|
By Jonathan Feldman
Socks version 5 can provide a simple way to implement firewall security--if you're willing to wrestle with the freeware implementation or buy into a better-documented solution. Socks5 offers many of the benefits of traditional packet filtering firewalls, without introducing complicated interdomain routing issues into your network's already complex routing structure.
Routing? Socks5 never had it and never will. It isn't a router at all. It's a proxy server. Specifically, it's a generic circuit proxy that can be configured to proxy as many or as few TCP/IP ports as your users need. Because proxies in general act as big, bad security guards that fetch data from a bad network neighborhood and return it to clients, they don't route
per se. Think of a Socks5 server as having "inside" and "outside" route service domains.
Our IS shop has been providing Socks as a generic circuit proxy for a couple of years; we converted from Socks4 about a year ago. Socks4 let us offer a simple, outgoing TCP firewall and migrate from simple Internet access to offering TCP and UDP (User Datagram Protocol). Once we switched to Socks5, we were able to add strong authentication and offer a limited number of incoming connections as well--something we never would have been able to do with Socks4.
Socks5 doesn't cache like specific application proxies, but the technology has let us keep our service simple and deploy only one type of user firewall. Although all proxies require client software, Socks5's launcher simplified our client deployment, avoided local application recompiles and worked transparently with 99 percent of our software.
Old and New Socks
Socks5 has many attractive features and it's backward-compatible with Socks4. For starters,
you can avoid routing issues entirely, such as having to deal with TCP/IP's BGP (Border Gateway Protocol) with multiple ISPs. With Socks5, you configure your inside interface with the specifics about your inside networks, and your outside interface talks to a default router. Socks5 uses its own private routing table, just as if it were a workstation, so it should not participate in routing protocols (see "Socks5 Versus Socks4 and Filtering Firewalls," below left).
Additionally, if you have invalid or private IP numbers, you don't have to renumber all of your networks to give users access to the Internet or other intranets. With Socks5, the outside world sees only your proxy, never your originating station. Socks5 also is very difficult to spoof, particularly with an "outgoing-only" configuration. A properly configured installation will drop all connections that claim to be from the inside network if they originate from the outside--just like a properly configured router.
But with Socks, all transaction
s must make their way from the network level down to the application, then back up to the network level, so logging into an application level is easy. Socks5 also can proxy and cache DNS lookups or coexist with an internal DNS system that forwards Internet queries to an external host.
Socks5 lets you deny access to users who do not have departmental permission to use the Internet. It fully logs all accesses for security purposes. And software that creates usable reports out of this data is available. Reports can show top sites, or ports, sorted by data transferred or number of hits. They also can show failed connections, daemon restarts and other standard statistics, depending on the implementation you use. However, you must configure a Socks client for applications that don't natively support Socks. For Windows applications, this is typically done with a Socks launcher. The freeware program SocksCAP, for example, works great for most applications, homegrown or otherwise.
|
|
|
|
Related Links
Aventail VPN 2.5: Not Your Father's Socks
|
our customizable newsletter, sends you security alerts, product updates and software patches on the products you use. Sign up now at 
REPORTS
ANALYTICS
Follow 
