besides caching and filtering, another idea which came to my mind to use a proxy for is security. I'm planning to use squid for my home network as well as for a network I'm administering at my university. Both networks have Windows clients and a firewall based on OpenBSD.
The firewall configuration allows users to access web servers at port 80, smtp traffic and pop3. I've chosen such a restrictive policy to prevent malicious software to spread across the internet, in case anyone should ever open an email attachment containing a trojan horse/virus - whatever. This configuration has two problems:
- users can only connect to web servers using port 80, web servers on non-standard ports aren't accessible
- malicious software like spyware still could use port 80 to tunnel information through it (of course, it could also use the other ports, but I might close those in the future)
A proxy could solve those problems. For example, I could use filtering together with a white list of "trusted" URLs which are allowed to my users. Any malicious software trying to connect to its home URL then hopefully would fail to do so. But of course, keeping such a white list up-to-date is tedious and not very user friendly.
When I read about squid's proxy authentication feature, at first I thought that might be a better solution. IMHO, it has the disadvantage that passwords are transmitted in the clear.
So my first question is if there exists any solution to encrypt those passwords (maybe SSL, maybe anyone knows of another proxy supporting it?).
My second question is how proxy authentication maintains information about a user's session. It's clear to me that even with a proxy, malicious plug-ins or Active-X controls in a user's browser could "circumvent" the proxy. That can't be prevented. But what about other, stand-alone processes? For example, let's say the user was authenticated successfully to the proxy. Now a malicious background process on the same machine tries to access its home URL through the proxy. Will the request pass or will it be blocked?
What I mean is: based on which credentials (per request) does the proxy decide which traffic is allowed to pass through after it has successfully authenticated a user?
Thanks in advance for any answers to my questions,
Marco
