Hi folks, Ed Amoroso here. Hey, I want to start with a story, some number of years ago, I was doing consulting for a government agency. They were having some trouble, the US federal government agency, they're having trouble with security and thought that maybe they needed some security devices, firewalls, and they'd specifically mentioned that they wanted to do something called a Forward Proxy which is basically a firewall that operates on behalf of a whole set of clients that say, want to go out to the internet or something. And they were talking about how they might have misconfigured that because they were seeing straight packets all over the place. I remember we sat down and we went through some network diagrams, they didn't have very good ones, and we actually had to almost build them. It took a month to try and rebuild the diagrams that made sense and by the time we've rebuilt the diagrams and had interviewed everyone, we realized that a whole segment of their network that was directly connected to the internet through no firewall, no proxy, no anything, explained why they had packets floating around the internet. They had misconfigured something, they'd just directly connected to the internet. So, I can't underestimate, can't underemphasize the importance of architectural understanding of how things are set up. Now, this concept of a proxy being a go-between is really a conceptual capability that's embedded in modern firewalls. In later discussions, we'll get into firewall architectures. But for now, I want to kind of show you the two arrangements that a lot of times you see set up. The first I mentioned a moment ago showed on screen here is when you've got a proxy operating on behalf of a whole set of clients, we call that a forward proxy. That means, you probably have some experience with that, where the clients essentially think they're going out somewhere but they're really hitting this proxy that's operating on their behalf. And you may have seen situations where optimizations can be done. You think you're on wesellcoolsneakersontheInternet.com, but actually, the proxy has cached that page. So what's the point of going out there, if everybody's going out there, I'll just keep it here and look for updates, you get the idea. So that's a nonsecurity idea, but you see how naturally that extends to the idea of a firewall that might be embedded in a local enterprise. So keep that in mind, it's very useful architectural concept as you're putting together security architectures. The second possibility is to use some protective proxy for servers that are operating where clients are trying to gain access to one or multiple servers. We call that a reverse proxy. They're the same thing but for the most part, the reverse proxy would be something that you'd be using to protect. The logical distinction is minimal. And I think what you'll find, as you do your own design in and around cybersecurity architectures, is that it's the concept of proxy that really matters here. This idea that somewhere, you're going to put something in the middle of what you're doing and where you want to go. And the reason I think it's important to think of that is because as computing becomes more virtual, for the most part, you're going to find that in the virtual operating system, proxy-type functionality is going to be part of the infrastructure. You're going to see that computing is headed toward something called Software Defined Networking. You might have heard that term, SDN. We virtualize capability, everything becomes cloud-based workloads, you've got workload to workload, and a very convenient way of doing security is embedded in the infrastructure. You can provide the arbitration and it could be your service provider doing it for you. So rather than me having something to protect myself, you having something to protect yourself, it's possible that your service provider might put something in between both of us and allow that. Essentially, it's an arbitration mechanism between us, kind of a cool concept, and it's something that we'll spend some time on later. But for now, I want to make sure that you just have down the basic concept of proxy. Now, I got a little quiz for you here. And the answer is C. Right. You'd want to have, basically, because you have both clients and servers in the environment, you'd want to make sure that you have protection for both. And I think at number C, we said was forward proxies for protecting the clients, and we said reverse proxies we're protecting the servers. So I hope that all that confusing nomenclature is not going to make your head spin too much. So I hope you've enjoyed this and we'll see you in the next video.
