When you connect your network to the Internet using an ISP or an IAP, you are setting up an environment that provides an unrestricted flow of information between your network and just about everyone else in the world (everyone with an Internet connection). Now, because you know and trust (at least somewhat, hopefully) the users on your internal network and have implemented some security measures on the LAN, you can consider it a trusted network . However, because you don't know everyone else in the world and have very little control over security on the Internet itself, you would have to consider the Internet an untrusted network .
Every time one of your network users connects to the Web or downloads files from an FTP site, information such as the IP address of the user's computer can be recorded by the Web or FTP site the user connects to. A way to hide important information that can easily be collected (and potentially used to crack into your network) when your users access the Internet is to use a proxy server.
A proxy server sits between your trusted network and an untrusted network, such as the Internet (see Figure 15.5). When a user on your network attempts to access the WWW with a Web browser, the request goes to the proxy server. The proxy server strips off the IP addressing information from the data packets that make up the request from the user and affixes addressing information specific to itself. The proxy server then contacts the Web server requested by the user. The proxy server will actually download the requested Web page and then supply it to the user.
Figure 15.5. Proxy servers sit between your network and the Internet and intercept communication requests .
Using proxy servers totally hides the IP addressing information on your internal network. Proxy servers can supply additional security by also serving as firewalls (that is, if the proxy server software you use provides firewall features; firewalls are discussed in Chapter 20).
Proxy servers can do more than just hide information about the internal, trusted network. Proxy servers can be configured to filter requests made by users on the trusted network to the Internet. For example, you might want to make certain Web sites off limits to your users, and the proxy server can be set up to deny requests for certain types of Web information.
Proxy servers can also actually speed up requests that are made by your users for information on the Internet. For example, a proxy server can cache Web pages that are accessed by your users. This means that the pages will be readily available (in the proxy server's cache) the next time the user or users access those Web pages.
Proxy server software is available from a number of different vendors , including Microsoft Proxy Server, Netscape Proxy Server, and Sun's iPlanet Proxy Server. There are a large number of proxy servers that exist for small businesses and home offices. Check out www. tucows .com if you want to try out some of these different proxy server packages (we will take a look at a freeware proxy server, called AnalogX Proxy Server, in the section on NAT, which is coming up next).
I've already mentioned the fact that proxy servers can also function as firewalls. Another feature that proxy servers can offer is Network Address Translation (NAT). We'll take a look at NAT next.