Internet Connectivity  «Prev  Next»

Lesson 2Features of Proxy Server
ObjectiveDefine the features of Proxy Server

Features of Proxy Server

Proxy Server enhances the security of an organization by isolating the private network from the Internet and by acting as an intermediary in the exchange of traffic between the Internet and the private network. With the private network isolated, you can reduce the number of required public addresses by selecting a private addressing scheme. Proxy Server 2.0 acts in a similar fashion as the NAT server, and can translate your internal network's private IP addresses to make Internet access available. Throughout the module, Proxy Server with initial capitalization is used to indicate the Microsoft® Proxy Server 2.0 product. When proxy server appears without initial capitalization, it indicates a computer that is providing proxy services.

Restricting Internet and private Network Traffic

Proxy Server allows you to restrict the traffic between the Internet and private network so that you can limit the access of private network users to Internet-based resources, and limit Internet user access to private, network-based resources. You can restrict access to Internet resources based on many more parameters than are available with NAT servers.
The following Slide Show illustrates the ways in which Proxy Server can restrict the traffic between the Internet and the private network.
1) Proxy server allows you to restrict the traffic between the internet and the private network in four ways. First, you can choose to grant Internet access only to authorized users.
1) Proxy server allows you to restrict the traffic between the internet and the private network in four ways. First, you can choose to grant Internet access only to authorized users.

2) Second, you can establish filters that forward or block Internet Protocol packets based on the IP address and protocol numbers. Proxy Server 2.0 allows packet filtering similar to that used with NAT and RRAS servers
2) Second, you can establish filters that forward or block Internet Protocol packets based on the IP address and protocol numbers. Proxy Server 2.0 allows packet filtering similar to that used with NAT and RRAS servers.

3) Third, you can intercept inbound Uniform Resource Locator requests and determine whether the requests must be forwarded to a private network resource.
3) Third, you can intercept inbound Uniform Resource Locator requests and determine whether the requests must be forwarded to a private network resource.

4) You can use screened subnets to provide the required level of network security. A screened subnet is a DMZ and is typically placed between the private network and the internet.
4) You can use screened subnets to provide the required level of network security. A screened subnet is a DMZ and is typically placed between the private network and the internet.

  1. Proxy server allows you to restrict the traffic between the internet and the private network in four ways.
  2. Second, you can establish filters that forward or block Internet Protocol packets based on the IP address and protocol numbers.
  3. Third, you can intercept inbound Uniform Resource Locator requests and determine whether the requests must be forwarded to a private network resource.
  4. You can use screened subnets to provide the required level of network security.

Restricting Internet and private network traffic

Many network administrators only want to protect private network resources from external attacks when assessing security threats. The landscape of today is littered with threats that have their origins in malware-infected endpoints. Attackers can use these to collect and forward sensitive information from your network, to attack or spam other networks. Companies large and small are better served when network administrators are concerned with threats that are associated with connections that leaving from the intranet.

Caching FTP and HTTP requests

Proxy Server intercepts (FTP) File Transfer Protocol and (HTTP) Hypertext Transfer Protocol Internet requests for Web objects and saves the retrieved Web objects in alocal disk-based cache. When private network users request Internet-based resources, Proxy Server checks the local cache to see if the request is stored there. If the request is found in the local cache, the Web object is retrieved from the local cache and no Internet request is necessary. The Web-caching services can significantly reduce the number of requests that are sent over the Internet. This has the potential to reduce costs if you pay for Internet connections based on network usage, and it also improves perceived performance for the end-user.

Integrating Proxy Server into existing networks

If integrated into existing networks, Proxy Server provides the advantages detailed in the following figure.
Winsock - Active Directory - IPX/SPX
  1. Winsock is a programming interface and the supporting program that handles input/output requests for Internet applications in a Windows operating system. It is called Winsock because it's an adaptation for Windows of the Berkeley UNIX sockets interface.
  2. Active Directory (AD) is a directory service that Microsoft developed for Windows domain networks. It is included in most Windows Server operating systems as a set of processes and services. Initially, Active Directory was only in charge of centralized domain management.
  3. IPX/SPX stands for Internetwork Packet Exchange/Sequenced Packet Exchange. IPX and SPX are networking protocols used primarily on networks using the Novell NetWare operating systems.

Integrating Proxy Server into existing Networks

WinSock, Active Directory, IPX/SPX

  1. It supports IP and Internetwork Packet Exchange/ Sequenced Package Exchange.
    (IPX/SPX) protocols on private networks so that IP and IPX /SPX based clients can access the Internet through Proxy Server.
    In order to use IPX on your internal network, the Proxy Server 2.0 clients will need to have the WinSock client software installed.
    The Web Proxy and SOCKS proxy services do not support IPX.
  2. It supports integration with the Active Directory directory service accounts in Windows 2000 to provide single logon access for users on Windows-based computers. Access controls can be configured based on user account or security group membership, because Proxy Server 2.0 can be integrated with the Active Directory security provider.
  3. It supports both Windows Sockets (WinSock) and non-WinSock clients on a variety of client operating systems.
    Microsoft operating systems use the WinSock interface to access internet resources.
    Network-aware programs used to acces the Internet and written for Microsoft operating systems will typically use the WinSock interface.
    You can use these programs with the Proxy server by taking advantage of the WinSock Proxy Server and client components.


Connectivity Proxy Server - Quiz

Click the Quiz link below to review the Internet connectivity needs addressed by Proxy Server.
Connectivity Proxy Server - Quiz
In the next lesson, you will be introduced to the factors that determine whether a Proxy Server solution is an appropriate solution for Internet connectivity.

Network Address Translation