IP Proxy Servers

IP Proxy Servers

A proxy server is one of several solutions to the problems associated with connecting your intranet or corporate network to the Internet. A proxy server is a program that handles traffic to
external host systems on behalf of the client software running on the protected network; this means that clients access the Internet through the proxy server. It’s a bit like those one-way mirrors—
you can see out, but a potential intruder cannot see in.

Note:

Another mechanism used to monitor and control traffic between the Internet and an internal network is a firewall. Although the functions performed by proxy servers and firewalls are related and appear in combination products, they’ll be presented in different chapters here. You will find more information on firewalls in Chapter 9, “Fault Tolerance and Disaster Recovery,” while additional coverage of various proxies can be found in Chapter 8, “Network Access and Security.”

A proxy server sits between a user on your network and a server out on the Internet. Instead of communicating with each other directly, each talks to the proxy (in other words, to a “standin”).
From the user’s point of view, the proxy server presents the illusion that the user is dealing with a genuine Internet server. To the real server on the Internet, the proxy server gives the illusion that the real server is dealing directly with the user on the internal network. So a proxy server can be both a client and a server; it depends on which way you are facing. The point to remember here is that the user is never in direct contact with the Internet server, as Figure 3.6 illustrates.
       The proxy server does more than just forward requests from your users to the Internet and back. Because it examines and makes decisions about the requests that it processes, it can control
what your users can do. Depending on the details of your security policy, client requests can be approved and forwarded, or they can be denied. And rather than requiring that the same restrictions be enforced for all users, many advanced proxy server packages can offer different capabilities to different users. 

FIGURE 3 . 6 How a proxy server works

Warning:

A proxy server can be effective only if it is the only type of connection between an internal network and the Internet. As soon as you allow a connection that does not go through a proxy server, your network is at risk.

Proxy Server Caching

Many proxy servers can cache documents, which is particularly useful if a number of clients request the same document independently. With caching, the client request is filled more

quickly and Internet traffic is reduced. The types of caching are as follows: 

      Active Caching The proxy server uses periods of low activity to go out and retrieve documents that it thinks will be requested by clients in the near future.

      Passive Caching The proxy server waits for a client to make a request, retrieves the document, and then decides whether or not to cache the document.

Note:

Some documents, such as those from a paid subscription service or those that are subject to constant change (for example, documents from financial institutions, documents relating to stock ticker records, and those requiring specific authentication) cannot be cached.

Large companies may have multiple proxy servers, and two caching standards have emerged:

Internet Cache Protocol (ICP) Internet Cache Protocol (ICP) specifies a message format to be used for communications between proxy servers; these messages are used to exchange information

about the presence or absence of a specific web page in the proxy server cache. Unfortunately, ICP is not scalable, and the number of ICP messages exchanged between proxy servers climbs rapidly as the number of proxy servers increases.

Cache Array Routing Protocol (CARP) Cache Array Routing Protocol (CARP) offers a solution to the ICP problem by using multiple proxy servers with a single large cache. CARP removes the need for proxy server–to–proxy server communications and also prevents the information in the cache from becoming redundant over time. CARP is referred to as queryless distributed caching and is supported in Netscape and Microsoft proxy server products.