Sunday, August 27, 2006

Proxy - Your Guardian

Proxy can serve as double edged sword, while it can mask one's track by hopping through multiple proxies(stepping stone), it can be a very effective defensive|preventive perimeter. Most of people know the infamous Squid, which can run as either transparent proxy or reverse proxy. Squid definitely is a powerful tool, however sometimes we would like to have alternative, here are the other good alternatives -

- Apache(Forward & Reverse Proxy)

- Pound(Reverse Proxy)

- Delegate(Application Proxy)

I'm looking at pound and delegate, thanks to Chflags who recommends me to take a look at it. Delegate seems to be very interesting when comes to proxying application protocol as well, and it has whole lot of features that I need to try.

While network security monitoring requires visibilities of network, pound can be used as ssl terminator, decrypting the ssl connection and send it back to the backend web server.

Other nifty proxy application that can be used will be Privoxy, privoxy can be used to mangle the traffics, hence it can used to protect your browser bug. While reverse proxy serve as server side protection layer by applying sanitizer and filtering, transparent proxy will be more of protection layer for client side. It may sound like security through obscurity, but it is the fastest way to defense against outbreak period since applying filtering rules in proxy can be done in short time.

On the other hand, remember proxy is fast - with caching enabled.

Cheers :]

No comments: