1 cis 454 local area network california state university, los angeles spring 2000

1

CIS 454

Local Area Network

California State University, Los Angeles

Spring 2000

2

INSTALLING AND SETTING UP A PROXY

SERVERBY:

Donald ParungaoLiksun (Sam) Lo

Zongyang (Nancy) LiuMaochen Chang

CIS 454SPRING 2000, CSULADR. N. GANESAN

3

BBRIEF INTRODUCTIONRIEF INTRODUCTION

4

PRESENTATION OVERVIEW:

• Basic Concepts• Different Implementations for Proxy Server• Sample Case• Hardware and Software Planning• Implementation and Setup of Proxy Server• Conclusion • Contacts, Research Sources, and Credits

5

BBASIC CONCEPTSASIC CONCEPTS

6

What is a Proxy Server?

• A Proxy Server is a medium in which users within the LAN can gain access to the Internet efficiently and much more securely.

7

How does Proxy Server Work?

• Proxy Server works in two different ways:

1. It can act as a cache that is setup to improve the access speed to the Internet

2. It provides firewall security through which all the transmission pass through the server

8

1. Proxy Server as a Cache

Basic Concept of Internet Transmission:

LANINTERNET

HTTP-request

Web Server

HTTP-request

HTTP-ack HTTP-ack

HTTP-responseHTTP-response

HTTP-response HTTP-response

Reads

Destination

Address

Reads

Destination

Address

As you can see… Transmission Speed here is not very efficient

The restriction is due to the distance the transmission packet has to travel…

Imagine if you the user requests for a larger web files…

9

1. Proxy Server as a Cache ... (cont’d)

LANINTERNET

HTTP-request

Web Server

HTTP-request

HTTP-response HTTP-response

Proxy Server

Web Pages Web Pages Web Pages

Therefore… the length of distance in which the transmission travels in this example is greatly reduced—

Therefore… Proxy Server set up as a Cache significantly increases the transmission speed

10

2. Proxy Server as firewall

LANINTERNET

HTTP-request

Web Server

HTTP-request

False Source Address

HTTP-request

HTTP-response HTTP-response HTTP-response

Proxy Server

This way, it adds extra protection by hiding the source address … This is good especially for unwanted intrusion

Also, as a firewall, proxy server provides control over information that are going out of the LAN especially if its addressed to an unauthorized destination…

11

DDifferent Implementationsifferent Implementations

for for Proxy ServerProxy Server

12

Different Implementations for Proxy Server

• Dual-Home Host • Screened Hosts• Screened Subnetwork• Reverse Proxy

SOURCE

http://home.netscape.com/proxy/v3.5/using/index.html

13

Dual-Homed Host

• Dual-homed host has two network interfaces, one connects to internal LAN, one to internet

• Dual-homed host firewall architecture acts as a software router providing secure connectivity

• Proxy in conjunction with dual-homed host provides a complete firewall solution

• In addition to caching, proxy server brings fine-grain filtering and virus scanning

Proxy Server Implemented With a Dual-Homed Host Firewall

SOURCE


14

Drawback of Dual-Homed Host

• When security is breached on single host machine... It could jeopardize the whole network

• However, it is desirable for small office on a budget or an organization that do not require redundant security measures

SOURCE


15

Screened Hosts• A screened host consists of a router deployed

in front of a server• The router provides packet-filtering and

restrict inbound access to the internal network• A screening router could support multiple hosts• Proxying allows network traffic to gain

internet access through the router

Proxy Server Implemented Behind a Screening Router

SOURCE


16

Drawback of Screened Hosts

• If the router fails, a security is loss

• However, screened hosts architecture is appropriate for small to medium-size intranets requiring a simple, yet effective security solution

SOURCE


17

Screened Subnetwork• A screened subnetwork consists of multiple routers sandwiching a

nonsecure network• This subnetwork is commonly referred to as Demilitarized Zone

(DMZ)• Proxy in DMZ allows access to both internal and external network

through the routers• Neither internal and external traffic can pass through without

the help of proxy server• The screened subnetwork is a popular choice for large

organizations with heavily trafficked• Security is critical and therefore redundancy is imperative

Proxy Server Implemented in a DMZ Between Two Screening Routers

SOURCE


18

Reverse Proxy

• Is independent of firewall architecture, one may want to implement reverse proxy

• Reverse proxies are generally in one of two configurations:1. Server Stand-in2. Load Balancing

SOURCE


19

1. Server Stand-In• In server stand-in mode, proxy receives requests for

a web server protected behind the firewall• Server stand-in prevents direct, unmonitored access

of internal resources from outside• Proxy server acts like a virtual server mirror and

provides replication only• Contents of the secure server will be replicated in

the proxy server cache

Proxy Server Implemented in Reverse Mode as Stand-In for a Web Server

SOURCE


20

2. Load Balancing

• Multiple reverse proxy servers can be used to balance the load on an overtaxed server

• Load balancing helps the host machine handle high-volume requests while reducing the impact on overall performance

Multiple Proxy Servers Implemented in

Reverse Mode to Balance the Load on a Web Server

SOURCE


21

SSAMPLE CASEAMPLE CASE

22

Company: Resource One International

RECENT ISSUES• Has recently implemented a web server for e-commerce

• Therefore, security has become a serious concern

• Therefore, an appropriate proxy server must be implemented for the new e-Commerce infrastructure

23

CURRENT I.S.INFRASTRUCTURE

H

INTERNET

Hub

Router

Web Server Network Server President

CSR Lead

Hub

H

24

HHARDWARE ARDWARE && SOFTWARESOFTWARE

PLANNINGPLANNING

25

Analysis of the Current I.S.

• The following are determined:– The server currently being used by the Network Manager is running under Window NT Server Operating System

– The clients – Windows 98

• Therefore, an additional server will be needed for the actual Proxy Server

• A Proxy Software Program needed must therefore run in Microsoft Windows NT environment

26

Proxy Software PlanningChoice: Microsoft Proxy Server 2.0

• Features:– Security:

• Enables you to configure many security features in order to protect your network from unwanted inbound connections

• Has ability to dynamically filter both inbound and outbound packets (based on protocol or IP addresses)

• Has ability to notify you by email if a protocol violation occurs

– Web Caching capabilities– Manageability:

• No need to create user accounts in both the Win NT and Proxy Server

• Instead, users can access Proxy Server by using regular old Win NT accounts

– Microsoft Management Console (MMC) capabilities:• Can manage multiple Proxy servers from within a single

instance of the MMC

SOURCE

http://www.microsoft.com/proxy

http://www.elementkjournals.com/ewn/9909/ewn9991.htm

27

Minimum Requirements

• Processor = Intel 486/33 MHz or faster RISC-based• RAM = 24 MB for the Intel platform; 32MB for the RISC-

based platform• Partitions = NTFS (if you want to enable WEB caching)• HD space needed (of Proxy Server Installation) = 125MB

for Intel platform; 160 MB for the RISC-based platform• HD space needed (for Web Caching) = 100MB, plus 0.5 MB

per user• Connectivity = Modem, ISDN, ADSL, or dedicated leased

line connection to the internet• Operating System = Windows NT Server 4.0 with Service

Pack 3 or Later• Other software = Microsoft Internet Information Server

3.0 or later Microsoft TCP/IP

SOURCE

http://www.elementkjournals.com/ewn/9909/ewn9991.htm

28

(Hardware) Server Unit PlanningChoice: Dell Precision Workstation 220

• Server Unit Specifications:– Processor = Pentium III 600 MHz– RAM = 256MB PC800 ECC RDRAM (1 RIMM)– HD = 36GB Ultra 160/M SCSI (10000 rpm) –

8ms Trans Rate– Controller Card (for HD) = Ultra 160/M

SCSI– Floppy Drive = 3.5” – 1.44MB– CD-ROM = 20/48X IDE– Operating System (Pre-Installed) = MS

Windows NT 4.0 w/ Service Pack 5 (Separate CDs)

– Modem = V.90 56K Data/Fax PCI for Win NT– Video Card = Diamond Viper V770D, 32MB

• Peripherals (Included in Package):– Monitor = 17” Dell (model: M781 P)– Mouse = Logitech First Mouse (2 buttons

w/scroll)• Services (Include in Package):

– 3yr Next Business Day On-Site Parts & LaborSOURCE

http://www.dell.com/us/en/bsd/products/series_precn_workstations.htm

29

(Hardware) Network Interfaces & WiringsChoice: LinkSys EtherFast Swictched 10/100 Network Interface Card• Package Contents:

– 2 EtherFast 10/100 LAN Cards w/ Wake-On-LAN Capabilities

– 2 Wake-On-LAN Wires– EtherFast 5-Port 10/100Mbps Auto-Sensing Switch (not

needed, but could be used for future fault tolerance design)

– AC Power Adapter– 2 Category 5 Network Cables (15’ each)– Internet LanBridge software package from Acotec– Program Disks– User Guide and Registration Cards

• Features:– 5-Port 10/100 Switch Delivers High Bandwidth

Performance to Every PC on network (each ports adjusts to 10BaseT or 100BaseTX speeds at Half or Full Duplex)

– LAN Card have full backward compatibility w/ Plug-and-Play and Win 95/98 motherboards

– Works w/ all major networking software including Win NT 4.0 and Linux

– Can be attached to more PCs, Hubs, or Switches at any time

– Perfect for Sharing a cable modem, DSL, or any Internet connection types

– 5 year limited warranty– Free (M-F 8-5et) Technical Support and OnLine

available

SOURCE

http://www.linksys.com/products/product.asp?prid=13&grid=12

30

Estimated Project Cost

• Server Unit = $ 3,407• Cabling and wiring = $ 110• Proxy Software = $ 599 • Other Purchasing Costs = $ 200

--------

• Subtotal = $ 4,261 --------• Total Estimated Project Cost = $ 4,500

31

IIMPLEMENTATION MPLEMENTATION && SETUP SETUP

OF PROXY SERVEROF PROXY SERVER

32

IMPLEMENTATION OBJECTIVES:

1. Planning where to put the Proxy Server

2. NIC card installation in the server unit

3. Proxy program installation

33

1. Planning where to Implement the new Proxy Server Unit

H

S

INTERNET

Ethernet Switch

Router

Web Server Network Server President

CSR Lead

Then, the Proxy Server will be placed between the router and the LAN

The Proxy Server architecture employed here will be screening the inbound transmission behind the router

H

Hub

Hub

H

First, the new switch will be installed

34

2. Installation of EtherFast 10/100 LAN Card

• Make sure that Windows NT Server Operating System has been installed correctly

• Turn off your PC and any peripheral equipment attached to it and remove the power cord

• Open the computer cover and locate the PCI expansion slot(s)

• Insert the EtherFast LAN cards into the PC’s PCI slot and secure (or into the Master for older systems)

• If system has Plug-n-Play capabilities, it will self configure otherwise assign an unused IRQ and I/O address for the new NIC installed (see system’s user guide)

• Plug one of the Cat 5 UTP wires to the RJ45 port of the card and one of its end to the switch

SOURCE: LINKSYS.COM (Acrobat Reader Format)

ftp://ftp.linksys.com/pdf/fensk05manual.pdf

35

2. Installation of EtherFast 10/100 LAN Card (cont’d)

• Plug the second wire to the another RJ45 port of the switch and the other end, to the router

• Install the NIC card driver using the NT 4.0 setup (make sure you install the TCP/IP protocol)

• Insert the driver floppy disk and go to the Control Panel/Network Icon and install the correct driver provided in the driver disk to HD

• When NT asks you for the media type (cabling)—choose the AUTODETECT option and default setting = 256 for TRANSMIT THRESHOLD

• Click CONTINUE• When NETWORK window reappears, click on

BINDINGS tabSOURCE: LINKSYS.COM (Acrobat Reader Format)


36

2. Installation of EtherFast 10/100 LAN Card (cont’d)

• Click on the PROTOCOLS tab and select your settings

• Do the same for SERVICES tab• Click CLOSE• Restart the system• Then check device status in NETWORK

NEIGHBORHOOD

SOURCE: LINKSYS.COM (Acrobat Reader Format)


37

Now, we are ready to install Microsoft Proxy Server 2.0

Program...

38

3. Pre-Installation of Proxy Server 2.0

1. Install Microsoft Windows NT 4.0 operating system (not needed) – system already preinstalled with these OS

2. Install Microsoft Windows NT 4.0 Service Pack 3 (included in the Package)

3. Install Microsoft Internet Explorer 4.01 Service Pack 2 (included in the Windows NT 4.0 Option Pack CD that came w/ the package)

4. Install Microsoft Windows NT 4.0 Option Pack CD

5. Install the Proxy Server 2.0 CD

SOURCE: http://www.elementkjournals.com/ewn/9909/ewn9991.htm

39

3. MS-Proxy Server 2.0 for Windows NT Deployment

Start the installation from CD-ROM by running the Setup utility in the Proxy server folder

Type CD key in the text boxes, and then click OK Next Verify the folder in which you want to install Proxy

Server – In figure A, choose whether you want to install all or only some of

the available options, including Proxy Server, the Administration Tool, and the Proxy Server Documentation

When you’re ready, click Continue… Setup must stop your Internet Information Services before it can install Proxy Server


40

3. MS-Proxy Server 2.0 for Windows NT Deployment (cont’d)

• Configure your server’s cache setting, as shown in Figure B.

• In figure B, setup default 100 MB of disk space on your server’s NTFS partition. Microsoft recommends the server’s cache to 100 MB, plus 0.5 MB for each user.


41


• In figure C, specify IP addresses

• Once you’ve entered your internal IP addresses, Click OK to continue

You’ll now see the Client Installation/Configuration shown

in Figure DSOURCE: http://www.elementkjournals.com/ewn/9909/ewn9991.htm

42


• Figure D: Client/Installation/Configuration configure your Proxy server clients.

• Proxy Server uses your server name to create a setup script for installing the Proxy Client software on your client. By default, setup script to identify your server by its name(such as, SERVER) rather than its IP address. Click OK to next, as shown in Figure E.


43


• Figure E: you must enable access control for the WinSock Proxy and Web Proxy Services if you want to control user’s access to your Proxy server

• Click OK to accept the settings and close this message box. At this point, Proxy Server is on your server.

• When the installation is complete, click OK.


44


• Configuring Proxy Server: you’ll want to specify which protocols you want to enable through the Proxy server. You configure Proxy Server by opening the MMC utility from the Microsoft Proxy Server. As shown in Figure F

• Figure F: The MMC displays the Socks Proxy, Web Proxy, and WinSock Proxy Services .


45


• Configuring the Web Proxy Service: At a minimum, you need to configure your server’s Web

Proxy and WinSock Proxy Services to specify clients’ permission and the protocols.

To configure user’s permissions, begin by selecting the protocols you want to enable to users to use on your server from the Protocol dropdown list. Next, click Edit to display the Permissions dialog box; Click Add to display a list of groups and users from your server’s domain.

Figure G: You can configure which of your domain’s users can access the Proxy server.


46


• Configuring the WinSock Proxy Service:Display WinSock Proxy Services Properties dialog box by right-click

on the Winsock Proxy Service in the left pane of the MMC. Select the Permissions tab, choose to assign permissions to users for each of

the protocols, or you can choose the Unlimited Access option, as shown in Figure H.

• For example, if you want to give all of users access, you should choose the Unlimited Access protocol and grant permissions to the group Everyone, as shown in Figure I.

• Everyone


47


• If, you don’t want all user to have access to all protocols, choose the individual protocols you do want them to use from the Protocol dropdown list.

• Then, grant access to the Windows NT user or group that you want to use these specific protocols.

User 1

User 8

User 25


48


• Next thing we need to do is to install the Microsoft Windows NT 4.0 Service Pace 5 CD that came with the package…

• Insert the CD and follow direction for auto install

• Next, insert the Proxy 2.0 Service Pack 1 and do the same...

• Now, the server is completely deployed and ready to function

• Then, you’ll need to configure the clients by logging on at the client’s computer

• Connect to the Mspclnt share on the Proxy Server

• Double-click on Setup.exe to start the client software installation on your computer


49

And, that’s all there is to it...

Now, let’s recap the steps we did

50

Recap1. The server unit is installed into the network 2. The network interface card is installed3. The proxy server software is deployed by the

following:• We made sure that Microsoft Windows NT 4.0

operating system is properly installed in the server unit

• We then installed the MS Windows NT 4.0 Service Pack 3

• Then we installed MS Internet Explorer 4.01 Service Pack 2

• We installed MS Windows NT 4.0 Option Pack• Then we installed MS Proxy Server 2.0 program• Then the Windows NT 4.0 Service Pack 5• Finally, we installed the Proxy 2.0 Service Pack

1• The client computers are configured

51

CCONCLUSIONONCLUSION

52

Proxy Server

• Again, a Proxy Server is a medium in which users within the LAN can gain access to the Internet efficiently and much more securely

• It functions in two different ways: as a cache and as a firewall

• It can also be implemented in different ways: as a dual-home host, as a screened host, as a screened subnetwork, and as a reverse proxy

53

TTHE ENDHE END

54

We would like to thanks the following sources that made this project possible:

• Dr. N. Ganesan, Cal State Los Angeles– http://ganesan.calstatela.edu

• Cisco Systems– http://www.cisco.com

• 3com– http://www.3com.com

• Microsoft Corporation– http://www.microsoft.com

• Dell Computers– http://www.dell.com

• LinkSys– http://www.linksys.com

• And the following sites were basic concepts of Proxy Server are obtained:– http://home.netscape.com/proxy/v3.5/using/index.html

55

For more information:

To visit this site to see this entire presentation again…

• http://members.tripod.com/salmonhead1018

1 cis 454 local area network california state university, los angeles spring 2000

Documents