For those of you that use Blue Coat ProxySG devices as your proxy, you may have noticed the term "Application Delivery Network" appearing on their website. While this may not be a surprise to Blue Coat fans that have been following the Packeteer acquisition, it is a surprise if you've not been that concerned with PacketShaper and have been busily securing your enterprise network.
The term Application Delivery probably isn't that new sounding to most people as it's already been claimed by a number of other companies as well. F5 and Citrix both come to mind as companies that have in recent times used that terminology.
Is Blue Coat all that different or the same as those other vendors? Well, for starters, to us Blue Coat has always been the "proxy" company. F5 and Citrix aren't really known as proxy vendors, and of course here at "The Proxy Update" we have a certain affinity for proxy devices.
Blue Coat's proxy is of course more than just an HTTP proxy, having in recent years added additional protocol support as they added WAN Optimization functionality. Their claim is of course that with WAN Optimization and PacketShaper, they know have more visibility into the application layer, and what's happening with applications across the network, hence the new moniker, "Application Delivery Network". It fits and we can see where they're coming from. The interesting question will be what other companies try to use or fit into this terminology.
Thursday, January 29, 2009
Friday, January 16, 2009
Anonymous Proxies Remain a Major Concern for IT Managers
There's little surprise in this new report showing that 64% of IT managers consider anonymous proxies as a security threat. There's also a large increase in the volume of anonymous proxies on the Internet, and traditional web filtering using URL databases seems ineffective at blocking access to these anonymous proxies.
The idea behind an anonymous proxy is that you can point your browser explicitly to an anonymous proxy, and it will let you bypass your corporate or enterprise proxy, which typically would be blocking you from social or recreational websites like youtube or myspace, and preventing you from downloading any malware or viruses. No wonder IT managers find anonymous proxies to be a security threat.
If traditional web filtering using URL databases is ineffective at blocking access, then what's a proxy administrator to do? The only truly effective way to block an anonymous proxy is real time rating of a web address. Without real time rating, anonymous proxies appear and disappear too quickly to make it on to a URL database. The proxy administrator just needs to make sure the real time rating system they use is effective at recognizing anonymous proxies, and that a category exists to create policy to block anonymous proxy access.
The idea behind an anonymous proxy is that you can point your browser explicitly to an anonymous proxy, and it will let you bypass your corporate or enterprise proxy, which typically would be blocking you from social or recreational websites like youtube or myspace, and preventing you from downloading any malware or viruses. No wonder IT managers find anonymous proxies to be a security threat.
If traditional web filtering using URL databases is ineffective at blocking access, then what's a proxy administrator to do? The only truly effective way to block an anonymous proxy is real time rating of a web address. Without real time rating, anonymous proxies appear and disappear too quickly to make it on to a URL database. The proxy administrator just needs to make sure the real time rating system they use is effective at recognizing anonymous proxies, and that a category exists to create policy to block anonymous proxy access.
Monday, January 12, 2009
Finding the Proxy in WAN Optimization
You may be wondering what WAN Optimization has to do with a proxy, but in fact if you look at the implementation of WAN Optimization you'll find that most if not all WAN Optimization solutions behave very similarly to a proxy in many of the protocols they intercept and optimize.
If you're not familiar with WAN Optimization (and there's good reason not to be, as a recent Network World article discovered around a one-third of IT workers are not familiar with WAN Optimization), then it's probably a good time to get acquainted. As the economy worsens, your IT organization is probably looking for ways to save money and WAN Optimization may be the solution if you have high bandwidth costs between remote offices.
WAN Optimization, like a proxy, intercepts various protocols. In a proxy this protocol is of course typically HTTP. In WAN Optimization we generally talk about CIFS (file sharing), e-mail, HTTP, and other well known protocols. For obscure and proprietary protocols most WAN Optimization devices allow you to bypass these protocols and allow them to pass through the device unchanged. In a proxy many of the HTTP objects are cached to reduce the bandwidth used and improve the performance of the web service. In a WAN Optimization device, caching as well as protocol optimization, compression and other techniques are used to reduce the bandwidth going across the WAN link. Because of the necessity to manipulate bytes, the WAN Optimization device acts like a proxy terminating the protocol at the device.
Where WAN Optimization differs from a proxy is that a WAN Optimization device typically sits at both ends of the WAN link, whereas a proxy is usually a single point device. But both devices share similar features and functionality and in fact can even be the same device, at least in the case of the Blue Coat Systems ProxySG which is both a proxy and a WAN Optimization device.
Perhaps the WAN Optimization (proxy) should be the next proxy in your network.
If you're not familiar with WAN Optimization (and there's good reason not to be, as a recent Network World article discovered around a one-third of IT workers are not familiar with WAN Optimization), then it's probably a good time to get acquainted. As the economy worsens, your IT organization is probably looking for ways to save money and WAN Optimization may be the solution if you have high bandwidth costs between remote offices.
WAN Optimization, like a proxy, intercepts various protocols. In a proxy this protocol is of course typically HTTP. In WAN Optimization we generally talk about CIFS (file sharing), e-mail, HTTP, and other well known protocols. For obscure and proprietary protocols most WAN Optimization devices allow you to bypass these protocols and allow them to pass through the device unchanged. In a proxy many of the HTTP objects are cached to reduce the bandwidth used and improve the performance of the web service. In a WAN Optimization device, caching as well as protocol optimization, compression and other techniques are used to reduce the bandwidth going across the WAN link. Because of the necessity to manipulate bytes, the WAN Optimization device acts like a proxy terminating the protocol at the device.
Where WAN Optimization differs from a proxy is that a WAN Optimization device typically sits at both ends of the WAN link, whereas a proxy is usually a single point device. But both devices share similar features and functionality and in fact can even be the same device, at least in the case of the Blue Coat Systems ProxySG which is both a proxy and a WAN Optimization device.
Perhaps the WAN Optimization (proxy) should be the next proxy in your network.
Friday, January 9, 2009
The Video Dilemma
Google's Youtube provides more of the internet traffic than any other source and accounts for more than 98% off Google's internet traffic according to a recent CNet article (http://news.cnet.com/8301-1023_3-10132086-93.html).
In the month of November alone, over 5.1 billion videos were watched from Youtube. That should be making any system or network administrator wonder how much of it is going across their enterprise network.
If you allow videos on your corporate network, that's a sure reason to implement a proxy if you haven't already done so. Smart proxies should be able to implement a policy to cache Youtube type videos, so when a popular video comes out, and everyone in the office is trying to download it, you don't end up downloading multiple copies across your internet link. If you already have a proxy, you should investigate how to implement this type of policy on your existing proxy, perhaps before the upcoming Presidential Inauguration?
In the month of November alone, over 5.1 billion videos were watched from Youtube. That should be making any system or network administrator wonder how much of it is going across their enterprise network.
If you allow videos on your corporate network, that's a sure reason to implement a proxy if you haven't already done so. Smart proxies should be able to implement a policy to cache Youtube type videos, so when a popular video comes out, and everyone in the office is trying to download it, you don't end up downloading multiple copies across your internet link. If you already have a proxy, you should investigate how to implement this type of policy on your existing proxy, perhaps before the upcoming Presidential Inauguration?
Wednesday, January 7, 2009
Bandwidth Management
Bandwidth Management may seem like an unlikely topic for a proxy discussion blog this one. But it's an important feature in the proxy world that's probably not understood well, and not widely implemented in proxies.
For environments that have low bandwidth connections to the internet bandwidth management may make more sense than just block specific categories that you think are eating up bandwidth. This gives you the ability to allow a broader range of website categories that may be useful for your enterprise without having to have these activities eat up all the available bandwidth.
A good example of an implementation of bandwidth management could be a policy that implements a bandwidth limiting graphics and embedded video for the category sports. This would allow users to read the text of sports pages, but slows down the graphics and video from eating up all the bandwidth available, but still allows the download if the user is patient enough.
Bandwidth management may also be a good political solution in environments where outright blocks of specific website categories may cause an uproar in an enterprise or organization.
So the next time you're worrying about how much your organization is spending on bandwidth usage for Internet access, consider adding bandwidth management to your proxy's security policy.
For environments that have low bandwidth connections to the internet bandwidth management may make more sense than just block specific categories that you think are eating up bandwidth. This gives you the ability to allow a broader range of website categories that may be useful for your enterprise without having to have these activities eat up all the available bandwidth.
A good example of an implementation of bandwidth management could be a policy that implements a bandwidth limiting graphics and embedded video for the category sports. This would allow users to read the text of sports pages, but slows down the graphics and video from eating up all the bandwidth available, but still allows the download if the user is patient enough.
Bandwidth management may also be a good political solution in environments where outright blocks of specific website categories may cause an uproar in an enterprise or organization.
So the next time you're worrying about how much your organization is spending on bandwidth usage for Internet access, consider adding bandwidth management to your proxy's security policy.
Monday, January 5, 2009
New Year, New Threats
2009 brings with the anticipation of more malware, not less. Almost all the leading anti-malware firms have been quoted as expecting malware to increase in 2009 and the foreseeable future. While spam has decreased over the last few years, malware on websites has been on the increase. Drive-by downloads make the risk even greater as the act of merely visiting a website can infect a workstation. Even with this downturn in the economy, any enterprise should be investing in security, as the costs of a malware infection are going to be greater than any cost associated with security device like a proxy gateway for web access.
Proxy Gateways have the added benefit of being able to restrict certain types of websites in order to reduce the bandwidth costs of the organization's internet access. Any admin should be aware of how much bandwidth is being used for recreational activities, and how much is available for corporate use. Just be sure when implementing a security device like a proxy, to enable URL filtering and malware scanning.
Proxy Gateways have the added benefit of being able to restrict certain types of websites in order to reduce the bandwidth costs of the organization's internet access. Any admin should be aware of how much bandwidth is being used for recreational activities, and how much is available for corporate use. Just be sure when implementing a security device like a proxy, to enable URL filtering and malware scanning.
Subscribe to:
Posts (Atom)
Posts
