Socket Secure (SOCKS) is an Internet protocol that routes network packets between a client and server through a proxy server. SOCKS5 additionally provides authentication so only authorized users may access a server. Practically, a SOCKS server proxies TCP connections to an arbitrary IP address, and provides a means for UDP packets to be forwarded.
use of SOCKS is as a circumvention tool, allowing traffic to bypass Internet filtering to access content otherwise blocked, e.g., by governments, workplaces, schools, and country-specific web services. Some SSH suites, such as OpenSSH, support dynamic port forwarding that allows the user to create a local SOCKS proxy. This can free the user from the limitations of connecting only to a predefined remote port and server. The Tor onion proxy software presents a SOCKS interface to its clients.
Proxy firewalls represent a balance between security and functionality. On the one side, wellwritten proxies offer security benefits that are significantly better than many other types of firewall technologies. However, they are often slower than other products, and they can limit what applications your network can support. In this section, we will itemize the advantages and disadvantages you should consider when choosing to use a proxy.
Advantages of Proxy Firewalls
Buy Proxy firewalls have several advantages over other types of firewalls: Proxy firewalls provide comprehensive, protocol-aware security analysis for the protocols they support. By working at the application layer, they are able to make better security decisions than products that focus purely on packet header information. The topology of the internal protected network is hidden by proxy firewalls. Internal IP addresses are shielded from the external world because proxy services do not allow direct communications between external servers and internal computers. Although this can also be accomplished using Network Address Translation techniques, it occurs by default with proxy firewalls.
Network discovery is made substantially more difficult because attackers do not receive packets created directly by their target systems. Attackers can often develop detailed information about the types of hosts and services located on a network by observing packet header information from the hosts. How different systems set fields such as the Time to Live (TTL) field, window size, and TCP options can help an attacker determine which operating system is running on a server. This technique, known as fingerprinting, is used by an attacker to determine what kinds of exploits to use against the client system. Proxies can prevent much of this activity because the attacking system does not receive any packets directly created by the server. ď Ź
Robust, protocol-aware logging is possible in proxy firewalls. This can make it significantly easier to identify the methods of an attack. It also provides a valuable backup of the logs that exist on the servers being protected by the proxy. ď Ź
Disadvantages of Proxy Firewalls ď Ź
Although proxy servers firewalls can provide increased security over packet-filtering firewalls, they do have their disadvantages. Here are some of the issues you should consider prior to fielding a proxy firewall: Proxy firewalls are not compatible with all network protocols. A new proxy agent must be developed for each new application or protocol to pass through the firewall. If the proxy product you choose does not provide support for a needed protocol, you may have to settle for a generic proxy. In some cases, even generic proxies may not work if the protocol is nonstandard.
Although proxy firewalls can provide increased security over packet-filtering firewalls, they do have their disadvantages. Here are some of the issues you should consider prior to fielding a proxy firewall: Proxy firewalls are not compatible with all network protocols. A new proxy agent must be developed for each new application or protocol to pass through the firewall. If the proxy product you choose does not provide support for a needed protocol, you may have to settle for a generic proxy. In some cases, even generic proxies may not work if the protocol is nonstandard.
The configuration of anonymous proxy firewalls can be more difficult than other firewall technologies. Especially when using older proxies, it can be difficult to properly install and configure the set of proxies necessary for your network.
Proxy-based firewalls provide the most advanced firewall security technology currently available on the market. I use them myself and strongly recommend their use for protecting sensitive information, especially in public-facing Web applications. Proxy firewalls function by acting as a true intermediary between the client and the server. Traditional stateful inspection firewalls simply analyze traffic to determine whether it should be allowed before passing it directly to the protected server. Proxy firewalls, on the other hand, actually establish connections with both the client and the server, allowing them to inject themselves into the connection stream. This provides them with the ability to perform deep application-layer inspection of traffic to identify applicationlevel attacks, such as SQL injection exploits.
The main disadvantage to private proxy-based firewalls is their cost. They are significantly more expensive than standard stateful inspection firewalls both in terms of actual financial cost and processing time used. The best way to compensate for this is to use the proxy features sparingly. If an application will not significantly benefit from proxy filtering, disable application filtering for that particular rule. This will help to squeeze maximum performance out of the firewall.
Thanking you!!! For more info log on too... http://proxiesforent.com
Published on Mar 23, 2014
Socket Secure (SOCKS) is an Internet protocol that routes network packets between a client and server through a proxy server. SOCKS5 additio...