Sock Proxy Network: Is that Safe in 2022 ? In USA

( kw : Sock )

A proxy, also known as a proxy server in computer networks is a computer that acts as a bridge between the client and the server. It acts as a gateway between local networks and large-scale networks, such as the internet.

Proxy servers intercept connections between the sender and the receiver. All data that arrives through a port is sent to one port, and then forwarded to another port.

Proxy servers are used to forward traffic and hide the IP address of the server. Proxy servers also include caching mechanisms which store requested resources in order to increase performance. A proxy server can encrypt your data to make it unreadable while in transit, and block certain websites based on IP address.

We now have an idea of how proxy works. Let’s focus on SOCKS, and specifically tSOCKS Proxy

SOCKS stands for Socket Secure and is a network protocol that allows communication between servers via firewalls. It routes network traffic to the server in order to facilitate client-server communication. SOCKS can route all types of traffic, regardless of protocol or program.

The SOCKS proxy server establishes a Transmission Control Protocol connection (TCP) on behalf of the client. It then exchanges network packets with the actual server. The SOCKS proxy doesn’t interpret network traffic between client/server in any way. It is used often because clients are behind firewalls and aren’t allowed to establish TCP connections with outside servers unless they use the SOCKS proxy. A SOCKS proxy relays the user’s TCP session and User Datagram Protocol(UDP) session through firewall.

SOCKS is a layer 5, protocol. It doesn’t care about any layer below it in the Open Systems Interconnection model (OSI). This means that it can’t be used to tunnel protocols below layer 5. This includes ping, Address Resolution Protocols (ARP), and others. It won’t allow an attacker scan with tools like Nmap if they scan based on half open connections. Because it works at layer 5, it is not secure.

SOCKS is located at layer 5, between SSL and TCP/UDP (layer 4) and can handle many request types including HTTP, HTTPS and POP3, SMTP, FTP, and SSL. SOCKS is a web browser, email, peer-to–peer sharing, file transfer and many other uses.

Other proxies that are built for specific protocols at Layer 7, such as an HTTP proxy used to forward HTTPS or HTTPS traffic from client to server, are also known as application proxies.

There are two versions of SOCKS4: SOCKS4 or SOCKS5. There are two main versions: SOCKS5 and SOCKS4.

SOCKS4 does not support authentication. SOCKS5 supports many authentication methods.

SOCKS4 does not support UDP proxy, but SOCKS5 does.

SOCKs5 proxy provides greater security because it establishes TCP connections with authentication and uses Secure Shell (SSH), encrypted tunneling to relay traffic.

Socks5: Why you should adopt them

Here are four benefits of using a SOCKs5 proxy that supports SSH tunneling.

1. Firewalls are a firewall that blocks access to back-end services

A cluster is usually hosted on the cloud behind a firewall in order to reduce security risks. You can access backend services running within a cluster in two ways. Each has its limitations.

Publicize backend services (and accept security risk);
To allow traffic to backend service, whitelist the IP address of the client or user. However, this is not the best solution for users whose IP has changed.

An alternative to the two unfavorable options is a SOCKs5 proxy that uses dynamic port forwarding via SSH. Administrators and developers can access backend services in a cluster hosted in the cloud behind firewalls to debug, monitor, and administer from a public network. This allows them to bypass the need for whitelisting IPs or exposing backend service ports.

Let’s take a look at an example. When hosted on the cloud, admin or monitoring APIs and web user interface (UI), ports for monitoring Hadoop cluster are automatically closed due to security concerns. These APIs and web UIs can be accessed via SSH dynamic port forwarding. The master node will have an IP address and will run SSH services by default. This is visible so that users can connect from outside.

Another example is if you are working in a virtual private clouds (VPC). To secure remote instances within a VPC, you can create a bastion host that restricts their access to outsiders. The bastion host can be accessed from outside, but only port 22 (SSH), is allowed. You can access remote instances running in the VPC by using SSH dynamic port forwarding. SOCKs5 proxy.

2. No special setup required

SOCKS5 does not require any special setup as long as you have SSH access either to the Edge node of a cluster’s gateway or to the Edge node. Administrators and developers can use an SSH tunnel to access back-end resources behind firewalls. This is without the need for a virtual Private Network (VPN).

3. No Third-Party Proxy Server or Public Access to Your Deployments

A SOCKs5 proxy routes all types of TCP/UDP traffic to their respective services through SSH tunneling. No layer 7 special proxies are needed for each service to route applications requests.

4. Fewer Errors, Better Performance

SOCKs5 doesn’t rewrite data packets, unlike other application proxy services. It simply relays traffic between devices. It is therefore less likely to make mistakes and performs better automatically.

What does SOCKs5 look like in practice?

The benefits mentioned above are something that any CISO would not want to miss. What does a SOCKs5 proxy mean in the context of an enterprise-level security strategy? How do security professionals start implementing SOCKs5 within their environments? Here are some steps that will help you get started with SOCKS5.

Set up a SOCKs5 Proxy connection

The client application must be capable of supporting SOCKS5 to SOCKSify an IT environment. This syntax is based upon the SSH client for Linux. It shows you how to create a SOCKs5 proxy on your local computer, and then authenticate with the Edge node or gateway on cloud. The Edge node routes traffic to servers within the cluster.

$ ssh -D 30001 root@EdgeNodeSSHserverIP -C -f -N (password: xyz; or
$ ssh -i /path/to/private_key -D 30001 root@EdgeNodeSSHserverIP -C -f -N

The command above starts the SOCKs5 Server and binds port 30001. It then connects to Edge Node Master Node or Gateway Node via the SSH tunnel hosted in the cloud.

These options are available in the command:

D 30001 instructs SSH to create an SOCKs5 server at port 30001 on the client’s computer.
C compresses data before sending.
N is “Do not execute remote commands.” It’s useful for forwarding ports (protocol 2 only).
F commands SSH to be in the background before command execution.

Accessing Endpoints with the SOCKs5 Protocol

Once you have created a SOCKs5 proxy, configure your clients so that they can access the internal services. We use a command-line URL (cURL), which supports the SOCKs5 protocol to simplify things. Additional configurations and setup are required for other methods, such as the use of a web browser.

Below is a cURL command that shows you how to access an HTTPS application endpoint listening on port 80000 behind a firewall. It uses the SOCKs5 proxy and the SSH tunnel.

curl -x socks5h://localhost:30001 -v -k -X GET https://EdgeNodeSSHserverIP:8000

The cURL tool above connects to localhost port 30001 The cURL sends a HTTP request to port 30001 to the SSH client.

The request is handled by the remote SSH server and sent to the back-end service listening on port 8000. The client receives the response via the same SSH tunnel to their SOCKs5 proxy. The response is relayed to the proxy by the cURL.

After you have created a SOCKs5 proxy by using the SSH dynamic ports forwarding method, the netcat utility can be used to test the TCP connections. The TCP connection test for back-end services listening on port 8443 is done using the SOCKs5 proxy.

ncat-proxy 127.0.0.1:30001 EdgeNodeSSHserverIP 843 -proxy-type CSS5 EdgeNodeSSHserverIP 843 -nv