SOCKS risks/dangers.
Results 1 to 6 of 6

Thread: SOCKS risks/dangers.

  1. #1
    Member
    Join Date
    Jun 2004
    Posts
    77

    SOCKS risks/dangers.

    hi
    all the while, my company policy does not allow setting up SOCKS proxy to the outside.
    Now a user wants to connect a web application on the outside which is using applet technology and the SOCKS protocol is needed to use the applet.
    What are the dangers/risk that may affect us if we configure a SOCKs proxy for him.?

  2. #2
    Banned
    Join Date
    Jun 2005
    Posts
    445
    First, do you have the authority to effect policy changes in this circumstance?


    There aren't many dangers if properly configured.

    SOCKS V5 provides a way to run multimedia applications through the firewall. It does this by granting network managers a great deal of control over the multimedia traffic they let through an open port on a firewall. SOCKS V5 lets users select who can receive a multimedia communication and for how long, while protecting the rest of the information on the network.
    Source Article

  3. #3
    Banned
    Join Date
    Apr 2003
    Posts
    1,147
    I found this:

    Socks 5 proxies sit between users and network servers. Unlike standard network requests, in which users access servers directly, users connected to a Socks 5 server pass (or proxy) requests to the server--end users never are connected directly to servers that are proxied. In this model, the Socks 5 proxy server can enforce user-access control policies, such as filtering destinations based on address and domain name. It also allows for content filtering.

    Like all network and security devices, Socks servers require specific features for successful deployment: strong management, thorough logging and robust security. If you leverage network services such as user directories and SNMP management, it's a good indication that you'll be able to install and scale the server with little impact on your network.
    Here: http://www.networkcomputing.com/911/911r3.html

    From the sound of it, your IT folks would have to play some significant infrastructure games before you'd be able to implement this. That may be why they don't permit it in the first place. The application, based on my experience in redesigning infrastructure, better generate a a ton of dollars a year in increased company revenue?

  4. #4
    Senior Member
    Join Date
    Nov 2001
    Posts
    4,786
    unless its to be used for accessing recources on the network from the internet (like the VNC applet....a extremely bad idea) what kind of java app would require socks? not knowing what the app is/does i'll still say it's a very bad idea. if it has to be accessed from the internet put it in the DMZ.
    Bukhari:V3B48N826 “The Prophet said, ‘Isn’t the witness of a woman equal to half of that of a man?’ The women said, ‘Yes.’ He said, ‘This is because of the deficiency of a woman’s mind.’”

  5. #5
    Senior Member
    Join Date
    Oct 2005
    Posts
    197
    vpn to trusted clients if possible. That would be my way to go.................if you can that is.
    meh. -ech0.

  6. #6
    Master-Jedi-Pimps0r & Moderator thehorse13's Avatar
    Join Date
    Dec 2002
    Location
    Washington D.C. area
    Posts
    2,883
    I second that. VPNs give you a much greater span of control. I'd also be curious what java app requires a socks proxy. Is it a socks 4 or 5 requirement?

    --TH13
    Our scars have the power to remind us that our past was real. -- Hannibal Lecter.
    Talent is God given. Be humble. Fame is man-given. Be grateful. Conceit is self-given. Be careful. -- John Wooden

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

 Security News

     Patches

       Security Trends

         How-To

           Buying Guides