School of Engineering and Technology

H.N.B.Garhwal University (Chauras Campus)

Seminar Report
On
Proxy server and Firewall

Submitted to: Submitted By:

Mrs. Arti Bahuguna Pramod Aswal
Dept. of Information technology B.Tech (I.T.)
5TH Semester
ROLL NO.- 16

1
 CERTIFICATE

This to certify that the seminar work entitled Proxy server and Firewall is a bonafied work
carried out

by Pramod Aswal in a partial fulfilment for the award of degree of bachelor of

engineering from HNB Garhwal University in Information & technology ,during the year 2018-

19. It is certified that all correction / suggestions indicated for internal assessment have been

incorporated in the report. The seminar report has been approved, as it satisfies the academic

requirements in respect of seminar work prescribed for the bachelor of engineering degree.

Signature of Guide Signature of H.O.D

Mrs. Arti Bahuguna Mr. Vinay Prasad Tamta

1
 ACKNOWLEDGEMENT

I express my sincere gratitude to MR. VINAY PRASAD TAMTA assistant Prof. & Head of

Department of Information technology Engineering, School of Engineering& technology,

Chauras, for his cooperation and encouragement. I would also like to thank my seminar guide

Mrs. ARTI BAHUGUNA(Lecturer, Department of IT), for their invaluable advice and

wholehearted cooperation without which this seminar would not have seen the light of day.

1
 ABSTRACT

A proxy firewall is a network security system that protects network resources by filtering
messages at the application layer. A proxy firewall may also be called an application firewall or
gateway firewall.  Just like a proxy server or cache server, a proxy firewall acts as an
intermediary between in-house clients and servers on the Internet. The difference is that in
addition to intercepting Internet requests and responses, a proxy firewall also monitors incoming
traffic for layer 7 protocols, such as HTTP and FTP. In addition to determining which traffic is
allowed and which is denied, a proxy firewall uses stateful inspection technology and deep
packet inspection to analyze incoming traffic for signs of attack. Proxy firewalls are considered
to be the most secure type of firewall because they prevent direct network contact with other
systems. (Because a proxy firewall has its own IP address, an outside network connection will
never receive packets from the sending network directly.) Having the ability to examine the
entire network packet, rather than just the network address and port number, also means that a
proxy firewall will have extensive logging capabilities -- a valuable resource for security
administrators who are dealing with security incidents. According to Marcus Ranum, who is
credited with conceiving the idea of a proxy firewall, the goal of the proxy approach is to create
a single point that allows a security-conscious programmer to assess threat levels represented by
application protocols and put error detection, attack detection and validity checking in place.

1
TABLE OF CONTENTS: PAGE NO.

1. Introduction ……………………………………………….. 1

2. Proxy Servers, Firewalls, and Content Filtering…………..2

3. Proxy Servers and Caching……………………........………3

4. Types of proxy servers………………………………………4

5. Security……………………………………………………….5

6. Purpose………………………………………….…………..7

7. CGI proxy……………………………………………..…….8

8. Firewall…………………………………………………….10

9. Types of firewall……………………………………………… 11
10.10.Network address translation…………………… ……………..12

11.conclusion……………………………………………………………….16

12.References………………………………………………………………17

1
 1. INTRODUCTION

Proxy servers work as an intermediary between the two ends of a client/server network
connection. Proxy servers interface with network applications, most commonly web browsers
and servers. Inside corporate networks, proxy servers are installed on specially-designated
internal (intranet) devices. Some Internet Service Providers (ISPs) also utilize proxy servers as
part of providing online services to their customers. Finally, a category of third-party hosted web
sites called web proxy servers is available to end users on the Internet for their web browsing
sessions.

 Key Features of Proxy Servers

Proxy servers traditionally provide three main functions:

1. Firewall and network data filtering support

2. Network connection sharing
3. Data caching

1
 2. Proxy Servers, Firewalls, and Content Filtering

Proxy servers work at the Application layer (layer 7) of the OSI model. They differ from
traditional network firewalls that work at lower OSI layers and support application-independent
filtering. Proxy servers are also more difficult to install and maintain than firewalls, as proxy
functionality for each application protocol like HTTP, SMTP, or SOCKS must be configured
individually. However, a properly configured proxy server improves network security and
performance for the target protocols.

Network administrators often deploy both firewall and proxy server software to work in tandem,
installing both firewall and proxy server software on network gateway server.

Because they function at the OSI Application layer, the filtering capability of proxy servers is
relatively more sophisticated compared to that of ordinary routers. For example, proxy web
servers can check the URL of outgoing requests for web pages by inspecting HTTP messages.
Network administrators can use this feature bar access to illegal domains but allow access to
other sites. Ordinary network firewalls, in contrast, cannot see the web domain names inside
HTTP request messages. Likewise, for incoming data traffic, ordinary routers can filter by port
number or IP address, but proxy servers can also filter based on application content inside the
messages.

 Connection Sharing With Proxy Servers

Many years ago, third-party software products were commonly used on home networks to share
the Internet connection of one PC with other computers. Home broadband routers now provide
Internet connection sharing functions in most homes instead. On corporate networks, however,
proxy servers are still commonly employed to distribute Internet connections across multiple
routers and local intranet networks.

1
 3. Proxy Servers and Caching
The caching of web pages by proxy servers can improve a network's user experience in three ways. First,
caching may conserve bandwidth on the network, increasing its scalability. Next, caching can improve
response time experienced by clients. With an HTTP proxy cache, for example, web pages can load more
quickly into the browser. Finally, proxy server caches increase content availability. Copies of web pages
and other static content in the cache remain accessible even if the original source or an intermediate
network link goes offline. With the trend of web sites to dynamic database driven content, the benefit of
proxy caching has declined somewhat compared to the years ago.

 Web Proxy Servers

While many businesses deploy proxy servers physically connected to their internal networks,
most home networks don't use them because home broadband routers supply the essential
firewall and connection sharing capabilities. A separate class of proxy servers called web proxies
exists that allows users to take advantage of some proxy server benefits even when their own
local network doesn't support them. Internet users most commonly seek out web proxy services
as a means to increase their privacy while surfing online, although these services offer other
benefits too including caching. Some web proxy servers are free to use, while other charge
service fees.

1
 4. Types of proxy servers

A proxy server may reside on the user's local computer, or at various points between the user's
computer and destination servers on the Internet.

 A proxy server that passes unmodified requests and responses is usually called a gateway
or sometimes a tunneling proxy.
 A forward proxy is an Internet-facing proxy used to retrieve data from a wide range of
sources (in most cases anywhere on the Internet).
 A reverse proxy is usually an internal-facing proxy used as a front-end to control and
protect access to a server on a private network. A reverse proxy commonly also performs
tasks such as load-balancing, authentication, decryption or caching.

 Open proxies
An open proxy is a forwarding proxy server that is accessible by any Internet user. Gordon Lyon
estimates there are "hundreds of thousands" of open proxies on the Internet. [3] An anonymous open proxy
allows users to conceal their IP address while browsing the Web or using other Internet services. There
are varying degrees of anonymity however, as well as a number of methods of 'tricking' the client into
revealing itself regardless of the proxy being used.

 Anonymous Proxy – Thіs server reveаls іts іdentіty аs а server but does not dіsclose the іnіtіаl IP
аddress. Though thіs server cаn be dіscovered eаsіly іt cаn be benefіcіаl for some users аs іt hіdes
the Internet Protocol аddress.

 Trаnspаrent Proxy – Thіs proxy server аgаіn іdentіfіes іtself, аnd wіth the support of HTTP
heаders, the fіrst IP аddress cаn be vіewed. The mаіn benefіt of usіng thіs sort of server іs іts
аbіlіty to cаche the websіtes. Sometіmes, your IP mаy get bаnned аs а result of the use of
trаnspаrent proxy. Your Internet Protocol аddress іs not hіdden іn thіs server.

1
  Reverse proxies

A reverse proxy (or surrogate) is a proxy server that appears to clients to be an ordinary server.
Reverse proxies forward requests to one or more ordinary servers which handle the request. The
response from the proxy server is returned as if it came directly from the original server, leaving
the client with no knowledge of the origin servers.[5] Reverse proxies are installed in the
neighborhood of one or more web servers. All traffic coming from the Internet and with a
destination of one of the neighborhood's web servers goes through the proxy server. The use of
"reverse" originates in its counterpart "forward proxy" since the reverse proxy sits closer to the
web server and serves only a restricted set of websites. There are several reasons for installing
reverse proxy servers:

 Encryption / SSL acceleration: when secure web sites are created, the Secure Sockets Layer
(SSL) encryption is often not done by the web server itself, but by a reverse proxy that is
equipped with SSL acceleration hardware. Furthermore, a host can provide a single "SSL proxy"
to provide SSL encryption for an arbitrary number of hosts; removing the need for a separate SSL
Server Certificate for each host, with the downside that all hosts behind the SSL proxy have to
share a common DNS name or IP address for SSL connections. This problem can partly be
overcome by using the SubjectAltName feature of X.509 certificates.
 Load balancing: the reverse proxy can distribute the load to several web servers, each web server
serving its own application area. In such a case, the reverse proxy may need to rewrite the URLs
in each web page (translation from externally known URLs to the internal locations).
 Serve/cache static content: A reverse proxy can offload the web servers by caching static content
like pictures and other static graphical content.
 Compression: the proxy server can optimize and compress the content to speed up the load time.
 Spoon feeding: reduces resource usage caused by slow clients on the web servers by caching the
content the web server sent and slowly "spoon feeding" it to the client. This especially benefits
dynamically generated pages.
 Security: the proxy server is an additional layer of defence and can protect against some OS and
Web Server specific attacks. However, it does not provide any protection from attacks against the
web application or service itself, which is generally considered the larger threat.
 Extranet Publishing: a reverse proxy server facing the Internet can be used to communicate to a
firewall server internal to an organization, providing extranet access to some functions while
keeping the servers behind the firewalls. If used in this way, security measures should be
considered to protect the rest of your infrastructure in case this server is compromised, as its web
application is exposed to attack from the Internet.

1
 5. Security

1. A proxy can keep the internal network structure of a company secret by using network
address translation, which can help the security of the internal network.[14] This makes
requests from machines and users on the local network anonymous. Proxies can also be
combined with firewalls.
2. An incorrectly configured proxy can provide access to a network otherwise isolated from
the Internet.

 Transparent proxy

Also known as an intercepting proxy, inline proxy, or forced proxy, a transparent proxy
intercepts normal communication at the network layer without requiring any special client
configuration. Clients need not be aware of the existence of the proxy. A transparent proxy is
normally located between the client and the Internet, with the proxy performing some of the
functions of a gateway or router.

3. RFC 2616 (Hypertext Transfer Protocol—HTTP/1.1) offers standard definitions:

4. "A 'transparent proxy' is a proxy that does not modify the request or response beyond
what is required for proxy authentication and identification". "A 'non-transparent proxy'
is a proxy that modifies the request or response in order to provide some added service to
the user agent, such as group annotation services, media type transformation, protocol
reduction, or anonymity filtering".
5. TCP Intercept is a traffic filtering security feature that protects TCP servers from TCP
SYN flood attacks, which are a type of denial-of-service attack. TCP Intercept is
available for IP traffic only.
6. In 2009 a security flaw in the way that transparent proxies operate was published by
Robert Auger, and the Computer Emergency Response Team issued an advisory listing
dozens of affected transparent and intercepting proxy servers.

1
 6. Purpose

Intercepting proxies are commonly used in businesses to enforce acceptable use policy,
and to ease administrative overheads, since no client browser configuration is required.
This second reason however is mitigated by features such as Active Directory group
policy, or DHCP and automatic proxy detection.
Intercepting proxies are also commonly used by ISPs in some countries to save upstream
bandwidth and improve customer response times by caching. This is more common in
countries where bandwidth is more limited (e.g. island nations) or must be paid for.

 Issues

The diversion / interception of a TCP connection creates several issues. Firstly the
original destination IP and port must somehow be communicated to the proxy. This is not
always possible (e.g., where the gateway and proxy reside on different hosts). There is a
class of cross site attacks that depend on certain behaviour of intercepting proxies that do
not check or have access to information about the original (intercepted) destination. This
problem may be resolved by using an integrated packet-level and application level
appliance or software which is then able to communicate this information between the
packet handler and the proxy.
Intercepting also creates problems for HTTP authentication, especially connection-
oriented authentication such as NTLM, as the client browser believes it is talking to a
server rather than a proxy. This can cause problems where an intercepting proxy requires
authentication, then the user connects to a site which also requires authentication.
Finally intercepting connections can cause problems for HTTP caches, as some requests
and responses become uncacheable by a shared cache.

1
 7. CGI proxy

A CGI web proxy accepts target URLs using a Web form in the user's browser window,
processes the request, and returns the results to the user's browser. Consequently, it can
be used on a device or network that does not allow "true" proxy settings to be changed.
The first recorded CGI proxy, named "rover" at the time but renamed in 1998 to
"CGIProxy" was developed by American computer scientist James Marshall in early
1996 for an article in "Unix Review" by Rich Morin.
The majority of CGI proxies are powered by one of CGIProxy (written in the Perl
language), Glype (written in the PHP language), or PHProxy (written in the PHP
language). As of April 2016, CGIProxy has received about 2 million downloads, Glype
has received almost a million downloads, whilst PHProxy still receives hundreds of
downloads per week. Despite waning in popularity due to VPNs and other privacy
methods, there are still several thousand CGI proxies online.
Some CGI proxies were set up for purposes such as making websites more accessible to
disabled people, but have since been shut down due to excessive traffic, usually caused
by a third party advertising the service as a means to bypass local filtering. Since many of
these users don't care about the collateral damage they are causing, it became necessary
for organizations to hide their proxies, disclosing the URLs only to those who take the
trouble to contact the organization and demonstrate a genuine need.

 Suffix proxy

A suffix proxy allows a user to access web content by appending the name of the proxy
server to the URL of the requested content (e.g. "en.wikipedia.org.SuffixProxy.com").
Suffix proxy servers are easier to use than regular proxy servers but they do not offer
high levels of anonymity and their primary use is for bypassing web filters. However, this
is rarely used due to more advanced web filters.

 DNS proxy

A DNS proxy server takes DNS queries from a (usually local) network and forwards
them to an Internet Domain Name Server. It may also cache DNS records.

1
 8. Firewall

In computing, a firewall is a network security system that monitors and controls

incoming and outgoing network traffic based on predetermined security rules. A firewall
typically establishes a barrier between a trusted internal network and untrusted external
network, such as the Internet.
Firewalls are often categorized as either network firewalls or host-based firewalls.
Network firewalls filter traffic between two or more networks and run on network
hardware. Host-based firewalls run on host computers and control network traffic in and
out of those machines.

 History
The term firewall originally referred to a wall intended to confine a fire within a building.Later uses refer
to similar structures, such as the metal sheet separating the engine compartment of a vehicle or aircraft
from the passenger compartment. The term was applied in the late 1980s to network technology that
emerged when the Internet was fairly new in terms of its global use and connectivity. The predecessors
to firewalls for network security were the routers used in the late 1980s.

 First generation: packet filters

The first reported type of network firewall is called a packet filter. Packet filters act by inspecting packets
transferred between computers. When a packet does not match the packet filter's set of filtering rules, the
packet filter either drops (silently discards) the packet, or rejects the packet (discards it and generate an
Internet Control Message Protocol notification for the sender) else it is allowed to pass. [6] Packets may be
filtered by source and destination network addresses, protocol, source and destination port numbers. The
bulk of Internet communication in 20th and early 21st century used either Transmission Control Protocol
(TCP) or User Datagram Protocol (UDP) in conjunction with well-known ports, enabling firewalls of that
era to distinguish between, and thus control, specific types of traffic (such as web browsing, remote
printing, email transmission, file transfer), unless the machines on each side of the packet filter used the
same non-standard ports.

 Second generation: stateful filters

From 1989–1990, three colleagues from AT&T Bell Laboratories, Dave Presotto,
Janardan Sharma, and Kshitij Nigam, developed the second generation of firewalls,
calling them circuit-level gateways.
Second-generation firewalls perform the work of their first-generation predecessors but
operate up to layer 4 (transport layer) of the OSI model. This is achieved by retaining
packets until enough information is available to make a judgment about its state.
This type of firewall is potentially vulnerable to denial-of-service attacks that bombard
the firewall with fake connections in an attempt to overwhelm the firewall by filling its
connection

1
  Third generation: application layer

Marcus Ranum, Wei Xu, and Peter Churchyard developed an application firewall known
as Firewall Toolkit (FWTK). In June 1994, Wei Xu extended the FWTK with the kernel
enhancement of IP filter and socket transparent. This was known as the first transparent
application firewall, released as a commercial product of Gauntlet firewall at Trusted
Information Systems. Gauntlet firewall was rated one of the top firewalls during 1995–
1998. The key benefit of application layer filtering is that it can "understand" certain applications
and protocols (such as File Transfer Protocol (FTP), Domain Name System (DNS), or Hypertext
Transfer Protocol (HTTP)). This is useful as it is able to detect if an unwanted application or
service is attempting to bypass the firewall using a protocol on an allowed port, or detect if a
protocol is being abused in any harmful way.

As of 2012, the so-called next-generation firewall (NGFW) is nothing more than the "wider" or
"deeper" inspection at the application layer. For example, the existing deep packet inspection
functionality of modern firewalls can be extended to include:

 Intrusion prevention systems (IPS)

 User identity management integration (by binding user IDs to IP or MAC addresses for
"reputation")
 Web application firewall (WAF). WAF attacks may be implemented in the tool "WAF
Fingerprinting utilizing timing side channels"

1
 9. Types

Firewalls are generally categorized as network-based or host-based. Network-based

firewalls are positioned on the gateway computers of LANs, WANs and intranets. They
are either software appliances running on general-purpose hardware, or hardware-based
firewall computer appliances. Firewall appliances may also offer other functionality to
the internal network they protect, such as acting as a DHCP or VPN server for that
network. Host-based firewalls are positioned on the network node itself and control
network traffic in and out of those machines. The host-based firewall may be a daemon or
service as a part of the operating system or an agent application such as endpoint security
or protection. Each has advantages and disadvantages. However, each has a role in
layered security.
Firewalls also vary in type depending on where communication originates, where it is
intercepted, and the state of communication being traced.

 Network layer or packet filters

Network layer firewalls, also called packet filters, operate at a relatively low level of the
TCP/IP protocol stack, not allowing packets to pass through the firewall unless they
match the established rule set. The firewall administrator may define the rules; or default
rules may apply. The term "packet filter" originated in the context of BSD operating
systems.
Network layer firewalls generally fall into two sub-categories, stateful and stateless.

 Application-layer
Application-layer firewalls work on the application level of the TCP/IP stack (i.e., all browser
traffic, or all telnet or FTP traffic), and may intercept all packets traveling to or from an
application.
Application firewalls function by determining whether a process should accept any given
connection. Application firewalls accomplish their function by hooking into socket calls to filter
the connections between the application layer and the lower layers of the OSI model. Application
firewalls that hook into socket calls are also referred to as socket filters. Application firewalls
work much like a packet filter but application filters apply filtering rules (allow/block) on a per
process basis instead of filtering connections on a per port basis. Generally, prompts are used to
define rules for processes that have not yet received a connection. It is rare to find application
firewalls not combined or used in conjunction with a packet filter.
Also, application firewalls further filter connections by examining the process ID of data packets
against a rule set for the local process involved in the data transmission. The extent of the
filtering that occurs is defined by the provided rule set. Given the variety of software that exists,
application firewalls only have more complex rule sets for the standard services, such as sharing
services. These per-process rule sets have limited efficacy in filtering every possible association
that may occur with other processes. Also, these per-process rule sets cannot defend against
modification of the process via exploitation, such as memory corruption exploits.

1
10.Network address translation

Firewalls often have network address translation (NAT) functionality, and the hosts
protected behind a firewall commonly have addresses in the "private address range", as
defined in RFC 1918. Firewalls often have such functionality to hide the true address of
computer which is connected to the network. Originally, the NAT function was
developed to address the limited number of IPv4 routable addresses that could be used or
assigned to companies or individuals as well as reduce both the amount and therefore cost
of obtaining enough public addresses for every computer in an organization. Although
NAT on its own is not considered a security feature, hiding the addresses of protected
devices has become an often used defense against network reconnaissance.

1
 11. Conclusion

The most popular proxy server used today is a Web Proxy, and it is used to filter contents
and allow anonymous browsing. Being able to unblock geo-restricted content is also a wide used
application for using public web proxies. Although proxies provide anonymous browsing and
content filtering, they are mostly limited to web browsing and also lack security. For secure and
encrypted communication with privacy protection, we recommend VPN solution.

1
 12. REFERENCES :-

1. www.wickipedia.com
2. www.proxyserver.in
3. www.firewall.com
4. https://www.iplocation.net/proxy-server
5. https://www.distributednetworks.com/internet-proxy-
server/module4/microsoftProxy-server-conclusion.php
6. https://en.wikipedia.org/wiki/Firewall_(computing)