WEBVTT

00:00.520 --> 00:07.450
If there's one piece of technology that I feel is very confusing today and that is proxy servers proxy

00:07.530 --> 00:14.050
practicers been around for decades and they've developed into so many different things that they can

00:14.050 --> 00:17.410
become a massive I.T. security headache.

00:17.410 --> 00:23.680
So I want to take a few moments and make sure we understand conceptually what is a proxy server what

00:23.680 --> 00:27.510
types of proxy servers are out there and what do we do with them.

00:27.760 --> 00:33.450
Be ready for questions on the exam where you might need to add proxy servers to particular situations.

00:33.460 --> 00:36.760
Don't worry I've got you covered in this episode right here.

00:36.760 --> 00:39.280
First of all there's two kinds of proxy servers.

00:39.270 --> 00:42.460
There's forward proxy servers and reverse proxies.

00:42.460 --> 00:47.700
So what I'd like to do is start off with the older school a forward proxy.

00:47.710 --> 00:48.350
All right.

00:48.370 --> 00:55.990
Now if you take a look at this picture a proxy by definition is a device a box a piece of software running

00:55.990 --> 01:02.420
on a computer which acts as an intermediary between two different devices having a session.

01:02.440 --> 01:03.700
So you're going to have a client.

01:03.820 --> 01:06.220
You're going to have a server and a proxy in the middle.

01:06.220 --> 01:10.620
So if you take a look at this this is a forward proxy with a forward proxy.

01:10.690 --> 01:17.950
The client is aware of the proxy so the client speaks to the proxy and then the proxy actually does

01:17.950 --> 01:24.490
whatever it does to the request and forwards that as the representative of the client.

01:24.490 --> 01:26.830
So this is a forward proxy.

01:26.830 --> 01:36.280
Now forward proxies have been around for ever a traditional forward proxy is usually going to be a dedicated

01:36.280 --> 01:42.970
box or it could be a piece of software running on a server that is in an organization a great example

01:42.970 --> 01:49.330
would be schools just about every school on earth that has an internet connection runs a traditional

01:49.330 --> 01:51.150
forward proxy server.

01:51.160 --> 01:56.360
The idea behind a proxy server like this is it will provide caching.

01:56.410 --> 01:58.340
It provides content filtering.

01:58.470 --> 02:04.540
It will very much like a firewall and that it will look at the different things that people are doing

02:04.780 --> 02:10.600
and block based on you or L or all kinds of stuff like that proxy servers are amazing they can take

02:10.690 --> 02:14.810
ads out they can block certain parts of Web sites.

02:14.830 --> 02:19.390
So there's a lot of power in it that takes them WAY beyond a simple firewall.

02:19.390 --> 02:25.180
The reason we see them in schools obviously is we don't want kids going to inappropriate sites and proxies

02:25.240 --> 02:27.660
are very very common in schools.

02:27.670 --> 02:34.390
So the important thing that you have to understand about a proxy First of all is that proxies by definition

02:34.630 --> 02:37.590
are going to be application specific.

02:37.600 --> 02:43.330
So I'm going to set up a web proxy or an FPP proxy or voice over IP proxy.

02:43.330 --> 02:48.860
So depending on what type of application I have there is a specific proxy server for it.

02:49.030 --> 02:54.190
In fact now remember what we said with a traditional forward proxy server the clients are aware of the

02:54.190 --> 02:55.150
proxies.

02:55.150 --> 03:01.930
So let's come up with a situation where we have a web proxy in order to use this web proxy every single

03:01.930 --> 03:05.860
system that wants to use the web proxy has to go through a configuration.

03:05.860 --> 03:11.870
So what I have up here is my internet options and this is from Windows 10.

03:11.900 --> 03:17.170
Now what I want to do is let me motor connections already so let's click on land settings and you'll

03:17.170 --> 03:20.430
see right here where it says proxy server.

03:20.620 --> 03:23.420
So I'm going to say use a proxy server for your land.

03:23.590 --> 03:30.590
And then I have to actually type in the IP address and it's going to be port 80.

03:30.590 --> 03:38.540
So in this particular situation in order to use a traditional forward web proxy I actually have to set

03:38.540 --> 03:42.950
up all of my individual browsers to use that.

03:42.960 --> 03:49.670
Now if this proxy is designed to filter and prevent people from doing what they want to do why wouldn't

03:49.670 --> 03:53.770
people just go in here and delete this information say I don't want to use the proxy.

03:53.810 --> 03:58.810
The answer is simple because a well set up system is going to go if you don't go through the proxy.

03:58.820 --> 04:03.040
We're not going to let you out in the first place so that is a very traditional one.

04:03.040 --> 04:10.070
Now we have a improvement on that in what we call a transparent proxy transparent proxies don't have

04:10.070 --> 04:15.830
to go through all this configuration stuff but a transparent proxy has to be literally in the line.

04:15.830 --> 04:20.990
It has to be in line between you and the Internet so that it can grab everything that nobody has a choice

04:21.020 --> 04:24.860
but to go through it in a transparent proxy can work that way.

04:24.860 --> 04:29.100
They are out there just as just as common as a more traditional proxy.

04:29.120 --> 04:33.120
The nice part is I don't have to go through this type of configuration information.

04:33.320 --> 04:40.160
So a traditional forward is going to invariably be a box in the Windows world there are programs that

04:40.160 --> 04:45.890
famous programs with something like Wingate and things like that that provide these forward proxy services

04:47.090 --> 04:49.820
the other type of forward proxy that we run into.

04:49.830 --> 04:55.900
What I'm going to call a modern forward proxy is used by people who want to do nefarious things.

04:55.910 --> 05:00.990
Now I'm not going to say they always do bad things but sometimes they want to hide themselves.

05:01.040 --> 05:06.680
So we take a look at a diagram like this so what we're doing now is we're going to move the proxy out

05:06.680 --> 05:10.510
of our local in-house and we're going to move it out to the Internet.

05:10.520 --> 05:16.040
But it's still going to work the same way in this situation you can see I can connect my client's system

05:16.330 --> 05:21.140
and instead of going directly to a web server I can go to this proxy and then the proxy will take care

05:21.140 --> 05:21.700
of it.

05:21.710 --> 05:25.150
So I love Canadian television for example.

05:25.160 --> 05:31.130
And it's impossible for some of these Canadian websites to be played in the United States.

05:31.130 --> 05:36.730
Now if I were a Farias person I could easily find a Canadian proxy.

05:36.890 --> 05:42.740
I could go through that proxy and then dial in and watch shows like Letterkenny and corner gas and all

05:42.740 --> 05:45.390
these great shows that you Americans probably never heard of.

05:45.500 --> 05:48.540
All you could aliens out there going was sure anyway.

05:48.560 --> 05:50.740
So this is the type of thing that we can do with it.

05:50.780 --> 05:53.530
Now I would look at this diagram one more time.

05:53.540 --> 05:57.300
The problem with this diagram is that the proxy works fine.

05:57.350 --> 06:03.380
But notice that there's a connection from my system to the proxy server that's out on the Internet.

06:03.770 --> 06:11.760
So the downside to this is that anybody who wants to can easily figure out for example if the police

06:11.760 --> 06:18.050
set your Internet Service Provider a warrant it's fairly easy for them to figure out oh this goes back

06:18.050 --> 06:20.930
to Mike Meyers machine there in Houston Texas.

06:21.320 --> 06:29.240
So what we do with a lot of these proxies is we create an encrypted tunnel a connection called a virtual

06:29.240 --> 06:31.320
private network or VPN.

06:31.430 --> 06:33.850
We have other episodes that go into VPN and detail.

06:33.860 --> 06:41.100
But for right now I want you to understand that if we encrypt everything I mean everything.

06:41.300 --> 06:44.760
That way nobody can tell exactly what we're doing.

06:45.140 --> 06:52.790
So we create a VPN connection from our system to the proxy and then the proxy goes out and acts as our

06:53.000 --> 06:56.380
representative and does whatever it wants to do.

06:56.390 --> 07:01.250
There are lots and lots of tools out there that do stuff like this.

07:01.250 --> 07:05.360
So what I'd like to do is show you one tool in particular.

07:05.420 --> 07:07.120
So let's open up a browser.

07:08.410 --> 07:17.770
Get a new one up and I'm going to type in a Web site this is called High me and what I'd like to do

07:17.770 --> 07:24.030
is we're going to use this as a proxy.

07:24.220 --> 07:26.800
So keep in mind this isn't unique.

07:26.800 --> 07:30.910
There are thousands of these different types of proxy servers out there.

07:30.910 --> 07:32.170
This is a public proxy server.

07:32.170 --> 07:33.340
Anybody can go to it.

07:33.480 --> 07:36.570
And what I can do is actually go to a Web site.

07:36.610 --> 07:41.240
Now if you look here at the bottom it says I will look as though I'm coming from the Netherlands.

07:41.260 --> 07:44.260
This one is just a demo so it only gives a few options.

07:48.600 --> 07:52.350
So I'm going to go to my total CENTCOM site and I'm going to click on this.

07:52.380 --> 07:54.030
I want you to watch what happens here.

07:55.430 --> 07:59.720
Now one of the things you've got to worry about is that all of these types of proxy tools are slow and

07:59.720 --> 08:00.670
that's OK.

08:01.100 --> 08:06.460
So what's happening first of all you'll notice that I'm not actually at total dot com.

08:06.560 --> 08:14.540
I'm actually connecting to a proxy server at the HYGD me web site but I doubt me puts this little overly

08:14.540 --> 08:19.400
on top to remind me that I'm not actually directly on w w w not total CENTCOM.

08:19.790 --> 08:25.970
And if there was something important that only people in the Netherlands could do this would work just

08:25.970 --> 08:26.780
fine.

08:27.140 --> 08:32.150
Now that works out pretty good with a couple of little exceptions.

08:32.150 --> 08:38.110
First of all when you make a connection like this there is not just one connection to a Web site.

08:38.210 --> 08:42.540
You're probably launching Java connections and all kinds of different stuff.

08:42.590 --> 08:47.870
If you run open up one web page and type in net stat usually see that that one web page is actually

08:47.870 --> 08:50.210
making five or six different connections.

08:50.420 --> 08:55.490
And the problem is as a lot of these once they make the connection they will try to phone home directly

08:55.490 --> 09:01.980
back to you and that can make some problems so the VPN certainly helps.

09:02.040 --> 09:05.730
But the VPN doesn't let anybody know what you're doing.

09:05.730 --> 09:08.510
But the VPN still points back to you.

09:08.820 --> 09:11.850
And there's a situation where we run into a bit of a problem.

09:11.850 --> 09:18.750
So what we do is there are certain types of forward modern forward V-P ends that do cool stuff like

09:18.750 --> 09:22.520
for example the Tor network with Tor.

09:22.530 --> 09:25.120
What it's going to do is you're going to have lots and lots.

09:25.120 --> 09:31.170
Now I only have a few computers here but there could be hundreds or thousands of these computers which

09:31.200 --> 09:34.150
all work together to hide you really well.

09:34.170 --> 09:40.410
So when you make a connection you arbitrarily pick one of these toward nodes as they're called and then

09:40.410 --> 09:46.160
the nodes will make a random group of connections to a bunch of other computers.

09:46.170 --> 09:52.950
These are all VPN connections and then randomly pick one guy to act as the outward bound proxy server.

09:53.160 --> 09:58.620
So you can see what's happens here is not only is everything now very much encrypted through the VPN

09:59.010 --> 10:06.720
but it is really hard not impossible but practically impossible to get back to you.

10:06.840 --> 10:12.480
And that's why people use these Tor proxies not just because it's a good proxy server but because it

10:12.480 --> 10:19.110
makes this very complicated backward trail that's almost impossible for anybody to get out of.

10:19.110 --> 10:24.960
So law enforcement and people like that are often frustrated by Tor networks because bad guys often

10:24.960 --> 10:27.340
use them to hide themselves really really well.

10:29.360 --> 10:31.680
Now that's forward proxy server.

10:31.680 --> 10:38.180
So what I want to do is spin this around a little bit and talk about a reverse proxy server with a reverse

10:38.180 --> 10:39.340
proxy server.

10:39.500 --> 10:45.710
What we do instead is that we have servers let's say web servers where the proxy server represents the

10:45.710 --> 10:47.590
web server not the client.

10:47.600 --> 10:50.320
It's a complete reverse of a forward.

10:50.330 --> 10:54.750
Now these types of proxy servers do very very specific jobs.

10:54.830 --> 11:00.270
Number one their job is to protect the server from evil people like us.

11:00.530 --> 11:06.320
So there's lots of security in these For example these are often designed to handle denial of service

11:06.320 --> 11:10.010
attacks all kinds of different nefarious attacks like that.

11:10.280 --> 11:11.810
It's used for load balancing.

11:11.810 --> 11:18.170
So if I have three or four servers that proxy server can select whatever server is got the least load

11:18.170 --> 11:23.810
on it and goes ahead and passes jobs to that it can be used for caching.

11:23.810 --> 11:30.710
Just like a forward does a lot of times web pages will have a certain set of images that it's always

11:30.710 --> 11:31.910
passing out.

11:31.910 --> 11:37.820
Those images don't sit on the wall there on the servers but the reverse proxy server keeps a copy of

11:37.820 --> 11:43.890
any static images no matter what page you go to that website boom they send it really really quick.

11:43.910 --> 11:46.250
It also handles encryption acceleration.

11:46.250 --> 11:53.600
So if you've got a bunch of HTP servers most of the time it's the proxy server that handles all of the

11:53.870 --> 11:56.320
TTP encryption and decryption.

11:56.510 --> 12:02.120
A lot of times you'll see that these have different types of modules on board that are designed to help

12:02.120 --> 12:03.160
with the encryption.

12:03.350 --> 12:08.800
And they sit in front and they take a lot of work off of the Web servers.

12:09.040 --> 12:13.870
When you're thinking about proxy servers specially for the exam make sure you're comfortable with the

12:13.870 --> 12:17.880
concept of a forward versus a reverse proxy server.

12:18.010 --> 12:23.440
Remember forward hides the clients and reverse hides the servers

12:24.960 --> 12:43.490
in.