When privacy is an issue for a computer network, one favorite approach is to establish a proxy server as a middleman between clients and the ultimate server. All client requests are filtered through the proxy server and evaluated for appropriateness and threat level. Filters can be set up to include or exclude specific IP addresses or resources. Because the proxy server is an intermediate destination, it can alter or recreate packets according to programmed rules. For instance, a response from the real server can be intercepted by the proxy, destroyed and recreated with spoofed header information that protects the privacy of the server. For some client requests, the proxy may short circuit the packet and respond directly, without even contacting the real server.
Here is a partial list of how a proxy server is used:
- To provide resources that would otherwise be restricted
- To allow access despite regional restrictions
- To scan content for viruses and other malware
- To get around native security systems
- To keep an audit trail of activity
- To block certain sites from achieving access
- To cache pages from the real server in order to speed up processing
- To maintain anonymity
Proxies can be set up as gateways into a server or as front-ends for the server. In the latter role, it takes on duties of balancing loads, authenticating traffic, decrypting packets and/or caching pages.
A web proxy focuses on the World Wide Web, and usually acts as a cache. Blacklisted IP addresses are blocked by web proxies, a favorite tactic of large organizations that need to protect commercial or sensitive data. The latest technology allows web proxies to reformat packets so that they conform to cell phone and PDA protocols. Companies like SEO Online Services can provide important ways to raise the visibility of a web site, making a web proxy even more necessary.
As mentioned earlier, proxies often spoof IP addresses in a process called network address translation (NAT). The proxy changes the IP address of a packet as it is routed through the network. Basic, or one-way, NAT is a one-for-one substitution of IP addresses. In addition to changing the IP address in the packet header, a basic NAT will also change any checksums that are affected by the spoofed address. An important use for basic NAT is to interconnect incompatible networks. A more sophisticated version of NAT translates the port address as well. Static NAT performs port forwarding to allow a permanent translation between addresses. Onion routing is implemented using proxy servers – it basically allows users to evade Internet censorship. Online anonymity is achieved by the 12P anonymous proxy, the ultimate in online discretion.