Why Proxy-Based Firewalls Are Not Enough?
Proxy acts as a gateway between client and server, basically, it is an intermediate server separating end-user from websites on the browser proxy server provides ’n’ number of functionalities like security, privacy depending on the use case.
If we are using a proxy server, the request made by the end-user is redirected to the proxy server first, and then it is forwarded to the appropriate server. While recording a response, the response is first received by the proxy server and then it is redirected to the end-user.
Most of the users wonder, why to bother a proxy server? Why not directly access the website and record responses.
The reason is, Modern proxy server does much more than forwarding the end-user’s web request all under the name of data security and network performance. Proxy servers act as a firewall and web filter, provide shared network connections, cache up the data for performance. Lastly, the proxy server can high up the speed .
Risks of proxy firewall
We need to be cautious as proxy firewall servers come with huge risks
Using free proxy servers as a firewall can be risky as most of the free proxy servers use ad-based revenue models. Free proxy server firewalls aren’t investing heavily in backend hardware and encryption this leads to performance and security issues. There can be a risk of malware be infiltrated which is intended to steal sensitive information like credit card, system IP, etc
Proxy server has your original IP address, and web request information probably unencrypted saved locally, and need to make sure if proxy server is not logging that information or saves this data locally.
If we are using a proxy server with the intent of privacy and all our web request are getting stored possibly in unencrypted format then our main motto of using a proxy server for privacy is lost
If we are using proxy servers without encryptions, that is all our web requests are sent to plain text. That is really easy for any cyber-attacker to retrieve sensitive information like user_names and passwords, we need to make sure whatever proxy servers we are using make sure that proxy servers have encryption capability, and strictly adhere to encryption policies.
In most cases, proxy-based firewalls do not provide a security mechanism for DNS(data server names).it is easy to send infected data embedded in the user’s URL this will ultimately be sent to DNS by proxy ending up infecting DNS securities.
Conclusion:
As primarily proxy-based firewalls are designed to inspect a limited number of protocols such as HTTP, HTTPS, FTP, and DNS this means that there is a possibility of loopholes in traffic and inability to identify threats on nonstandard ports and across multiple protocols. While using proxy we cannot guarantee that DNS queries are directly sent by the client. This also implies that DNS security has to be provided and proxy-based firewalls are not enough for security.
Originally published at https://www.neovasolutions.com on April 20, 2020.
Connect with us:
