers that are on the local (like 192.168.0.*) subnet. If you don’t secure your site, unknown users will be able to access your proxy server for HTTP\/WWW service.\u00a0 Although you might not think this level of service would be harmful, Javascript, Java applets, multimedia files etc. can be transferred using the HTTP protocol.\u00a0 Even if this does no harm, do you really want your proxy server to be serving users you don’t even know, coming from who knows where? Another access control recommendation will be to shut off the proxy server when not in use.<\/p>\n
\nMost proxy server software come with logging feature. If you have properly secured your site, then when you read the logs you should see service requests only from IP addresses or computer names that are in your network.\u00a0 If you see entries from any other addresses, then unknown people are accessing your proxy server.\u00a0 You should shut off the offending service or just shut down proxy server until you can correct the problem. If you enable more services, it’s a good idea to check the logs occasionally to make sure no unauthorized people are accessing your system.<\/p>\n","protected":false},"excerpt":{"rendered":"