|
2-10
Chapter 2
Planning a TCP/IP Network Infrastructure
interface like the one shown in Figure 2-2. At one time, the need to
configure individ-
ual clients was the primary drawback of proxy servers, but some client
applications can
now detect the presence of a proxy server on the network and configure
themselves to
use the server automatically.
F02pm02
Figure 2-2 The Internet Explorer proxy server configuration interface
Proxy servers also differ from NAT routers in that they enable the network
administra-
tor to exercise more control over users’ access to the Internet. For
example, adminis-
trators running a proxy server that gives clients access to Internet Web
servers can, in
most cases, create a list of specific Web sites that users are not permitted
to access, as
well as restrict times that users are permitted to access the Web. Proxy
servers can also
log users’ activity, enabling administrators to examine users’ access
patterns and main-
tain a record of specific Internet activities. In addition, proxy servers
are usually able to
cache information from frequently visited sites. When a user requests a Web
page that
the proxy server has recently downloaded for another user, the server can
send a reply
to the client immediately using cached information. This speeds up the
user’s response
time and reduces traffic on the network’s Internet connection.
Proxy servers provide client computers with the same degree of security as
NAT rout-
ers. Because only the proxy server communicates directly with the Internet,
the actual
clients on the unregistered network remain invisible to potential intruders.
However,
despite the protection that both NAT and proxy servers provide for
unregistered com-
puters on a private network, they cannot always overcome the
shortsightedness of the
network’s users. As mentioned earlier, there is no way for an Internet
predator to
access a computer on an unregistered network directly, because with NAT and
proxy
servers, the client must initiate communications. However, if the client
computer does
initiate communications with the wrong computers on the Internet (whether
intention-
ally or not), it is vulnerable to all kinds of attacks.
|
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)