1 cis 454 local area network california state university, los angeles spring 2000
TRANSCRIPT
1
CIS 454
Local Area Network
California State University, Los Angeles
Spring 2000
2
INSTALLING AND SETTING UP A PROXY
SERVERBY:
Donald ParungaoLiksun (Sam) Lo
Zongyang (Nancy) LiuMaochen Chang
CIS 454SPRING 2000, CSULADR. N. GANESAN
3
BBRIEF INTRODUCTIONRIEF INTRODUCTION
4
PRESENTATION OVERVIEW:
• Basic Concepts• Different Implementations for Proxy Server• Sample Case• Hardware and Software Planning• Implementation and Setup of Proxy Server• Conclusion • Contacts, Research Sources, and Credits
5
BBASIC CONCEPTSASIC CONCEPTS
6
What is a Proxy Server?
• A Proxy Server is a medium in which users within the LAN can gain access to the Internet efficiently and much more securely.
7
How does Proxy Server Work?
• Proxy Server works in two different ways:
1. It can act as a cache that is setup to improve the access speed to the Internet
2. It provides firewall security through which all the transmission pass through the server
8
1. Proxy Server as a Cache
Basic Concept of Internet Transmission:
LANINTERNET
HTTP-request
Web Server
HTTP-request
HTTP-ack HTTP-ack
HTTP-responseHTTP-response
HTTP-response HTTP-response
Reads
Destination
Address
Reads
Destination
Address
As you can see… Transmission Speed here is not very efficient
The restriction is due to the distance the transmission packet has to travel…
Imagine if you the user requests for a larger web files…
9
1. Proxy Server as a Cache ... (cont’d)
LANINTERNET
HTTP-request
Web Server
HTTP-request
HTTP-response HTTP-response
Proxy Server
Web Pages Web Pages Web Pages
Therefore… the length of distance in which the transmission travels in this example is greatly reduced—
Therefore… Proxy Server set up as a Cache significantly increases the transmission speed
10
2. Proxy Server as firewall
LANINTERNET
HTTP-request
Web Server
HTTP-request
False Source Address
HTTP-request
HTTP-response HTTP-response HTTP-response
Proxy Server
This way, it adds extra protection by hiding the source address … This is good especially for unwanted intrusion
Also, as a firewall, proxy server provides control over information that are going out of the LAN especially if its addressed to an unauthorized destination…
11
DDifferent Implementationsifferent Implementations
for for Proxy ServerProxy Server
12
Different Implementations for Proxy Server
• Dual-Home Host • Screened Hosts• Screened Subnetwork• Reverse Proxy
SOURCE
http://home.netscape.com/proxy/v3.5/using/index.html
13
Dual-Homed Host
• Dual-homed host has two network interfaces, one connects to internal LAN, one to internet
• Dual-homed host firewall architecture acts as a software router providing secure connectivity
• Proxy in conjunction with dual-homed host provides a complete firewall solution
• In addition to caching, proxy server brings fine-grain filtering and virus scanning
Proxy Server Implemented With a Dual-Homed Host Firewall
SOURCE
http://home.netscape.com/proxy/v3.5/using/index.html
14
Drawback of Dual-Homed Host
• When security is breached on single host machine... It could jeopardize the whole network
• However, it is desirable for small office on a budget or an organization that do not require redundant security measures
SOURCE
http://home.netscape.com/proxy/v3.5/using/index.html
15
Screened Hosts• A screened host consists of a router deployed
in front of a server• The router provides packet-filtering and
restrict inbound access to the internal network• A screening router could support multiple hosts• Proxying allows network traffic to gain
internet access through the router
Proxy Server Implemented Behind a Screening Router
SOURCE
http://home.netscape.com/proxy/v3.5/using/index.html
16
Drawback of Screened Hosts
• If the router fails, a security is loss
• However, screened hosts architecture is appropriate for small to medium-size intranets requiring a simple, yet effective security solution
SOURCE
http://home.netscape.com/proxy/v3.5/using/index.html
17
Screened Subnetwork• A screened subnetwork consists of multiple routers sandwiching a
nonsecure network• This subnetwork is commonly referred to as Demilitarized Zone
(DMZ)• Proxy in DMZ allows access to both internal and external network
through the routers• Neither internal and external traffic can pass through without
the help of proxy server• The screened subnetwork is a popular choice for large
organizations with heavily trafficked• Security is critical and therefore redundancy is imperative
Proxy Server Implemented in a DMZ Between Two Screening Routers
SOURCE
http://home.netscape.com/proxy/v3.5/using/index.html
18
Reverse Proxy
• Is independent of firewall architecture, one may want to implement reverse proxy
• Reverse proxies are generally in one of two configurations:1. Server Stand-in2. Load Balancing
SOURCE
http://home.netscape.com/proxy/v3.5/using/index.html
19
1. Server Stand-In• In server stand-in mode, proxy receives requests for
a web server protected behind the firewall• Server stand-in prevents direct, unmonitored access
of internal resources from outside• Proxy server acts like a virtual server mirror and
provides replication only• Contents of the secure server will be replicated in
the proxy server cache
Proxy Server Implemented in Reverse Mode as Stand-In for a Web Server
SOURCE
http://home.netscape.com/proxy/v3.5/using/index.html
20
2. Load Balancing
• Multiple reverse proxy servers can be used to balance the load on an overtaxed server
• Load balancing helps the host machine handle high-volume requests while reducing the impact on overall performance
Multiple Proxy Servers Implemented in
Reverse Mode to Balance the Load on a Web Server
SOURCE
http://home.netscape.com/proxy/v3.5/using/index.html
21
SSAMPLE CASEAMPLE CASE
22
Company: Resource One International
RECENT ISSUES• Has recently implemented a web server for e-commerce
• Therefore, security has become a serious concern
• Therefore, an appropriate proxy server must be implemented for the new e-Commerce infrastructure
23
CURRENT I.S.INFRASTRUCTURE
H
INTERNET
Hub
Router
Web Server Network Server President
CSR Lead
Hub
H
24
HHARDWARE ARDWARE && SOFTWARESOFTWARE
PLANNINGPLANNING
25
Analysis of the Current I.S.
• The following are determined:– The server currently being used by the Network Manager is running under Window NT Server Operating System
– The clients – Windows 98
• Therefore, an additional server will be needed for the actual Proxy Server
• A Proxy Software Program needed must therefore run in Microsoft Windows NT environment
26
Proxy Software PlanningChoice: Microsoft Proxy Server 2.0
• Features:– Security:
• Enables you to configure many security features in order to protect your network from unwanted inbound connections
• Has ability to dynamically filter both inbound and outbound packets (based on protocol or IP addresses)
• Has ability to notify you by email if a protocol violation occurs
– Web Caching capabilities– Manageability:
• No need to create user accounts in both the Win NT and Proxy Server
• Instead, users can access Proxy Server by using regular old Win NT accounts
– Microsoft Management Console (MMC) capabilities:• Can manage multiple Proxy servers from within a single
instance of the MMC
SOURCE
http://www.microsoft.com/proxy
http://www.elementkjournals.com/ewn/9909/ewn9991.htm
27
Minimum Requirements
• Processor = Intel 486/33 MHz or faster RISC-based• RAM = 24 MB for the Intel platform; 32MB for the RISC-
based platform• Partitions = NTFS (if you want to enable WEB caching)• HD space needed (of Proxy Server Installation) = 125MB
for Intel platform; 160 MB for the RISC-based platform• HD space needed (for Web Caching) = 100MB, plus 0.5 MB
per user• Connectivity = Modem, ISDN, ADSL, or dedicated leased
line connection to the internet• Operating System = Windows NT Server 4.0 with Service
Pack 3 or Later• Other software = Microsoft Internet Information Server
3.0 or later Microsoft TCP/IP
SOURCE
http://www.elementkjournals.com/ewn/9909/ewn9991.htm
28
(Hardware) Server Unit PlanningChoice: Dell Precision Workstation 220
• Server Unit Specifications:– Processor = Pentium III 600 MHz– RAM = 256MB PC800 ECC RDRAM (1 RIMM)– HD = 36GB Ultra 160/M SCSI (10000 rpm) –
8ms Trans Rate– Controller Card (for HD) = Ultra 160/M
SCSI– Floppy Drive = 3.5” – 1.44MB– CD-ROM = 20/48X IDE– Operating System (Pre-Installed) = MS
Windows NT 4.0 w/ Service Pack 5 (Separate CDs)
– Modem = V.90 56K Data/Fax PCI for Win NT– Video Card = Diamond Viper V770D, 32MB
• Peripherals (Included in Package):– Monitor = 17” Dell (model: M781 P)– Mouse = Logitech First Mouse (2 buttons
w/scroll)• Services (Include in Package):
– 3yr Next Business Day On-Site Parts & LaborSOURCE
http://www.dell.com/us/en/bsd/products/series_precn_workstations.htm
29
(Hardware) Network Interfaces & WiringsChoice: LinkSys EtherFast Swictched 10/100 Network Interface Card• Package Contents:
– 2 EtherFast 10/100 LAN Cards w/ Wake-On-LAN Capabilities
– 2 Wake-On-LAN Wires– EtherFast 5-Port 10/100Mbps Auto-Sensing Switch (not
needed, but could be used for future fault tolerance design)
– AC Power Adapter– 2 Category 5 Network Cables (15’ each)– Internet LanBridge software package from Acotec– Program Disks– User Guide and Registration Cards
• Features:– 5-Port 10/100 Switch Delivers High Bandwidth
Performance to Every PC on network (each ports adjusts to 10BaseT or 100BaseTX speeds at Half or Full Duplex)
– LAN Card have full backward compatibility w/ Plug-and-Play and Win 95/98 motherboards
– Works w/ all major networking software including Win NT 4.0 and Linux
– Can be attached to more PCs, Hubs, or Switches at any time
– Perfect for Sharing a cable modem, DSL, or any Internet connection types
– 5 year limited warranty– Free (M-F 8-5et) Technical Support and OnLine
available
SOURCE
http://www.linksys.com/products/product.asp?prid=13&grid=12
30
Estimated Project Cost
• Server Unit = $ 3,407• Cabling and wiring = $ 110• Proxy Software = $ 599 • Other Purchasing Costs = $ 200
--------
• Subtotal = $ 4,261 --------• Total Estimated Project Cost = $ 4,500
31
IIMPLEMENTATION MPLEMENTATION && SETUP SETUP
OF PROXY SERVEROF PROXY SERVER
32
IMPLEMENTATION OBJECTIVES:
1. Planning where to put the Proxy Server
2. NIC card installation in the server unit
3. Proxy program installation
33
1. Planning where to Implement the new Proxy Server Unit
H
S
INTERNET
Ethernet Switch
Router
Web Server Network Server President
CSR Lead
Then, the Proxy Server will be placed between the router and the LAN
The Proxy Server architecture employed here will be screening the inbound transmission behind the router
H
Hub
Hub
H
First, the new switch will be installed
34
2. Installation of EtherFast 10/100 LAN Card
• Make sure that Windows NT Server Operating System has been installed correctly
• Turn off your PC and any peripheral equipment attached to it and remove the power cord
• Open the computer cover and locate the PCI expansion slot(s)
• Insert the EtherFast LAN cards into the PC’s PCI slot and secure (or into the Master for older systems)
• If system has Plug-n-Play capabilities, it will self configure otherwise assign an unused IRQ and I/O address for the new NIC installed (see system’s user guide)
• Plug one of the Cat 5 UTP wires to the RJ45 port of the card and one of its end to the switch
SOURCE: LINKSYS.COM (Acrobat Reader Format)
ftp://ftp.linksys.com/pdf/fensk05manual.pdf
35
2. Installation of EtherFast 10/100 LAN Card (cont’d)
• Plug the second wire to the another RJ45 port of the switch and the other end, to the router
• Install the NIC card driver using the NT 4.0 setup (make sure you install the TCP/IP protocol)
• Insert the driver floppy disk and go to the Control Panel/Network Icon and install the correct driver provided in the driver disk to HD
• When NT asks you for the media type (cabling)—choose the AUTODETECT option and default setting = 256 for TRANSMIT THRESHOLD
• Click CONTINUE• When NETWORK window reappears, click on
BINDINGS tabSOURCE: LINKSYS.COM (Acrobat Reader Format)
ftp://ftp.linksys.com/pdf/fensk05manual.pdf
36
2. Installation of EtherFast 10/100 LAN Card (cont’d)
• Click on the PROTOCOLS tab and select your settings
• Do the same for SERVICES tab• Click CLOSE• Restart the system• Then check device status in NETWORK
NEIGHBORHOOD
SOURCE: LINKSYS.COM (Acrobat Reader Format)
ftp://ftp.linksys.com/pdf/fensk05manual.pdf
37
Now, we are ready to install Microsoft Proxy Server 2.0
Program...
38
3. Pre-Installation of Proxy Server 2.0
1. Install Microsoft Windows NT 4.0 operating system (not needed) – system already preinstalled with these OS
2. Install Microsoft Windows NT 4.0 Service Pack 3 (included in the Package)
3. Install Microsoft Internet Explorer 4.01 Service Pack 2 (included in the Windows NT 4.0 Option Pack CD that came w/ the package)
4. Install Microsoft Windows NT 4.0 Option Pack CD
5. Install the Proxy Server 2.0 CD
SOURCE: http://www.elementkjournals.com/ewn/9909/ewn9991.htm
39
3. MS-Proxy Server 2.0 for Windows NT Deployment
Start the installation from CD-ROM by running the Setup utility in the Proxy server folder
Type CD key in the text boxes, and then click OK Next Verify the folder in which you want to install Proxy
Server – In figure A, choose whether you want to install all or only some of
the available options, including Proxy Server, the Administration Tool, and the Proxy Server Documentation
When you’re ready, click Continue… Setup must stop your Internet Information Services before it can install Proxy Server
SOURCE: http://www.elementkjournals.com/ewn/9909/ewn9991.htm
40
3. MS-Proxy Server 2.0 for Windows NT Deployment (cont’d)
• Configure your server’s cache setting, as shown in Figure B.
• In figure B, setup default 100 MB of disk space on your server’s NTFS partition. Microsoft recommends the server’s cache to 100 MB, plus 0.5 MB for each user.
SOURCE: http://www.elementkjournals.com/ewn/9909/ewn9991.htm
41
3. MS-Proxy Server 2.0 for Windows NT Deployment (cont’d)
• In figure C, specify IP addresses
• Once you’ve entered your internal IP addresses, Click OK to continue
You’ll now see the Client Installation/Configuration shown
in Figure DSOURCE: http://www.elementkjournals.com/ewn/9909/ewn9991.htm
42
3. MS-Proxy Server 2.0 for Windows NT Deployment (cont’d)
• Figure D: Client/Installation/Configuration configure your Proxy server clients.
• Proxy Server uses your server name to create a setup script for installing the Proxy Client software on your client. By default, setup script to identify your server by its name(such as, SERVER) rather than its IP address. Click OK to next, as shown in Figure E.
SOURCE: http://www.elementkjournals.com/ewn/9909/ewn9991.htm
43
3. MS-Proxy Server 2.0 for Windows NT Deployment (cont’d)
• Figure E: you must enable access control for the WinSock Proxy and Web Proxy Services if you want to control user’s access to your Proxy server
• Click OK to accept the settings and close this message box. At this point, Proxy Server is on your server.
• When the installation is complete, click OK.
SOURCE: http://www.elementkjournals.com/ewn/9909/ewn9991.htm
44
3. MS-Proxy Server 2.0 for Windows NT Deployment (cont’d)
• Configuring Proxy Server: you’ll want to specify which protocols you want to enable through the Proxy server. You configure Proxy Server by opening the MMC utility from the Microsoft Proxy Server. As shown in Figure F
• Figure F: The MMC displays the Socks Proxy, Web Proxy, and WinSock Proxy Services .
SOURCE: http://www.elementkjournals.com/ewn/9909/ewn9991.htm
45
3. MS-Proxy Server 2.0 for Windows NT Deployment (cont’d)
• Configuring the Web Proxy Service: At a minimum, you need to configure your server’s Web
Proxy and WinSock Proxy Services to specify clients’ permission and the protocols.
To configure user’s permissions, begin by selecting the protocols you want to enable to users to use on your server from the Protocol dropdown list. Next, click Edit to display the Permissions dialog box; Click Add to display a list of groups and users from your server’s domain.
Figure G: You can configure which of your domain’s users can access the Proxy server.
SOURCE: http://www.elementkjournals.com/ewn/9909/ewn9991.htm
46
3. MS-Proxy Server 2.0 for Windows NT Deployment (cont’d)
• Configuring the WinSock Proxy Service:Display WinSock Proxy Services Properties dialog box by right-click
on the Winsock Proxy Service in the left pane of the MMC. Select the Permissions tab, choose to assign permissions to users for each of
the protocols, or you can choose the Unlimited Access option, as shown in Figure H.
• For example, if you want to give all of users access, you should choose the Unlimited Access protocol and grant permissions to the group Everyone, as shown in Figure I.
• Everyone
SOURCE: http://www.elementkjournals.com/ewn/9909/ewn9991.htm
47
3. MS-Proxy Server 2.0 for Windows NT Deployment (cont’d)
• If, you don’t want all user to have access to all protocols, choose the individual protocols you do want them to use from the Protocol dropdown list.
• Then, grant access to the Windows NT user or group that you want to use these specific protocols.
User 1
User 8
User 25
SOURCE: http://www.elementkjournals.com/ewn/9909/ewn9991.htm
48
3. MS-Proxy Server 2.0 for Windows NT Deployment (cont’d)
• Next thing we need to do is to install the Microsoft Windows NT 4.0 Service Pace 5 CD that came with the package…
• Insert the CD and follow direction for auto install
• Next, insert the Proxy 2.0 Service Pack 1 and do the same...
• Now, the server is completely deployed and ready to function
• Then, you’ll need to configure the clients by logging on at the client’s computer
• Connect to the Mspclnt share on the Proxy Server
• Double-click on Setup.exe to start the client software installation on your computer
SOURCE: http://www.elementkjournals.com/ewn/9909/ewn9991.htm
49
And, that’s all there is to it...
Now, let’s recap the steps we did
50
Recap1. The server unit is installed into the network 2. The network interface card is installed3. The proxy server software is deployed by the
following:• We made sure that Microsoft Windows NT 4.0
operating system is properly installed in the server unit
• We then installed the MS Windows NT 4.0 Service Pack 3
• Then we installed MS Internet Explorer 4.01 Service Pack 2
• We installed MS Windows NT 4.0 Option Pack• Then we installed MS Proxy Server 2.0 program• Then the Windows NT 4.0 Service Pack 5• Finally, we installed the Proxy 2.0 Service Pack
1• The client computers are configured
51
CCONCLUSIONONCLUSION
52
Proxy Server
• Again, a Proxy Server is a medium in which users within the LAN can gain access to the Internet efficiently and much more securely
• It functions in two different ways: as a cache and as a firewall
• It can also be implemented in different ways: as a dual-home host, as a screened host, as a screened subnetwork, and as a reverse proxy
53
TTHE ENDHE END
54
We would like to thanks the following sources that made this project possible:
• Dr. N. Ganesan, Cal State Los Angeles– http://ganesan.calstatela.edu
• Cisco Systems– http://www.cisco.com
• 3com– http://www.3com.com
• Microsoft Corporation– http://www.microsoft.com
• Dell Computers– http://www.dell.com
• LinkSys– http://www.linksys.com
• And the following sites were basic concepts of Proxy Server are obtained:– http://home.netscape.com/proxy/v3.5/using/index.html
55
For more information:
To visit this site to see this entire presentation again…
• http://members.tripod.com/salmonhead1018