15 Proxy Restrict Internet Access

8/6/2019 15 Proxy Restrict Internet Access

http://slidepdf.com/reader/full/15-proxy-restrict-internet-access 1/28

Proxy server



What is Proxy server proxy server is a server (a computer system

or an application program) that acts as an

intermediary for requests from clients seekingresources from other servers

A client connects to the proxy server,requesting some service, such as a file,connection, web page, or other resource,

available from a different server



Purposes A proxy server has two purposes:

To keep machines behind it anonymous(mainly for security)

To speed up access to a resource (viacaching). It is commonly used to cache

web pages from a web server



Types of Proxy Server Caching proxy server

Web proxy Content-filtering web proxy

A nonymizing proxy server

Reverse proxy server



Caching proxy server It accelerates service requests by retrieving

content saved from a previous request made

by client Caching proxies keep local copies of

frequently requested resources, to reducetheir upstream bandwidth usage and cost,and to increasing performance

Most ISPs and large businesses have acaching proxy



Web proxy A proxy that focuses on World Wide Web

traffic is called a "web proxy"

Most proxy programs (e.g. Squid) provide ameans to deny access to certain URLs in ablacklist , thus providing content filtering

This is often used in a corporate, educationalor library environment, and anywhere elsewhere content filtering is desired



Content-filtering web proxy It provides administrative control over the

content that may be relayed through the

proxy Used in both commercial and non-commercial

organizations (especially schools)

Some common methods used for content filtering include: URL or DNS blacklists, orcontent keyword filtering



A nonymizing proxy server A ttempts to anonymize web surfing

There are different varieties of anonymizers. Eg Open Proxy

Because they are typically difficult totrack, open proxies are especially usefulto those seeking online anonymity, fromStudents to Computer Criminals



Reverse proxy server A reverse proxy is a proxy server that

is installed in the neighborhood of oneor more web servers

A ll traffic coming from the Internet andwith a destination of one of the web

servers goes through the proxy server



A dvantages of Reversal Proxy

server Encryption / SSL

Load balancing Security



Securing Internet A ccess



Determining Contents Of

Policy Before restricting internet access for

private users , your organization shouldconsider an internet acceptable policies

The policy must Define what constitutesauthorized use



A security policies allow the following

User can access internet with authorizedprotocol

User can send and receive e-mail forbusiness purpose

User can send E-mail with attachment having less than 2 MB size

User can connect to any web page that arerelated to business

User can download file for businesspurpose as long as virus scanner runningall time



The Policies must defined unauthorized use of internet are

Unauthorized protocol User could be preventing from exposing

companies sensitive information

User could be prevent from attempting to bypass

the organization security model User could be prevent from accessing internet for

personal use

User could be prevent to access web sites that have no business purpose , like porn, onlinegaming , job search , social networking sites..

User could not install unauthorized software onlocal disk



A fter defining the internet acceptablepolicy, create document outlining thepolicy

The document should include contract that employee sign before gaining

access of internet



Securing Internet A ccess by

Private Network Users Identifying Risks when private network

users connect to the internet

Restrict Internet A ccess to Specific

Computers

Users

Protocols



Restrict Internet A ccess to

Specific Computers One method to restrict internet access is to

allow specific computers to access internet

By assigning users to computers , you canlimit internet access to users who areauthorized to log on to specific computers

Servers or computers are requires internet

access are .. DNS Server

Mail Server

FTP Server

Proxy Server



Cont You can restrict internal computers by

configuring firewall

You can further restrict computers bydefining outbound packet filter , meanswhich protocols are allow to pass

through firewall




Specific Users Even though we can restrict internet accessto specific computer, sometime it is require torestrict users or groups

To manage internet access based on users orgroups you need a service capable of enforcing which users or groups can accessinternet Providing Proxy Services A

uthenticating Proxy Server Request Proxy Server provides this functionality

through following services Web proxy Services Windows Socket (WinSock) Proxy Services Socks Proxy Services



Web proxy Services (Proxy

Server 2.0) A llow users to connect internet

resources by using HTTP , HTTPS,Gopher and FTP through a browser

The Web Proxy requires that the userauthenticate with the proxy server to

determine whether the user may usethe web proxy services



Windows Socket (WinSock)

Proxy Services A llow application that may use of

windows socket to connect to server

In this services , client computerrequires to install proxy client software ,so that all WinSock requests are

redirect to Proxy Server



Socks Proxy Services It can be defined according to protocol and

cant be restricted by users

Restrictions can be defined based on IPaddress

A llows the establishment of SOCK 4.3protocol data channel between client and

server It doesn't support Real Player, Streaming

Video or NetShow(RTSP)



You can configure each proxy servicesto restrict specific groups.

When user attempts to access aninternet through a proxy services , theusers SID and Groups SID are

compared to ACL ( A ccess Control list) If SID is allow to access , the proxy

server completes the connection



A uthenticating Proxy Server

Request Proxy Server 2.0 support three methods of

authentication

A nonymous A ccess A ll user are granted access to the proxy services

Basic A uthentication A llow authentication with proxy server with plain text

Even it is a security risk , it is the only way to provide

authentication for non windows based browser Integrated Windows A uthentication

The users SID and groups SID check to allow proxyservices




Specific Protocols Once user is authenticated, configure proxy

services allows to access specific protocols

Restricting Protocol A ccess in the web Proxy You can set permission for 4 protocols

HTTP , HTTPS, FTP and Gopher

It also provides support for new protocols

You can add new protocol for that you must knowon which port that protocol works



A uditing Internet A ccess A uditing enables administrator to

review the resources accessed by

private network users

Proxy Server 2.0 enables logging of actions perform by Web Proxy, Win

Sock Proxy and Socks proxy Services Unless logging is enabled , there is no

way to know that employees are

obeying policies or not



Cont By default, A udit log files are text files stored

in %systemroot%\system32\MSPlogs folder

Where %systemroot% is the folder wherewindows is installed

Server Maintains following logs

Web Proxy Log (W3yymmdd.log)

WinSock Proxy Log (Wsyymmdd.log)

Socks Proxy Log (Spyymmdd.log)

15 Proxy Restrict Internet Access

Documents

Transcript of 15 Proxy Restrict Internet Access