Proxy Firewall: Network Security Explained

According to a 2020 report from Cisco, 42 percent of companies experience cybersecurity fatigue, or a sense of exhaustion or reluctance to continually handle cyber threats [1]. The problem is prevalent even in a multi-vendor security environment.

Not only are data breaches and security concerns tiring individuals and companies, but they also produce equally staggering financial losses. According to IBM’s 2023 Cost of a Data Breach report, the global average cost of a data breach is $4.45 million, representing a 15 percent increase compared to three years earlier [2].

Now, consider the possibility of thwarting potential threats before they evolve into significant security concerns. A proxy firewall can do just that; it helps prevent network threats from materializing. Read on to learn more about proxy firewall’s role in strengthening network security.

What is a proxy firewall?

A proxy firewall, which operates at the application layer of the open systems interconnection (OSI) model, forbids direct connection between a user’s computer and internet sites. The OSI model is a universally accepted conceptual standard for computer networking. 

By acting as a gateway, a proxy firewall monitors and blocks network traffic to safeguard against threats. Other names for a proxy firewall include application firewall, gateway firewall, and proxy server. 

Notable functions of a proxy firewall:

• Limits computer network resources to authorized users

• Inspects application-layer traffic for potential threats

• Logs, caches, filters, and regulates requests from devices

Did you know? Proxy firewalls add to your browsing experience. By storing cached web pages and traffic data from frequently visited websites, a proxy firewall alleviates your network's bandwidth burden. It enables faster loading times for frequently accessed pages. 

How do proxy firewalls work?

A proxy firewall has its own separate IP address, which bars direct communication between internal and external networks. That separate IP address is where the “proxy” in proxy firewalls comes from. 

As per the National Institute of Standards and Technology (NIST), an agency of the United States Department of Commerce, an application-proxy gateway “can make decisions to permit or deny traffic based on information in the application protocol headers or payloads [3].”

At its core, a proxy firewall complements transmission control protocol/internet protocol (TCP/IP), an extensive protocol suite that defines how data transmits over networks, including the internet.

If you are using a proxy firewall and want to access an external site, it typically requires the following steps: 

1. A user requests access to the internet through a specific internet protocol—for example, hypertext transfer protocol (HTTP).

2. The user’s IP address sends a synchronize (SYN) message packet to the server’s IP address, starting an internet session.

3. If the firewall guidelines allow it, the proxy firewall sends a synchronize-acknowledge (SYN-ACK) message packet in response from the requested server's IP address.

4. Upon receiving the SYN-ACK packet, the user’s computer dispatches an ACK packet to the server's IP address, allowing the proxy and the user's computer to connect.

5. As it establishes a TCP connection, the proxy firewall sends the external server a SYN packet from its IP address, prompting the external server to respond with a SYN-ACK packet. The proxy then sends an ACK packet to establish a valid TCP connection between itself, the user's computer, and the external server.

6. Finally, it monitors any request made through the client-to-proxy connection and proxy-to-server connection to ensure compliance with corporate policy. This process repeats until someone (it can be the client or the server) ends the connection.

Who can use a proxy firewall? 

Anyone who wants to protect their network resources from unauthorized access and keep their network secure and free of intruders and malicious traffic can use a proxy firewall. 

From an enterprise standpoint, proxy firewalls often protect internal networks. Proxy firewalls can also help limit access to select websites. An instance of this could be a proxy firewall in schools and universities that prevents students from accessing social media websites like Instagram while still allowing access to educational websites.

Pros and cons of proxy firewall network security

A proxy firewall has several merits, including providing security and preventing network intrusions. However, it also has some limitations. Below is an overview of both.

Advantages 

• Meticulous inspection of data packets flowing into or out of a network 

• Helps trace and investigate security incidents through logging

• Maintains access logs to generate comprehensive reports on user activities

Disadvantages 

• May not be compatible with all network protocols

• Latency or delayed response during heavy network traffic

• Installation and configuration can be tedious

Proxy firewall vs. traditional firewall 

Proxy firewalls operate on the application layer, which marks Layer 7 of the OSI model. In contrast, traditional firewalls are part of the network and transport layers, representing Layers 3 and 4, respectively.

Traditional firewalls, such as packet filtering firewalls and circuit-level gateways, lack the capability to inspect the content of data packets, making them susceptible to malicious data originating from trusted source IPs.

On the contrary, a proxy firewall investigates the content and context of data packets by its very nature, making it more secure than traditional firewalls. 

Proxy firewall examples

Proxy firewalls are widely available and sold by numerous vendors. The following offers a few examples: 

1. Amazon Web Services Web Application Firewall (AWS WAF)

AWS WAF targets common issues, including SQL injection, cross-site scripting (XSS), and bots that can cause downtime. A unique feature of AWS WAF is its Account Takeover Prevention. This managed rule group scans an application’s login page for credential stuffing and brute force login attempts, among other suspicious activities.

2. Barracuda Web Application Firewall 

Barracuda WAF offers security against automated and targeted online attacks. It provides protection from OWASP Top 10, zero-day threats, and application-layer denial of service (DoS) attacks, among others. Its machine learning model helps detect “almost-human bot attacks,” while multi-factor authentication thwarts account takeover attempts by bad actors.

Choosing the right firewall: How to make a choice? 

Web security is pivotal for staving off online attacks. Below are a couple of considerations to keep in mind before choosing a firewall:

• Risk assessment: You have two options: a traditional firewall and a next-generation firewall. If your data is sensitive or you deal with finance regularly, a next-generation firewall, such as a proxy server, is your best bet.

• Compatibility: Some firewalls may not be compatible with select internet protocols or corporate security tools, which can limit their effectiveness in protecting against certain types of attacks. This issue is why it always helps to check for documentation concerning a firewall.

Next steps

Proxy firewalls are a crucial component of an effective security system, particularly when it comes to helping stave off security fatigue. These intermediaries play a critical role in data transfer, one that can be valuable for gaining a deeper understanding of. Explore the finer nuances of network security with the IBM and ISC2 Cybersecurity Specialist Professional Certificate on Coursera. It's beginner-friendly and will take you through network concepts, security infrastructure, common threats, and more.