Another way that you can ensure the security of the private network and communications going out to the Internet is by auditing what happens to the proxy server. Obviously, the proxy server would represent a single point of failure. Since there would be concern about compromise, you could audit the success or failure of logons or other specific events.
It should be reiterated that proxy servers are not firewalls. They do perform some of the same functions, but not with the same thoroughness or same results. We will be talking more about firewalls later in this chapter.
Design Scenario: When to Proxy
One of your customers comes to you looking for advice. It seems the company has somewhat of a dilemma. When you do your exploration of the problem, you discover that this is a small company. Each and every day, employees are accessing the same few Web sites. In addition, the company has a limited class C IP addressing scheme and it is getting ready to add on several dozen new employees. Each of these employees will need access to the Internet, but the company does not want to apply for another class C address and go through the hassle of addressing dozens of machines. In addition, since these employees will be new and will be temporary, the CIO wants to make sure that the sites they visit on the Internet are approved. The CIO knows he is asking a lot, but surely there has to be a way to do this?
In this implementation, a proxy server is the perfect solution. A proxy server will save all the Web pages that are accessed frequently and provide them whenever asked. This way, your users will not have to go all over the Internet looking for them. It should speed things up. By instituting this form of address translation, you may make use of the limited addresses you already have, and still provide IP addresses for all the new folks. Finally, by instituting something like a censoring program in addition to the proxy server, all the needs will be met.
Was this article helpful?