How Do Proxy Technologies Enhance Security & Privacy?

Use of Proxy Servers

On the internet, proxy servers act as filters, passing requests from one server to another while making modifications to the communications more or less transparently. The basic principle of a proxy server is that it lets you interact with the internet while avoiding some of the risks or lightening the load because it’s standing between you and the rest of the world and looking out for you.

If you’re using a proxy, your internet requests go to the proxy server, which then passes them on (possibly modified) to the server you’re attempting to access. The same thing happens in reverse with inbound requests and communication.

There’s a certain amount of concern out there about the downsides of proxies. First, anything you insert into your communications stream is an additional potential point of failure – and an extra possible attack surface. Second, there can be compatibility issues between proxy servers and some services, which require effort to resolve. And finally, for some users, proxy servers seem kind of disreputable(and a subset of them are).

But here’s the thing: if you’re accessing the web from a corporate network or doing stuff on big websites, the chances are that you’re already doing a lot through proxies without even realizing it because they’re everywhere. And with respect to the concerns about additional points of failure and attack surfaces: if you work with a reputable proxy server provider, they have substantial resources and a focus on uptime, and they’re likely more resilient and more resistant to attack than your infrastructure is.

The issue is worth thinking about, but the fact is that a good proxy provider will make you more resistant to attacks, not less. The situation with incompatibility is similar: a good provider will work with you to resolve it, and you can have those issues even without a proxy. The truth is, you’re always safer going through a robust proxy server than not.

Forward Proxies & Reverse Proxies

A forward proxy is also known as a proxy server or web proxy. Typically, forward proxies sit in front of a group of client machines and intercept requests by those machines to the internet. They serve as a middle man to communicate to web servers on behalf of the client.

Reverse proxies, by comparison, sit in front of one or more web servers to intercept requests from clients. Client requests are intercepted at the network edge so that no client request ever communicates directly with the origin server. For more information on the reverse proxies, see this reverse proxy resource page from Cloudflare.

Benefits of Proxies

There are a number of important benefits proxies and reverse proxy technologies can provide. Here are just some of the functions a proxy can provide (in some cases, a single proxy server can do multiple things on this list for you):

Anonymizing

Let’s get this category out of the way first because it’s the one where some sketchy things are happening. An anonymizing proxy allows you to use sites on the web without identifying who you are, where you are, or any other facts about yourself you don’t want to share.

Maintaining strict privacy can save lives if you live in a country with an authoritarian government that closely monitors its people and may persecute those engaging in restricted activities. It’s even helpful in less dangerous situations, though you have to balance the inconvenience against the benefits.

Here’s where the potential sketchiness comes in: while the site you’re going to via the proxy doesn’t see your personal information, the people operating the proxy see everything, so you’d better be able to trust them.

There are some well-known and reliable anonymous proxies out there, like the TOR Network, but you should avoid using ones where you don’t know who’s behind them. Also, make sure you use one where everything you send or receive is encrypted in transit, or the protection is completely illusionary.

Filtering

Another common type of proxy you can encounter is a content filter. These often exist between corporate networks and the internet and prevent users from accessing websites the company doesn’t want employees accessing from work.

Some of these sites are banned because the content may be inappropriate. Still, others are forbidden because they present a risk of malware or because corporate security policies bar access to certain outside services from within the work environment.

You’ll also find these in schools (where the focus is generally on “inappropriate content,” which can sometimes be defined in controversial ways) and occasionally implemented as parental controls on home internet use. These are primarily transparent, passing content unmodified in both directions, except that they will block access to a list of unapproved sites (or, in extreme cases, only allow access to a list of approved sites). Ironically, you may be able to get around one by using an anonymizing proxy if they don’t block them.

A filtering proxy can also be designed to recognize text that includes specific patterns (like nine-digit numbers, which could be US social security numbers, medical diagnoses, or names, or code) to flag and/or block the movement of certain types of information outside an environment. In this case, the function is called “Digital Loss Prevention,” or DLP.

Caching

If you’re familiar with content delivery networks (CDNs) such as Akamai, they’re an example use of proxy technology. They hold cached copies of your web content in multiple locations near your users (in internet terms), so users who want to access it get it faster and without disruption.

CDNs also provide capacity and load balancing to deliver your content through their servers to a vast number of users simultaneously. This use of proxy technology improves your site’s speed and leverages your bandwidth. Often, these providers will do some of the other things listed here, too, especially the security functions.

Security

Proxy servers can fulfill several security functions. Filtering (such as blocking of malicious sites) and anonymity (to protect your actual IP addresses), both discussed above, also fall under this category. So does malware scanning and detection and blocking of hostile activity directed at your site, like distributed denial of service (DDOS) attacks which could overwhelm your servers. You can also use a proxy server with a VPN, ensuring that employees only connect to your resources via a secure, encrypted channel.

Privacy

We have written at length on this blog about the acceleration of data and privacy breaches due to the growing use of third-party applications that control the key functionality of websites today.

The use of a proxy server for enhancing and protecting privacy also overlaps with some of the use cases mentioned above. Anonymity, for example, provides obvious privacy benefits. But a privacy reverse proxy like Lokker’s provides an additional service: it can identify and replace specific elements of personal information with dummy data to pseudonymize or anonymized. This is a more sophisticated and flexible version of data loss prevention (DLP), which will alert or stop transmission but won’t transform the data in real-time.

The Lokker reverse proxy also continuously maps data flows in and out of your environment and will alert you to changes in the third-party codebase, which directs the data or even steps in to stop any unauthorized dataflow. The Lokker privacy automation platform can enforce geographical restrictions on dataflows, such as not allowing personal data to travel to servers outside the EU if you serve visitors protected under GDPR privacy regulations.

Proven technology solving big problems

Many critical proxy technologies are being used continuously for cybersecurity, information security, privacy, and personal ID protection. The latest proxy tools help defend the most significant attack surface on the internet, namely client-side, third-party data app management.

We at Lokker seek to advance these technologies so that the internet can remain a vital resource for good. We trust in privacy and believe companies who work to protect our privacy through technology will learn that doing the right thing is also very good for business.

 

Author:
J.D., CISSP, CIPM, CIPP/E, FIP. Expertise in law, technology, information security, data privacy, healthcare analytics, and healthcare. Develops privacy and security programs; collaborates across the company to deliver creative solutions while ensuring the privacy and security of data. Passionate about creating a culture where all employees understand the importance of handling data correctly, recognize and speak up about potential issues, and are actively engaged in the process. Experience with Privacy Regulations (HIPAA, GDPR, CCPA etc.), Formal Certifications (ISO, SOC, HITECH, EHNAC), and De-Identification of Data.