Recommended Levels of Proxy Security

The Lightspeed Systems Web Filter offers several levels of proxy security. After you have decided which type of proxy you want to set up and went through the setup process, you will be able to set the level of proxy security.

You can find proxy security settings by navigating to Web Filter > Proxy Server > Forward Proxy. You can find security settings under Proxy security.

proxprox

Proxy security options include:

1) Authenticate All Users – All users, regardless of whether they are on- or off-network, are required to authenticate before they are able to access the network.

2) Open Proxy (no security) – Any user, using any device, whether on- or off-network, can access the network anonymously.*

3) Authenticate External Users – Only external users (those off-network) are required to authenticate before they are able to access the network.

4) Restrict Access to iOS and ChromeOS – Only iOS and ChromeOS user are able to access the network.

*The Open Proxy (no security) setting is not recommended by Lightspeed Systems in most cases due to the major security gaps it exposes your network to security vulnerabilities.  Utilizing the Open Proxy access level can make it so any device, not only students or teachers associated with your organization,  can connect to your hostname. This can have several negative consequences, including: unauthorized users accessing your network, increase bandwidth usage on site, and increased CPU usage on the Rocket.

Instead of using the Open Proxy access level, we strongly recommend that you use one of the other three options, based on your device types and network setup. For absolute network safety, utilize the Authenticate All Users option, which will authenticate all users, both on- and off-network. Schools that only have iOS and ChromeOS devices can significantly benefit from the Restrict Access to iOS and ChromeOS option, as this will restrict any other device from accessing your network while still authenticating all iOS and ChromeOS devices. Schools that have students with BYOD devices or that have students take devices home can benefit from the Authenticate External Users option, which will force any user who is outside the schools’ network to authenticate.

Note: The Open Proxy setting can be used if you are using iOS devices in a full desktop/laptop setting in order to allow all of the operating systems to connect without the need for authentication (This option should only be used if you want to proxy all your devices, included desktops, and only have a single proxy server. This is not a common scenario.) This is related to an iOS-specific issue with proxy authentication. We recommend that you enforce web authentication by enabling Captive Portal in order to add an additional level of security. 

Note: Port 8080 is the industry standard for proxy configuration. However, we support the use of a custom port. This can lower the probability of potential unwanted requests being made through your Rocket.

Learn more about proxy authentication here.

Learn more about authentication methods here.