1 00:00:00,05 --> 00:00:03,08 - [Instructor] Squid is an open source application 2 00:00:03,08 --> 00:00:07,00 proxy firewall software solution 3 00:00:07,00 --> 00:00:12,00 for hypertext transfer protocol or HTTP. 4 00:00:12,00 --> 00:00:13,09 It has many features 5 00:00:13,09 --> 00:00:18,08 but we'll focus on the website blocking functionality. 6 00:00:18,08 --> 00:00:23,05 What is an application proxy firewall? 7 00:00:23,05 --> 00:00:26,05 Static packet filtering or SPF 8 00:00:26,05 --> 00:00:32,00 and stateful packet inspection or SPI firewalls 9 00:00:32,00 --> 00:00:36,01 are not able to inspect application data 10 00:00:36,01 --> 00:00:38,01 in a network packet. 11 00:00:38,01 --> 00:00:42,09 They only look at the heathers of the network packets. 12 00:00:42,09 --> 00:00:46,00 If they should also inspect the payload 13 00:00:46,00 --> 00:00:48,05 or content of the packets, 14 00:00:48,05 --> 00:00:51,01 it's simply too much data to handle 15 00:00:51,01 --> 00:00:55,09 for these SPF and SPI firewalls. 16 00:00:55,09 --> 00:00:59,01 This is why we need a separate firewall 17 00:00:59,01 --> 00:01:04,00 dedicated to looking at only the data segment of the packets 18 00:01:04,00 --> 00:01:06,05 that is application firewalls 19 00:01:06,05 --> 00:01:10,00 focus on examining the application data 20 00:01:10,00 --> 00:01:13,07 delivered by each network packet. 21 00:01:13,07 --> 00:01:15,01 One more thing to note 22 00:01:15,01 --> 00:01:17,08 is that these application firewalls 23 00:01:17,08 --> 00:01:23,04 are also application or protocol specific. 24 00:01:23,04 --> 00:01:29,00 In the case of Squid it's specialty is HTTP. 25 00:01:29,00 --> 00:01:33,04 Here's a diagram we can use to think more deeply about 26 00:01:33,04 --> 00:01:36,05 what an application proxy firewall does. 27 00:01:36,05 --> 00:01:40,07 The architecture consists of three elements, 28 00:01:40,07 --> 00:01:47,09 HTTP client, HTTP proxy and HTTP server. 29 00:01:47,09 --> 00:01:51,02 Three HTTP client that is usually 30 00:01:51,02 --> 00:01:54,07 a web browser like Microsoft edge. 31 00:01:54,07 --> 00:01:59,01 An HTTP proxy looks like a web server. 32 00:01:59,01 --> 00:02:02,00 To the HTTP or web server, 33 00:02:02,00 --> 00:02:08,02 an HTTP proxy looks like a client or a web browser. 34 00:02:08,02 --> 00:02:13,05 Therefore the HTTP proxy is acting like a middleman 35 00:02:13,05 --> 00:02:19,01 intercepting HTTP request from an HTTP client 36 00:02:19,01 --> 00:02:22,06 and passing it on to an HTTP server. 37 00:02:22,06 --> 00:02:26,06 At the same time from the HTTP server 38 00:02:26,06 --> 00:02:31,01 it will be receiving packets just like HTTP clients 39 00:02:31,01 --> 00:02:36,06 and then passing them on to the actual HTTP client. 40 00:02:36,06 --> 00:02:43,00 After all that's why Squid is called HTTP proxy. 41 00:02:43,00 --> 00:02:47,03 Proxy servers monitor application message exchanges, 42 00:02:47,03 --> 00:02:51,00 examine the message content, 43 00:02:51,00 --> 00:02:55,03 and take actions based on security rules. 44 00:02:55,03 --> 00:03:00,00 An example of such an action is blocking a website. 45 00:03:00,00 --> 00:03:02,01 If you don't want your employees 46 00:03:02,01 --> 00:03:05,07 to do online shopping during their work hours, 47 00:03:05,07 --> 00:03:11,04 you can install a proxy server to monitor the HTTP traffic. 48 00:03:11,04 --> 00:03:13,02 When the proxy server detects 49 00:03:13,02 --> 00:03:17,08 an unwanted domain name in the HTTP packet, 50 00:03:17,08 --> 00:03:21,00 it can intercept the HTTP request 51 00:03:21,00 --> 00:03:24,01 and respond to the web browser 52 00:03:24,01 --> 00:03:27,02 by displaying a message like 53 00:03:27,02 --> 00:03:33,00 you're prohibited to visit an XYZ site. 54 00:03:33,00 --> 00:03:34,07 In our example network, 55 00:03:34,07 --> 00:03:38,02 the best place for an HTTP proxy firewall 56 00:03:38,02 --> 00:03:40,06 is within the DMZ 57 00:03:40,06 --> 00:03:43,07 because the HTTP proxy will be 58 00:03:43,07 --> 00:03:48,00 exposed to the outside HTTP servers. 59 00:03:48,00 --> 00:03:53,05 When it delivers the HTTP packets from the HTTP clients, 60 00:03:53,05 --> 00:03:56,08 we cannot completely isolate it 61 00:03:56,08 --> 00:04:00,00 which is why we keep it in our DMZ.