550 likes | 782 Views
CIS 454 Local Area Network. California State University, Los Angeles Spring 2000. INSTALLING AND SETTING UP A PROXY SERVER. BY: Donald Parungao Liksun (Sam) Lo Zongyang (Nancy) Liu Maochen Chang CIS 454 SPRING 2000, CSULA DR. N. GANESAN. B RIEF INTRODUCTION. PRESENTATION OVERVIEW:.
E N D
CIS 454 Local Area Network California State University, Los Angeles Spring 2000
INSTALLING AND SETTING UP A PROXY SERVER BY: Donald Parungao Liksun (Sam) Lo Zongyang (Nancy) Liu Maochen Chang CIS 454 SPRING 2000, CSULA DR. N. GANESAN
PRESENTATION OVERVIEW: • Basic Concepts • Different Implementations for Proxy Server • Sample Case • Hardware and Software Planning • Implementation and Setup of Proxy Server • Conclusion • Contacts, Research Sources, and Credits
What is a Proxy Server? • A Proxy Server is a medium in which users within the LAN can gain access to the Internet efficiently and much more securely.
How does Proxy Server Work? • Proxy Server works in two different ways: • It can act as a cache that is setup to improve the access speed to the Internet • It provides firewall security through which all the transmission pass through the server
1. Proxy Server as a Cache Basic Concept of Internet Transmission: HTTP-response HTTP-response HTTP-ack HTTP-ack Web Server LAN INTERNET HTTP-request Reads Destination Address Reads Destination Address HTTP-request HTTP-response HTTP-response As you can see… Transmission Speed here is not very efficient The restriction is due to the distance the transmission packet has to travel… Imagine if you the user requests for a larger web files…
1. Proxy Server as a Cache ... (cont’d) Web Pages Web Pages Web Pages HTTP-response HTTP-response Web Server LAN INTERNET Proxy Server HTTP-request HTTP-request Therefore… the length of distance in which the transmission travels in this example is greatly reduced— Therefore… Proxy Server set up as a Cache significantly increases the transmission speed
2. Proxy Server as firewall HTTP-response HTTP-response HTTP-response Web Server LAN INTERNET Proxy Server HTTP-request HTTP-request HTTP-request False Source Address This way, it adds extra protection by hiding the source address … This is good especially for unwanted intrusion Also, as a firewall, proxy server provides control over information that are going out of the LAN especially if its addressed to an unauthorized destination…
Different Implementations for Proxy Server
Different Implementations for Proxy Server • Dual-Home Host • Screened Hosts • Screened Subnetwork • Reverse Proxy SOURCE http://home.netscape.com/proxy/v3.5/using/index.html
Dual-Homed Host • Dual-homed host has two network interfaces, one connects to internal LAN, one to internet • Dual-homed host firewall architecture acts as a software router providing secure connectivity • Proxy in conjunction with dual-homed host provides a complete firewall solution • In addition to caching, proxy server brings fine-grain filtering and virus scanning Proxy Server Implemented With a Dual-Homed Host Firewall SOURCE http://home.netscape.com/proxy/v3.5/using/index.html
Drawback of Dual-Homed Host • When security is breached on single host machine... It could jeopardize the whole network • However, it is desirable for small office on a budget or an organization that do not require redundant security measures SOURCE http://home.netscape.com/proxy/v3.5/using/index.html
Screened Hosts • A screened host consists of a router deployed in front of a server • The router provides packet-filtering and restrict inbound access to the internal network • A screening router could support multiple hosts • Proxying allows network traffic to gain internet access through the router Proxy Server Implemented Behind a Screening Router SOURCE http://home.netscape.com/proxy/v3.5/using/index.html
Drawback of Screened Hosts • If the router fails, a security is loss • However, screened hosts architecture is appropriate for small to medium-size intranets requiring a simple, yet effective security solution SOURCE http://home.netscape.com/proxy/v3.5/using/index.html
Screened Subnetwork • A screened subnetwork consists of multiple routers sandwiching a nonsecure network • This subnetwork is commonly referred to as Demilitarized Zone (DMZ) • Proxy in DMZ allows access to both internal and external network through the routers • Neither internal and external traffic can pass through without the help of proxy server • The screened subnetwork is a popular choice for large organizations with heavily trafficked • Security is critical and therefore redundancy is imperative Proxy Server Implemented in a DMZ Between Two Screening Routers SOURCE http://home.netscape.com/proxy/v3.5/using/index.html
Reverse Proxy • Is independent of firewall architecture, one may want to implement reverse proxy • Reverse proxies are generally in one of two configurations: • Server Stand-in • Load Balancing SOURCE http://home.netscape.com/proxy/v3.5/using/index.html
In server stand-in mode, proxy receives requests for a web server protected behind the firewall Server stand-in prevents direct, unmonitored access of internal resources from outside Proxy server acts like a virtual server mirror and provides replication only Contents of the secure server will be replicated in the proxy server cache 1. Server Stand-In Proxy Server Implemented in Reverse Mode as Stand-In for a Web Server SOURCE http://home.netscape.com/proxy/v3.5/using/index.html
2. Load Balancing • Multiple reverse proxy servers can be used to balance the load on an overtaxed server • Load balancing helps the host machine handle high-volume requests while reducing the impact on overall performance Multiple Proxy Servers Implemented in Reverse Mode to Balance the Load on a Web Server SOURCE http://home.netscape.com/proxy/v3.5/using/index.html
Company: Resource One International RECENT ISSUES • Has recently implemented a web server for e-commerce • Therefore, security has become a serious concern • Therefore, an appropriate proxy server must be implemented for the new e-Commerce infrastructure
CURRENT I.S.INFRASTRUCTURE Web Server Network Server President Hub H INTERNET Router CSR Lead Hub H
HARDWARE &SOFTWARE PLANNING
Analysis of the Current I.S. • The following are determined: • The server currently being used by the Network Manager is running under Window NT Server Operating System • The clients – Windows 98 • Therefore, an additional server will be needed for the actual Proxy Server • A Proxy Software Program needed must therefore run in Microsoft Windows NT environment
Proxy Software PlanningChoice: Microsoft Proxy Server 2.0 • Features: • Security: • Enables you to configure many security features in order to protect your network from unwanted inbound connections • Has ability to dynamically filter both inbound and outbound packets (based on protocol or IP addresses) • Has ability to notify you by email if a protocol violation occurs • Web Caching capabilities • Manageability: • No need to create user accounts in both the Win NT and Proxy Server • Instead, users can access Proxy Server by using regular old Win NT accounts • Microsoft Management Console (MMC) capabilities: • Can manage multiple Proxy servers from within a single instance of the MMC SOURCE http://www.microsoft.com/proxy http://www.elementkjournals.com/ewn/9909/ewn9991.htm
Minimum Requirements • Processor= Intel 486/33 MHz or faster RISC-based • RAM= 24 MB for the Intel platform; 32MB for the RISC-based platform • Partitions= NTFS (if you want to enable WEB caching) • HD space needed (of Proxy Server Installation)= 125MB for Intel platform; 160 MB for the RISC-based platform • HD space needed (for Web Caching)= 100MB, plus 0.5 MB per user • Connectivity= Modem, ISDN, ADSL, or dedicated leased line connection to the internet • Operating System= Windows NT Server 4.0 with Service Pack 3 or Later • Other software= Microsoft Internet Information Server 3.0 or later Microsoft TCP/IP SOURCE http://www.elementkjournals.com/ewn/9909/ewn9991.htm
(Hardware) Server Unit PlanningChoice: Dell Precision Workstation 220 • Server Unit Specifications: • Processor = Pentium III 600 MHz • RAM = 256MB PC800 ECC RDRAM (1 RIMM) • HD = 36GB Ultra 160/M SCSI (10000 rpm) – 8ms Trans Rate • Controller Card (for HD) = Ultra 160/M SCSI • Floppy Drive = 3.5” – 1.44MB • CD-ROM = 20/48X IDE • Operating System (Pre-Installed) = MS Windows NT 4.0 w/ Service Pack 5 (Separate CDs) • Modem = V.90 56K Data/Fax PCI for Win NT • Video Card = Diamond Viper V770D, 32MB • Peripherals (Included in Package): • Monitor = 17” Dell (model: M781 P) • Mouse = Logitech First Mouse (2 buttons w/scroll) • Services (Include in Package): • 3yr Next Business Day On-Site Parts & Labor SOURCE http://www.dell.com/us/en/bsd/products/series_precn_workstations.htm
(Hardware) Network Interfaces & WiringsChoice: LinkSys EtherFast Swictched 10/100 Network Interface Card • Package Contents: • 2 EtherFast 10/100 LAN Cards w/ Wake-On-LAN Capabilities • 2 Wake-On-LAN Wires • EtherFast 5-Port 10/100Mbps Auto-Sensing Switch (not needed, but could be used for future fault tolerance design) • AC Power Adapter • 2 Category 5 Network Cables (15’ each) • Internet LanBridge software package from Acotec • Program Disks • User Guide and Registration Cards • Features: • 5-Port 10/100 Switch Delivers High Bandwidth Performance to Every PC on network (each ports adjusts to 10BaseT or 100BaseTX speeds at Half or Full Duplex) • LAN Card have full backward compatibility w/ Plug-and-Play and Win 95/98 motherboards • Works w/ all major networking software including Win NT 4.0 and Linux • Can be attached to more PCs, Hubs, or Switches at any time • Perfect for Sharing a cable modem, DSL, or any Internet connection types • 5 year limited warranty • Free (M-F 8-5et) Technical Support and OnLine available SOURCE http://www.linksys.com/products/product.asp?prid=13&grid=12
Estimated Project Cost • Server Unit = $ 3,407 • Cabling and wiring = $ 110 • Proxy Software = $ 599 • Other Purchasing Costs = $ 200 -------- • Subtotal = $ 4,261 -------- • Total Estimated Project Cost = $ 4,500
IMPLEMENTATION & SETUP OF PROXY SERVER
IMPLEMENTATION OBJECTIVES: • Planning where to put the Proxy Server • NIC card installation in the server unit • Proxy program installation
1. Planning where to Implement the new Proxy Server Unit Web Server Network Server President Then, the Proxy Server will be placed between the router and the LAN Hub H The Proxy Server architecture employed here will be screening the inbound transmission behind the router INTERNET Router S Ethernet Switch CSR Lead First, the new switch will be installed H H Hub
2. Installation of EtherFast 10/100 LAN Card • Make sure that Windows NT Server Operating System has been installed correctly • Turn off your PC and any peripheral equipment attached to it and remove the power cord • Open the computer cover and locate the PCI expansion slot(s) • Insert the EtherFast LAN cards into the PC’s PCI slot and secure (or into the Master for older systems) • If system has Plug-n-Play capabilities, it will self configure otherwise assign an unused IRQ and I/O address for the new NIC installed (see system’s user guide) • Plug one of the Cat 5 UTP wires to the RJ45 port of the card and one of its end to the switch SOURCE: LINKSYS.COM (Acrobat Reader Format) ftp://ftp.linksys.com/pdf/fensk05manual.pdf
2. Installation of EtherFast 10/100 LAN Card (cont’d) • Plug the second wire to the another RJ45 port of the switch and the other end, to the router • Install the NIC card driver using the NT 4.0 setup (make sure you install the TCP/IP protocol) • Insert the driver floppy disk and go to the Control Panel/Network Icon and install the correct driver provided in the driver disk to HD • When NT asks you for the media type (cabling)—choose the AUTODETECT option and default setting = 256 for TRANSMIT THRESHOLD • Click CONTINUE • When NETWORK window reappears, click on BINDINGS tab SOURCE: LINKSYS.COM (Acrobat Reader Format) ftp://ftp.linksys.com/pdf/fensk05manual.pdf
2. Installation of EtherFast 10/100 LAN Card (cont’d) • Click on the PROTOCOLS tab and select your settings • Do the same for SERVICES tab • Click CLOSE • Restart the system • Then check device status in NETWORK NEIGHBORHOOD SOURCE: LINKSYS.COM (Acrobat Reader Format) ftp://ftp.linksys.com/pdf/fensk05manual.pdf
Now, we are ready to install Microsoft Proxy Server 2.0 Program...
3. Pre-Installation of Proxy Server 2.0 • Install Microsoft Windows NT 4.0 operating system (not needed) – system already preinstalled with these OS • Install Microsoft Windows NT 4.0 Service Pack 3 (included in the Package) • Install Microsoft Internet Explorer 4.01 Service Pack 2 (included in the Windows NT 4.0 Option Pack CD that came w/ the package) • Install Microsoft Windows NT 4.0 Option Pack CD • Install the Proxy Server 2.0 CD SOURCE: http://www.elementkjournals.com/ewn/9909/ewn9991.htm
3. MS-Proxy Server 2.0 for Windows NT Deployment • Start the installation from CD-ROM by running the Setup utility in the Proxy server folder • Type CD key in the text boxes, and then click OK • Next Verify the folder in which you want to install Proxy Server • In figure A, choose whether you want to install all or only some of the available options, including Proxy Server, the Administration Tool, and the Proxy Server Documentation SOURCE: http://www.elementkjournals.com/ewn/9909/ewn9991.htm When you’re ready, click Continue… Setup must stop your Internet Information Services before it can install Proxy Server
3. MS-Proxy Server 2.0 for Windows NT Deployment (cont’d) • Configure your server’s cache setting, as shown in Figure B. • In figure B, setup default 100 MB of disk space on your server’s NTFS partition. Microsoft recommends the server’s cache to 100 MB, plus 0.5 MB for each user. SOURCE: http://www.elementkjournals.com/ewn/9909/ewn9991.htm
3. MS-Proxy Server 2.0 for Windows NT Deployment (cont’d) • In figure C, specify IP addresses • Once you’ve entered your internal IP addresses, Click OK to continue You’ll now see the Client Installation/Configuration shown in Figure D SOURCE: http://www.elementkjournals.com/ewn/9909/ewn9991.htm
3. MS-Proxy Server 2.0 for Windows NT Deployment (cont’d) • Figure D: Client/Installation/Configuration configure your Proxy server clients. • Proxy Server uses your server name to create a setup script for installing the Proxy Client software on your client. By default, setup script to identify your server by its name(such as, SERVER) rather than its IP address. Click OK to next, as shown in Figure E. SOURCE: http://www.elementkjournals.com/ewn/9909/ewn9991.htm
3. MS-Proxy Server 2.0 for Windows NT Deployment (cont’d) • Figure E: you must enable access control for the WinSock Proxy and Web Proxy Services if you want to control user’s access to your Proxy server • Click OK to accept the settings and close this message box. At this point, Proxy Server is on your server. • When the installation is complete, click OK. SOURCE: http://www.elementkjournals.com/ewn/9909/ewn9991.htm
3. MS-Proxy Server 2.0 for Windows NT Deployment (cont’d) • Configuring Proxy Server: you’ll want to specify which protocols you want to enable through the Proxy server. You configure Proxy Server by opening the MMC utility from the Microsoft Proxy Server. As shown in Figure F • Figure F: The MMC displays the Socks Proxy, Web Proxy, and WinSock Proxy Services . SOURCE: http://www.elementkjournals.com/ewn/9909/ewn9991.htm
3. MS-Proxy Server 2.0 for Windows NT Deployment (cont’d) • Configuring the Web Proxy Service: At a minimum, you need to configure your server’s Web Proxy and WinSock Proxy Services to specify clients’ permission and the protocols. To configure user’s permissions, begin by selecting the protocols you want to enable to users to use on your server from the Protocol dropdown list. Next, click Edit to display the Permissions dialog box; Click Add to display a list of groups and users from your server’s domain. Figure G: You can configure which of your domain’s users can access the Proxy server. SOURCE: http://www.elementkjournals.com/ewn/9909/ewn9991.htm
3. MS-Proxy Server 2.0 for Windows NT Deployment (cont’d) • Configuring the WinSock Proxy Service: Display WinSock Proxy Services Properties dialog box by right-click on the Winsock Proxy Service in the left pane of the MMC. Select the Permissions tab, choose to assign permissions to users for each of the protocols, or you can choose the Unlimited Access option, as shown in Figure H. • For example, if you want to give all of users access, you should choose the Unlimited Access protocol and grant permissions to the group Everyone, as shown in Figure I. • Everyone SOURCE: http://www.elementkjournals.com/ewn/9909/ewn9991.htm
3. MS-Proxy Server 2.0 for Windows NT Deployment (cont’d) • If, you don’t want all user to have access to all protocols, choose the individual protocols you do want them to use from the Protocol dropdown list. • Then, grant access to the Windows NT user or group that you want to use these specific protocols. User 1 User 8 User 25 SOURCE: http://www.elementkjournals.com/ewn/9909/ewn9991.htm
3. MS-Proxy Server 2.0 for Windows NT Deployment (cont’d) • Next thing we need to do is to install the Microsoft Windows NT 4.0 Service Pace 5 CD that came with the package… • Insert the CD and follow direction for auto install • Next, insert the Proxy 2.0 Service Pack 1 and do the same... • Now, the server is completely deployed and ready to function • Then, you’ll need to configure the clients by logging on at the client’s computer • Connect to the Mspclnt share on the Proxy Server • Double-click on Setup.exe to start the client software installation on your computer SOURCE: http://www.elementkjournals.com/ewn/9909/ewn9991.htm
And, that’s all there is to it... Now, let’s recap the steps we did
Recap • The server unit is installed into the network • The network interface card is installed • The proxy server software is deployed by the following: • We made sure that Microsoft Windows NT 4.0 operating system is properly installed in the server unit • We then installed the MS Windows NT 4.0 Service Pack 3 • Then we installed MS Internet Explorer 4.01 Service Pack 2 • We installed MS Windows NT 4.0 Option Pack • Then we installed MS Proxy Server 2.0 program • Then the Windows NT 4.0 Service Pack 5 • Finally, we installed the Proxy 2.0 Service Pack 1 • The client computers are configured