December 8th, 2005 01:37 AM
all the while, my company policy does not allow setting up SOCKS proxy to the outside.
Now a user wants to connect a web application on the outside which is using applet technology and the SOCKS protocol is needed to use the applet.
What are the dangers/risk that may affect us if we configure a SOCKs proxy for him.?
December 8th, 2005 03:03 AM
First, do you have the authority to effect policy changes in this circumstance?
There aren't many dangers if properly configured.
SOCKS V5 provides a way to run multimedia applications through the firewall. It does this by granting network managers a great deal of control over the multimedia traffic they let through an open port on a firewall. SOCKS V5 lets users select who can receive a multimedia communication and for how long, while protecting the rest of the information on the network.
December 8th, 2005 03:08 AM
I found this:
Socks 5 proxies sit between users and network servers. Unlike standard network requests, in which users access servers directly, users connected to a Socks 5 server pass (or proxy) requests to the server--end users never are connected directly to servers that are proxied. In this model, the Socks 5 proxy server can enforce user-access control policies, such as filtering destinations based on address and domain name. It also allows for content filtering.
Like all network and security devices, Socks servers require specific features for successful deployment: strong management, thorough logging and robust security. If you leverage network services such as user directories and SNMP management, it's a good indication that you'll be able to install and scale the server with little impact on your network.
From the sound of it, your IT folks would have to play some significant infrastructure games before you'd be able to implement this. That may be why they don't permit it in the first place. The application, based on my experience in redesigning infrastructure, better generate a a ton of dollars a year in increased company revenue?
December 8th, 2005 04:29 AM
unless its to be used for accessing recources on the network from the internet (like the VNC applet....a extremely bad idea) what kind of java app would require socks? not knowing what the app is/does i'll still say it's a very bad idea. if it has to be accessed from the internet put it in the DMZ.
Bukhari:V3B48N826 “The Prophet said, ‘Isn’t the witness of a woman equal to half of that of a man?’ The women said, ‘Yes.’ He said, ‘This is because of the deficiency of a woman’s mind.’”
December 8th, 2005 05:01 AM
vpn to trusted clients if possible. That would be my way to go.................if you can that is.
December 8th, 2005 11:45 AM
I second that. VPNs give you a much greater span of control. I'd also be curious what java app requires a socks proxy. Is it a socks 4 or 5 requirement?
Our scars have the power to remind us that our past was real. -- Hannibal Lecter.
Talent is God given. Be humble. Fame is man-given. Be grateful. Conceit is self-given. Be careful. -- John Wooden