The Good and Evil of Proxy Servers

David Strom, former editor-in-chief at Network World wrote an article on the Good and Evil of Proxy servers this week and I thought it would be a good chance to highlight what most of us already know about proxies, that they have their uses in helping the security and bandwidth utilization of a network, and they can be used for malicious intent as well.

First, Strom reminds us how enterprises use proxies:

... Enterprises that want to cut down on their bandwidth usage, improve performance and security, and have control over what their users see use [proxies] all the time. Each browser first checks and sees if the Web page that is being requested is on the proxy's cache, or memory, and if so, it saves a few milliseconds or more by grabbing the page directly, without having to traverse the Internet at all.

So proxies are often combined with caching servers to deliver the best combination of features and management. As far as the browsing user is concerned, all this happens without any notification, other than the pages seem to load quicker on their PCs. About the only configuration option is the IP address of the server, which is placed inside the browser options or network settings. And proxies are available for more than just Web protocols, although that is their most popular use case.

Strom then goes on to talk about when proxies can be used for malicious purposes.

Proxies are supposed to be for internal users of an enterprise, but if a hacker can find out the IP address of an internal proxy, they can gain access to lots of network resources.

This was a common MO for the hacker Adrian Lamo, among others, and you still find corporations that haven't locked their proxies down with the appropriate security. It is also possible for proxies to operate on a user's PC without their knowledge, which is a common way botnets are created.

The third type of proxy, Strom discusses is one of the most common uses of proxies, the anonymizing proxy which hides your tracks when you browse the internet. These can be of course used for either good or evil.

Finally Strom talks about some proxies that made the news this week:

Now to the news. Microsoft filed suit in federal court yesterday against three people it claims were defrauding Internet advertisers by having automated programs mimic users clickstreams. They found the fraudulent activities by tracing the actions to two proxy servers. And once they blocked the particular IP addresses of the proxies, the fraudsters would simply alter them in a continual game of cat and mouse. The fraud involved is significant, and ClickForensics estimates that 14% of the total ad clickstream is faked.

When the Iranian government wanted to block Internet access, several private individuals from around the globe took it upon themselves to set up the open source proxy Squid (squid-cache.org) and other tools on their own networks to get around these blocks. They then publicized (via Twitter) the IP address of their Squid PCs so that anyone could connect to the open Internet, rather than be blocked. Of course, as the government learns of these addresses, they add them to their block list, so another cat and mouse game ensues.

All this is a good overview of our proxy world, and a good reminder to keep our corporate proxies up to date, to ensure hackers don't gain access to our internal resources.