The Best Practices for Network Security Placement with a Caching Proxy Server
The Best Practices for Network Security Placement with a Caching Proxy Server
A caching proxy server is a computer system or application that accepts requests for Web objects—such as Hypertext Markup Language (HTML) pages, images and scripts—and passes them on to a real Web server. When the Web server responds to a request for a Web object, the caching proxy server stores a copy of the object locally, so that it can be retrieved quickly when requested again.
Connections :
A caching proxy server creates two connections, one between the client and the proxy server and another between the proxy server and the Web server. In other words, a caching proxy server is an intermediary in the network path between the Web server and the client. As such, a caching proxy can provide a significant level of security—in terms of preventing unauthorized access and malicious traffic—as long as security measures are properly placed and configured.
Hypertext Transfer Protocol
The operation of Web servers is governed by a formal set of rules, known as Hypertext Transfer Protocol (HTTP), which has been exploited in various ways by attackers. According to the National Institute of Standards and Technology (NIST), best practices for network security with a caching proxy server involve installing a special type of firewall, known as a Web application firewall, in front of the Web server. A Web application firewall protects the Web server from attack. The caching proxy server examines a set of rules defined by the firewall to determine whether traffic should be permitted or denied access to the Web server.
Exploits
A caching proxy server isn’t a real server, meaning that it doesn’t process the commands in the traffic it receives. Instead, a caching proxy server simply captures the traffic it receives, analyzes it and, if appropriate, forwards it to the real server. Thus, a caching proxy server protected by a firewall cannot be compromised by malicious traffic intended for the Web server and, in fact, detects and filters out any such traffic before it can do any damage.
Authentication
According to the NIST, a caching proxy server must be configured so that it allows only traffic from authenticated sources, typically identified by a user name and password, to traverse the Web application firewall. Similarly, a caching proxy server must handle all outbound connections to external Web servers in such a way that it filters so-called active content, including JavaScript applications and embedded objects, and prevents malicious software, such as viruses, worms and Trojan horses, from accessing the Internet.
0 Response to "The Best Practices for Network Security Placement with a Caching Proxy Server"
Post a Comment