| (I) A computer process--often used as, or as part of, a firewall--
that relays a protocol between client and server computer systems,
by appearing to the client to be the server and appearing to the
server to be the client. (See: SOCKS.)
(C) In a firewall, a proxy server usually runs on a bastion host,
which may support proxies for several protocols (e.g., FTP, HTTP,
and TELNET). Instead of a client in the protected enclave
connecting directly to an external server, the internal client
connects to the proxy server which in turn connects to the
external server. The proxy server waits for a request from inside
the firewall, forwards the request to the remote server outside
the firewall, gets the response, then sends the response back to
the client. The proxy may be transparent to the clients, or they
may need to connect first to the proxy server, and then use that
association to also initiate a connection to the real server.
(C) Proxies are generally preferred over SOCKS for their ability
to perform caching, high-level logging, and access control. A
proxy can provide security service beyond that which is normally
part of the relayed protocol, such as access control based on peer
entity authentication of clients, or peer entity authentication of
servers when clients do not have that capability. A proxy at OSI
layer 7 can also provide finer-grained security service than can a
filtering router at OSI layer 3. For example, an FTP proxy could
permit transfers out of, but not into, a protected network.
|
