The demand for proxies has never been higher, arguably even since the first concept of what was often originally referred to as an application gateway.
Outside the IT support room of large companies and educational establishments they were pretty much never mentioned. No-one had ever really heard of what a proxy was never mind installed one. The potential and uses of proxies has however grown exponentially since those early days. Indeed it’s easy to say that proxies are now pretty much mainstream, I even heard two teenagers arguing about what’s the best sort of proxy in a team chat on Call of Duty 4 last week! Which shows just how much the technology has traveled in the last few years.
The reason is perhaps simple, and it relies on a particular feature of proxies especially when you’re online. However before we consider this, lets look at a definition of proxy servers from one of the articles in the SANS reading room. The definition of a proxy server though can definitely change depending on what context you use them in. This is most definitely the sort of explanation you’d get from someone who worked in IT and managed a traditional proxy installed in a standard corporate or educational network.
A proxy server is more of a stopping point in between the two networks. This
greatly differs from the packet filter (Network Level) firewall. The packet filter (Network
Level) firewall watches the information as it goes from the “outside” world onto the
internal network. The proxy server (Application Level Firewall) actually stops the
information and inspects it before letting it access the internal network. In this case,
there is no direct connection between the internal network and the “outside” world. A
proxy server does not look at the information on a network level.
It does things differently because most users need to authenticate to the proxy in order to be able to pass information
. When a client on the network makes a request to the Internet, the proxy receives that request. The originating IP address, of the request, is changed to
the same IP address as that of the proxy server. It then forwards this request to the
intended destination or Internet site. Any response that is received gets sent to the
proxy server which in turn forwards the response to the client on the network. This is a
major boost in security for the network because there is no direct route to the network
machines. All communication must be made with the proxy server, who will then
inspect and forward all the information to the proper host.
Proxy servers are setup with one of two different types of architectures. The first
one is referred to as a single-homed host. There is only one network card in the proxy
server in this type of architecture. It is then the responsibility of the Internet router to
forward requests to the proxy server and block all other information to the network. The
second type of architecture, a dual-homed or multi-homed host, contains two network
cards which alone can not route information. The combination of the two network cards
and the proxy server allow information from the internal network to communicate with
the Internet and vice versa. Requests that come from the internal network are sent to
one network card. The information that comes from the Internet is sent to the other
network card. Since there is no routing setup between the network cards, neither
connection has a direct route to each other. The proxy server decides what to send and
where to send it at this time.
The added bonus that the proxy server provides for a firewall is connection
logging when the information passes through the firewall they alone do not do their own
logging. The connections first access the proxy which logs everything that is going to
and from the Internet. The connections from the “outside” world are logged because
they need to be authenticated before being granted entrance. The internal traffic is also
logged to insure that staff are completing their job duties. It can alleviate people slowing
down the speed of the network by visiting “useless” sites. This is accomplished by
tracking which sites they have been to and verbally tell them to stop or restricting their access.
This definition does perhaps illustrate one thing well, that installing and configuring a proxy server is no brief and simple task. Although most installations allow for a simple installation which you can get running out of the box, this is likely to be both insecure and inefficient in it’s operations. In commercial networks where the proxy sits as both a gateway and a barrier to the internet, then getting the configuration options is vital.
There are plenty of options that need to be configured directly on the proxy server itself but also in many other places. For example a proxy needs to know how to handle unauthenticated traffic and where to route when it doesn’t know the right destinations. A proxy must be allowed some access through any internal or external firewalls and should be configured directly on the client too. In a commercial network, this will often be achieved by browser settings deployed directly to the client (perhaps through IEAK) or using Active directory to deploy and enforce settings. This was most commonly done using Windows Group Policy Objects which can ensure all clients are configured securely and in exactly the same way.
Most proxies and proxy services though that are used by the individuals often exist on the other side of the network perimeters. So by their definition they allow access from users outside their local network too which makes them a much simpler security target. To gain access to a corporate proxy is much more difficult as generally you’ll need to get through an external firewall or IDS (Intrusion Detection System) too.
It’s even more crucial that for external facing proxy services that the IT staff responsible for them know what they are doing. This is precisely the issue with a large proportion of proxies that are available online now, they are installed, configured and supported by completely unqualified staff. The proxy market is huge and it takes very little skill to install an setup a SLOW and INSECURE proxy network and make it available for sale. Which is why there are so many places to buy proxies for cheap, simply because corners are cut and often security not even considered.
Buy Cheap Proxies and That’s What You’ll Get
However you should remember that using any proxy involves a huge element of trust. Not only are you tunneling lots of of your own personal traffic through these servers, you’re also granting the proxy a huge level of trust when it’s returning data too. It’s a trivial thing for a trusted and configured proxy server to install virtually any sort of software on clients that are connected to it.
There’s another element that cheap proxies share and it’s perhaps less obvious than it being simply configured badly – the IP addresses. for your standard commercial proxy sitting on the internal network, it’s IP address is largely unimportant. As long as it sits on the same address range and can access other clients and servers on the network, the address doesn’t really matter. However that’s most definitely not the case if the proxy is being used for other digital purposes.
If you’re using a proxy to run a digital empire, or grow a huge social networking profile or simply to buy and sell stuff online – the IP address is kind of important. It’s important on many levels, for example the country of registration, the classification, the history and the location can all be vital depending on what you’re trying to achieve. Different types of IP addresses are more valuable and scarce than others, so it’s vital you choose the right ones depending on your requirements. For instance start using a proxy laden with IP addresses used to spread malware or in digital fraud then you’re going to get tarred with the same brush. To some extent, online you are your IP address. Use a blacklisted or abused IP address and you’re going to get flagged on loads of different platforms – Social networks will start marking your accounts, and E-Commerce servers will decline your transactions.