INSTALLING AND SETTING UP A PROXY SERVER - PowerPoint PPT Presentation

Loading...

PPT – INSTALLING AND SETTING UP A PROXY SERVER PowerPoint presentation | free to download - id: 650b75-Zjc3N



Loading


The Adobe Flash plugin is needed to view this content

Get the plugin now

View by Category
About This Presentation
Title:

INSTALLING AND SETTING UP A PROXY SERVER

Description:

CIS 454 Local Area Network California State University, Los Angeles Spring 2000 INSTALLING AND SETTING UP A PROXY SERVER BY: Donald Parungao Liksun (Sam) Lo Zongyang ... – PowerPoint PPT presentation

Number of Views:12
Avg rating:3.0/5.0
Date added: 5 November 2019
Slides: 56
Provided by: HPAuthoriz1573
Category:

less

Write a Comment
User Comments (0)
Transcript and Presenter's Notes

Title: INSTALLING AND SETTING UP A PROXY SERVER


1
CIS 454 Local Area Network
California State University, Los Angeles Spring
2000
2
INSTALLING AND SETTING UP A PROXY SERVER
  • BY
  • Donald Parungao
  • Liksun (Sam) Lo
  • Zongyang (Nancy) Liu
  • Maochen Chang
  • CIS 454
  • SPRING 2000, CSULA
  • DR. N. GANESAN

3
BRIEF INTRODUCTION
4
PRESENTATION OVERVIEW
  • Basic Concepts
  • Different Implementations for Proxy Server
  • Sample Case
  • Hardware and Software Planning
  • Implementation and Setup of Proxy Server
  • Conclusion
  • Contacts, Research Sources, and Credits

5
BASIC CONCEPTS
6
What is a Proxy Server?
  • A Proxy Server is a medium in which users within
    the LAN can gain access to the Internet
    efficiently and much more securely.

7
How does Proxy Server Work?
  • Proxy Server works in two different ways
  • It can act as a cache that is setup to improve
    the access speed to the Internet
  • It provides firewall security through which all
    the transmission pass through the server

8
1. Proxy Server as a Cache
  • Basic Concept of Internet Transmission

HTTP-response
HTTP-response
HTTP-ack
HTTP-ack
Web Server
LAN
INTERNET
HTTP-request
HTTP-request
Reads Destination Address
Reads Destination Address
HTTP-response
HTTP-response
As you can see Transmission Speed here is not
very efficient
The restriction is due to the distance the
transmission packet has to travel
Imagine if you the user requests for a larger web
files
9
1. Proxy Server as a Cache ... (contd)
Web Pages
Web Pages
Web Pages
HTTP-response
HTTP-response
Web Server
LAN
INTERNET
Proxy Server
HTTP-request
HTTP-request
Therefore the length of distance in which the
transmission travels in this example is greatly
reduced
Therefore Proxy Server set up as a Cache
significantly increases the transmission speed
10
2. Proxy Server as firewall
HTTP-response
HTTP-response
HTTP-response
Web Server
LAN
INTERNET
Proxy Server
HTTP-request
HTTP-request
HTTP-request
False Source Address
This way, it adds extra protection by hiding the
source address This is good especially for
unwanted intrusion
Also, as a firewall, proxy server provides
control over information that are going out of
the LAN especially if its addressed to an
unauthorized destination
11
Different Implementations for Proxy Server
12
Different Implementations for Proxy Server
  • Dual-Home Host
  • Screened Hosts
  • Screened Subnetwork
  • Reverse Proxy

SOURCE http//home.netscape.com/proxy/v3.5/using/i
ndex.html
13
Dual-Homed Host
  • Dual-homed host has two network interfaces, one
    connects to internal LAN, one to internet
  • Dual-homed host firewall architecture acts as a
    software router providing secure connectivity
  • Proxy in conjunction with dual-homed host
    provides a complete firewall solution
  • In addition to caching, proxy server brings
    fine-grain filtering and virus scanning

Proxy Server Implemented With a Dual-Homed Host
Firewall
SOURCE http//home.netscape.com/proxy/v3.5/using/i
ndex.html
14
Drawback of Dual-Homed Host
  • When security is breached on single host
    machine... It could jeopardize the whole network
  • However, it is desirable for small office on a
    budget or an organization that do not require
    redundant security measures

SOURCE http//home.netscape.com/proxy/v3.5/using/i
ndex.html
15
Screened Hosts
  • A screened host consists of a router deployed in
    front of a server
  • The router provides packet-filtering and restrict
    inbound access to the internal network
  • A screening router could support multiple hosts
  • Proxying allows network traffic to gain internet
    access through the router

Proxy Server Implemented Behind a Screening Router
SOURCE http//home.netscape.com/proxy/v3.5/using/i
ndex.html
16
Drawback of Screened Hosts
  • If the router fails, a security is loss
  • However, screened hosts architecture is
    appropriate for small to medium-size intranets
    requiring a simple, yet effective security
    solution

SOURCE http//home.netscape.com/proxy/v3.5/using/i
ndex.html
17
Screened Subnetwork
  • A screened subnetwork consists of multiple
    routers sandwiching a nonsecure network
  • This subnetwork is commonly referred to as
    Demilitarized Zone (DMZ)
  • Proxy in DMZ allows access to both internal and
    external network through the routers
  • Neither internal and external traffic can pass
    through without the help of proxy server
  • The screened subnetwork is a popular choice for
    large organizations with heavily trafficked
  • Security is critical and therefore redundancy is
    imperative

Proxy Server Implemented in a DMZ Between Two
Screening Routers
SOURCE http//home.netscape.com/proxy/v3.5/using/i
ndex.html
18
Reverse Proxy
  • Is independent of firewall architecture, one may
    want to implement reverse proxy
  • Reverse proxies are generally in one of two
    configurations
  • Server Stand-in
  • Load Balancing

SOURCE http//home.netscape.com/proxy/v3.5/using/i
ndex.html
19
1. Server Stand-In
  • In server stand-in mode, proxy receives requests
    for a web server protected behind the firewall
  • Server stand-in prevents direct, unmonitored
    access of internal resources from outside
  • Proxy server acts like a virtual server mirror
    and provides replication only
  • Contents of the secure server will be replicated
    in the proxy server cache

Proxy Server Implemented in Reverse Mode as
Stand-In for a Web Server
SOURCE http//home.netscape.com/proxy/v3.5/using/i
ndex.html
20
2. Load Balancing
  • Multiple reverse proxy servers can be used to
    balance the load on an overtaxed server
  • Load balancing helps the host machine handle
    high-volume requests while reducing the impact on
    overall performance

Multiple Proxy Servers Implemented in Reverse
Mode to Balance the Load on a Web Server
SOURCE http//home.netscape.com/proxy/v3.5/using/i
ndex.html
21
SAMPLE CASE
22
Company Resource One International
  • RECENT ISSUES
  • Has recently implemented a web server for
    e-commerce
  • Therefore, security has become a serious concern
  • Therefore, an appropriate proxy server must be
    implemented for the new e-Commerce infrastructure

23
CURRENT I.S.INFRASTRUCTURE
Web Server
Network Server
President
Hub
H
INTERNET
Router
CSR Lead
Hub
H
24
HARDWARE SOFTWARE PLANNING
25
Analysis of the Current I.S.
  • The following are determined
  • The server currently being used by the Network
    Manager is running under Window NT Server
    Operating System
  • The clients Windows 98
  • Therefore, an additional server will be needed
    for the actual Proxy Server
  • A Proxy Software Program needed must therefore
    run in Microsoft Windows NT environment

26
Proxy Software Planning Choice Microsoft Proxy
Server 2.0
  • Features
  • Security
  • Enables you to configure many security features
    in order to protect your network from unwanted
    inbound connections
  • Has ability to dynamically filter both inbound
    and outbound packets (based on protocol or IP
    addresses)
  • Has ability to notify you by email if a protocol
    violation occurs
  • Web Caching capabilities
  • Manageability
  • No need to create user accounts in both the Win
    NT and Proxy Server
  • Instead, users can access Proxy Server by using
    regular old Win NT accounts
  • Microsoft Management Console (MMC) capabilities
  • Can manage multiple Proxy servers from within a
    single instance of the MMC

SOURCE http//www.microsoft.com/proxy http//www.e
lementkjournals.com/ewn/9909/ewn9991.htm
27
Minimum Requirements
  • Processor Intel 486/33 MHz or faster RISC-based
  • RAM 24 MB for the Intel platform 32MB for the
    RISC-based platform
  • Partitions NTFS (if you want to enable WEB
    caching)
  • HD space needed (of Proxy Server Installation)
    125MB for Intel platform 160 MB for the
    RISC-based platform
  • HD space needed (for Web Caching) 100MB, plus
    0.5 MB per user
  • Connectivity Modem, ISDN, ADSL, or dedicated
    leased line connection to the internet
  • Operating System Windows NT Server 4.0 with
    Service Pack 3 or Later
  • Other software Microsoft Internet Information
    Server 3.0 or later Microsoft TCP/IP

SOURCE http//www.elementkjournals.com/ewn/9909/ew
n9991.htm
28
(Hardware) Server Unit Planning Choice Dell
Precision Workstation 220
  • Server Unit Specifications
  • Processor Pentium III 600 MHz
  • RAM 256MB PC800 ECC RDRAM (1 RIMM)
  • HD 36GB Ultra 160/M SCSI (10000 rpm) 8ms
    Trans Rate
  • Controller Card (for HD) Ultra 160/M SCSI
  • Floppy Drive 3.5 1.44MB
  • CD-ROM 20/48X IDE
  • Operating System (Pre-Installed) MS Windows NT
    4.0 w/ Service Pack 5 (Separate CDs)
  • Modem V.90 56K Data/Fax PCI for Win NT
  • Video Card Diamond Viper V770D, 32MB
  • Peripherals (Included in Package)
  • Monitor 17 Dell (model M781 P)
  • Mouse Logitech First Mouse (2 buttons w/scroll)
  • Services (Include in Package)
  • 3yr Next Business Day On-Site Parts Labor

SOURCE http//www.dell.com/us/en/bsd/products/seri
es_precn_workstations.htm
29
(Hardware) Network Interfaces Wirings Choice
LinkSys EtherFast Swictched 10/100 Network
Interface Card
  • Package Contents
  • 2 EtherFast 10/100 LAN Cards w/ Wake-On-LAN
    Capabilities
  • 2 Wake-On-LAN Wires
  • EtherFast 5-Port 10/100Mbps Auto-Sensing Switch
    (not needed, but could be used for future fault
    tolerance design)
  • AC Power Adapter
  • 2 Category 5 Network Cables (15 each)
  • Internet LanBridge software package from Acotec
  • Program Disks
  • User Guide and Registration Cards
  • Features
  • 5-Port 10/100 Switch Delivers High Bandwidth
    Performance to Every PC on network (each ports
    adjusts to 10BaseT or 100BaseTX speeds at Half or
    Full Duplex)
  • LAN Card have full backward compatibility w/
    Plug-and-Play and Win 95/98 motherboards
  • Works w/ all major networking software including
    Win NT 4.0 and Linux
  • Can be attached to more PCs, Hubs, or Switches at
    any time
  • Perfect for Sharing a cable modem, DSL, or any
    Internet connection types
  • 5 year limited warranty
  • Free (M-F 8-5et) Technical Support and OnLine
    available

SOURCE http//www.linksys.com/products/product.asp
?prid13grid12
30
Estimated Project Cost
  • Server Unit 3,407
  • Cabling and wiring 110
  • Proxy Software 599
  • Other Purchasing Costs 200
  • --------
  • Subtotal 4,261
  • --------
  • Total Estimated Project Cost 4,500

31
IMPLEMENTATION SETUP OF PROXY SERVER
32
IMPLEMENTATION OBJECTIVES
  1. Planning where to put the Proxy Server
  2. NIC card installation in the server unit
  3. Proxy program installation

33
1. Planning where to Implement the new Proxy
Server Unit
Web Server
Network Server
President
Then, the Proxy Server will be placed between
the router and the LAN
Hub
H
The Proxy Server architecture employed here will
be screening the inbound transmission behind the
router
INTERNET
Router
S
Ethernet Switch
CSR Lead
First, the new switch will be installed
H
H
Hub
34
2. Installation of EtherFast 10/100 LAN Card
  • Make sure that Windows NT Server Operating System
    has been installed correctly
  • Turn off your PC and any peripheral equipment
    attached to it and remove the power cord
  • Open the computer cover and locate the PCI
    expansion slot(s)
  • Insert the EtherFast LAN cards into the PCs PCI
    slot and secure (or into the Master for older
    systems)
  • If system has Plug-n-Play capabilities, it will
    self configure otherwise assign an unused IRQ and
    I/O address for the new NIC installed (see
    systems user guide)
  • Plug one of the Cat 5 UTP wires to the RJ45 port
    of the card and one of its end to the switch

SOURCE LINKSYS.COM (Acrobat Reader
Format) ftp//ftp.linksys.com/pdf/fensk05manual.pd
f
35
2. Installation of EtherFast 10/100 LAN Card
(contd)
  • Plug the second wire to the another RJ45 port of
    the switch and the other end, to the router
  • Install the NIC card driver using the NT 4.0
    setup (make sure you install the TCP/IP protocol)
  • Insert the driver floppy disk and go to the
    Control Panel/Network Icon and install the
    correct driver provided in the driver disk to HD
  • When NT asks you for the media type
    (cabling)choose the AUTODETECT option and
    default setting 256 for TRANSMIT THRESHOLD
  • Click CONTINUE
  • When NETWORK window reappears, click on BINDINGS
    tab

SOURCE LINKSYS.COM (Acrobat Reader
Format) ftp//ftp.linksys.com/pdf/fensk05manual.pd
f
36
2. Installation of EtherFast 10/100 LAN Card
(contd)
  • Click on the PROTOCOLS tab and select your
    settings
  • Do the same for SERVICES tab
  • Click CLOSE
  • Restart the system
  • Then check device status in NETWORK NEIGHBORHOOD

SOURCE LINKSYS.COM (Acrobat Reader
Format) ftp//ftp.linksys.com/pdf/fensk05manual.pd
f
37
Now, we are ready to install Microsoft Proxy
Server 2.0 Program...
38
3. Pre-Installation of Proxy Server 2.0
  1. Install Microsoft Windows NT 4.0 operating system
    (not needed) system already preinstalled with
    these OS
  2. Install Microsoft Windows NT 4.0 Service Pack 3
    (included in the Package)
  3. Install Microsoft Internet Explorer 4.01 Service
    Pack 2 (included in the Windows NT 4.0 Option
    Pack CD that came w/ the package)
  4. Install Microsoft Windows NT 4.0 Option Pack CD
  5. Install the Proxy Server 2.0 CD

SOURCE http//www.elementkjournals.com/ewn/9909/
ewn9991.htm
39
3. MS-Proxy Server 2.0 for Windows NT Deployment
  • Start the installation from CD-ROM by running the
    Setup utility in the Proxy server folder
  • Type CD key in the text boxes, and then click OK
  • Next Verify the folder in which you want to
    install Proxy Server
  • In figure A, choose whether you want to install
    all or only some of the available options,
    including Proxy Server, the Administration Tool,
    and the Proxy Server Documentation

SOURCE http//www.elementkjournals.com/ewn/9909/
ewn9991.htm
When youre ready, click Continue Setup must
stop your Internet Information Services before it
can install Proxy Server
40
3. MS-Proxy Server 2.0 for Windows NT Deployment
(contd)
  • Configure your servers cache setting, as shown
    in Figure B.
  • In figure B, setup default 100 MB of disk space
    on your servers NTFS partition. Microsoft
    recommends the servers cache to 100 MB, plus 0.5
    MB for each user.

SOURCE http//www.elementkjournals.com/ewn/9909/
ewn9991.htm
41
3. MS-Proxy Server 2.0 for Windows NT Deployment
(contd)
  • In figure C, specify IP addresses
  • Once youve entered your internal IP addresses,
    Click OK to continue
  • Youll now see the Client Installation/Configurati
    on shown in Figure D

SOURCE http//www.elementkjournals.com/ewn/9909/
ewn9991.htm
42
3. MS-Proxy Server 2.0 for Windows NT Deployment
(contd)
  • Figure D Client/Installation/Configuration
    configure your Proxy server clients.
  • Proxy Server uses your server name to create a
    setup script for installing the Proxy Client
    software on your client. By default, setup
    script to identify your server by its name(such
    as, SERVER) rather than its IP address. Click OK
    to next, as shown in Figure E.

SOURCE http//www.elementkjournals.com/ewn/9909/
ewn9991.htm
43
3. MS-Proxy Server 2.0 for Windows NT Deployment
(contd)
  • Figure E you must enable access control for the
    WinSock Proxy and Web Proxy Services if you
    want to control users access to your Proxy
    server
  • Click OK to accept the settings and close this
    message box. At this point, Proxy Server is on
    your server.
  • When the installation is complete, click OK.

SOURCE http//www.elementkjournals.com/ewn/9909/
ewn9991.htm
44
3. MS-Proxy Server 2.0 for Windows NT Deployment
(contd)
  • Configuring Proxy Server youll want to specify
    which protocols you want to enable through
    the Proxy server. You configure Proxy
    Server by opening the MMC utility from the
    Microsoft Proxy Server. As shown in Figure F
  • Figure F The MMC displays the Socks Proxy, Web
    Proxy, and WinSock Proxy Services .

SOURCE http//www.elementkjournals.com/ewn/9909/
ewn9991.htm
45
3. MS-Proxy Server 2.0 for Windows NT Deployment
(contd)
  • Configuring the Web Proxy Service
  • At a minimum, you need to configure your
    servers Web Proxy and WinSock Proxy Services to
    specify clients permission and the protocols.
  • To configure users permissions, begin by
    selecting the protocols you want to enable to
    users to use on your server from the Protocol
    dropdown list. Next, click Edit to display the
    Permissions dialog box Click Add to display a
    list of groups and users from your servers
    domain.
  • Figure G You can configure which of your
    domains users can access the Proxy server.

SOURCE http//www.elementkjournals.com/ewn/9909/
ewn9991.htm
46
3. MS-Proxy Server 2.0 for Windows NT Deployment
(contd)
  • Configuring the WinSock Proxy Service
  • Display WinSock Proxy Services Properties
    dialog box by right-click on the Winsock Proxy
    Service in the left pane of the MMC. Select the
    Permissions tab, choose to assign permissions to
    users for each of the protocols, or you can
    choose the Unlimited Access option, as shown in
    Figure H.
  • For example, if you want to give all of users
    access, you should choose the Unlimited Access
    protocol and grant permissions to the group
    Everyone, as shown in Figure I.
  • Everyone

SOURCE http//www.elementkjournals.com/ewn/9909/
ewn9991.htm
47
3. MS-Proxy Server 2.0 for Windows NT Deployment
(contd)
  • If, you dont want all user to have access to all
    protocols, choose the individual protocols you do
    want them to use from the Protocol dropdown list.
  • Then, grant access to the Windows NT user or
    group that you want to use these specific
    protocols.

User 1 User 8 User 25
SOURCE http//www.elementkjournals.com/ewn/9909/
ewn9991.htm
48
3. MS-Proxy Server 2.0 for Windows NT Deployment
(contd)
  • Next thing we need to do is to install the
    Microsoft Windows NT 4.0 Service Pace 5 CD that
    came with the package
  • Insert the CD and follow direction for auto
    install
  • Next, insert the Proxy 2.0 Service Pack 1 and do
    the same...
  • Now, the server is completely deployed and ready
    to function
  • Then, youll need to configure the clients by
    logging on at the clients computer
  • Connect to the Mspclnt share on the Proxy Server
  • Double-click on Setup.exe to start the client
    software installation on your computer

SOURCE http//www.elementkjournals.com/ewn/9909/
ewn9991.htm
49
And, thats all there is to it...
  • Now, lets recap the steps we did

50
Recap
  • The server unit is installed into the network
  • The network interface card is installed
  • The proxy server software is deployed by the
    following
  • We made sure that Microsoft Windows NT 4.0
    operating system is properly installed in the
    server unit
  • We then installed the MS Windows NT 4.0 Service
    Pack 3
  • Then we installed MS Internet Explorer 4.01
    Service Pack 2
  • We installed MS Windows NT 4.0 Option Pack
  • Then we installed MS Proxy Server 2.0 program
  • Then the Windows NT 4.0 Service Pack 5
  • Finally, we installed the Proxy 2.0 Service Pack
    1
  • The client computers are configured

51
CONCLUSION
52
Proxy Server
  • Again, a Proxy Server is a medium in which users
    within the LAN can gain access to the Internet
    efficiently and much more securely
  • It functions in two different ways as a cache
    and as a firewall
  • It can also be implemented in different ways as
    a dual-home host, as a screened host, as a
    screened subnetwork, and as a reverse proxy

53
THE END
54
We would like to thanks the following sources
that made this project possible
  • Dr. N. Ganesan, Cal State Los Angeles
  • http//ganesan.calstatela.edu
  • Cisco Systems
  • http//www.cisco.com
  • 3com
  • http//www.3com.com
  • Microsoft Corporation
  • http//www.microsoft.com
  • Dell Computers
  • http//www.dell.com
  • LinkSys
  • http//www.linksys.com
  • And the following sites were basic concepts of
    Proxy Server are obtained
  • http//home.netscape.com/proxy/v3.5/using/index.ht
    ml

55
For more information
  • To visit this site to see this entire
    presentation again
  • http//members.tripod.com/salmonhead1018
About PowerShow.com