Proxy service, maybe the best thing you can do for your data...
What is it and why would I want to use it?
You can stop a virus from sending your data home by using a Proxy service.
When you get a Trojan virus how do you keep it from sending your data to the creator/thief that controls the virus?
A firewall either hardware or software will not stop a program that is
resident behind a firewall from sending data out through the firewall.
Firewalls by their nature are one way, that is it will only send data or will allow data to pass in if the data was requested from behind the firewall. (Does this make sense?)
What this means is a computer on the outside of the firewall can not contact a computer on the inside of the firewall but a computer inside the firewall can contact a computer on the outside of the firewall and receive data back from the computer the inside computer requested.
This fact keeps unauthorized computers from contacting authorized computers and gaining access to them.
But if a virus such as a key logger, Trojan, or some other type can contact the originating computer from inside the firewall it makes the firewall
That is why I recommend a Proxy service when setting up networks.
Starting with Windows XP, Microsoft included a software solution for a firewall. The firewall solution is
not a combination of a firewall program and a proxy service.
It works like this:
Windows Firewall program/service has a basic set of rules.
- A rule is a statement that tells the program what it can and can not allow through from the outside to the inside and from the inside to the outside.
- To keep a virus from accessing a computer outside the firewall you
would have to have a rule for the virus - not practicable - there are MILLIONS
You can setup the rules for either a port or a program.
Access through the network adapter is controlled by 'port' this is a software address inside the service that is agreed on as a standard such as all web browsers and web sites are listed on port 80, however this is not set in stone and can be changed.
The 5 Steps to high quality and cheap
DIY Computer Repairs
Get It Today...
Servers that have more than one web site can not have the same port of 80 so the web master of the secondary web sites give them a different port number. You may have seen them like this:
http://some.web.site.com:10100/index.htm note the :10100 this is the port that the web master picked that is not used by some other service or program.
What you would have to do with Windows Firewall is create a 'rule' (I will not go in to the process of how to do a Windows Firewall rule here) that will allow either the program to access port 10100 or write the 'rule' for only a certain inbound IP address to access the port 10100.
Where the Windows Firewall fails are these two areas:
- It can not block wan requests
- It can be hacked
Hardware that is hard coded (i.e. it can not be changed) can not be hacked,
nor can it be by passed.
router between your network and the outside world is the best way to block hackers from getting inside your network. By setting the router to not accept wan requests a hacker will see the ISP then your cable/DSL modem
(if the modem does not have the "block wan requests" either turned on or
available) but not the network on your side of the modem.
You will find more information on installing,
configuring, and troubleshooting Firewalls and Proxy service in the
Build a Server Guide.
But a virus on the inside can get out through the router.
This is where the Proxy service comes in.
Normally you would have the Proxy service software on a computer between the router and your network like this:
- Outbound traffic:
- Network computers -> Proxy computer -> Router -> Cable/DSL modem -> Contacted computer
- Return traffic
- Contacted computer -> Cable/DSL modem -> Router -> Proxy computer ->
You have to set up the proxy computer with two dissimilar NIC's, one will have an IP address from the router the other will have your internal IP network address, this will also be your gateway address such as:
- Router IP 192.168.1.3 (IP address of the NIC in the proxy computer to connect to the router)
- Network IP 10.10.0.2 (IP address of the NIC in the proxy computer to connect to your network, also known as the Gateway address)
What the Proxy / computer allows you to do is change the gateway address of the outbound / inbound traffic, it also queries all traffic to the router and pass it through a rule such as:
Your email program contacts a server to see if you have any new email -
- The email program sends a message on port 110 to the proxy addressed to your hosting computer by name xyzserver.emailservice.com, the
proxy service looks at the message and says yes let the message to the xyzserver.emailservice.com through on port 110 and wait for a return reply from xyzserver.emailservice.com on port 110.
- The email server checks you account and either returns the new email or a message that there isn't any new messages for your email account.
- You are browsing the internet and come across a web site that has been hacked and is propagating a virus. Unbeknown by you or your AV program your computer gets infected by the virus. The virus uses your word processor program to gather information and then starts sending the data it has stolen back to the originating computer.
- Windows Firewall may or may not block the virus from sending the data back, if the port is open or in the disabled state then the data will go back to the originating computer.
However if you had a proxy service between your network and the router the virus would not be able to send the data back to the originating computer.
- First the virus does not know about the gateway IP address required to contact the service.
- Second the virus does not have a rule to pass the information through the
Thus the virus can not 'call home' with your data.
With a proxy server or service you will decrease you vulnerability of a ID or data theft from your computer or network.
Viruses such as Trojans, Key Loggers, and other Malware may cause you some problems with your computers but the data will not be transmitted to some thief to use as they please.
The only draw back to having a
proxy service is that you will need a server to install the software on...