SOCKS

By BITSnBYTES

(Bhargavi, Maya, Priya, Rajini and Shruti)

Outline

Definition History Major components Working Features Functions Applications

Need for protocol

Widespread use of firewalls

Need to provide a general framework for sophisticated application layer protocols to transparently and securely traverse a firewall with strong authentication capabilities

Need to provide a framework for client-server applications in both TCP and UDP domains to conveniently and securely use the services of a network firewall

What is SOCKS?

Acronym for SOCKet Secure

Networking proxy protocol for TCP/IP based network applications

Intermediate layer between application layer and transport layer

History

Originally developed by David Koblas in 1992

Protocol extended to version 4 by Ying-Da Lee of NEC

Designed to allow clients to communicate with Internet servers through firewalls

Two major versions of SOCKS – SOCKS V4 SOCKS V5

Components of SOCKS

SOCKS server – implemented at the application layer

SOCKS client – implemented between application and transport layer

SOCKS Server

SOCKS Client

Application Layer

Transport Layer

Application Layer

Secure Proxy data channel

How does it work? Establishes a secure proxy data channel between two computers in

a client/server environment

SOCKS server handles requests from clients inside a network's firewall and allows/rejects connection requests, based on the requested Internet destination or user identification

Once a connection and a subsequent "bind" request have been set up, the flow of information exchange follows the usual protocol

Client's perspective - SOCKS is transparent

Server's perspective - SOCKS is a client

How does it work?

SOCKS is typically implemented on proxy servers

SOCKS uses sockets to represent and keep track of individual connections

Client side of SOCKS is built into Web browsers

Server side can be added to a proxy server

The SOCKS server – authenticates and authorizes requests establishes a proxy connection relays data between hosts

Relation with OSI reference model

Purpose of SOCKS

Enables Hosts on one side of the SOCKS server to gain access to the other side of the SOCKS server without requiring direct IP-reachability

Clients behind a firewall wanting to access exterior servers connect to a SOCKS proxy server which controls the eligibility of the client to access the external server and passes the request on to the server.

Major Functions

The SOCKS protocol performs four functions: Making connection requests Setting up proxy circuits Relaying application data Performing user authentication (optional)

Two versions of SOCKS

SOCKSv4 Makes connection request Sets up proxy server Relays application data

SOCKSv5 Adds authentication to V4

- Username/Password (RFC 1929)

- GSS-API (RFC 1961) Authentication Method Negotiation Address Resolution Proxy UDP proxy

Control flow of SOCKS

Features

Allows for transparent network access across multiple proxy servers

Provides a flexible framework for developing secure communications by easily integrating other security technologies

Rapid deployment of new network applications

Simple network security policy management

Benefits

Single communication protocol to authenticate users and establish communication channels

Universal – works with several internet protocols

Application-Independent proxy

Can be used with either UDP or TCP based protocols

Bi-directional proxy support

Benefits (continued..)

Easy deployment of authentication and encryption methods

Firewall tunneling service - allows many machines behind a firewall to access the Internet without actually being on the Internet themselves

Drawbacks

SOCKS v4 does not support UDP and authentication

The SOCKSv5 protocol does not support SOCKSv4 protocol

SOCKS implementations do not support data encryption (except for some commercial software) making data transfers vulnerable to interception

Applications Most common use - Network firewall

Authorized data relay between Hosts

Supported as a proxy configuration option in popular Web browsers and instant messaging programs

Found in some VPN implementations

Emerging as one of the best ways to secure multimedia applications across the Internet

Summary

SOCKS is easy to deploy and manage

SOCKS is transparent to the user, while providing multiple layers of security

Allows client-server applications to transparently use the services of a network firewall without requiring direct IP-rechability

References

RFC 1928 - base SOCKS v5 specification

RFC 1929 , RFC 1961 - additional details

http://www.socks.permeo.com/AboutSOCKS/SOCKSOverview.asp

http://whatis.techtarget.com/definition/0,,sid9_gci213023,00.html

http://www.socks.permeo.com/TechnicalResources/SOCKSFAQ/SOCKSGeneralFAQ/index.asp

The SOCKS reference architecture and client are owned by Permeo Technologies, spin-off from NEC. NEC Corporation has promoted SOCKS.

A SOCKSv4 implementation is available through anonymous ftp from ftp://ftp.nec.com:/pub/socks/

SOCKV5 Reference implementation by Permeo.

Questions?