Solved

Proxy without scanning content

Posted on 2014-04-01
5
379 Views
Last Modified: 2014-04-02
I have read some excellent posts and have learned a lot, but have to ask one last question on this subject

If I have a proxy within the DMZ, and I do not scan for content, check for viruses, etc, and I do nothing to the content or block access based upon content, I might as well use port forwarding

Is this correct
0
Comment
Question by:Anthony Lucia
5 Comments
 
LVL 70

Accepted Solution

by:
Chris Dent earned 167 total points
ID: 39971914
Do you use it to cache content and therefore reduce the load on your WAN / Internet circuits?

Do you ever, or will you ever, need to refer to the logs? That depends a little on what the proxy does for you, but if you have hundreds of clients connecting through you will application-layer logs available to you. A traditional firewall, working up to layer 4 (Ports), would not be able to provide that for you.

I'm struggling to think of more reasons it might be useful beyond those :)

Chris
0
 
LVL 38

Assisted Solution

by:Rich Rumble
Rich Rumble earned 167 total points
ID: 39971961
The DMZ is a zone, segregated from other parts of the network, you would use a proxy to keep that zone more intact. If the DMZ is able to communicate to all other networks it's not very DMZ like, so port-forwarding, nat'ing may not be what you want. A proxy used to take traffic from the DMZ to the internet or from the internet to the DMZ allows the border of the DMZ to remain, A reverse proxy is probably the correct term: http://en.wikipedia.org/wiki/DMZ_%28computing%29#Services_in_the_DMZ
-rich
0
 
LVL 62

Assisted Solution

by:btan
btan earned 166 total points
ID: 39972045
Thinking wider on the context of this question I tend to see scanning content has nothing to do with port forwarding.

It is just like saying "I trust this visitor is legit since it pass my country custom check, I will just let it through to my premise for a stay overnight or probably longer."

By default, I will not trust and there is not foolproof checks (more so if I am reading all the recent incident and case in the news). There is always the principle of "trust but verify" or simply "No trust unless proven otherwise". I do not want to delve into the technical aspect hence just touching the principle :) ... of a security mindset

(I may be just too conservative and have a pretty low risk appetite - if you have those device in chain of the traffic - why waste the $$ deploying them without maximising their contribution)
0
 
LVL 38

Expert Comment

by:Rich Rumble
ID: 39972077
nm
0
 
LVL 26

Expert Comment

by:Leon Fester
ID: 39972396
If I have a proxy within the DMZ, and I do not scan for content, check for viruses, etc, and I do nothing to the content or block access based upon content, I might as well use port forwarding

Is this correct

As the other experts suggest, it's not such a straight forward answer/decision.

Using an internal proxy like you're using is pretty much just packet forwarding so yes, it is similar to port forwarding.

Port forwarding however does not offer the same services as a proxy server.

So while we may be answering your question correctly...we do worry that you may not be asking the right question. This is where the articles become a little meaningless.

Don't forget there are many different types of proxy servers
http://en.wikipedia.org/wiki/Proxy_server

Question: Is your proxy only servicing clients on your internal network or do you have users coming in from the WWW who also need to access your proxy?

By using port forwarding only, you could be exposing your servers which would have been obfuscated by the proxy server so the backend services would have limited exposure to the Internet.

The big question is: What is your objective here? What do you want to achieve?

Do you want to: Remove an "unnecessary" server or get an understanding of the concepts? Or other?
0

Featured Post

Enterprise Mobility and BYOD For Dummies

Like “For Dummies” books, you can read this in whatever order you choose and learn about mobility and BYOD; and how to put a competitive mobile infrastructure in place. Developed for SMBs and large enterprises alike, you will find helpful use cases, planning, and implementation.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Encrypt a drive for use only in work environment? 10 84
Extra security implementation for 2017 9 52
is this a virus? 3 43
php extract($_REQUEST) 5 54
Pop culture is prime bait for hackers seeking to infect user’s computers and mobile devices with malicious malware. Hackers know exactly what the latest trends are online and know how to use them to their advantage.
Examines three attack vectors, specifically, the different types of malware used in malicious attacks, web application attacks, and finally, network based attacks.  Concludes by examining the means of securing and protecting critical systems and inf…
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, just open a new email message. In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
Nobody understands Phishing better than an anti-spam company. That’s why we are providing Phishing Awareness Training to our customers. According to a report by Verizon, only 3% of targeted users report malicious emails to management. With compan…

810 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question