An organisation's main Internet security policy rests in its proxy
servers so the skill will always be in demand, writes Nick
Langley.
What is it?
Proxy servers are a combination of an
Internet cache - storing commonly requested Web pages to take some
pressure off production servers and networks - and a firewall.
The proxy server sits between clients, such as Web browsers, and
the organisation's main servers. Having scanned and authenticated
each request, the proxy server attempts to fulfil it from documents
stored in cache without calling on the main servers.
It can also be used to scan outgoing traffic to ensure that
employees are not using offensive language and materials, or
accessing forbidden sites.
The best known was Microsoft Proxy Server, replaced in 2001 by the
Internet Security and Acceleration Server 2000 (ISA), but there are
many others, with major contenders from Sun, Netscape and Apache.
Where did it originate?
Proxy servers began as a form
of firewall. Instead of allowing requests to go direct to the main
servers, the proxy server would intercept them, authenticate the
user, scan for viruses and inappropriate content, and only then let
the request pass through. In practice, scanning every bit of
content either requires unviable numbers of servers, or imposes too
long a delay on traffic. So part of the skill of configuring proxy
servers involves balancing security needs against performance
requirements.
What is it for?
Proxy servers protect corporate
information assets, and improve response times. Traffic is
monitored and controlled through application and packet level
filtering and packet inspection.
Caching works by storing the most frequently accessed pages.
Documents such as the home page, company news and announcements, or
details of products most in demand, can be preloaded into the
cache.
All requests for these pages can then be dealt with by the proxy
server, and the source servers only become involved when pages need
to be updated.
Alternatively, algorithms can determine whether a page accessed by
one user is likely to be required by another, and is therefore
worth keeping in the cache.
Proxy servers can also be used in small businesses and offices to
enable a number of users to share a single Internet connection.
What makes it special?
A proxy server is the main
engine for implementing an organisation's Internet security policy.
Properly configured, its cache capability can deliver response
times that would only otherwise be possible with a much larger
server farm and more network bandwidth. The caching capability of
distributed proxy servers can be used for load-balancing and fault
tolerance.
How difficult is it?
Configuring proxy servers to meet
the particular requirements of the organisation, and implementing
security at a nuts-and-bolts level, require both advanced technical
skills, and the ability to grasp corporate aims and policies.
Where is it used?
The biggest arrays of proxy servers
are run by organisations like AOL and Compuserve.
Not to be confused with . . .
The tribute band Proxy
Music, or Chicken Licken's nemesis, Proxy Loxy.
What does it run on?
Although it can serve non-Windows
servers, Microsoft's ISA needs to run on Windows 2000. Netscape and
Apache proxy servers can be used with Windows, Solaris, Linux and
other servers.
Few people know that . . .
Microsoft's ISA is not a
technology stock-related tax free savings account.
What's coming up?
Security features like
certificate-based client authentication; greater convenience
through single sign-on.