Solved

Web Proxy vs Winsock Proxy vs Socks

Posted on 2002-05-28
3
1,862 Views
Last Modified: 2013-12-28
In Microsoft Proxy Server 2.0 there are 3 different components WEB PROXY, WINSOCK PROXY and SOCKS PROXY.  What is the difference between them?  I notice that there is only one service running in the SERVICES applet "Microsoft Winsock Proxy", which one does this represent?  Do they provide different functionality and can they run individually or are they dependant on each other?
0
Comment
Question by:teknetics
  • 2
3 Comments
 
LVL 1

Expert Comment

by:papercert
ID: 7040325
The following is from the MS proxy documentation...

Proxy Server implements all product features by using the following three services:
7      Web Proxy service Provides caching, cache routing (CARP), support for chains, and reverse proxying. The Web Proxy service supports any client that supports the HTTP protocol.
7      WinSock Proxy service Redirects Windows Sockets (WinSock) version 1.1 API calls, performs IPX-to-IP conversion, and provides server proxying. The WinSock Proxy service supports any client that supports Winsock 1.1 or above.
7      Socks Proxy service Provides SOCKS support. The Socks Proxy service supports any SOCKS client application that adheres to the SOCKS (version 4.3a or below) standard.

The Web Proxy Service
The Web Proxy service supports proxy requests from any browser that is compatible with the standard CERN proxy protocol, such as Microsoft Internet Explorer or Netscape Navigator. You can use a computer that runs any operating system, such as Windows 95, Windows NT, Macintosh, or UNIX.

The Web Proxy service communication path
The Web Proxy service provides the following features:
7      CERN-proxy compatibility The Web Proxy service supports all popular Internet browsers and the Hypertext Transport Protocol (HTTP), Gopher, and File Transfer Protocol (FTP) protocols. Also, the Web Proxy service supports the HTTP-S protocol for secure sessions by using Secure Socket Layer (SSL) connections.
7      HTTP and FTP object caching The Web Proxy service stores copies of requested Internet resources in a dedicated cache. Subsequent requests for these objects can be serviced from the server disk rather than by issuing the request over the Internet. This improves client browser performance, decreases user response time, and reduces bandwidth consumption on your Internet connection. Proxy Server also uses active caching. The Web Proxy service uses active caching to proactively ensure the freshness and availability of popular objects. Proxy Server can be set to automatically connect to the Internet and download certain Internet objects based on their popularity, without client initiation. Objects are subject to active caching on the basis of their popularity relative to their rate of change. You can also customize how often the cache is updated.
7      Reverse proxying and reverse hosting for Web publishing Reverse proxying is the ability to listen to incoming requests for an internal Web (HTTP) server computer and forward requests to that server. In this way, a server is protected by Proxy Server's security features. Reverse hosting takes publishing to the next logical step by maintaining a list of internal server computers that have permission to publish to the Internet, thereby allowing Proxy Server to offer access to multiple servers that are located behind it. The reverse proxying and hosting features offer great flexibility and enhanced security. Virtually any computer on your internal network that is running an HTTP server application, such as IIS, can publish to the Internet. Security is not compromised as all incoming requests and outgoing responses pass through Proxy Server first, so there remains only a single access point to the Internet.
7      User-level security for each application protocol Proxy Server can be configured to allow anonymous requests by users or to require users to be authenticated (validated) by the server. Once users are authenticated, you can determine which protocols (HTTP, FTP, or Gopher) are accessible for each user. Users can be granted access to selected protocols. The Web Proxy service provides secure, encrypted logon for those browsers that support Windows NT challenge/response authentication and provides basic authentication for other browsers. You can also use data encryption by means of SSL tunneling.
7      Restricted (filtered) access to Internet sites You can restrict access to remote Web sites by domain name, IP address, and subnet mask. You can choose to grant access to all Web sites except those listed or deny access to all Web sites except those listed. The settings are global and affect all users who access the Internet through the Proxy Server computer.
7      IP-address aggregation All requests to the Internet are done with the Proxy Server's external (Internet) IP address as the source address. This hides internal IP addresses and allows the use of unregistered or private addresses.
7      Logged information about Internet requests made by clients A new log can be created daily, weekly, or monthly. The log can be maintained in a text file or in an ODBC-compliant database (such as Microsoft SQL Server).
7      Compatibility with all popular client operating systems and client hardware platforms, including Windows, Macintosh, and UNIX

The WinSock Proxy Service

The WinSock Proxy service makes a Windows Socketscompatible client application, such as Telnet, mail, news, NetShow, RealAudio, or IRC, perform as if it were directly connected to the Internet. The client application makes Windows Sockets API calls to communicate with an application running on an Internet-based computer. The WinSock Proxy components redirect the necessary APIs to the Proxy Server computer, thus establishing a communication path from the internal application to the Internet application through the Proxy Server computer. The following illustration shows the communication path for the WinSock Proxy service.
 
The WinSock Proxy service communication path
The WinSock Proxy service provides the following features:
7      Support for TCP/IP and IPX/SPX on the internal network The WinSock Proxy service supports communication over TCP/IP and IPX/SPX on the internal network, allowing access to Internet sites from Internet applications on the network. However, only applications that have been written to use Windows Sockets over TCP/IP (Internet applications) can be redirected.
7      Windows NT challenge/response authentication between the client and the server The WinSock Proxy service provides Windows NT challenge/response authentication (a secure, encrypted logon process) whether or not the client application supports it. You can use Windows NT challenge/response authentication between clients and the WinSock Proxy service to avoid sending passwords across the internal network. Once authentication is done, the WinSock Proxy service uses the logon user name to verify that the user has permission to do the network operations attempted by the application. Authentication for an application is done one time only: when the application first links to Windows Sockets. This avoids the overhead of authentication on each network connection.
7      Compatibility with virtually all existing Windows Sockets version 1.1compatible applications The WinSock Proxy service offers client and server support for most standard and custom Internet applications that communicate by using Windows Sockets. Almost all Windows Sockets 1.1 TCP/IP applications can be redirected.
7      Inbound and outbound access control You can control access by port number, protocol, and user or group. Each port can be enabled or disabled for communications by a specific list of users or user groups. The list of users that can initiate outbound connections on a port can be a different list than the list of users that can listen for inbound connections on the same port.
7      Restricted (filtered) access to Internet sites You can restrict access to remote Web sites by domain name, IP address, and subnet mask. You can choose to grant access to all Web sites except those listed, or deny access to all Web sites except those listed. The settings are global and affect all users who access the Internet through the Proxy Server computer.
7      External (Internet) users are blocked from accessing internal network computers The WinSock Proxy service prevents routing from the Internet to the internal network.
7      IP-address aggregation All requests to the Internet are done with the Proxy Server's external (Internet) IP address as the source address. This hides internal IP addresses and allows the use of unregistered or private addresses.
7      Logged information about Internet requests made by clients A new log can be created daily, weekly, or monthly. The log can be maintained in a text file or in an ODBC-compliant database (such as Microsoft SQL Server).
7      Compatibility with Windows-based client computers The application running on the internal network must be a 16-bit or 32-bit Windows Sockets 1.1 application on a computer running Windows For Workgroups 3.11, Windows 95, or Windows NT. The application running on the external network can be any TCP/IP-based application on any common operating system such as Windows, UNIX, or Macintosh.
The Socks Proxy Service
SOCKS is a cross-platform mechanism that establishes secure communications between client and server computers. The Socks Proxy service supports SOCKS version 4.3a and allows users transparent access to the Internet by means of Proxy Server. The Socks Proxy service extends the redirection provided by the WinSock Proxy service to non-Windows platforms. It uses TCP/IP and can be used for Telnet, FTP, Gopher, and HTTP. The Socks Proxy service does not support applications that rely on the UDP protocol.
Socks Proxy clients establish a connection to the Proxy Server computer and the Socks Proxy service relays information between the client and the Internet server. Security is based on IP addresses, port numbers, and destination hosts. The Socks Proxy service does not perform client password authentication, nor does it support the IPX/SPX protocol.
The Socks Proxy service provides the following features:
7      Support of TCP/IP on the internal network and use of Identification Protocol (the Identd Simulation service) authentication to maintain communications with clients
7      Compatibility with all popular client operating systems and client hardware platforms, including Windows, Macintosh, and UNIX
7      Support for the SOCKS standard configuration file
7      Logged information about SOCKS requests made by clients
A new log can be created daily, weekly, or monthly. The log can be maintained in a text file or in an ODBC-compliant database (such as Microsoft SQL Server).


Also, you can stop/start them individually using the MMC.

Let us know if you have any other questions.
Thanks.
0
 

Author Comment

by:teknetics
ID: 7040348
Thanks for the response.  Just one more question.  I know you can stop and start each of the components from the MMC.  However, I'm looking for a way to monitor them from a script.  Unfortunately, my scripting capability is limited to command line scripting and I can only check the services that are running in the SERVICES applet.  Do you know of a way to monitor these components from a command line?
0
 
LVL 1

Accepted Solution

by:
papercert earned 200 total points
ID: 7041592
Both the Web Proxy and Socks proxy run within IIS's WWW service.  Other than starting/stopping the w3svc, I don't know of any way to start/stop either the web proxy or socks proxy from a command line.
0

Featured Post

Why You Should Analyze Threat Actor TTPs

After years of analyzing threat actor behavior, it’s become clear that at any given time there are specific tactics, techniques, and procedures (TTPs) that are particularly prevalent. By analyzing and understanding these TTPs, you can dramatically enhance your security program.

Join & Write a Comment

Our Group Policy work started with Small Business Server in 2000. Microsoft gave us an excellent OU and GPO model in subsequent SBS editions that utilized WMI filters, OU linking, and VBS scripts. These are some of experiences plus our spending a lo…
NTFS file system has been developed by Microsoft that is widely used by Windows NT operating system and its advanced versions. It is the mostly used over FAT file system as it provides superior features like reliability, security, storage, efficienc…
With the advent of Windows 10, Microsoft is pushing a Get Windows 10 icon into the notification area (system tray) of qualifying computers. There are many reasons for wanting to remove this icon. This two-part Experts Exchange video Micro Tutorial s…
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.

743 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

10 Experts available now in Live!

Get 1:1 Help Now