For Large networks, to a network administrators, the need for proxy servers–intermediaries that stand sentinel between an internal network and the open Internet–is so basic, it goes almost without saying. But in smaller organizations that lack dedicated IT resources, the need may not be quite so self-evident.
How they work
Within a company’s network, proxies intercept requests for Internet pages from users and perform a number of chores related to improving performance, enforcing company Web use policies and protecting the network. This is many a times referred to as a forward proxy server.
If your company on its premises also hosts its own Web servers, you would additionally require a reverse proxy to perform a complementary, but somewhat different, set of security- and performance-related tasks around requests coming from the Internet into your servers.
We’re going to focus in this article on the first kind of proxy–and a service-based variant of interest to consumers and mobile business users.
Proxy that forward
When a web page is requested from an internal user, the request goes through the proxy server so that it appears to the Internet to be coming from the server – from its IP address (or one of them) – and not the user’s device. This anonymity provides an important measure of security by reducing the amount of information about a network and its users easily accessible to hackers on the Internet.
In addition, perform caching may be performed by the proxy server.
If your users frequently need to access certain pages on the Internet, the server can download and store copies on its hard drive, in cache and also continuously monitor the page for changes and download them when they appear, so the cached page is always up to date.
Consultant James Quin, a lead analyst at research and consulting firm Info-Tech Research Inc., says caching speeds things up for everybody:
“So now when someone requests that page or resource, the proxy server says, ‘Wait, I’ve got it right here,’ and furnishes it back to the end user without having to go out to the Internet,” Quin explains.
This speeds display of cached pages for users, hence cuts traffic going out over the company’s Internet gateway, thus potentially reducing bandwidth requirements and congestion that can degrade overall performance.
Controlling Web surfing
A third important set of proxy server chores relates to enforcement of company policies and restrictions around Web use.
In organizations that allow employees unrestricted access to the Internet but publish policies limiting personal use–no gambling, po** or hate literature sites, for example, or only during lunch and breaks–network administrators can monitor proxy server logs to spot users habitually breaching policies.
But monitoring proxy logs can be a tricky business, cautions consultant Steve Armstrong, technical security director at UK-based consultancy LogicallySecure.
Some companies make the mistake of installing a proxy and then never looking at it again, thus wasting much of its potential utility, Armstrong says. But others spend too much time poring over logs. “It can be almost like stalking or harassment of users by proxy.”
If employees are allowed to use the Web for personal surfing, too-close monitoring could result in privacy and labor law infringements by the company–if an employee is researching a medical problem on his lunch hour, for example.
In addition, if administrators closely monitor the activity of an employee for no very good reason–especially in the absence of clearly stated policies–and later try to bring disciplinary action for violations, unions or lawyers may be able to claim the company was victimizing the employee.