ICAP and the Proxy

For IT administrators, the proxy is a well known part of the network infrastructure. Admins use the proxy to secure their end-user's access to web sites on the Internet, and they expect the proxy to provide access restrictions and logging based on the websites visited. Today proxies do more than ever before.

With the introduction of ICAP (Internet Content Adaptation Protocol) based on RFC 3507 (2003), proxies gained the ability to provide even more significant security functions. ICAP specifically has been implemented with proxies for anti-virus scanning (including malware scanning), URL filtering, and for DLP/ILP (Data Leakage Protection/Information Leakage Protection) scanning.

ICAP allows the proxy to talk to a secondary device, using policy to decide what needs to be sent to the secondary device for filtering/scanning. For example an administrator can create a policy on a proxy to have all file attachments sent to the ICAP server for anti-virus scanning. This is useful where end-users have access to webmail on the Internet, and are downloading files from the email service. Any other files downloaded from the web can be targeted for malware scanning as well.

In the DLP/ILP scenario, a policy for any files uploaded to a webmail service could be implemented to allow for the search of any proprietary or confidential information in the uploaded file.

One of the biggest benefits of ICAP, is the standards based nature of the protocol, allowing the administrator to choose from a variety of vendors for anti-virus, URL and DLP/ILP solutions that can integrate with their proxy. These new tools for the proxy let the IT administrator keep web browsing safe for their end-user in a age when more threats than ever are showing up on web pages.