Post on 08-Apr-2018
8/6/2019 15 Proxy Restrict Internet Access
http://slidepdf.com/reader/full/15-proxy-restrict-internet-access 1/28
Proxy server
8/6/2019 15 Proxy Restrict Internet Access
http://slidepdf.com/reader/full/15-proxy-restrict-internet-access 2/28
What is Proxy server proxy server is a server (a computer system
or an application program) that acts as an
intermediary for requests from clients seekingresources from other servers
A client connects to the proxy server,requesting some service, such as a file,connection, web page, or other resource,
available from a different server
8/6/2019 15 Proxy Restrict Internet Access
http://slidepdf.com/reader/full/15-proxy-restrict-internet-access 3/28
8/6/2019 15 Proxy Restrict Internet Access
http://slidepdf.com/reader/full/15-proxy-restrict-internet-access 4/28
Purposes A proxy server has two purposes:
To keep machines behind it anonymous(mainly for security)
To speed up access to a resource (viacaching). It is commonly used to cache
web pages from a web server
8/6/2019 15 Proxy Restrict Internet Access
http://slidepdf.com/reader/full/15-proxy-restrict-internet-access 5/28
Types of Proxy Server Caching proxy server
Web proxy Content-filtering web proxy
A nonymizing proxy server
Reverse proxy server
8/6/2019 15 Proxy Restrict Internet Access
http://slidepdf.com/reader/full/15-proxy-restrict-internet-access 6/28
Caching proxy server It accelerates service requests by retrieving
content saved from a previous request made
by client Caching proxies keep local copies of
frequently requested resources, to reducetheir upstream bandwidth usage and cost,and to increasing performance
Most ISPs and large businesses have acaching proxy
8/6/2019 15 Proxy Restrict Internet Access
http://slidepdf.com/reader/full/15-proxy-restrict-internet-access 7/28
Web proxy A proxy that focuses on World Wide Web
traffic is called a "web proxy"
Most proxy programs (e.g. Squid) provide ameans to deny access to certain URLs in ablacklist , thus providing content filtering
This is often used in a corporate, educationalor library environment, and anywhere elsewhere content filtering is desired
8/6/2019 15 Proxy Restrict Internet Access
http://slidepdf.com/reader/full/15-proxy-restrict-internet-access 8/28
Content-filtering web proxy It provides administrative control over the
content that may be relayed through the
proxy Used in both commercial and non-commercial
organizations (especially schools)
Some common methods used for content filtering include: URL or DNS blacklists, orcontent keyword filtering
8/6/2019 15 Proxy Restrict Internet Access
http://slidepdf.com/reader/full/15-proxy-restrict-internet-access 9/28
A nonymizing proxy server A ttempts to anonymize web surfing
There are different varieties of anonymizers. Eg Open Proxy
Because they are typically difficult totrack, open proxies are especially usefulto those seeking online anonymity, fromStudents to Computer Criminals
8/6/2019 15 Proxy Restrict Internet Access
http://slidepdf.com/reader/full/15-proxy-restrict-internet-access 10/28
Reverse proxy server A reverse proxy is a proxy server that
is installed in the neighborhood of oneor more web servers
A ll traffic coming from the Internet andwith a destination of one of the web
servers goes through the proxy server
8/6/2019 15 Proxy Restrict Internet Access
http://slidepdf.com/reader/full/15-proxy-restrict-internet-access 11/28
A dvantages of Reversal Proxy
server Encryption / SSL
Load balancing Security
8/6/2019 15 Proxy Restrict Internet Access
http://slidepdf.com/reader/full/15-proxy-restrict-internet-access 12/28
Securing Internet A ccess
8/6/2019 15 Proxy Restrict Internet Access
http://slidepdf.com/reader/full/15-proxy-restrict-internet-access 13/28
Determining Contents Of
Policy Before restricting internet access for
private users , your organization shouldconsider an internet acceptable policies
The policy must Define what constitutesauthorized use
8/6/2019 15 Proxy Restrict Internet Access
http://slidepdf.com/reader/full/15-proxy-restrict-internet-access 14/28
A security policies allow the following
User can access internet with authorizedprotocol
User can send and receive e-mail forbusiness purpose
User can send E-mail with attachment having less than 2 MB size
User can connect to any web page that arerelated to business
User can download file for businesspurpose as long as virus scanner runningall time
8/6/2019 15 Proxy Restrict Internet Access
http://slidepdf.com/reader/full/15-proxy-restrict-internet-access 15/28
The Policies must defined unauthorized use of internet are
Unauthorized protocol User could be preventing from exposing
companies sensitive information
User could be prevent from attempting to bypass
the organization security model User could be prevent from accessing internet for
personal use
User could be prevent to access web sites that have no business purpose , like porn, onlinegaming , job search , social networking sites..
User could not install unauthorized software onlocal disk
8/6/2019 15 Proxy Restrict Internet Access
http://slidepdf.com/reader/full/15-proxy-restrict-internet-access 16/28
A fter defining the internet acceptablepolicy, create document outlining thepolicy
The document should include contract that employee sign before gaining
access of internet
8/6/2019 15 Proxy Restrict Internet Access
http://slidepdf.com/reader/full/15-proxy-restrict-internet-access 17/28
Securing Internet A ccess by
Private Network Users Identifying Risks when private network
users connect to the internet
Restrict Internet A ccess to Specific
Computers
Users
Protocols
8/6/2019 15 Proxy Restrict Internet Access
http://slidepdf.com/reader/full/15-proxy-restrict-internet-access 18/28
Restrict Internet A ccess to
Specific Computers One method to restrict internet access is to
allow specific computers to access internet
By assigning users to computers , you canlimit internet access to users who areauthorized to log on to specific computers
Servers or computers are requires internet
access are .. DNS Server
Mail Server
FTP Server
Proxy Server
8/6/2019 15 Proxy Restrict Internet Access
http://slidepdf.com/reader/full/15-proxy-restrict-internet-access 19/28
Cont You can restrict internal computers by
configuring firewall
You can further restrict computers bydefining outbound packet filter , meanswhich protocols are allow to pass
through firewall
8/6/2019 15 Proxy Restrict Internet Access
http://slidepdf.com/reader/full/15-proxy-restrict-internet-access 20/28
Restrict Internet A ccess to
Specific Users Even though we can restrict internet accessto specific computer, sometime it is require torestrict users or groups
To manage internet access based on users orgroups you need a service capable of enforcing which users or groups can accessinternet Providing Proxy Services A
uthenticating Proxy Server Request Proxy Server provides this functionality
through following services Web proxy Services Windows Socket (WinSock) Proxy Services Socks Proxy Services
8/6/2019 15 Proxy Restrict Internet Access
http://slidepdf.com/reader/full/15-proxy-restrict-internet-access 21/28
Web proxy Services (Proxy
Server 2.0) A llow users to connect internet
resources by using HTTP , HTTPS,Gopher and FTP through a browser
The Web Proxy requires that the userauthenticate with the proxy server to
determine whether the user may usethe web proxy services
8/6/2019 15 Proxy Restrict Internet Access
http://slidepdf.com/reader/full/15-proxy-restrict-internet-access 22/28
Windows Socket (WinSock)
Proxy Services A llow application that may use of
windows socket to connect to server
In this services , client computerrequires to install proxy client software ,so that all WinSock requests are
redirect to Proxy Server
8/6/2019 15 Proxy Restrict Internet Access
http://slidepdf.com/reader/full/15-proxy-restrict-internet-access 23/28
Socks Proxy Services It can be defined according to protocol and
cant be restricted by users
Restrictions can be defined based on IPaddress
A llows the establishment of SOCK 4.3protocol data channel between client and
server It doesn't support Real Player, Streaming
Video or NetShow(RTSP)
8/6/2019 15 Proxy Restrict Internet Access
http://slidepdf.com/reader/full/15-proxy-restrict-internet-access 24/28
You can configure each proxy servicesto restrict specific groups.
When user attempts to access aninternet through a proxy services , theusers SID and Groups SID are
compared to ACL ( A ccess Control list) If SID is allow to access , the proxy
server completes the connection
8/6/2019 15 Proxy Restrict Internet Access
http://slidepdf.com/reader/full/15-proxy-restrict-internet-access 25/28
A uthenticating Proxy Server
Request Proxy Server 2.0 support three methods of
authentication
A nonymous A ccess A ll user are granted access to the proxy services
Basic A uthentication A llow authentication with proxy server with plain text
Even it is a security risk , it is the only way to provide
authentication for non windows based browser Integrated Windows A uthentication
The users SID and groups SID check to allow proxyservices
8/6/2019 15 Proxy Restrict Internet Access
http://slidepdf.com/reader/full/15-proxy-restrict-internet-access 26/28
Restrict Internet A ccess to
Specific Protocols Once user is authenticated, configure proxy
services allows to access specific protocols
Restricting Protocol A ccess in the web Proxy You can set permission for 4 protocols
HTTP , HTTPS, FTP and Gopher
It also provides support for new protocols
You can add new protocol for that you must knowon which port that protocol works
8/6/2019 15 Proxy Restrict Internet Access
http://slidepdf.com/reader/full/15-proxy-restrict-internet-access 27/28
A uditing Internet A ccess A uditing enables administrator to
review the resources accessed by
private network users
Proxy Server 2.0 enables logging of actions perform by Web Proxy, Win
Sock Proxy and Socks proxy Services Unless logging is enabled , there is no
way to know that employees are
obeying policies or not
8/6/2019 15 Proxy Restrict Internet Access
http://slidepdf.com/reader/full/15-proxy-restrict-internet-access 28/28
Cont By default, A udit log files are text files stored
in %systemroot%\system32\MSPlogs folder
Where %systemroot% is the folder wherewindows is installed
Server Maintains following logs
Web Proxy Log (W3yymmdd.log)
WinSock Proxy Log (Wsyymmdd.log)
Socks Proxy Log (Spyymmdd.log)