aProxy Server

Views:
 
Category: Entertainment
     
 

Presentation Description

No description available.

Comments

Presentation Transcript

Microsoft Proxy Server 2.0 : 

Microsoft Proxy Server 2.0

Presentation Outline : 

Presentation Outline Overview of Proxy Server. Examples of Capacity Planning. Web Proxy Server Configuration. Proxy Server Auto Dial.

Overview of Proxy Server : 

Overview of Proxy Server

Overview of Proxy Server : 

Overview of Proxy Server What is Proxy Server ? Firewall Server. Web Cache Server. 3 Proxy Services – Web Proxy, WinSock Proxy, and SOCKS Proxy. System Requirements.

What is Proxy Server ? : 

What is Proxy Server ? A secure gateway between a protected network (LAN) and the Internet. Mediates traffic and processes all incoming and outgoing requests. Application server that acts as both a firewall server and a web cache server. Only One IP address is “visible” to outside world.

Proxy Server Example : 

Proxy Server Example LAN Internet FTP Gopher HTTP Win NT IIS Proxy Traffic LAN One IP address is visible. IP addresses are hidden.

What is a Firewall ? : 

What is a Firewall ? System that enforces an access control policy between two networks. Some block traffic; others permit traffic. Protects against unauthenticated logins from the “outside.” A “phone tap” and tracing tool. Cannot protect against attacks outside of the firewall and viruses.

Types of Firewalls : 

Types of Firewalls Network Level (Router). Decisions based on source, destination addresses and ports in IP packets. Route traffic directly, fast and transparent. Application Level (Proxy Server) Permit no direct traffic between networks. Good for logging and access control. Provide detailed audit report. Enforce more conservative security.

Proxy Server as Firewall Server : 

Proxy Server as Firewall Server Packet Filtering – examines all TCP/IP based attempts in & out of the network. Static and Dynamic. Logs all connection attempts & alerts in real-time of the suspicious activities. Reverse Proxy - Places the web server behind Proxy Server to publish to the Web. “Impersonates" a Web server to the outside. Reverse Hosting & Server Proxying.

Reverse Proxy Example : 

Reverse Proxy Example Proxy Web Server Internet Client Mkt Dept LAN Secure Network www.company.com www.company.com www.company.com

MS Proxy Server as Web Cache Server : 

MS Proxy Server as Web Cache Server Web Caching – process of storing Web content locally to reduce network traffic. Active and Passive. Allow internal clients to have full Web access behind the firewall without compromising security. Hierarchical Caching. Distributed Caching.

Cache Example : 

Cache Example Internet 1st client 2nd client Connection to Internet Proxy Content Cached 50% Traffic Saving Cache Hit!

Hierarchical Caching Example : 

Hierarchical Caching Example Internet Proxy Proxy Proxy New York Los Angeles Boston Client Client Client Client

Distributed Caching Example : 

Distributed Caching Example Internet Proxy 1 Proxy 3 Proxy 4 Proxy 2 Load Balancing Fault tolerance Scalability Client Client Client Client Client Client

WinSock, SOCKS, Web Proxy : 

WinSock, SOCKS, Web Proxy Protocols allow the application clients to communicate to application servers. Performs three functions: Intercepts connection requests. Sets up proxy circuit. Relays application data.

WinSock & SOCKS Proxy : 

WinSock & SOCKS Proxy WinSock Proxy. For Window application. Creating virtual connection between Internal and Internet application. Acts as gateway protocol for IPX/SPX. SOCKS Proxy. Allows Unix, Mac and Window client application that support SOCKS protocol specification. Handles all TCP/IP traffic through the proxy server. Cannot Handle UDP based protocols.

Web Proxy : 

Web Proxy Web Proxy Supports any CERN web browser. Supports HTTP, FTP, SSL and Gopher protocol. Enables its caching capabilities.

System Requirements : 

System Requirements WinNT Server 4.0 with service pack 3 or later. IIS – Internet Information Server. Network interface card. CPU and disk space: Intel based: 486/33MHz or higher & 125MB. RISC based: RISC processor compatible with WinNT 4.0 & 160MB. 16MB of RAM.

Examples of Capacity Planning : 

Examples of Capacity Planning

Examples of Capacity Planning : 

Examples of Capacity Planning Small Office Network. Medium-Size Office Network with a Branch Office. Large Enterprise Network.

Example of Small Office Network : 

Example of Small Office Network Modem or ISDN line ISP Proxy Server (Win NT RAS client) Web Server Mail Server Internet Client Client Client Content Cached LAN

Small Office Network : 

Small Office Network Characteristic: A single LAN segment. Use of the IP network protocol. Demand-dial connectivity to an ISP. Fewer than 300 clients. The proxy-based computers set up: One NIC to the internal network. One modem to the external network (Internet). Uses Auto Dial for demand-dialing to Internet. Caching is enabled and configured to limit the demand-dialing to the Internet.

Small Office Network Cont . . . : 

Small Office Network Cont . . . Stores a local copy of popular URLs in dedicated disk drive. Uses a single network security policy. Password authentication. User permissions. Protocol definitions. Domain, cache and packet filtering.

Example of Branch Office Network : 

Example of Branch Office Network Internet ISP Proxy Server Array Web Server Mail Server Router Web Server (Department LAN) Modem or ISDN Line Web Server Remote Branch Office Proxy server (Win NT RAS client) Router on T1 line Clients LAN Clients

Branch Office Network : 

Branch Office Network Characteristic . . . A central office with several LAN segments. A branch office with a single LAN segment. Use of the IP network protocol. Demand-dial connectivity from the branch office to the central office. Dedicated-link connectivity from the central office to an ISP. Fewer than 2,000 clients. Auto Dial feature provides demand-dialing from remote office to central office.

Branch Office Network Cont . . . : 

Branch Office Network Cont . . . Proxy-based computer set up at branch: One NIC to the local network (branch). One modem to remote network at the central office. Caching is enabled to minimize demand-dialing to central office and to reduce long-distance phone charge. Active caching should not be used at remote branch.

Branch Office NetworkCont . . . : 

Branch Office NetworkCont . . . Global Security policy: Administrated at central office. Central office can also set and override local policy. Remote branch proxy has no direct Internet access. All clients requests are routed upstream to the proxy array at central office.

Example of Large Enterprise Network : 

Example of Large Enterprise Network Internet Proxy Server Array Proxy Server Array Router Web Server Department LAN Web Server Mail Server Router Web Server Department LAN ISP Corporate Network Clients Clients Router on T1 line Router LAN

Large Enterprise Network : 

Large Enterprise Network Characteristic . . . A central corporate office with many LAN segments and a backbone LAN. Several branch offices, each with a single LAN segment Use of both IP and IPX network protocols. Demand-dial connectivity from the branch office to the central office. An ISP & Dedicated-link connectivity from the central office to an ISP. More than 2,000 clients.

Large Enterprise Network Cont . . . : 

Large Enterprise Network Cont . . . Proxy array is used for: Distributed caching. Load balancing. Fault tolerance. Proxy array handles all client Internet requests (locally or branch). Active caching to retrieve popular URLs.

Large Enterprise Network Cont . . . : 

Large Enterprise Network Cont . . . Uses single array member to administration all other proxy. Proxy array is used on the backbone LAN. Is used at ISP to demonstrate scalability. Local branch clients use Auto Dial for demand-dialing to RAS server. Internet requests not serviced locally are forwarded to corporate proxy array. Server administration is set and enforced at the central office.

Large Enterprise Network Cont . . . : 

Large Enterprise Network Cont . . . Departmental proxy connection: One NIC to departmental LAN. One NIC to backbone LAN. Proxy array at backbone is dual-homed. Internal NIC. External NIC to Internet. Proxy array at ISP: Massive scalability, load-balancing, and fault-tolerance. Can cache massive amount of information. Increases client performance. Preserves ISP’s bandwidth out to the Internet backbone.

Web Proxy Server Configuration : 

Web Proxy Server Configuration

Proxy server configuration : 

Proxy server configuration Uses Internet Service Manager. General Proxy. Service page. Logging page. Service Specific Proxy. Permission page. Caching page. Routing page. Publishing page.

Service Page Notes : 

Service Page Notes Product release and ID. Current sessions – current user info. Shared service: Security – packet, domain filtering, alerting and logging. Array, Auto Dial, and Plug & play. Configuration: Client configuration, LAT, server backup and restore.

Service Page : 

Service Page

Current Sessions : 

Current Sessions

Client Installation : 

Client Installation

Logging Page Notes : 

Logging Page Notes Sets logging options for web proxy, WinSock proxy, and SOCKS proxy. Provides auditing trail. Records client, server, connection, and object information. Can log to text file or SQL/ODBC database. Database file requires more resources.

Logging Page : 

Logging Page

Permissions Page Notes : 

Permissions Page Notes Grant or deny access to services. Can provide unlimited access to an individual user group. Permission based on protocol via protocol definition. For example: FTP. FTP Read.

Permission Page : 

Permission Page

Caching Page Notes : 

Caching Page Notes Sets location and size of the disk cache. Enable or disable caching. Can specify how often to update cache. Increase cache size does not effect the data already cached. Delete all cached content by setting cache size to zero.

Caching Page : 

Caching Page

Routing Page Notes : 

Routing Page Notes Information on directing client requests for Internet objects. Direct connection or use proxy. Can enable backup route. Can enable routing within proxy array before routing upstream. Can also configure web proxy clients.

Routing Page : 

Routing Page

Publishing Page Notes : 

Publishing Page Notes Configures publishing requests. Configures Reverse proxy and hosting. Incoming requests: Discard. Sent to local web server. Sent to another web server. Set default web server host by Default Mapping.

Publishing Page : 

Publishing Page

Proxy Server AutoDial : 

Proxy Server AutoDial

What is AutoDial? : 

What is AutoDial? Proxy server automatically dial out to an ISP for Internet connection. Uses Windows NT Server Remote Access Service (RAS) and Dial up Networking to establish a connection to an ISP. Event-driven Client requests can activate Auto Dial from the WinSock and SOCKS Proxy Service. Web Proxy Service is activated when an object requested is not located in the cache.

Auto Dial Benefits : 

Auto Dial Benefits Can save company Internet charges Event-Driven - activated only when Internet connection is needed. Regulate Usage - configured to connect to the Internet during office hours only. Can be used as backup to an existing continuous Internet links. only cost of configuring Auto Dial as continuous Internet connection are the hardware & the online time when a continuous Internet link is down.

Steps to Configuring Auto Dial : 

Steps to Configuring Auto Dial Install Window NT Server Remote Access Service (RAS) and Dial-up Network before implementing Proxy Server Auto Dial. For security reasons, install RAS Server on separate computer of the Proxy Server computer. RAS and Dial-up Networking can be installed after or before the installation of Window NT Server 4.0.

Remote Access Service : 

Remote Access Service Remote Access Service can be configured in Auto Dial as an: RAS Client - to dial out only. RAS Server - can be both dial out and receive calls or just receive calls only. RAS Server requires a high level of security on you Intranet.

Dial-up Networking : 

Dial-up Networking Used to connect client to remote networks. A phonebook entry stores all the setting needed to connect to a particular remote network. Personal phonebook. Company phonebook (public use).

Phonebook Entry Includes : 

Phonebook Entry Includes Name of phonebook entry. Connection method. Phone number. Serial line protocol offered by the server you are calling. Whether or not to include a login script IP address. IP address of a DNS or WIN Server on the remote network or both.

Netscape Proxy Server 3.25 : 

Netscape Proxy Server 3.25

Course Outline : 

Course Outline General Overview. Implementation. Configuration.

Features : 

Features Caching on command. Client IP address forwarding. Automatic content discovery Dynamic proxy routing. Enterprise Management. Fine Grained Filtering. Administrative Control.

Caching on Command : 

Caching on Command Automatically update and caches frequently accessed documents. Documents or entire sites can be preloaded into the cache, and administrators can schedule updates of cached content.

Client IP Address Forwarding : 

Client IP Address Forwarding Sends clients IP address to remote server if the Proxy is one of a chain of internal proxies.

Enterprise Management : 

Enterprise Management Centralize Management. Support LDAP. Uses Directory Server to manage users and password centrally. Clustered Management. Manual Configuration Files. Custom log formats.

Fine Grained Filtering : 

Fine Grained Filtering Access controls for sites, documents, and protocols. Content filtering - built-in virus scanning. Cross - platform generic protocol support.

Administrative Control : 

Administrative Control Ensures that users access network resources safely and productively. Can specify distinct access controls based on access type. Allows administrators to create custom HTML files to be returned to users when access is denied.

Netscape Proxy Server Implementation : 

Netscape Proxy Server Implementation Bottleneck locations for implementing Proxy Server. Internet Gateway—Forward Proxy. Branch Office—Forward Proxy. Internet Gateway—Reverse Proxy.

Internet Gateway - Forward Proxy : 

Internet Gateway - Forward Proxy Provides gateway services at the application level with a web proxy as well as at the circuit level through SOCKS. Enhances Internet access. Web content caching reduces response times. Facilitates bandwidth conservation. Helps reduce overall communications expense. Content filtering and access control allows easy management of intranet material.

Proxy Server inside firewall : 

Proxy Server inside firewall Internet Proxy LAN PC PC PC Firewall

Branch Office—Forward Proxy : 

Branch Office—Forward Proxy Multiple proxy server allows chaining proxies together to create a hierarchical caching system Proxy chaining allows multiple Netscape Proxy Servers to cache content locally setting up a hierarchy of servers for client access.

Proxy Server at Remote and Internet : 

Proxy Server at Remote and Internet Internet Proxy Firewall Backbone Proxy LAN PC

Internet Gateway—Reverse Proxy : 

Internet Gateway—Reverse Proxy Proxy Server is placed outside firewall to represent a content server to external clients. Expose selected content without exposing web servers that host it or other elements of private network. Multiple reverse proxy servers can be used to balance the load on an over-taxed web server.

Reverse Proxy Server : 

Reverse Proxy Server Internet Reverse Proxy Web Server LAN PC PC PC Firewall

Architecture : 

Architecture Dual-Homed Host Architecture Screened Host Screened Subnetwork Reverse Proxy Server Stand-in Load Balancing

Dual-Homed Host Architecture : 

Dual-Homed Host Architecture Has two network interfaces, one connected to an internal LAN and the other to the Internet. Incorporates a firewall software package. Provides caching, fine-grain filtering and virus scanning.

Proxy Server with a Dual-Homed Host Firewall : 

Proxy Server with a Dual-Homed Host Firewall Internet Proxy Server & Firewall LAN Client Client

Screened Host : 

Screened Host Consists of a router deployed in front of a server that is hosted on a private network. Router can be traditional hardware router or firewall software application providing packet-filtering capabilities and restricting inbound access to internal network. Appropriate for small to medium-sized intranets that require a simple, yet effective security solution.

Proxy Server implemented behind a screening router : 

Proxy Server implemented behind a screening router Internet Router Proxy Server LAN Client Client

Proxy Server Implemented Behind a Screening Firewall : 

Proxy Server Implemented Behind a Screening Firewall Internet Firewall Software Router Proxy Server LAN Client Client

Screened Sub-network : 

Screened Sub-network Consists of multiple routers sandwiching a non-secure network that is outside or part of the firewall solution. Commonly referred to as a DMZ (demilitarized zone). Proxy is deployed in DMZ and is allowed access to both internal and external networks through routers. Popular architecture choice for larger organizations with heavily trafficked gateways.

Proxy Server in Reverse Mode as a Stand-in for a Web Server : 

Proxy Server in Reverse Mode as a Stand-in for a Web Server Client Internet Firewall Enterprise Server Proxy Server

Multiple Proxy Server in Reverse Mode to Balance the Load on a Web Server : 

Multiple Proxy Server in Reverse Mode to Balance the Load on a Web Server Internet Firewall Enterprise Server Reverse Proxies DNS Server

Possible enterprise implementation : 

Possible enterprise implementation Internet Router Central Office Subnet Proxy Server Router LAN Client Client Router Router Proxy Server LAN Client Client BRANCH OFFICE Bottlenecks

Chained Proxy Servers Providing Load Balancing and Fail-Over Capabilities : 

Chained Proxy Servers Providing Load Balancing and Fail-Over Capabilities Internet Proxies LAN Router Router LAN Client Client Client Client Proxy A Proxy 1 Proxy 2 Proxy 3

Configuration : 

Configuration Automatic Client Configuration. Caching. Templates. Filtering. Server Plug-in Functions.

Automatic Client Configuration : 

Automatic Client Configuration Enables automatic proxy configuration in Navigator clients on intranet. Administered by a Proxy Automatic Configuration (PAC) file. PAC allows load balancing across multiple proxy servers and alteration of proxy architecture without modifying end user settings.

Caching : 

Caching Caches should be approximately 1 GB per partition and spread across multiple disk controllers. Refer to Administrator’s Guide for in-depth instructions on creating batch update configurations.

Templates : 

Templates An object created in Proxy Server’s object configuration file, obj.conf. Used to assign unique procedures to specific URLs. Can make the server behave differently depending on the URL the client tries to retrieve. Allows customization of how Proxy Server interacts with clients.

Server Plug-in Functions : 

Server Plug-in Functions Extends capabilities of proxy by using Netscape Server Plug-in Application Programming Interface, NSAPI. Set of functions and header files use to create functions in the server configuration files. AuthTrans, PathCheck, NameTrans,DNS, Connect, Addlog. Use to create functions that uses a custom database for access control or create custom log files with special entries.

Maintenance/Upgrade : 

Maintenance/Upgrade Maintenance Tuning the Servers Monitoring the Servers Upgrade Growth Issues Licenses Software Updates

Tuning Servers : 

Tuning Servers Time-outs. Up-To-Date Checks. DNS Lookups: Enable DNS Caching. Log Only Client IP Addresses. Disable Reverse DNS. Avoid ACLs with Client Host Names. HTTP Keep-Alive.

Monitoring Servers : 

Monitoring Servers Analyzing Logs. Monitoring Performance: Cache Utilization. CPU Utilization. Memory Utilization.

Upgrade : 

Upgrade Growth Issues Is proxy services strategic for business? Network bandwidth saturated? CPU utilization too high? Has a new field office been opened or a department added Has access content type been changed?

Upgrade (cont) : 

Upgrade (cont) Licenses Proxy User Licenses Proxy Servers Purchased Deployed 1000 1 2000 2 3000 3 4000 4

Upgrade (cont) : 

Upgrade (cont) Software Updates Refer to the Netscape Software Download Site. Netscape Proxy Server provides on-the-fly virus scanning of all incoming data, using the Trend Micro’s InterScan VirusWall Purchase of Proxy Server give you 90 days of free virus pattern updates.

END OF COURSE : 

END OF COURSE

authorStream Live Help