Shulou(Shulou.com)05/31 Report--

This article shows you how to carry out proxy-based firewall security analysis, the content is concise and easy to understand, can definitely make your eyes bright, through the detailed introduction of this article, I hope you can get something.

In fact, proxy-based firewall or Web proxy has always been considered to be a very important security component. But the question is, can this type of agent help users keep them safe?

We will discuss the proxy-based firewall, which will involve the relevant shortcomings and technical barriers, and give a new generation of security solutions.

The first generation of proxy-based firewalls implemented the basic task of controlling which websites users can access. Since then, the technology has been evolving and evolving, adding powerful and practical features such as malware detection and interception, online data loss prevention (DLP), SSL/TLS traffic inspection, and bandwidth control.

But the reality is that the Web agent has obvious defects, and these obvious security defects lead to the proxy-based firewall or Web agent can not become an effective security protection tool.

Next, we will discuss the proxy-based firewall or Web agent from the following aspects.

I. realization

Due to the implementation of the proxy-based firewall and the specific technical implementation details, it can not successfully protect all the network traffic in the target device. When deploying an agent-based firewall in the cloud, the most common technique is to use a proxy autoconfiguration (PAC) file or to explicitly specify the proxy server address in the user's operating system and browser settings.

The PAC file can use the JavaScript function to determine the location of traffic sent through an explicitly specified proxy server or directly to the Internet. Here, the explicit proxy deployment mainly sends all browser traffic through the proxy server.

The main problems with these two deployment methods are:

1. Not all applications are agent recognizable. Some applications ignore the relevant system configuration of the proxy server, and always bypass the agent and send their network traffic directly.

Some smart users will choose to use VPN, server-side browsers (such as Puffin browsers), anonymous and encrypted browsers (such as Tor browsers), or other methods to easily bypass the proxy server.

Second, efficiency

From the beginning of their design, proxy-based firewalls were not designed to face and deal with modern security threats at all, because they can only examine limited protocols, such as HTTP, HTTPS, FTP, and DNS. This means that the use of Web agents alone can lead to significant scan detection blind spots in traffic and the inability to identify applications and security threats on non-standard ports or across multiple protocols. In addition, some applications are not compatible with proxies at all, so they are bound to be bypassed.

A New method-secure access to the Service Edge (SASE)

Secure access service edge (SASE), the secure access service edge model, can provide users with complete zero trust access to Internet, SaaS applications and private managed applications. This model is gradually becoming a new solution to solve the shortcomings of traditional Web agent technology. A true SASE solution that combines network services and security services provided from the cloud will cover a variety of technologies, such as cloud access security proxy (CASB), zero-trust network access (ZTNA), firewall as a service (FWaaS), advanced threat prevention, and so on.

SASE products run in the cloud, allowing us to have more control over user traffic and greater visibility so that developers can scale it dynamically. As a result, SASE allows multiple technologies, such as IPSec or SSL VPN, to be used in a single node and branch, allowing us to securely enforce management of all traffic from beginning to end. Next, the operational strategy becomes a business decision, rather than a compromise forced by technical limitations.

Choosing a cloud-based security partner is not a decision that can be made with a pat on the head, and we should carefully consider any possible technology, method, scale, and effectiveness before purchasing a service. Therefore, we should choose solutions that provide the necessary security and network services for all traffic, all users, and all applications in the organization.

The above content is how to carry on the proxy-based firewall security analysis, have you learned the knowledge or skills? If you want to learn more skills or enrich your knowledge reserve, you are welcome to follow the industry information channel.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.