The problem with encrypting the processing of fully home-formed, and unencrypted data is the single encryption key, which allows only one user to access the data without decrypting it. This concern can be circumvented by using a cryptographic technique called dc proxies, cache proxy re-encryption. This encryption technique by PrivateProxy allows multiple users to process encrypted data in the cloud.
Today, the Internet has created major changes in the way people process information in many areas. Location masking is a critical part of cybercrime, and e-commerce fraudsters increasingly use proxy servers to hide their physical location. With the proliferation of residential servers, credential identification and detection have become a major challenge for organizations, as most online services recognize residential IP addresses as genuine and legitimate human traffic.
Before moving on to a residential proxy server, we should explain what a proxy server is first. Let’s take the example of a person at home surfing the Internet. When they visit a web page, their computer actually connects to the Web server that hosts that Web page. This is known as a direct connection. Connecting in this way to a web server can remember the IP address of the visitor, and other information about their browsing.
How does a proxy server make my browsing anonymous?
When you come to any web-sites, your computer sends a request to download pages, pictures, etc. from the web-server. At the same time, the computer transmits your IP address – a unique number of your computers on the Internet. Using this address, an attacker can “hang” your computer, launch a virus, connect to your computer, steal personal information, etc.
To prevent this from happening, you can install powerful protection systems on your computer – A firewall. However, this is not a panacea – any program can be hacked. Therefore, as additional protection measures, it makes sense to use an anonymous proxy server. When accessing web servers, the proxy will “substitute” your IP address for its own, and the attacker will try to invade not you, but the proxy server (which has a much more powerful protection system).
Chains of proxy servers
Using one proxy server, you can connect to another proxy, through it – to the next one, etc., i.e., build a chain of proxy servers. A chain can consist of both proxies of the same type (chains of HTTP or socks proxies, chains of anonymizes) and proxies of different types, for example
socks proxy -> socks proxy -> http proxy -> http proxy ->
– cgi proxy -> cgi proxy -> web server
Each type of proxy has its own way of building a chain. The most difficult is the HTTP proxy (especially since not all HTTP proxies allow you to include yourself in the chain). And the simplest is CGI proxy.
And what else can a proxy do?
All proxy capabilities are based on the fact that it is an intermediate link between the computer (or local network, and the Internet. Therefore, as a consequence, it can also, in principle:
- filter the content of the pages you view, in particular, remove advertisements;
- “change” the geographical location of your computer (relevant for sites that show different content depending on which region/country the request comes from);
- if the proxy server is in the same local network as you, then it is enough that only the proxy is connected to the Internet – using one connection to the Internet, the whole network will be able to go out;
- and so on.
Proxy or proxy server
A forward proxy is a server located between the client and the origin server. To receive content from the content server, the client sends a request to the proxy server, naming the content server as the destination. The proxy then requests content from the server and returns it to the client.
The reverse proxy appears to the client as a regular web server.
No special configuration is required at the client end. The client makes a normal content request in the proxy’s namespace. The reverse proxy then decides where to send
the request, it receives and returns the content as if it were a content server.
A typical use for a reverse proxy is to allow Internet users to access a server behind a firewall. A reverse proxy can also balance the load on multiple back-end servers or act as a cache for slower back-end servers. In addition, a reverse proxy can bring multiple servers to the same URL.
The role of the proxy server in this thesis was to direct requests coming in as domains to the correct Raspberry Pi to the IP address of the internal network.
Technical issues
Architectural view
- The VCenter server shown in the architecture diagram above was used to install a virtual proxy server on the physical ESXi platform.
- VLAN and the Ubuntu server were configured to run on this network.
Configuring VLAN ports using the Flex fiber switch
The connection from the internet to the rags was routed through the Firewall and the backbone switch, through the Flex fibre switch to the proxy server on the ESXi host, from there back through Flex to the backbone switch, and further through the SW-Rack-1 and SW-inside-net switches to the rags.
Network configurations in VCenter
The first step was to select the node on which the proxy was to be installed. Configurations must be made for that particular node where the machines on the network to be configured are located. In the “Configuration” tab of the node, the item “Networking” was found, from which the VLAN “inssi_priv” was created via the “Properties” button of the virtual switch “vSwitch2”. The vSwitch2 virtual switch is used by the machines connected to the Internet, and it was to this switch that the configurations from the next FlexIO switch in the network were also routed. This configuration was done for a future proxy server that was later connected to run on this VLAN.
Configuring the VLAN interface in Paloalto
- A NAT firewall rule was created on the firewall to direct the incoming traffic to a specific external IP address to a particular internal IP address; in this case, the IP address of the proxy server.
- The NAT rule defines the source address as the public IPv4 address of the cluster on the Funet network, and the destination is the IPv4 address on the proxy’s internal network for traffic arriving at the public address to the proxy.
- The firewall also included security rules for SSH connection and web connection, where the external requests to the IP address of the proxy from the outside are forwarded to the correct VLAN.
