For example if user a goes to googlecom the proxy

This preview shows page 10 - 11 out of 12 pages.

For example, if user A goes to google.com, the proxy actually sends the request to google.com and retrieves the web page. When user B initiates a request to connect to google.com, the proxy sends the information it has already retrieved for user A. The proxy has algorithms to ensure that current data remains in the cache. The effect is that the page is returned much faster to the user than having to get it from google.com again. A proxy can also be configured to block access to certain web sites and filter certain port traffic to protect the internal network. It is important to note that there are two types of solutions that are called Proxy servers. One is an application that is loaded on a PC-based server. The second is a feature incorporated into a firewall. The application that is loaded on a PC server is not considered a solution for providing security on a network, but does provide the acceleration benefits outlined in this document. When a proxy server is to be used for security purposes, it should be a feature incorporated into a hardened firewall solution. Application Gateways Application gateways are a variation of a proxy server and functions as follows: The internal client first establishes a connection with the application gateway. The application gateway determines if the connection should be allowed or not and then establishes a connection with the destination computer. All communications go through two connections: 1.) client to application gateway and 2.) application gateway to destination. The application gateway monitors all traffic against its rules before deciding whether or not to forward it. As with the other proxy server types, the application gateway is the only address seen by the outside world so the internal network is protected. Firewall Rules Design When developing the rules for the firewall, it is important to keep the following guidelines in mind. Start with a totally locked-down configuration, where nothing is permitted through the firewall. Then open only the minimum ports necessary for the application to function. It will be necessary to thoroughly identify the data flow requirements from all zones. Software suppliers can usually provide the port and protocol information about their applications. If they cannot, a network sniffer application can be used to identify the ports and protocols used. When using the DMZ, it is necessary to continue the lockdown philosophy. Inexperienced firewall ruleset designers will get a false sense of security with the DMZ and allow too many ports to be opened. It is necessary to keep in mind what risk is presented if the server in the DMZ is compromised. Process Network Security - Firewall Configuration and Policies Rev. 0.2 Page 6 Copyright 2004, Invensys Systems, Inc. All Rights Reserved.
Image of page 10

Subscribe to view the full document.

Image of page 11

{[ snackBarMessage ]}

Get FREE access by uploading your study materials

Upload your study materials now and get free access to over 25 million documents.

Upload now for FREE access Or pay now for instant access
Christopher Reinemann
"Before using Course Hero my grade was at 78%. By the end of the semester my grade was at 90%. I could not have done it without all the class material I found."
— Christopher R., University of Rhode Island '15, Course Hero Intern

Ask a question for free

What students are saying

  • Left Quote Icon

    As a current student on this bumpy collegiate pathway, I stumbled upon Course Hero, where I can find study resources for nearly all my courses, get online help from tutors 24/7, and even share my old projects, papers, and lecture notes with other students.

    Student Picture

    Kiran Temple University Fox School of Business ‘17, Course Hero Intern

  • Left Quote Icon

    I cannot even describe how much Course Hero helped me this summer. It’s truly become something I can always rely on and help me. In the end, I was not only able to survive summer classes, but I was able to thrive thanks to Course Hero.

    Student Picture

    Dana University of Pennsylvania ‘17, Course Hero Intern

  • Left Quote Icon

    The ability to access any university’s resources through Course Hero proved invaluable in my case. I was behind on Tulane coursework and actually used UCLA’s materials to help me move forward and get everything together on time.

    Student Picture

    Jill Tulane University ‘16, Course Hero Intern