This architecture has its own drawback, though-if you take a computer out of the network to use at home or elsewhere, it becomes unprotected. Then it routes all of your traffic through the proxy. It also won’t help if they’ve somehow attached a malicious device to your network.Īn alternative proxy architecture that’s useful in these situations basically just connects the outside of your network’s firewall to the proxy server using a sort of tunnel or VPN (virtual private network). So if there’s a highly vulnerable device on your network like a printer, and an attacker has managed to break into it and use it to connect back to their command and control server, a proxy won’t help you. The other problem is this proxy architecture doesn’t help any systems that don’t have the special redirection software on them. Ideally, it’s integrated into your computer’s own network drivers. In this type of architecture, it’s extremely important for the redirection software to be inaccessible with normal user credentials and impossible to bypass. So a proxy would be a useful tool in detecting that type of traffic.īut that malicious software is presumably running on your computer where it could, in theory, detect and bypass the app that forwards your packets through the proxy. One way it might try to hide that traffic is in an encrypted HTTPS web session. If there’s a piece of malicious software on your computer, it might try to “call home” for instructions or upload information stolen from your system. For example, one of the use cases for a proxy is to identify “command and control” traffic. It has the disadvantage that some malicious software on your computer might be able to avoid it. This has the advantage that all of the traffic from your web browser is automatically routed through the proxy, even if you aren’t in the office. Some proxies use an app or a browser plug-in to redirect your web traffic through the proxy server. There are a few different proxy architectures, each with their own advantages and disadvantages. And hopefully the very large proxy services will have enough customers to leverage their unique position in the middle of all of these sessions to identify new malicious content faster than you would on your own. So why would attacking your own web session make you more secure? Well, that proxy server-located out on the internet, decrypting and looking at your web sessions-is inspecting that data for any signs of malicious content. But this particular man-in-the-middle is allowed because you also trust the certificates the proxy server is using. This is essentially a “man-in-the-middle” attack against your web session, something the certificates were intended to prevent. Once that’s done, it sends them to your browser. Then it takes the responses from the website, decrypts them as if it was your web browser, and stuffs them into a new packet in the original HTTPS session that you started. It uses the data in your original web session to build the packets to send to the real site. The proxy server establishes a connection to the real destination website using the real certificates for that website on your behalf. When you connect to a website through a proxy, your browser first connects to the proxy using an HTTPS session. ![]() They’re used to prove that other certificates that are used to actually encrypt your web traffic are actually valid. These certificates are hierarchical, with a top-level certificate held by a recognized authority like Verisign or GoDaddy. HTTPS uses a system of trusted “certificates,” which you can think of as very long complicated passwords. But it makes it difficult to inspect that content for malicious content as it goes through the network. Most web content is encrypted to protect your privacy. Proxies are now commonly used for an entirely different purpose: security. ![]() A CDN effectively does the same thing-it caches content and brings it closer to the user to reduce latency. There’s still a caching speed benefit when loading content from very remote or very slow websites, but most of the heavily used sites on the internet are supported by a CDN (content delivery network). Internet links are faster now, and increasingly, people are using proxies that are also in the cloud. Then, because the content is local, the next person to hit that site will get a fast response. In this use case, the first time a person in your network goes to a website, the static content (particularly graphic images) gets downloaded and cached. Originally the main use case for a proxy was as a caching server. There are a lot of reasons why you might want to intercept packets. Web proxies intercept traffic from your systems as they move to other systems, analyze the packets, then send the data along.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |