A network I\'m working on has only a web proxy (http, https) to communicate outs

Question

A network I'm working on has only a web proxy (http, https) to communicate outside (mostly used for cache purposes, not whitelist or blacklist support). This requires lot of configuration to all tools to declare proxy, which is quite heavy and restricting in some cases.

I was wondering if a transparent proxy could easier user life, as the existing web proxy has no real advantages in term of security (advanced users configure VPN to go outside and escape proxy restrictions). The only reason I found so far is for logging access to HTTPS website: CONNECT HTTP command requires the requested URL to connect to a SSL website, which cannot be seen if a transparent proxy is used.

The question is: with security in mind, what is the reasons to keep a web proxy over a transparent proxy ?

Explanation / Answer

The web proxy requires explicit configuration, which is good for making life hard for surprise devices and applications that show up on the network. Yes, you can work around this, but it's one more step.

As well, transparent proxies have to choose between breaking the user experience pretty badly (injecting a redirect in a website for auth, for instance) and efficacy. An explicit proxy can have rational auth mechanisms that won't ever break the websites you're going to. They can support SSL without a man-in-the-middle cert (if wanted). The browser, knowing that there's a proxy, can interact with it in a better way (for instance, doing DNS locally vs via the proxy), and you don't get that in a transparent proxy.

Related Questions

Navigate

• Browse (All)
• Browse A
• Subjects

Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.