Proxy Server enhances the security of an organization by isolating the private network from the Internet and by acting as an intermediary in the exchange of traffic between the Internet and the private network. With the private network isolated, you can reduce the number of required public addresses by selecting a private addressing scheme. Proxy Server 2.0 acts in a similar fashion as the NAT server, and can translate your internal network's private IP addresses to make Internet access available. Throughout the module, Proxy Server with initial capitalization is used to indicate the Microsoft® Proxy Server 2.0 product. When proxy server appears without initial capitalization, it indicates a computer that is providing proxy services.
Restricting Internet and private Network Traffic
Proxy Server allows you to restrict the traffic between the Internet and private network so that you can limit the access of private network users to Internet-based resources, and limit Internet user access to private, network-based resources. You can restrict access to Internet resources based on many more parameters than are available with NAT servers.
The following Slide Show illustrates the ways in which Proxy Server can restrict the traffic between the Internet and the private network.
Proxy server allows you to restrict the traffic between the internet and the private network in four ways.
Second, you can establish filters that forward or block Internet Protocol packets based on the IP address and protocol numbers.
Third, you can intercept inbound Uniform Resource Locator requests and determine whether the requests must be forwarded to a private network resource.
You can use screened subnets to provide the required level of network security.
Restricting Internet and private network traffic
Many network administrators only want to protect private network resources from external attacks when assessing security threats.
The landscape of today is littered with threats that have their origins in malware-infected endpoints.
Attackers can use these to collect and forward sensitive information from your network, to attack or spam other networks.
Companies large and small are better served when network administrators are concerned with threats that are associated with connections that leaving from the
intranet.
Caching FTP and HTTP requests
Proxy Server intercepts (FTP) File Transfer Protocol and (HTTP) Hypertext Transfer Protocol Internet requests for Web objects and saves
the retrieved Web objects in alocal disk-based cache. When private network users request Internet-based resources,
Proxy Server checks the local cache to see if the request is stored there. If the request is found in the local cache, the Web object is retrieved from the local cache and no Internet request is necessary. The Web-caching services can significantly reduce the number of requests that are sent over the Internet. This has the potential to reduce costs if you pay for Internet connections based on network usage, and it also improves perceived performance for the end-user.
Integrating Proxy Server into existing networks
If integrated into existing networks, Proxy Server provides the advantages detailed in the following figure.
Winsock is a programming interface and the supporting program that handles input/output requests for Internet applications in a Windows operating system. It is called Winsock because it's an adaptation for Windows of the Berkeley UNIX sockets interface.
Active Directory (AD) is a directory service that Microsoft developed for Windows domain networks. It is included in most Windows Server operating systems as a set of processes and services. Initially, Active Directory was only in charge of centralized domain management.
IPX/SPX stands for Internetwork Packet Exchange/Sequenced Packet Exchange. IPX and SPX are networking protocols used primarily on networks using the Novell NetWare operating systems.
Integrating Proxy Server into existing Networks
It supports IP and Internetwork Packet Exchange/ Sequenced Package Exchange. (IPX/SPX) protocols on private networks so that IP and IPX /SPX based clients can access the Internet through Proxy Server. In order to use IPX on your internal network, the Proxy Server 2.0 clients will need to have the WinSock client software installed. The Web Proxy and SOCKS proxy services do not support IPX.
It supports integration with the Active Directory directory service accounts in Windows 2000 to provide single logon access for users on Windows-based computers. Access controls can be configured based on user account or security group membership, because Proxy Server 2.0 can be integrated with the Active Directory security provider.
It supports both Windows Sockets (WinSock) and non-WinSock clients on a variety of client operating systems. Microsoft operating systems use the WinSock interface to access internet resources. Network-aware programs used to acces the Internet and written for Microsoft operating systems will typically use the WinSock interface. You can use these programs with the Proxy server by taking advantage of the WinSock Proxy Server and client components.
Connectivity Proxy Server - Quiz
Click the Quiz link below to review the Internet connectivity needs addressed by Proxy Server. Connectivity Proxy Server - Quiz
In the next lesson, you will be introduced to the factors that determine whether a Proxy Server solution is an appropriate solution for Internet connectivity.