Question How can we best protect our computer network using proxy servers?

[sudhanshudeshpande84]

How can we best protect our computer network using proxy servers?

 

[Tech Junky]

I don't know. What does your network look like?

 

[sudhanshudeshpande84]

I am looking to implement Zscaler to replace VPN and route the calls over public internet using proxy implementation on ZPA

 

[Tech Junky]

Ok, well bypassing von for VoIP is a good idea for quality.

Never dealt with zscaler though but it appears to just move things off site for cloud access.

 

[Lovren89]

Are you considering an on premises proxy or cloud based?
I think the whole premise of the above is wrong, proxy servers provide additional security to a network. By not allowing direct internet connections from the network, and only proxying you reduce the chance of malware/breaches etc. internal hosts/malware etc cannot directly connect to the internet. There is no direct connection, everything is terminated on the proxy. If the proxy can filter and inspect traffic for potential threats it can provide additional protection measures.
Cloud based proxy is typically used to stop roaming clients directly connecting to the internet without control. They provide central control, monitoring and policy enforcement when devices are not connected to the enterprise network.

 

[Garion]

This just happens to be my area of expertise, so I'll chime in using an account from long, long ago.

Proxies, in essence, provide you a way to filter outbound Internet traffic. Most companies use them from using types of content they don't want their users to get to - Things that violate HR policies (Porn, gambling, etc.), things that could harm the network (malware, phishing, spyware etc.), and just things you don't think you want your people doing, depending on the role of your company. It also provides a history of who has done what, which can be handy for your investigations and HR teams. ("They say Bob spends most of his time on YouTube and online games. Does he really?")

For some companies, this can be a big deal - If someone pops open pornhub on a company computer and others are offended it can turn into an HR issue pretty quickly. If your company didn't do anything to prevent it, the company could possibly be held liable. (Caveat: I'm not a lawyer, so take this with a grain of salt). Blocking malicious sites is important - zScaler and other similar companies do a good job at identifying and blocking problem sites like malware, phishing, etc. that stop Bad Things from getting into your company's network.

In general, it's a good idea for any medium-to-large company. If you're already using the zScaler client, turning it on should be pretty minimal.

 

[CodeBeholder]

Just keep in mind that proxy servers won't "protect [y]our computer network" by themselves. Sure as Garion mentioned above, they can be useful for some things, like restricting outbound requests, they are never going to prevent incoming traffic. I would also mention that without a way to enforce the usage of a proxy, a user can just bypass it entirely and access the internet directly.

 

[Fallen Kell]

Just keep in mind that proxy servers won't "protect [y]our computer network" by themselves. Sure as Garion mentioned above, they can be useful for some things, like restricting outbound requests, they are never going to prevent incoming traffic. I would also mention that without a way to enforce the usage of a proxy, a user can just bypass it entirely and access the internet directly.

Which is why you need good firewalls and routing rules. These will block traffic, in both directions, when used correctly. Having rules preventing outbound traffic that isn't going to or through the proxy are needed, as well as filters on incoming. Applying blacklists of known spam and malware is also a very good start.