Add to collection(s) Add to saved
  1. Engineering & Technology
  2. Computer Science
  3. Networking

installing and setting up a proxy server

advertisement 
CIS 454
Local Area Network
California State University, Los Angeles
Spring 2000
1
INSTALLING AND
SETTING UP A PROXY
SERVER
BY:
Donald Parungao
Liksun (Sam) Lo
Zongyang (Nancy) Liu
Maochen Chang
CIS 454
SPRING 2000, CSULA
DR. N. GANESAN
2
BRIEF INTRODUCTION
3
PRESENTATION OVERVIEW:
•
•
•
•
•
•
•
Basic Concepts
Different Implementations for Proxy Server
Sample Case
Hardware and Software Planning
Implementation and Setup of Proxy Server
Conclusion
Contacts, Research Sources, and Credits
4
BASIC CONCEPTS
5
What is a Proxy Server?
• A Proxy Server is a medium in which
users within the LAN can gain access to
the Internet efficiently and much more
securely.
6
How does Proxy Server Work?
•
Proxy Server works in two
different ways:
1. It can act as a cache that is setup
to improve the access speed to the
Internet
2. It provides firewall security
through which all the transmission
pass through the server
7
1. Proxy Server as a Cache
Basic Concept of Internet Transmission:
HTTP-response
HTTP-ack
HTTP-response
HTTP-ack
Web
Server
HTTP-request
HTTP-response
LAN
INTERNET
Reads
Reads
Destination
Destination
Address
Address
HTTP-request
HTTP-response
As you can see… Transmission Speed here is not very efficient
The restriction is due to the distance the transmission packet has to travel…
Imagine if you the user requests for a larger web files…
8
1. Proxy Server as a Cache
... (cont’d)
Web Pages
Web Pages
HTTP-response
Web
Server
INTERNET
Web Pages
HTTP-response
Proxy
Server
LAN
HTTP-request
HTTP-request
Therefore… the length of distance in which the transmission travels in this
example is greatly reduced—
Therefore… Proxy Server set up as a Cache significantly increases the
transmission speed
9
2. Proxy Server as firewall
HTTP-response
Web
Server
HTTP-request
HTTP-response
INTERNET
HTTP-response
Proxy
Server
LAN
HTTP-request
HTTP-request
False Source Address
This way, it adds extra protection by hiding the source address … This is good
especially for unwanted intrusion
Also, as a firewall, proxy server provides control over information that are going out
of the LAN especially if its addressed to an unauthorized destination…
10
Different Implementations
for
Proxy Server
11
Different Implementations
for Proxy Server
•
•
•
•
Dual-Home Host
Screened Hosts
Screened Subnetwork
Reverse Proxy
SOURCE
http://home.netscape.com/proxy/v3.5/using/index.html
12
Dual-Homed Host
• Dual-homed host has two network interfaces, one connects
to internal LAN, one to internet
• Dual-homed host firewall architecture acts as a software
router providing secure connectivity
• Proxy in conjunction with dual-homed host provides a
complete firewall solution
• In addition to caching, proxy server brings fine-grain
filtering and virus scanning
Proxy Server Implemented With a Dual-Homed Host Firewall
SOURCE
http://home.netscape.com/proxy/v3.5/using/index.html
13
Drawback of Dual-Homed Host
• When security is breached on single
host machine... It could jeopardize the
whole network
• However, it is desirable for small
office on a budget or an organization
that do not require redundant security
measures
SOURCE
http://home.netscape.com/proxy/v3.5/using/index.html
14
Screened Hosts
• A screened host consists of a router deployed
in front of a server
• The router provides packet-filtering and
restrict inbound access to the internal network
• A screening router could support multiple hosts
• Proxying allows network traffic to gain
internet access through the router
Proxy Server Implemented Behind a Screening Router
SOURCE
http://home.netscape.com/proxy/v3.5/using/index.html
15
Drawback of Screened Hosts
• If the router fails, a security is
loss
• However, screened hosts architecture
is appropriate for small to mediumsize intranets requiring a simple,
yet effective security solution
SOURCE
http://home.netscape.com/proxy/v3.5/using/index.html
16
Screened Subnetwork
•
•
•
•
•
•
A screened subnetwork consists of multiple routers sandwiching a
nonsecure network
This subnetwork is commonly referred to as Demilitarized Zone
(DMZ)
Proxy in DMZ allows access to both internal and external network
through the routers
Neither internal and external traffic can pass through without
the help of proxy server
The screened subnetwork is a popular choice for large
organizations with heavily trafficked
Security is critical and therefore redundancy is imperative
Proxy Server Implemented in a DMZ Between Two Screening Routers
SOURCE
http://home.netscape.com/proxy/v3.5/using/index.html
17
Reverse Proxy
•
Is independent of firewall
architecture, one may want to
implement reverse proxy
•
Reverse proxies are generally in
one of two configurations:
1. Server Stand-in
2. Load Balancing
SOURCE
http://home.netscape.com/proxy/v3.5/using/index.html
18
1. Server Stand-In
• In server stand-in mode, proxy receives requests for
a web server protected behind the firewall
• Server stand-in prevents direct, unmonitored access
of internal resources from outside
• Proxy server acts like a virtual server mirror and
provides replication only
• Contents of the secure server will be replicated in
the proxy server cache
Proxy Server Implemented in Reverse Mode as Stand-In for a Web Server
SOURCE
http://home.netscape.com/proxy/v3.5/using/index.html
19
2. Load Balancing
• Multiple reverse proxy servers can be used to
balance the load on an overtaxed server
• Load balancing helps the host machine handle highvolume requests while reducing the impact on overall
performance
Multiple Proxy Servers Implemented in
Reverse Mode to Balance the Load on a Web Server
SOURCE
http://home.netscape.com/proxy/v3.5/using/index.html
20
SAMPLE CASE
21
Company: Resource One International
RECENT ISSUES
• Has recently implemented a web server for
e-commerce
• Therefore, security has become a serious
concern
• Therefore, an appropriate proxy server must
be implemented for the new e-Commerce
infrastructure
22
CURRENT I.S.INFRASTRUCTURE
Web Server
Network Server
President
Hub
H
Router
INTERNET
CSR Lead
Hub
H
23
HARDWARE & SOFTWARE
PLANNING
24
Analysis of the Current I.S.
• The following are determined:
– The server currently being used by the
Network Manager is running under Window NT
Server Operating System
– The clients – Windows 98
• Therefore, an additional server
will be needed for the actual
Proxy Server
• A Proxy Software Program needed
must therefore run in Microsoft
Windows NT environment
25
Proxy Software Planning
Choice: Microsoft Proxy Server 2.0
• Features:
– Security:
• Enables you to configure many security features in order to
protect your network from unwanted inbound connections
• Has ability to dynamically filter both inbound and outbound
packets (based on protocol or IP addresses)
• Has ability to notify you by email if a protocol violation
occurs
– Web Caching capabilities
– Manageability:
• No need to create user accounts in both the Win NT and Proxy
Server
• Instead, users can access Proxy Server by using regular old
Win NT accounts
– Microsoft Management Console (MMC) capabilities:
• Can manage multiple Proxy servers from within a single
instance of the MMC
SOURCE
http://www.microsoft.com/proxy
http://www.elementkjournals.com/ewn/9909/ewn9991.htm
26
Minimum Requirements
• Processor = Intel 486/33 MHz or faster RISC-based
• RAM = 24 MB for the Intel platform; 32MB for the RISCbased platform
• Partitions = NTFS (if you want to enable WEB caching)
• HD space needed (of Proxy Server Installation) = 125MB
for Intel platform; 160 MB for the RISC-based platform
• HD space needed (for Web Caching) = 100MB, plus 0.5 MB
per user
• Connectivity = Modem, ISDN, ADSL, or dedicated leased
line connection to the internet
• Operating System = Windows NT Server 4.0 with Service
Pack 3 or Later
• Other software = Microsoft Internet Information Server
3.0 or later Microsoft TCP/IP
SOURCE
http://www.elementkjournals.com/ewn/9909/ewn9991.htm
27
(Hardware) Server Unit Planning
Choice: Dell Precision Workstation 220
•
•
•
Server Unit Specifications:
– Processor = Pentium III 600 MHz
– RAM = 256MB PC800 ECC RDRAM (1 RIMM)
– HD = 36GB Ultra 160/M SCSI (10000 rpm) –
8ms Trans Rate
– Controller Card (for HD) = Ultra 160/M
SCSI
– Floppy Drive = 3.5” – 1.44MB
– CD-ROM = 20/48X IDE
– Operating System (Pre-Installed) = MS
Windows NT 4.0 w/ Service Pack 5
(Separate CDs)
– Modem = V.90 56K Data/Fax PCI for Win NT
– Video Card = Diamond Viper V770D, 32MB
Peripherals (Included in Package):
– Monitor = 17” Dell (model: M781 P)
– Mouse = Logitech First Mouse (2 buttons
w/scroll)
Services (Include in Package):
–
3yr Next Business Day On-Site Parts & Labor
SOURCE
http://www.dell.com/us/en/bsd/products/series_precn_workstations.htm
28
(Hardware) Network Interfaces & Wirings
Choice: LinkSys EtherFast Swictched 10/100 Network
Interface Card
•
Package Contents:
–
–
–
–
–
–
–
–
•
2 EtherFast 10/100 LAN Cards w/ Wake-On-LAN
Capabilities
2 Wake-On-LAN Wires
EtherFast 5-Port 10/100Mbps Auto-Sensing Switch (not
needed, but could be used for future fault tolerance
design)
AC Power Adapter
2 Category 5 Network Cables (15’ each)
Internet LanBridge software package from Acotec
Program Disks
User Guide and Registration Cards
Features:
–
–
–
–
–
–
–
5-Port 10/100 Switch Delivers High Bandwidth
Performance to Every PC on network (each ports adjusts
to 10BaseT or 100BaseTX speeds at Half or Full Duplex)
LAN Card have full backward compatibility w/ Plug-andPlay and Win 95/98 motherboards
Works w/ all major networking software including Win
NT 4.0 and Linux
Can be attached to more PCs, Hubs, or Switches at any
time
Perfect for Sharing a cable modem, DSL, or any
Internet connection types
5 year limited warranty
Free (M-F 8-5et) Technical Support and OnLine
available
SOURCE
http://www.linksys.com/products/product.asp?prid=13&grid=12
29
Estimated Project Cost
•
•
•
•
Server Unit
Cabling and wiring
Proxy Software
Other Purchasing Costs
=
=
=
=
$ 3,407
$
110
$
599
$
200
-------• Subtotal
= $ 4,261
-------• Total Estimated Project Cost = $ 4,500
30
IMPLEMENTATION & SETUP
OF PROXY SERVER
31
IMPLEMENTATION OBJECTIVES:
1. Planning where to put the Proxy
Server
2. NIC card installation in the
server unit
3. Proxy program installation
32
1. Planning where to Implement
the new Proxy Server Unit
Web Server
Network Server
President
Then, the Proxy Server will be
placed between the router and
the LAN
Hub
H
The Proxy Server architecture
employed here will be screening
the inbound transmission behind
the router
Router
INTERNET
Ethernet Switch
S
CSR Lead
First, the new switch
will be installed
H
Hub
33
2. Installation of EtherFast
10/100 LAN Card
•
•
•
•
•
•
Make sure that Windows NT Server Operating System
has been installed correctly
Turn off your PC and any peripheral equipment
attached to it and remove the power cord
Open the computer cover and locate the PCI
expansion slot(s)
Insert the EtherFast LAN cards into the PC’s PCI
slot and secure (or into the Master for older
systems)
If system has Plug-n-Play capabilities, it will
self configure otherwise assign an unused IRQ and
I/O address for the new NIC installed (see
system’s user guide)
Plug one of the Cat 5 UTP wires to the RJ45 port
of the card and one of its end to the switch
SOURCE: LINKSYS.COM (Acrobat Reader Format)
ftp://ftp.linksys.com/pdf/fensk05manual.pdf
34
2. Installation of EtherFast
10/100 LAN Card (cont’d)
•
•
•
•
•
•
Plug the second wire to the another RJ45 port
of the switch and the other end, to the
router
Install the NIC card driver using the NT 4.0
setup (make sure you install the TCP/IP
protocol)
Insert the driver floppy disk and go to the
Control Panel/Network Icon and install the
correct driver provided in the driver disk to
HD
When NT asks you for the media type
(cabling)—choose the AUTODETECT option and
default setting = 256 for TRANSMIT THRESHOLD
Click CONTINUE
When NETWORK window reappears, click on
BINDINGS tab
SOURCE: LINKSYS.COM (Acrobat Reader Format)
ftp://ftp.linksys.com/pdf/fensk05manual.pdf
35
2. Installation of EtherFast
10/100 LAN Card (cont’d)
• Click on the PROTOCOLS tab and select your
settings
• Do the same for SERVICES tab
• Click CLOSE
• Restart the system
• Then check device status in NETWORK
NEIGHBORHOOD
SOURCE: LINKSYS.COM (Acrobat Reader Format)
ftp://ftp.linksys.com/pdf/fensk05manual.pdf
36
Now, we are ready to install
Microsoft Proxy Server 2.0
Program...
37
3. Pre-Installation of Proxy Server
2.0
1. Install Microsoft Windows NT 4.0
operating system (not needed) – system
already preinstalled with these OS
2. Install Microsoft Windows NT 4.0
Service Pack 3 (included in the
Package)
3. Install Microsoft Internet Explorer
4.01 Service Pack 2 (included in the
Windows NT 4.0 Option Pack CD that
came w/ the package)
4. Install Microsoft Windows NT 4.0
Option Pack CD
5. Install the Proxy Server 2.0 CD
SOURCE: http://www.elementkjournals.com/ewn/9909/ewn9991.htm
38
3. MS-Proxy Server 2.0 for Windows NT
Deployment

Start the installation from CD-ROM by running the Setup
utility in the Proxy server folder
Type CD key in the text boxes, and then click OK
Next Verify the folder in which you want to install Proxy
Server


–
In figure A, choose whether you want to install all or only some of
the available options, including Proxy Server, the Administration
Tool, and the Proxy Server Documentation
SOURCE: http://www.elementkjournals.com/ewn/9909/ewn9991.htm
When you’re ready, click Continue… Setup must stop your Internet Information Services
39
before it can install Proxy Server
3. MS-Proxy Server 2.0 for Windows NT
Deployment (cont’d)
•
Configure your server’s cache setting, as shown in Figure B.
•
In figure B, setup default 100 MB of disk space on your server’s
NTFS partition. Microsoft recommends the server’s cache to 100
MB, plus 0.5 MB for each user.
SOURCE: http://www.elementkjournals.com/ewn/9909/ewn9991.htm
40
3. MS-Proxy Server 2.0 for Windows NT
Deployment (cont’d)
• In figure C, specify IP addresses
•
Once you’ve entered your internal IP addresses, Click OK to
continue
You’ll now see the Client Installation/Configuration shown
in Figure D
SOURCE: http://www.elementkjournals.com/ewn/9909/ewn9991.htm
41
3. MS-Proxy Server 2.0 for Windows NT
Deployment (cont’d)
•
Figure D: Client/Installation/Configuration configure your Proxy
server clients.
•
Proxy Server uses your server name to create a setup script for
installing the Proxy Client software on your client. By default,
setup script to identify your server by its name(such as, SERVER)
rather than its IP address. Click OK to next, as shown in Figure E.
SOURCE: http://www.elementkjournals.com/ewn/9909/ewn9991.htm
42
3. MS-Proxy Server 2.0 for Windows NT
Deployment (cont’d)
•
Figure E: you must enable access control for the WinSock Proxy and Web Proxy
Services if you want to control user’s access to your Proxy server
•
Click OK to accept the settings and close this message box. At this point, Proxy
Server is on your server.
When the installation is complete, click OK.
•
SOURCE: http://www.elementkjournals.com/ewn/9909/ewn9991.htm
43
3. MS-Proxy Server 2.0 for Windows NT
Deployment (cont’d)
•
Configuring Proxy Server: you’ll want to specify which protocols you want to
enable through the Proxy server. You configure
Proxy Server by opening the MMC utility from the
Microsoft Proxy Server. As shown in Figure F
•
Figure F: The MMC displays the Socks Proxy, Web Proxy, and WinSock Proxy
Services .
SOURCE: http://www.elementkjournals.com/ewn/9909/ewn9991.htm
44
3. MS-Proxy Server 2.0 for Windows NT
Deployment (cont’d)
•
Configuring the Web Proxy Service:
At a minimum, you need to configure your server’s Web Proxy and
WinSock Proxy Services to specify clients’ permission and the protocols.
To configure user’s permissions, begin by selecting the protocols you
want to enable to users to use on your server from the Protocol dropdown
list. Next, click Edit to display the Permissions dialog box; Click Add to
display a list of groups and users from your server’s domain.
Figure G: You can configure which of your domain’s users can access the Proxy
server.
SOURCE: http://www.elementkjournals.com/ewn/9909/ewn9991.htm
45
3. MS-Proxy Server 2.0 for Windows NT
Deployment (cont’d)
•
•
Configuring the WinSock Proxy Service:
Display WinSock Proxy Services Properties dialog box by right-click on
the Winsock Proxy Service in the left pane of the MMC. Select the
Permissions tab, choose to assign permissions to users for each of the protocols,
or you can choose the Unlimited Access option, as shown in
Figure H.
For example, if you want to give all of users access, you should choose the Unlimited
Access protocol and grant permissions to the group Everyone, as shown in Figure I.
• Everyone
SOURCE: http://www.elementkjournals.com/ewn/9909/ewn9991.htm
46
3. MS-Proxy Server 2.0 for Windows NT
Deployment (cont’d)
•
•
If, you don’t want all user to have access to all protocols, choose the
individual protocols you do want them to use from the Protocol dropdown
list.
Then, grant access to the Windows NT user or group that you want to use
these specific protocols.
User 1
User 8
User 25
SOURCE: http://www.elementkjournals.com/ewn/9909/ewn9991.htm
47
3. MS-Proxy Server 2.0 for Windows NT
Deployment (cont’d)
• Next thing we need to do is to install the
Microsoft Windows NT 4.0 Service Pace 5 CD that
came with the package…
• Insert the CD and follow direction for auto
install
• Next, insert the Proxy 2.0 Service Pack 1 and
do the same...
• Now, the server is completely deployed and
ready to function
• Then, you’ll need to configure the clients by
logging on at the client’s computer
• Connect to the Mspclnt share on the Proxy
Server
• Double-click on Setup.exe to start the client
software installation on your computer
SOURCE: http://www.elementkjournals.com/ewn/9909/ewn9991.htm
48
And, that’s all there is to
it...
Now, let’s recap the
steps we did
49
Recap
1.
2.
3.
The server unit is installed into the network
The network interface card is installed
The proxy server software is deployed by the
following:
•
•
•
•
•
•
•
•
We made sure that Microsoft Windows NT 4.0
operating system is properly installed in the
server unit
We then installed the MS Windows NT 4.0 Service
Pack 3
Then we installed MS Internet Explorer 4.01
Service Pack 2
We installed MS Windows NT 4.0 Option Pack
Then we installed MS Proxy Server 2.0 program
Then the Windows NT 4.0 Service Pack 5
Finally, we installed the Proxy 2.0 Service
Pack 1
The client computers are configured
50
CONCLUSION
51
Proxy Server
• Again, a Proxy Server is a medium in which
users within the LAN can gain access to the
Internet efficiently and much more securely
• It functions in two different ways: as a cache
and as a firewall
• It can also be implemented in different ways:
as a dual-home host, as a screened host, as a
screened subnetwork, and as a reverse proxy
52
THE END
53
We would like to thanks the following
sources that made this project possible:
• Dr. N. Ganesan, Cal State Los Angeles
– http://ganesan.calstatela.edu
• Cisco Systems
– http://www.cisco.com
• 3com
– http://www.3com.com
• Microsoft Corporation
– http://www.microsoft.com
• Dell Computers
– http://www.dell.com
• LinkSys
– http://www.linksys.com
• And the following sites were basic concepts of
Proxy Server are obtained:
– http://home.netscape.com/proxy/v3.5/using/index.html
54
For more information:
To visit this site to see this entire presentation
again…
• http://members.tripod.com/salmonhead101
8
55
Related documents
The Impact Map
The Impact Map
Information and Educational Technology University of California, Davis
Information and Educational Technology University of California, Davis
Mock AFM (Atomic Force Microscope) powerpoint
Mock AFM (Atomic Force Microscope) powerpoint
The right to information Any person has the right to obtain detailed
The right to information Any person has the right to obtain detailed
FRESHWATER BIOLOGICAL ASSOCIATION
FRESHWATER BIOLOGICAL ASSOCIATION
access request for adult proxy
access request for adult proxy
HTTP Error 407 - Proxy authentication required
HTTP Error 407 - Proxy authentication required
THE FRESHWATER BIOLOGICAL ASSOCIATION FORM OF
THE FRESHWATER BIOLOGICAL ASSOCIATION FORM OF
Download
advertisement