At home, we have 4 pc's connected to our Linksys Router with my wife's pc being the Host pc, I asked her last night if she is using a Proxy Server and she said she never knew how or why to use it. According to what I read about Proxy Server in MM's book yesterday, our setup should have been the ideal situation for that.

What I'd like to know guys, is should we use proxy server or not and why please? Thanks.

Theres lots of uses for Proxy servers, what most people dont realize is they are the most secure form of firewall as it works up to the application layer and the hosts never make a direct connection out of the internal network unlike NAT/PAT type firewalls the proxy makes all internet request on behalf of the clients (they are concidered slower however). Proxy servers where originaly used before NAT/PAT as well since only one public address was needed. Other benifits are that it can cahe web sites so the next user to visit a site would get it quicker since it pulled it from the proxy cache apposed to going out to the internet and downloading it everytime this was benificial awhile back when slow internet links where prevelent and the internet was 90% static pages. This is how like netzero high speed or AOL high speed work for dialup users for the most part as each POP would have a proxy (same caching theory applies). They also look at the requests and returned content (why they are slower) and allow you to block content and/or web sites in general they also offer authentication for web clients so you can track where your employees are surfing all day and how long they where on a page). On the flip side it is used to mitigate DoS attacks for web sites and perform web server load balancing when it is installed as a "reverse Proxy" where it caches the back end web servers its protecting into its RAM so when internet users hit their site they connect to the proxy the proxy would then pull the content from the backend web servers in a load balance fasion and cache any static content releiving the backend web server of the connections (very usefull on SSL web sites since encryption is very processor intensive it offloads the Processor utilization for encryption to the dedicated proxy and allows the backend boxes to use its processor for web and database activity), Proxies are now being installed directly into routers and switches google cisco content engines or cisco ASA securty device . Anyway for 4 PCs not really benificial except as a firewall (the virus would be scanned at the proxy and never even make it to the backend PCs) or if you have a slow dialup link.

Proxies are now being installed directly into routers and switches google cisco content engines or cisco ASA securty device . Anyway for 4 PCs not really benificial except as a firewall (the virus would be scanned at the proxy and never even make it to the backend PCs) or if you have a slow dialup link.

Since we have the firewall activated on the router and since Prox Servers will slow don things a little then I would think that we are better off without it? Would you agree?

Its not the same type of firewall (firewall types = packet inspection, circuit level (stateful), application, and hybrids), a Proxy is concidered the most secure firewall when coupled with application level inspection, the inspection slows it down the first hit of a web site after that it will be much faster so I dont agree with the reason you gave but I also dont think its neccesary unless you want the content blocking features. The work is not worth the gain i guess.

Where I would set a proxy

home use - No router and multiple PCs prolly the only reason I would use one at home. waiste of PC resources here.

corporate use - lots of benifits here, user tracking, usage statistics, security, cache relieve internet link bandwidth, internet authentication, content filtering, virus and spyware filtering before the clients. I usualy have roughly 3 firewalls before the inetrnal network and dissable personal firewalls for administrative purposes but that depends on environment and time.

Alright understood, thanks, guess I have to dig a lot deeper into firewalls to get a good grasp on what you've written here, my plan is to do Network+ next so I guess I will run into this.

Firewalls are a specialty in its own right, Im assuming network+ will give you the overlying theory to help get started, but dont stop there as you seem interested there is so much more to them..

Tip of the iceburg..

http://www.cisco.com/univercd/cc/td/doc/product/iaabu/centri4/user/scf4ch3.htm

http://www.securityfocus.com/infocus/1716

It gets much deeper when actualy learning the deep packet inspection for each protocol and then comes AAA and IPS/IDS etc..

Those are nice links [thanks], will go through both today, my immediate plan is to do Network+, Security+ and Server+. I am trying to decide as we speak which training method will be best for these 3 exams? I am leaning more towards "video" training just so I can see what type of equipment is being used as I have no way of physically seeing the equipment used for this.