Search This Blog

Thursday, 18 July 2013

Monday, 15 July 2013

Forward Proxy vs Reverse Proxy

Today we are going to discuss about two well known categories of proxy named as forward proxy and reverse proxy. First of all what is proxy? in computer networking this term proxy is use to represent a node or application which is acting on behalf of client or server, it's neither original source nor original destination instead it's intermediate which is acting on behalf of either client (source) or server (destination). based on it's placement and working it can be categorized as forward proxy and reverse proxy .

Forward Proxy - Such type of proxy generally used on closer side to client or a group of client and and help to hide source identity. for example if i want to allow my LAN to access internet resource but i don't want to reveal their identity to outsiders then forward proxy is helpful to me. in forward proxy implementation case all LAN users are suppose to generate request for internet or external resources with their own identity to server hosted on internet or outside to your network then this packet will be processed by proxy and depending on your configuration proxy will perform filtering and authentication if it's allowed packet then proxy use to forward it destination to server hosted on internet or outside with proxy identity as source. once packet delivered to server response will be generated by server and delivered to proxy as server will assume proxy as his client,  server ( or any other node beyond proxy ) won't get any idea about internal client in LAN and then this response will be forwarded to original client in LAN by proxy.
                                                              we have one more concept of Open Proxy in this category, Open proxy is again a forward proxy which is accessible to any internet users to place web service or any internet service request anonymously any internet user can use open proxy to hide it's own identity, generally it's used by attackers to make tracking difficult (it's not impossible to track but it's difficult) as it use to hide source identity.

Reverse Proxy - Such type of proxy generally used on closer side to server or a group of servers and help to hide server's identity for example if i am having a server or multiple server hosted in my DMZ and i want to allow secure access to these server for internet users or outsiders but i don't want to share my server's details with them then Reverse proxy is helpful to me. in revery proxy implementation case i have to advertise that all my services are hosted on proxy's IP but actually they will hosted on a internal server or may be multiple internal servers, because i am advertising proxy's IP for my services so all external or internet users request will be destination to proxy then proxy will accept those request on behalf of server/servers and depending on your configuration perform filtering and authentication (we may configure different filtering and authentication for different server) if it's allowed packet forward to appropriate server  then server will process this packet and generate response for the same , this response will be forwarded to proxy and then proxy will remove server's identity and forward this packet to client with self identity. this complete process is hidden from client and for all external or internet client proxy will be acting as final server client will assume that all these response are coming from proxy itself he won't get any idea about internal servers hosted in DMZ so for all external and internet users proxy will be acting as server.

I hope i made these Forward and Reverse Proxy understandable to you , if not please let me know your valuable suggestion to make it more clear and understandable. :-)

Sunday, 14 July 2013

NAT vs Proxy

Hello friends, lets have some discussion on NAT & Proxy today. in this article i am going to highlight some differences between NAT & Proxy specially from security point of view, as we all knows these two terms can be define as follows

NAT - Network Address Translation which can be used to translate source/destination address and source/destination port as per our need.

Proxy - Proxy is a node which works on behalf of server/client

now if we will compare these two from security point of view starting from NAT it can be used to mask your original address/port from outsiders with the help of translation but it used to create direct circuit ( communication path ) between client and server. if a client request for a session through NAT this packet will be processed by NAT enforcement node and only address/port will be translated within header as per your configuration and packet will be forwarded to server having all other header information intact and vice versa for reply packet so outsiders will not be able see original address/port but rest of header information will be visible. on other hand proxy can be used to mask you original address along with few more security options like authentication and in case of proxy there is no direct circuit between client and server that's why proxy can be referred as Circuit Level Gateway as well, because it use to break your circuit and maintain two circuits one between client to proxy and other between proxy to server. if a client request for a session through proxy then this request packet will be processed by proxy itself and it start pretending as server for client and take only payload of client packet excluding complete header information and then craft a new packet for the server with new header information and to server it start pretending as client and vice versa for reply packet so outsiders will not be able to see any header information including your original address/port they can see proxy header instead.

In summary proxy is more secure than NAT as it hides complete header and it may provide authentication & caching too but NAT is faster than proxy when it comes to performance.

I hope it will help you to understand security differences between these two widely used security options in today's computer networks. :-)

Friday, 12 July 2013

Protocol vs Service

Just think HTTP, FTP, SMTP, PPP,  SLIP, SNMP, etc these should be treated as Protocol or Service? or which one is protocol & which one is service? In computer networking sometime it's become challenge to identify Protocols and services and it's not wise to remember this list so let's discuss some point which can help us to differentiate protocols and services . as we know we can define these two terms as follows:-

Protocol - Set of rules
Service - Serving something

from above definition it's quite simple that all services should be treated as protocols as without following rules it's not possible to deliver a service but reverse is not true all protocols aren't a service, to make this more simpler we can take reference of OSI & DOD/TCP model that anything which goes beyond Transport layer should be service and below transport layer it should be protocol or in short we can say "when protocol got mapped with a port no. it becomes service else it should be treated as protocol" as we know port no. is related to transport layer and anything which is going beyond transport should be using port no whether it's TCP port or UDP port and bellow transport we don't have ports. let's get back to our original discussion and check if this article help us to identify them correctly
HTTP, FTP, SMTP, & SNMP - all these protocols are using certain port so they should be categories as Service where PPP & SLIP should be categorize as Protocol as they work without port.

I hope it will help you to understand protocol and service in computer networking. :-)