In this article I am going write about SOCKS proxy and applications of SOCKS proxy in enterprise. lets begin with SOCKS proxy. Socket Secure (SOCKS) is an Internet protocol that routes network packets between a client and server through a proxy server. SOCKS servers will proxy TCP connections to an arbitrary IP address as well as providing a means for UDP packets to be forwarded. SOCKS performs at Layer 5 of the OSI model—the session layer.
In simple terms, SOCKS is an IETF approved standard for TCP/IP based networking applications. The SOCKS proxy provides the capability to allow traffic to be handled by a proxy for those applications (IM, ICQ) that do not have the native ability to set proxy parameters.
Let me explain forward proxy or proxy server. A proxy server’s function is to receive a request from a web browser or client, to perform that request (possibly after authorization checks), and return the results to the browser or client.
Advantages of proxy is the IP addresses or names of the internal systems never appear on the Internet, internet see the address of the proxy server. So attackers cannot use the addresses to gain information about your internal system names and network structure. Requests for certain sites can be restricted or banned. Web proxy servers usually support many protocols, including HTTP, FTP, Gopher, HTTPS.
How does SOCKS server works? Proxy servers can themselves use the SOCKS protocol to provide additional security. SOCKS proxy add a layer of encapsulation into the request from the client and forward the encapsulated request to the destination.
- Encapsulating any TCP protocol within the SOCKS protocol. On the client system, within the corporate network, the data packets to be sent to or from an external system will be put inside a SOCKS packet and sent to a SOCKS server.
- Returning packets will be sent to the SOCKS server, which will encapsulate them similarly and pass on to the original client, which remove the SOCKS encapsulation, giving the required data.
- The advantage of all this is that the firewall can be very simply configured, to allow any TCP/IP connection on any port, from the SOCKS server to the non-secure Internet, trusting it to disallow any connections which are initiated from the Internet.
- The disadvantages are that browser configuration is more complex, the added data transfers can add an extra delay to page access, and sometimes proxies impose additional restrictions such as a time-out on the length of a connection, preventing very large downloads.
Microsoft FF TMG 2010 can perform itself as a SOCKS server or SOCKS Gateway or SOCKS Proxy. To configure Microsoft FF TMG 2010 as SOCKS gateway.
Log on to FF TMG 2010>Open TMG management console>Click on System>Click on Application Filter>Right Click SOCKS4 Filter>Click Enable
Apply Changes>Click OK.
Right Click SOCKS4 Filter>Click Enable>Click Property.
Keep Default Port number>Select the network where SOCKS request will originate. For example Internal Network.
Click Ok. Apply Changes>Click Ok.
Now create a firewall policy to allow SOCKS communication between a source and destination. For example here I created policy opening SOCKS port between internal network and SOCKS gateway that is my proxy server.
Apply changes. Click Ok.
The following are the screenshot shows ICQ protocol available in TMG 2010 Protocols. If you don’t see your desired protocol on the list. you can add user defined protocol by simply adding new protocol. for ICQ communication, you have to create a rule specifying source and destination and the protocol you are allowing.
To Configure FTP SOCKS connection configure global settings of cute FTP or individual connection settings in each connections shown as below.
To configure proxy settings in IE. Open IE>Click Tools>Click Internet options>Click Connections>Click LAN Settings>Click proxy Settings and add SOCKS gateway or SOCKS proxy server details.
You can configure SOCKS proxy via GPO.
Create and Link a GPO with an OU> Right Click on GPO>Click Edit>navigate to User configuration\windows settings\internet explorer maintenance
Expand internet explorer maintenance node, and in the connection section, double-click Proxy settings. You can define Proxy setting for users.
To configure ICQ, Click on the Main button>Select Preferences>Click Connections. Click on the Firewall tab and select Socks4
- Type Proxy IP address in the Host
- Type in the proxy Port 1080
- Type username and password in the Authentication
- Apply and Click Ok