CHAPTER 2

Proxy Deployment Strategies and Challenges

A proxy exerts its power and control on a network as an intelligent security device through its ability to perform deep traffic analysis in the context of an application and its users. One measure of the effectiveness of the proxy is its ability to intercept application traffic without interrupting the application or causing any side effects. An application being affected by a proxy can exhibit symptoms such as being unresponsive to user commands, engaging in transactions with sporadic data flows and unpredictable response times, and sometimes ceasing to function completely. Another metric that gauges the effectiveness of a proxy is its level of stealthiness while the proxy is active. When a proxy is stealthy, it can avoid being detected by both the application and its user.

After its successful incursion into a network, as part of its continued assailment, a sophisticated malicious application performs middle-box detection to avoid being discovered by the security proxies. Once a malicious application detects the presence of a proxy, it begins executing countermeasures such as changing its encryption methods, altering its communication patterns, masquerading as another victim, or sending a notification to its command-and-control server seeking further instructions. The proxy must hide itself from such applications so it can continue to surveil, pursue, and ultimately apprehend the malicious source.

The strategic physical placement ...

Get Security Intelligence: A Practitioner's Guide to Solving Enterprise Security Challenges now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.