Proxies and IDS

Posted on in Information Systems

Proxy servers have become increasingly popular security devices in corporate networks. It is becoming a standard practice to use a dedicated proxy server to relay Hypertext Transfer Protocol (HTTP) requests to web servers protected by a firewall. In addition to relaying HTTP requests, proxy servers can also be used to cache frequently requested, static data, thus relieving the load on web servers. By controlling the interaction between client and server, proxy servers ensure that only safe requests are sent to protected web servers. Additionally, proxy servers limit the exposure of web servers to malicious intrusion and present another hurdle for would-be attackers to clear before accessing sensitive company information. Proxy servers can be used to filter all incoming HTTP requests, including those generated by internal clients. Care must be taken to properly configure proxy servers. A misconfigured proxy server can actually be used to attack another or send unsolicited commercial email (UCE) (McNab, 2007).

<!--more-->

Network-based intrusion detection systems (IDS) work by scanning network traffic for malicious activity. There are two theories of IDS operation. The first is to search network traffic for signatures of known malicious activity. These systems maintain a database of known network-based attacks and alert administrators when a match is found. The other theory of operation scans network traffic looking for anomalies. These systems understand what is considered normal, and issue alerts when traffic falls outside those parameters. Network-based IDSs are usually installed inside corporate firewalls. They analyze all traffic inside the firewall and look for any malicious activity no matter what the source. Thus, they can be equally useful in detecting internal sources of compromise in addition to external. It is important to note that intrusion detection systems merely look for problems and alert administrators. Intrusion prevention systems perform a similar function, but take the additional step of making automatic changes to protect the network (Trost, 2009).

References

McNab, C. (2007). Network security assessment (2nd ed.). Sebastopol, CA: O'Reilly Media.

Trost, R. (2009). Practical intrusion analysis: Prevention and detection for the Twenty-First Century. Boston: Pearson Education.

Slaptijack's Koding Kraken