Data Leak Test
DLP Validation and Testing

 

Your public IP address is: 35.173.57.84; more info

Updated Feb 14, 2020

 

SSL is: off ; more info

Mega Test

POST Test

GET Test

Upload Test

Email Test

Industry Info

Session Info

About DLT

 

How Proxies Work

and when to use them

 

Proxies were first developed as web caching devices and used to NAT (Network Address Translation) IP addresses in the early days of the internet. A great side effect of the proxy is that they surf on your behalf making them a great security device and that’s exactly what they have become.

What is a proxy used for today?

Proxies are used as security devices that cache user requests and scan that cache for security before serving that cache back to the end user.  This allows security devices to be in-line [logically not physically] with the user’s web requests and returning traffic.

*You cannot inspect HTTPS/ SSL without a PROXY… unless you have a client. Clients are limited {see below} see how SSL inspection works here

In the very basic network diagram below we can see that client requests go straight out to the internet. We are left to locally managed internet defenses for web based protections. This is not ideal since the insider threat is very common for both Data and Web Security. We find users knowingly and unknowingly getting themselves into trouble.

 

Above: NO PROXY

 

In this next diagram below we can see that there is a Proxy introduced on the way out of the environment.

 

Above: PROXY ARCHITECTURE

To proxy step by step might look like this;

1.       User makes a web request for yahoo.com

2.       The request is redirected to the proxy (for redirection methods see the below section called “redirection methods”)

3.       The proxy scans the outbound traffic for web and data security to make sure it meets policy requirements

4.       If the request does not violate policy the proxy then submits the yahoo.com request to the web

5.       Yahoo .com responds to the proxy with its page

6.       The proxy then caches the yahoo.com page and scans it for web and/ or data security policy requirements

7.       If the content does not violate policy then the page is served back to the user

If at any time an incoming or outgoing request violates policy a block page will be served

 

Proxy Redirection methods

Proxy Redirection: Normally your users go straight out to the web. When we implement a proxy we have to redirect the traffic to the proxy. AKA proxy interception.

·         WPAD –This is a configuration file for web browsers deployed by DHCP. Redirects most browser traffic.

·         PAC –Often deployed by Group Policy. Redirects most browser traffic.

·         Explicit browser setting –Often pushed by Group Policy Setting. Only cover the traffic for browsers that are configured with these settings

·         PBR -Policy Based Routing, usually done on non-Cisco core switches. ACLs redirect outbound ports 80, 443, and 21traffic to the proxy.

·         WCCP –Cisco Web Cache Protocol, just like PBR with some more advance feature like Round Robin load balancing. ACLs redirect outbound ports 80, 443, and 21traffic to the proxy.

·         Web Client –Web clients typically redirect the major browsers. Some clients  are able to redirect traffic from applications other than browsers by redirecting requests from the NIC  (NDIS) driver. No client redirects everything so its good to combine the client with WCCP, PBR, or even a SPAN/ Tap solution.

The recommended method of redirection is to use a Client for on/ off network {cloud} redirection/ coverage combined with WCCP or PBR to catch traffic coming from “unmanaged” devices such as tablets. phones, and PCs without the client.

 

When to use a proxy

Proxies are a critical piece of infrastructure for a robust security architecture.

·         Data Security over HTTPS

·         Web Security over HTTPS

Any Data theft or malware will likely happen over HTTPS to elude IDS, IPS, and firewalls.

 

Proxy alternatives

These options are not great because they can do nothing to see inside of SSL traffic.

·         SPAN or Tap –Unable to see into SSL traffic which makes real time analytics for malware impossible. Some solutions use traffic signatures which should be a secondary detection method along with proxy.

·         Inspect the traffic locally/ Client -there are great Data Security clients made by Websense and Symantec but for Web Security there is just too much analysis that needs to happen and it will bog the device. Use a cloud or on premise proxy for Web Security.

 

Cloud Based Proxies

Cloud based proxies are essential  for a holistic approach to security that protects users on and off network.

Cloud based proxies are very similar to a proxy that you might stand up inside your environment. Cloud based proxies typically offer OFF NETWORK PROTECTION. The same redirection and abilities should apply (vendor dependent). This is a key offering to security architecture, if you don’t have this you are exposing your users when they are not on site. The recommended method of redirection for Cloud Based Proxies is to leverage a client that is tamper resistant {even local admin cannot disable]

Above: Use of a cloud based proxy from within a corporate network

 

 

 

Above: Use of a Cloud Based Proxy Remotely

*With some vendors a cloud based proxy can be used as a failover for an on premise Proxy