Upload
timothy-cameron
View
241
Download
4
Tags:
Embed Size (px)
Citation preview
What is proxy ?What is proxy ? Main purpose of using proxiesMain purpose of using proxies How a proxy works ?How a proxy works ? Proxy typesProxy types Popular hardware & software proxiesPopular hardware & software proxies What is firewall ?What is firewall ? Main purpose of using firewallsMain purpose of using firewalls How a firewall works ?How a firewall works ? Firewall typesFirewall types Popular hardware & software firewallsPopular hardware & software firewalls
ObjectivesObjectives
What is proxy ?What is proxy ?Proxy
Proxy is hardware / software
Indirect access to other networks e.g INTERNET. all computers on Indirect access to other networks e.g INTERNET. all computers on the local network have to go through it before accessing information the local network have to go through it before accessing information on the Internet.on the Internet.
Organization , universities , companies use proxy systems
Proxy act as gateway
Proxy act as Cache Server/Firewall
Proxy share a connection to others
LAN INTERNET
Main purpose of using Main purpose of using proxiesproxies
Improve PerformanceImprove Performance– Act as Cache serverAct as Cache server– Bandwidth controlBandwidth control
Filter RequestsFilter Requests– Prevent access to some web sites!!!Prevent access to some web sites!!!– Prevent access to some protocolsPrevent access to some protocols– Time divisionTime division
Surfing AnonymouslySurfing Anonymously– Browsing the WWW without any identification!!!Browsing the WWW without any identification!!!
Improve PerformanceImprove Performance CachingCaching
– Reduce latencyReduce latency– Reduce Network TrafficReduce Network Traffic
Caching can greatly speed up Internet access. If one or more Internet sites are frequently requested, they are kept in the proxy's cache, so that when a user requests them, they are delivered directly from the proxy's cache instead of from the original Internet site.
Caches diminish the need for network bandwidth, typically by 35% or more, by reducing the traffic from browsers to content servers.
Bandwidth controlBandwidth control– Policy-based Bandwidth Limits– Deny by content type
INTERNET
64 Kbps
128 Kbps
512 Kbps1 Mbps
Filter RequestsFilter Requests Prevent access to some web sites!!!Prevent access to some web sites!!!
– Categories web sitesCategories web sites Adult/Sexually ExplicitAdult/Sexually Explicit Advertisements & Pop-UpsAdvertisements & Pop-Ups Chat Chat Gambling Gambling Games Games Hacking Hacking Peer-to-PeerPeer-to-Peer …………
– Check by content typeCheck by content type .Exe / .Com.Exe / .Com .Mid / .MP3 / .Wav.Mid / .MP3 / .Wav .Avi / .Mpeg / .Rm.Avi / .Mpeg / .Rm
What do you need for What do you need for proxy installation?proxy installation?
Proxy SoftwareProxy Software Ms ISA Server , Squid , WinRoute , …Ms ISA Server , Squid , WinRoute , …
ServerServer At least 2 network cardsAt least 2 network cards DIRECT INTERNET connection DIRECT INTERNET connection (Public IP Address)(Public IP Address)
Switch/Hub Switch/Hub (elective) (elective)
Private IP AddressPrivate IP Address 10.0.0.1/8 – 172.16.0.1/16 – 192.168.0.1/2410.0.0.1/8 – 172.16.0.1/16 – 192.168.0.1/24
LAN
INTERNET
Proxy Server
IP : 172.16.0.2
Gw : 172.16.0.1
IP : 172.16.0.1
Source IP
172.16.0.2www.yahoo.com
Dest IP209.191.93.52
IP : 217.219.66.2
Gw : 217.219.66.1
LAN
INTERNET
Proxy Server
IP : 172.16.0.2
Gw : 172.16.0.1
IP : 217.219.66.2
Gw : 217.219.66.1
IP : 172.16.0.1
Source IP
217.219.66.2www.yahoo.com
Dest IP209.191.93.52
Change Source IP Address
Source IP
172.16.0.2www.yahoo.com
Dest IP209.191.93.52
LAN
INTERNET
Proxy Server
IP : 217.219.66.2
Gw : 217.219.66.1
IP : 172.16.0.1
Source IP
209.191.93.52
Dest IP217.219.66.2
Change Source IP Address & Destination IP Address
IP : 172.16.0.2
Gw : 172.16.0.1
LAN
INTERNET
Proxy Server
IP : 217.219.66.2
Gw : 217.219.66.1
IP : 172.16.0.1
Source IP
209.191.93.52
Dest IP217.219.66.2
Change Dest. IP Address
Source IP
209.191.93.52
Dest IP172.16.0.2
IP : 172.16.0.2
Gw : 172.16.0.1
LAN
INTERNET
Proxy Server
IP : 172.16.0.2
Gw : 172.16.0.1
IP : 217.219.66.2
Gw : 217.219.66.1
IP : 172.16.0.1
Source IP
209.191.93.52
Dest IP172.16.0.2
Proxy typesProxy types
Web proxiesWeb proxies SSL proxiesSSL proxies Transparent proxiesTransparent proxies Open proxiesOpen proxies Anonymous proxiesAnonymous proxies
Proxy setting in IEProxy setting in IE
Popular hardware & software Popular hardware & software proxiesproxies
Software Proxy Hardware Proxy
Ms. ISA ServerMs. ISA Server Cisco PIXCisco PIX
SquidSquid Blue CoatBlue Coat
Kerio WinRouteKerio WinRoute CyberoamCyberoam
1st Up Net Server1st Up Net Server AlacerAlacer
CCProxyCCProxy
CProxyCProxy
Windows ICSWindows ICS
WinGateWinGate
What is firewall ?What is firewall ?Firewall
Firewall is hardware / software
protects the resources of a private network from users from other networks
Organization , universities , companies use firewall systems
Firewall can act as gateway
Firewall can act as proxy
Firewall filter Incoming & Outgoing information
LAN INTERNET
Main purpose of using Main purpose of using firewallsfirewalls
Packet filteringPacket filtering– Analyzing packetsAnalyzing packets
Proxy serviceProxy service– Provide access to other networks e.g INTERNETProvide access to other networks e.g INTERNET
LAN
INTERNET
How a firewall works ?How a firewall works ?
The FIREWALL can now:
• Log the attempt
• Alert the admin
• Harden the firewall
• Or reset a TCP/IP connection
Sniffing Mode
1) An attacker tries to compromise a service on the protected network.
2) The Firewall identifies the attempt.
LOG
Alert
Reset
Harden
What firewall protects us What firewall protects us fromfrom
Remote loginRemote login Application backdoors Application backdoors Operating system bugs Operating system bugs Denial of service Denial of service E-mail bombsE-mail bombs VirusesViruses SPAMsSPAMs TrojansTrojans ICMP bombingICMP bombing FTP brute forceFTP brute force PhishingPhishing ……..
Popular hardware & software Popular hardware & software firewallsfirewalls
Software Firewall Hardware Firewall
Ms. ISA ServerMs. ISA Server Cisco PIXCisco PIX
Norton Internet SecurityNorton Internet Security Blue CoatBlue Coat
Mcafee Internet SecurityMcafee Internet Security CyberoamCyberoam
ZoneAlarmZoneAlarm Check PointCheck Point
KerioKerio NetScreenNetScreen
BlackICEBlackICE D-link SECURESPOTD-link SECURESPOT
OutpostOutpost WatchGuardWatchGuard
Thank You,Thank You,
References :References :
www.cisco.comwww.cisco.com www.isaserver.orgwww.isaserver.org www.wikipedia.comwww.wikipedia.com www.cert.orgwww.cert.org www.isc.sans.orgwww.isc.sans.org www.zonelabs.comwww.zonelabs.com www.symantec.comwww.symantec.com www.mshdiau.ac.irwww.mshdiau.ac.ir Communication & Information Technology Department of Communication & Information Technology Department of
Mashhad University - IRANMashhad University - IRAN
Contact me : [email protected] me : [email protected]
http://poustchi.blogspot.comhttp://poustchi.blogspot.com