The difference between web proxies and VPN?

thedramathedrama Member Posts: 291 ■□□□□□□□□□
Hey guys, this is a significant question for me. I brought to you several
questions for these.

One; Imagine there are two situations when you use proxy, once you try to connect to a web server(destination). First, you directly connect to anonymous web server through web browser by typing its domain name then
reach the destination using web proxy then. Second, you get IP and Port numbers of web proxies and then enter them on your LAN settings.

a) Is there any technical difference between those two? I mean, in second,
does your source IP "get the IP address you entered on LAN settings"?

b) In second, Is your source IP still the one you received from your ISP,
and web proxies' IP and port are for the destination?

c) In second, is your connection still encyrpted from originating source to
final destination(web server) completely? [End-to-end]

d) In second, if these port numbers and IP addresses are still first destination, what is the possibility of being caught from your computer to
the proxy server?


Two ; a) What is the difference between a Web proxy and VPN in terms
of security? also anonymity?

b) When implementing VPN, is your IP address masked like in web proxies?
Monster PC specs(Packard Bell VR46) : Intel Celeron Dual-Core 1.2 GHz CPU , 4096 MB DDR3 RAM, Intel Media Graphics (R) 4 Family with IntelGMA 4500 M HD graphics. :lol:

5 year-old laptop PC specs(Toshiba Satellite A210) : AMD Athlon 64 x2 1.9 GHz CPU, ATI Radeon X1200 128 MB Video Memory graphics card, 3072 MB 667 Mhz DDR2 RAM. (1 stick 2 gigabytes and 1 stick 1 gigabytes)


Comments

  • it_consultantit_consultant Member Posts: 1,903
    Web proxies are often designed for web filtering and are designated (on LANS) by a WPAD file provided by a DHCP or are directly configured in the web browser. They redirect all traffic through another server for logging / filtering / security / compliance. These are fairly easy to defeat so I don't use them. An inline devices is trickier to defeat but does introduce a single point of failure for internet traffic. Proxies do not always, if ever, encrypt traffic.

    A VPN secures two endpoints of a network by using header or payload encryption. A site-to-site VPN looks logically like a directly connected network even though it often traverses a variety of networks. This is used for security and connecting disparate networks.
  • Bl8ckr0uterBl8ckr0uter Inactive Imported Users Posts: 5,031 ■■■■■■■■□□
    thedrama wrote: »
    a) Is there any technical difference between those two? I mean, in second,
    does your source IP "get the IP address you entered on LAN settings"?

    Yes they are totally different pieces of kit. There are several different types of proxies and several different types of VPNS. See the following links:

    VPN's: IPSec vs. SSL
    Proxy server - Wikipedia, the free encyclopedia
    thedrama wrote: »

    b) In second, Is your source IP still the one you received from your ISP,
    and web proxies' IP and port are for the destination?

    What do you mean by source IP? Post Nat it should show as the Natted IP address (your public IP).

    thedrama wrote: »
    c) In second, is your connection still encyrpted from originating source to
    final destination(web server) completely? [End-to-end]

    As in SSL encryption? Yes.

    thedrama wrote: »
    Two ; a) What is the difference between a Web proxy and VPN in terms
    of security? also anonymity?

    VPN's are designed to enforce security and confidentiality. They are encrypted communication streams for either user to gateway or gateway to gateway encryption. Proxies are either used to enforce some policy (no **** on the network) or save bandwidth or both. Public proxies are usually used to circumvent some security policy (**** on the network) put in place by their lan, their ISP or even their country.

    Check this out:
    http://www.publicproxyservers.com/
    http://en.wikipedia.org/wiki/SOCKS
  • crrussell3crrussell3 Member Posts: 561
    Web proxies are often designed for web filtering and are designated (on LANS) by a WPAD file provided by a DHCP or are directly configured in the web browser. They redirect all traffic through another server for logging / filtering / security / compliance. These are fairly easy to defeat so I don't use them. An inline devices is trickier to defeat but does introduce a single point of failure for internet traffic.

    Why do you consider proxies easy to defeat?
    MCTS: Windows Vista, Configuration
    MCTS: Windows WS08 Active Directory, Configuration
  • Bl8ckr0uterBl8ckr0uter Inactive Imported Users Posts: 5,031 ■■■■■■■■□□
    crrussell3 wrote: »
    Why do you consider proxies easy to defeat?


    In my experience people will only go half way with them. Like they will put the proxy setting in GP but won't lock down outbound 80 from other IPs and won't lock the setting in the browsers. You kind of need to do both. It becomes a management issue when you have machines that aren't controlled by GP on your network and you need to get them on the network quickly. Transparent proxies are the way to go. Most UTM firewalls have this functionality built in. Or just install something like SQUID on your network and it would be cake:

    http://www.cyberciti.biz/tips/linux-setup-transparent-proxy-squid-howto.html
  • crrussell3crrussell3 Member Posts: 561
    In my experience people will only go have way with them. Like they will put the proxy setting in GP but won't lock down outbound 80 from other IPs and won't lock the setting in the browsers. You kind of need to do both. It becomes a management issue when you have machines that aren't controlled by GP on your network and you need to get them on the network quickly. Transparent proxies are the way to go. Most UTM firewalls have this functionality built in. Or just install something like SQUID on your network and it would be cake:

    Linux: Setup a transparent proxy with Squid in three easy steps

    Thats what I figured he was hinting at. We have our proxy settings controlled by GP, but can't/don't lock down the settings (though we should for desktops, just not laptops). We do have our firewall locked down to prevent someone from removing the proxy settings and bypassing it, so this really isn't an issue. I would love to make it a transparent proxy, as right now our tmg2010 is setup in a single leg adapter configuration (I know, I know).
    MCTS: Windows Vista, Configuration
    MCTS: Windows WS08 Active Directory, Configuration
  • Forsaken_GAForsaken_GA Member Posts: 4,024
    thedrama wrote: »

    b) In second, Is your source IP still the one you received from your ISP,
    and web proxies' IP and port are for the destination?

    It depends. If it's a connection that the proxy will actually proxy for, then the end site will see the proxy's IP as the source. If the proxy just passes it through, the original source IP will be seen (this is, of course, assuming there's not NAT device in the path)
    c) In second, is your connection still encyrpted from originating source to
    final destination(web server) completely? [End-to-end]

    Again, it depends. A proxy server isn't going to encrypt an HTTP stream. For HTTPS, if the proxy passes it directly through, then yes, it will remain encrypted. If the proxy is configured for SSL Interception, then sort of, there's just a bump in the wire where the proxy is acting as a MITM
    d) In second, if these port numbers and IP addresses are still first destination, what is the possibility of being caught from your computer to
    the proxy server?

    The same as any other traffic on your network, it depends on your design and security measures.
    Two ; a) What is the difference between a Web proxy and VPN in terms
    of security? also anonymity?

    Two completely different technologies, with different purposes. It's an apples to oranges comparison. Go read up on the purpose of a VPN, and the purpose of a web proxy.
Sign In or Register to comment.