Because of its simplicity and flexibility, SOCKS has been used as a network firewall, generic application proxy, in virtual private networks (VPN), and for extranet applications. SOCKSv5-based applications offer many advantages due to its strong, yet flexible protocol framework:

• Transparent network access across multiple proxy servers
• Easy deployment of authentication and encryption methods
• Rapid deployment of new network applications
• Simple network security policy management

A single communication protocol authenticates users and establishes the communication channel

For each TCP or UDP communication channel that the SOCKS protocol establishes, it:

• transfers user information from the SOCKS client to the SOCKS server for user authentication
• authenticates the user and the channel, and
• guarantees the integrity of TCP and UDP channels

Most tunneling protocols separate the authentication process and communication channel establishment, making it difficult to guarantee the integrity of the channels with authenticated users after multiple channels are established.

Application-Independent Proxy

As a generic proxy, the SOCKS protocol establishes communication channels, and manages and protects the channel for any application. As new applications come to market, SOCKS can protect them without requiring additional development. IP layer stateful inspection proxies require a new script for protocol inspection, and application layer proxies require new proxy software for each new application.

Flexible protection through a variety of access control policies

IP routers deliver IP packets by routing packets at the IP layer. Since SOCKS delivers TCP and UDP connections through a proxy mechanism at the TCP/UDP layer, it works with any application, and virtually all IP layer technologies, such as firewalls, NAT, and private IP. SOCKS adds the flexibility to manage the network through access control policies based on user, application, and time, in addition to source and destination addresses.

Bi-directional proxy support

Most IP layer-based proxy mechanisms, such as network address translation (NAT), only support uni-directional proxy, from the internal (private IP) network to external network (the Internet). The proxy establishes the communication channel by manipulating IP addresses, therefore, the IP addresses must be routable on the Internet. These proxy mechanisms prevent applications (i.e. multimedia and collaborative applications) from establishing required return data channels (from the Internet to the intranet). In addition, IP layer-based proxy mechanisms need additional software modules for each application that uses multiple channels. SOCKS identifies communication targets through domain names, overcoming the private IP address restrictions. SOCKS can also use domain names to establish communication between separate LANs with redundant IP addresses.