When people talk about network security, it seems that there’s a bit of misinformation going around as to the differences between a proxy and a firewall. Some think they’re mutually exclusive — that you can’t use both — but that’s not at all true. Some say that a proxy guards against incoming traffic by filtering where prying eyes directing such traffic might want to look, while a firewall just blocks intruders outright. For the purposes of most, that’s probably a reasonable enough analogy, but it’s really not quite accurate.
You can pretty easily picture a firewall as a wall of fire (not to be confused with a ring of fire, which, I have on good authority from a certain man in black, burns, burns, burns). As a solid line, nothing gets through — until you start poking holes in the thing to allow traffic. Without vigilance, such holes will allow any traffic through; filters must be put in place to grant free passage to the “good” traffic while thwarting “bad” traffic and infiltration by potential evildoers. Employing the use of a firewall is a very direct process, easily visualized by its very name.
A proxy, in contrast, is less direct. A proxy, as LockerGnome’s Brandon Wirtz describes it, is “more like asking your sister to go ask your mom if you can have a cookie.” It acts as a man in the middle (or sister in the middle, in this case — depending on your sister, I suppose) to “proxy” all of your requests to the scary, outside world. In this way, you have no direct contact with the things from which you’d like information (or cookies), so consequences are less severe should those things (or your mean, cookie-denying mom) try to hurt you. It’s a level of protection that’s more like a sister and less like a wall. Got it?
Unlike the more primitive firewall, a proxy can use caching, which can be really helpful for large organizations. As Brandon says, “If you have 100 people and someone says, ‘hey, did you just go see the Hamster Dance site?’ And everyone wants to go look at the Hamster Dance site, instead of having to download 100 copies of that Web site, your company only has to download one, and it can then share it to all 100 people.”
So whether you find using a proxy over a firewall suits your needs best, a firewall is the way to go, or both float your boat, at least now you know a few of their differences. And if you know a few more differences that we didn’t cover, leave us some comments and set us straight!
Post a Comment
Great artical for the Security related persons and Hackers......