Beruflich Dokumente
Kultur Dokumente
BRIEF INTRODUCTION
PRESENTATION OVERVIEW:
Basic Concepts Different Implementations for Proxy Server Sample Case Hardware and Software Planning Implementation and Setup of Proxy Server Conclusion Contacts, Research Sources, and Credits
BASIC CONCEPTS
Web Server
HTTP-request HTTP-response
Reads Destination Address
INTERNET
Reads Destination Address
LAN
HTTP-request HTTP-response
As you can see Transmission Speed here is not very efficient The restriction is due to the distance the transmission packet has to travel Imagine if you the user requests for a larger web files 8
Web Pages
Web Server
INTERNET
Proxy Server
HTTP-request
LAN
HTTP-request
Therefore the length of distance in which the transmission travels in this example is greatly reduced
Therefore Proxy Server set up as a Cache significantly increases the transmission speed
9
HTTP-response
HTTP-response
HTTP-response
Web Server
HTTP-request
INTERNET
Proxy Server
HTTP-request
LAN
HTTP-request
This way, it adds extra protection by hiding the source address This is good especially for unwanted intrusion Also, as a firewall, proxy server provides control over information that are going out of the LAN especially if its addressed to an unauthorized destination
10
Different Implementations
for Proxy Server
11
SOURCE http://home.netscape.com/proxy/v3.5/using/index.html
12
Dual-Homed Host
Dual-homed host has two network interfaces, one connects to internal LAN, one to internet Dual-homed host firewall architecture acts as a software router providing secure connectivity Proxy in conjunction with dual-homed host provides a complete firewall solution In addition to caching, proxy server brings fine-grain filtering and virus scanning
13
http://home.netscape.com/proxy/v3.5/using/index.html
SOURCE
http://home.netscape.com/proxy/v3.5/using/index.html
14
Screened Hosts
A screened host consists of a router deployed in front of a server The router provides packet-filtering and restrict inbound access to the internal network A screening router could support multiple hosts Proxying allows network traffic to gain internet access through the router
15
SOURCE
http://home.netscape.com/proxy/v3.5/using/index.html
16
Screened Subnetwork
A screened subnetwork consists of multiple routers sandwiching a nonsecure network This subnetwork is commonly referred to as Demilitarized Zone (DMZ) Proxy in DMZ allows access to both internal and external network through the routers Neither internal and external traffic can pass through without the help of proxy server The screened subnetwork is a popular choice for large organizations with heavily trafficked Security is critical and therefore redundancy is imperative
17
Reverse Proxy
Is independent of firewall architecture, one may want to implement reverse proxy Reverse proxies are generally in one of two configurations:
1. Server Stand-in 2. Load Balancing
SOURCE
http://home.netscape.com/proxy/v3.5/using/index.html
18
1. Server Stand-In
In server stand-in mode, proxy receives requests for a web server protected behind the firewall Server stand-in prevents direct, unmonitored access of internal resources from outside Proxy server acts like a virtual server mirror and provides replication only Contents of the secure server will be replicated in the proxy server cache
19
2. Load Balancing
Multiple reverse proxy servers can be used to balance the load on an overtaxed server Load balancing helps the host machine handle highvolume requests while reducing the impact on overall performance
Multiple Proxy Servers Implemented in Reverse Mode to Balance the Load on a Web Server
SOURCE
http://home.netscape.com/proxy/v3.5/using/index.html
20
SAMPLE CASE
21
RECENT ISSUES
Has recently implemented a web server for ecommerce Therefore, security has become a serious concern
Therefore, an appropriate proxy server must be implemented for the new e-Commerce infrastructure
22
CURRENT I.S.INFRASTRUCTURE
Web Server Network Server President
Hub
Router
INTERNET
CSR Lead
Hub
23
24
Therefore, an additional server will be needed for the actual Proxy Server A Proxy Software Program needed must therefore run in Microsoft Windows NT environment
25
26
Minimum Requirements
Processor = Intel 486/33 MHz or faster RISC-based RAM = 24 MB for the Intel platform; 32MB for the RISCbased platform Partitions = NTFS (if you want to enable WEB caching) HD space needed (of Proxy Server Installation) = 125MB for Intel platform; 160 MB for the RISC-based platform HD space needed (for Web Caching) = 100MB, plus 0.5 MB per user Connectivity = Modem, ISDN, ADSL, or dedicated leased line connection to the internet Operating System = Windows NT Server 4.0 with Service Pack 3 or Later Other software = Microsoft Internet Information Server 3.0 or later Microsoft TCP/IP
SOURCE
27
http://www.elementkjournals.com/ewn/9909/ewn9991.htm
28
Features:
SOURCE
http://www.linksys.com/products/product.asp?prid=13&grid=12
29
30
31
IMPLEMENTATION OBJECTIVES:
1. Planning where to put the Proxy Server 2. NIC card installation in the server unit 3. Proxy program installation
32
H
The Proxy Server architecture employed here will be screening the inbound transmission behind the router
Router
INTERNET
Ethernet Switch
CSR Lead
H
Hub
33
34
35
36
37
38
Start the installation from CD-ROM by running the Setup utility in the Proxy server folder Type CD key in the text boxes, and then click OK Next Verify the folder in which you want to install Proxy Server
In figure A, choose whether you want to install all or only some of the available options, including Proxy Server, the Administration Tool, and the Proxy Server Documentation
SOURCE: http://www.elementkjournals.com/ewn/9909/ewn9991.htm
When youre ready, click Continue Setup must stop your Internet Information Services 39 before it can install Proxy Server
In figure B, setup default 100 MB of disk space on your servers NTFS partition. Microsoft recommends the servers cache to 100 MB, plus 0.5 MB for each user.
SOURCE: http://www.elementkjournals.com/ewn/9909/ewn9991.htm
40
41
Proxy Server uses your server name to create a setup script for installing the Proxy Client software on your client. By default, setup script to identify your server by its name(such as, SERVER) rather than its IP address. Click OK to next, as shown in Figure E.
SOURCE: http://www.elementkjournals.com/ewn/9909/ewn9991.htm
42
Click OK to accept the settings and close this message box. At this point, Proxy Server is on your server. When the installation is complete, click OK.
SOURCE: http://www.elementkjournals.com/ewn/9909/ewn9991.htm
43
SOURCE: http://www.elementkjournals.com/ewn/9909/ewn9991.htm
44
To configure users permissions, begin by selecting the protocols you want to enable to users to use on your server from the Protocol dropdown list. Next, click Edit to display the Permissions dialog box; Click Add to display a list of groups and users from your servers domain. Figure G: You can configure which of your domains users can access the Proxy server.
SOURCE: http://www.elementkjournals.com/ewn/9909/ewn9991.htm
45
Everyone
SOURCE: http://www.elementkjournals.com/ewn/9909/ewn9991.htm
46
SOURCE: http://www.elementkjournals.com/ewn/9909/ewn9991.htm
47
48
49
Recap
1. 2. 3.
The server unit is installed into the network The network interface card is installed The proxy server software is deployed by the following:
We made sure that Microsoft Windows NT 4.0 operating system is properly installed in the server unit We then installed the MS Windows NT 4.0 Service Pack 3 Then we installed MS Internet Explorer 4.01 Service Pack 2 We installed MS Windows NT 4.0 Option Pack Then we installed MS Proxy Server 2.0 program Then the Windows NT 4.0 Service Pack 5 Finally, we installed the Proxy 2.0 Service Pack 1 The client computers are configured
50
CONCLUSION
51
Proxy Server
Again, a Proxy Server is a medium in which users within the LAN can gain access to the Internet efficiently and much more securely It functions in two different ways: as a cache and as a firewall
It can also be implemented in different ways: as a dual-home host, as a screened host, as a screened subnetwork, and as a reverse proxy
52
THE END
53
We would like to thanks the following sources that made this project possible:
Dr. N. Ganesan, Cal State Los Angeles
http://ganesan.calstatela.edu
Cisco Systems
http://www.cisco.com
3com
http://www.3com.com
Microsoft Corporation
http://www.microsoft.com
Dell Computers
http://www.dell.com
LinkSys
http://www.linksys.com
And the following sites were basic concepts of Proxy Server are obtained:
http://home.netscape.com/proxy/v3.5/using/index.html
54
55