Figure 711 DMZ Proxy Design

PrODíy

Sebees

PrODíy

Sebees

There are two main considerations with this design. First, the firewall is no longer a single accounting control point for Internet access. Because the firewall sees only SOCKS requests, the accounting data from the SOCKS proxy must be combined with the firewall logs to get a true picture of Internet usage Second, the SOCKS proxy is open to attack in this design. Extra precautions should be taken to protect the SOCKS proxy. This includes diligent host hardening as described in Chapter 5 and filtering at the edge router to prevent SOCKS requests from outside IP addresses.

Some designs might place a filtering router between the SOCKS proxy and the DMZ. This allows more extensive filtering and isolation of the SOCKS proxy. Just remember that part of the reason for choosing this design is to enable application support that doesn't work with traditional access control techniques.

100 SEO Tips

100 SEO Tips

100 SEO Tips EVERY SEO Enthusiast Should Know. This Report 100 SEO Tips will help you to Utilize These Tips to Dominate The Search Engine Today.

Get My Free Ebook


Post a comment