The cache catcher

An organisation's main Internet security policy rests in its proxy servers so the skill will always be in demand, writes Nick...

An organisation's main Internet security policy rests in its proxy servers so the skill will always be in demand, writes Nick Langley.

What is it?
Proxy servers are a combination of an Internet cache - storing commonly requested Web pages to take some pressure off production servers and networks - and a firewall.

The proxy server sits between clients, such as Web browsers, and the organisation's main servers. Having scanned and authenticated each request, the proxy server attempts to fulfil it from documents stored in cache without calling on the main servers.

It can also be used to scan outgoing traffic to ensure that employees are not using offensive language and materials, or accessing forbidden sites.

The best known was Microsoft Proxy Server, replaced in 2001 by the Internet Security and Acceleration Server 2000 (ISA), but there are many others, with major contenders from Sun, Netscape and Apache.

Where did it originate?
Proxy servers began as a form of firewall. Instead of allowing requests to go direct to the main servers, the proxy server would intercept them, authenticate the user, scan for viruses and inappropriate content, and only then let the request pass through. In practice, scanning every bit of content either requires unviable numbers of servers, or imposes too long a delay on traffic. So part of the skill of configuring proxy servers involves balancing security needs against performance requirements.

What is it for?
Proxy servers protect corporate information assets, and improve response times. Traffic is monitored and controlled through application and packet level filtering and packet inspection.

Caching works by storing the most frequently accessed pages. Documents such as the home page, company news and announcements, or details of products most in demand, can be preloaded into the cache.

All requests for these pages can then be dealt with by the proxy server, and the source servers only become involved when pages need to be updated.

Alternatively, algorithms can determine whether a page accessed by one user is likely to be required by another, and is therefore worth keeping in the cache.

Proxy servers can also be used in small businesses and offices to enable a number of users to share a single Internet connection.

What makes it special?
A proxy server is the main engine for implementing an organisation's Internet security policy.

Properly configured, its cache capability can deliver response times that would only otherwise be possible with a much larger server farm and more network bandwidth. The caching capability of distributed proxy servers can be used for load-balancing and fault tolerance.

How difficult is it?
Configuring proxy servers to meet the particular requirements of the organisation, and implementing security at a nuts-and-bolts level, require both advanced technical skills, and the ability to grasp corporate aims and policies.

Where is it used?
The biggest arrays of proxy servers are run by organisations like AOL and Compuserve.

Not to be confused with . . .
The tribute band Proxy Music, or Chicken Licken's nemesis, Proxy Loxy.

What does it run on?
Although it can serve non-Windows servers, Microsoft's ISA needs to run on Windows 2000. Netscape and Apache proxy servers can be used with Windows, Solaris, Linux and other servers.

Few people know that . . .
Microsoft's ISA is not a technology stock-related tax free savings account.

What's coming up?
Security features like certificate-based client authentication; greater convenience through single sign-on.

Read more on IT risk management