DIY Computer Repair logo

Proxy service

Proxy service? What is it and why would I want to use it?

DIY-Computer-Repair can help!

You can stop a virus from sending your data home by using a Proxy service.

When you get a Trojan virus how do you keep it from sending your data to the creator/thief that controls the virus?

A firewall either hardware or software will not stop a program that is resident behind a firewall from sending data out through the firewall.

Firewalls by their nature are one way, that is it will only send data or will allow data to pass in if the data was requested from behind the firewall. (Does this make sense?)

What this means is a computer on the outside of the firewall can not contact a computer on the inside of the firewall but a computer inside the firewall can contact a computer on the outside of the firewall and receive data back from the computer the inside computer requested.

This fact keeps unauthorized computers from contacting authorized computers and gaining access to them.

But if a virus such as a key logger, Trojan, or some other type can contact the originating computer from inside the firewall it makes the firewall almost useless.

Fix It! Your
DIY Computer Repair Newsletter!
Click here to get your copy of Fix It!

That is why I recommend a Proxy
Service when setting up networks.

Starting with Windows XP, Microsoft included a software solution for a firewall. The firewall solution is a combination of a firewall program and a proxy service.

It works like this:

  • The Windows Firewall program/service has a basic set of rules.
  • A rule is a statement that tells the program what it can and can not allow through from the outside to the inside and from the inside to the outside.

You can setup the rules for either a port or a program.

Access through the network adapter is controlled by 'port' this is a software address inside the service that is agreed on as a standard such as all web browsers and web sites are listed on port 80, however this is not set in stone and can be changed. Servers that have more than one web site can not have the same port of 80 so the web master of the secondary web sites give them a different port number. You may have seen them like this: http://some.web.site.com:10100/index.htm note the :10100 this is the port that the web master picked that is not used by some other service or program.

What you would have to do with Windows Firewall is create a 'rule' (I will not go in to the process of how to do a Windows Firewall rule here) that will allow either the program to access port 10100 or write the 'rule' for only a certain inbound IP address to access the port 10100.

Where the Windows Firewall fails are these two areas:

  • It can not block wan requests
  • It can be hacked

Hardware that is hard coded (i.e. it can not be changed) can not be hacked, nor can it be by passed. Thus a router between your network and the outside world is the best way to block hackers from getting inside your network. By setting the router to not accept wan requests a hacker will see the ISP then your cable/DSL modem but not the network on your side of the modem.

You will find more information on installing,  configuring, and troubleshooting Firewalls and Proxy services in the
Build a Server Guide.

But a virus on the inside can get out through the router.

This is where the Proxy service comes in.

Normally you would have the Proxy service software on a computer between the router and your network like this:

  • Outbound traffic:
    • Network computers  ->  Proxy computer -> Router  -> Cable/DSL modem -> Contacted computer
  • Return traffic
    • Contacted computer -> Cable/DSL modem -> Router -> Proxy computer -> Network computers

You have to set up the proxy computer with two dissimilar NIC's, one will have an IP address from the router the other will have your internal IP network address, this will also be your gateway address such as:

  • Router IP 192.168.1.3 (IP address of the NIC in the proxy computer to connect to the router)
  • Network IP 10.10.0.2 (IP address of the NIC in the proxy computer to connect to your network, also known as the Gateway address)

What the Proxy service / computer allows you to do is change the gateway address of the outbound / inbound traffic, it also queries all traffic to the router and pass it through a rule such as:

Scenario #1:

Your email program contacts a server to see if you have any new email -

  • The email program sends a message on port 110 to the proxy service addressed to your hosting computer by name xyzserver.emailservice.com, the proxy service looks at the message and says yes let the message to the xyzserver.emailservice.com through on port 110 and wait for a return reply from xyzserver.emailservice.com on port 110.
  • The email server checks you account and either returns the new email or a message that there isn't any new messages for your email account.

Scenario #2:

  • You are browsing the internet and come across a web site that has been hacked and is propagating a virus. Unbeknown by you or your AV program your computer gets infected by the virus. The virus uses your word processor program to gather information and then starts sending the data it has stolen back to the originating computer.
  • Windows Firewall may or may not block the virus from sending the data back, if the port is open or in the disabled state then the data will go back to the originating computer.

How ever if you had a proxy service between your network and the router the virus would not be able to send the data back to the originating computer.

Why?

Two reasons:

  • First the virus does not know about the gateway IP address required to contact the Proxy service.
  • Second the virus does not have a rule to pass the information through the Proxy service.

Thus the virus can not 'call home' with your data.

With a Proxy server or service you will decrease you vulnerability of a ID or data theft from your computer or network.

Viruses such as Trojans, Key Loggers, and other Malware may cause you some problems with your computers but the data will not be transmitted to some thief to use as they please.

The only draw back to having a proxy services is that you will need a server to install the software on, you can find out more about building and using servers in the Build a Server Guide.

Hard Drives, Internal or External, All available at Newegg.com

Return to top


Q and A

This site contains a lot of information. As with any publication not all information is available due to space, time, or subject constraints.

If you have a question that you did not find the answer on this web site  you a can ask your question here and we will endeavor to get you the most up to date answer possible!

Free Stuff!


Thank you for visiting my web site, and please come back again.

© www.diy-computer-repair.com '2008 Copyright Russell Enterprises All Rights Reserved
DiY Computer Repair contact support and sig. If you find this Web Site useful, feel free to recommend it to a friend.



Return to previous page



 
This website is not intended for children under the age of 18

 Home   Support   About owner   Site Map
Why I use SBI  Privacy Policy   Disclaimer

DIY Insiders
Enter Email
Enter password



My Twitter! xml-rss Add to My Yahoo!
Add to My MSN Add to Google AddThis Social Bookmark Button My StumbleUpon Page Computer Blogs - BlogCatalog Blog Directory

Page copy protected against web site content infringement by Copyscape

www.diy-computer-repair.com BBB Business Review



Fire that geek that is messing up your computer, you can do a better job.

Finally geek secrets revealed then translated in to everyday English!

Self Computer Repair Unleashed! E-book

The Official  www.diy-computer-repair.com Reference manuals

Get yours Today!


Index
Home Page

Information Index
Audio devices
Affinity? What is it?
Can't find the Any Key
Batch Files?
BIOS. What is it? What does it do?
Cases
CPU's or Processors
Glossary of terms
Glossary of terms Page 2
Keyboard and your Mouse
Mini Computers
Motherboard
Memory
Modems
Networking
Networks Page 2
Networking - Wired or Wireless
Networking - Firewalls
Networking - Connectivity
Networking - Signal strength
Paging file or Memory dump file?
Information about Proxy Server/services
Solar Power for Backup when the power is out?
Power supplies
Storage
USB
Video
Virtual Drives
Virus
VPN - Virtual Personal Network

Senior Citizen?
Build yourself a computer

Opinion
Are We Doomed?

From the Desert South West ~ Arizona, USA
Copyright DIY-Computer-Repair.Com 2006-2011

powered-by-sbi