<%mainShowBanner("ciu") %>

<%mainShowBanner("CIU-FLEX(CIU-2)") %>

Firewalls vs. Proxy Servers

Do you think that a firewall and a proxy server are one and the same? You're not alone. This week we'll discuss the differences between firewalls and proxies. We'll also introduce a site that will help you measure the bandwidth of your cable or DSL connection.

By Ron Pacchiano

Q. I work for a small law firm, and we recently decided to join the 21st Century by ordering a DSL line for our office. One of the reasons it has taken us so long to make the commitment to broadband is because the company's principals have been very concerned about hackers getting into our network. Our DSL provider tells us that a firewall should protect our network from attack. Our computer service company suggested that we might consider using a proxy server instead. I've asked a number of people for opinions on this, but most seem to think that a proxy and a firewall are the same thing. So my question is are they the same, or do I need to decide between them? Any advice you could provide us with would be most appreciated.

A. This is a topic that often leads to a great amount of confusion, primarily because a firewall and a proxy often perform many of the same functions. For instance, they both act as network gateways, separating your Local Area Network (LAN) from the outside world. This placement allows them to examine all incoming traffic and discard any unrecognized data before it can make it onto your network, thereby protecting the network from attack. In many cases, a firewall and proxy will even reside on the same server. Yet in spite of these similarities, the roles of these two devices are actually quite different.

Basically, the primary role of a Firewall is to protect your network from unauthorized access. In order to do this, firewalls use numerous techniques to regulate which services can travel through the network. These services operate over TCP and UDP ports. The firewall uses "Rules" to open and close the ports that these services travel on. Firewalls also use of a number of different detection techniques to protect against attacks, including Network Address Translation (NAT), MAC address filtering and Stateful Packet Inspection (SPI).

Firewalls can take advantage of different encryption methods as well. This allows mobile users to tunnel into the network from remote locations through the use of secure logon procedures and authentication certificates. Firewalls have the ability to generate automatic alarms at given thresholds of attack and also have extensive logging and reporting capabilities.

One of the firewall's potential drawbacks is that it allows network users to surf the web unrestricted. Any web page that is requested by the client is automatically accessed and retrieved without regard to content or appropriateness.

This brings us to the proxy server. Unlike a firewall, the primary role of the proxy server is to limit a user's ability to access sites or materials that might be deemed inappropriate within a corporate environment. A proxy will intercept all web requests coming from network clients and check them against the contents of its Access Control List (ACL). Entries in the ACL can be in the form of domain names, individual pages, specific words, or categories (e.g. sex, violence). If the web page requested is not on the proxy server's ACL, the request is processed normally and the retrieved web page is sent back to the requesting client. If, however, the requested web page is on the ACL, it will be blocked, and the client will receive a message indicating they have tried to reach a restricted site.

Proxy servers are not foolproof, but they do provide companies with a greater level of control than that of unrestricted terminals. Proxy servers are most effective when used in conjunction with a strong Acceptable Use Policy (AUP) that addresses what material is and isn't appropriate to access, and what the consequences will be if the terms and conditions of the AUP are violated.

A proxy server can also improve your network's performance by functioning as a caching server (Definition). Proxy servers can be difficult to maintain and troubleshoot, which is why they are typically only found in large organizations with a good size IT staff.

In summary, the role of a firewall is to protect your network from unauthorized intrusion, while a proxy server has more to do with restricting the type of information that users on your network will be allowed to access. Proxy servers can also be configured to function as a firewall, but they are much more difficult to maintain. As far as which is the right choice for you, I'm afraid that you are the only one qualified to make that determination. Best of Luck!

Q. After waiting weeks and weeks for my DSL line, it was finally activated. I've finally got a DSL line. When I ordered it, I was told that I would be getting about 400 Kbps downstream and about 90 Kbps upstream. I can't say for sure, but it feels like the system is transmitting data at a much lower rate then the 400 Kbps I was promised. Is there a utility I can use to measure my bandwidth so that I can verify the speed of my service?

A. DSL connections are easily affected by a large number of variables that could determine the actual transmission rates that you will receive. The biggest obstacle to high data throughput numbers is distance. In order to qualify for DSL service you have to be within 18,000 feet of the phone company's Point of Presence (POP). The closer you are to the POP, the better the signal strength you'll have.

Another concern is wiring. If you live in a relatively new home, chances are good that they installed all of the wiring using CAT5 cabling. Older homes and apartment complexes, on the other hand, typically have an older cabling standard called CAT3. This type of cable is sufficient for voice transmissions, but is less than optimal for transmitting data. The age of the cabling itself could be a factor as well.

With all of this in mind, there are a number of utilities available for testing your bandwidth rates, many of which can be found online. There are too many to discuss here, but if you go to Yahoo, for example, and search on "Bandwidth Speed Test," you'll find numerous sites that can give you the results you're looking for. If I had to recommend one site, however, it would be DSL Reports. This site has an abundance of information on DSL technology and news, along with a wide selection of utilities for testing various aspects of your DSL connection. To access them, point your browser to http://speedtest.dslreports.com.

If the numbers for the test results come back considerably lower then you were anticipating, you could try giving the vendor a call and discussing your results with them. I had a similar problem with my DSL service and found out that my ISP was purposely throttling back the data rate for reliability purposes. I told them I would take my chances, so they bumped it back up to where it should have been. Best of Luck!

Use our feedback form to submit your questions on home or SOHO networking issues. We can not guarantee to answer every question we get, but we'll consider them all