Scribd
Upload
26 views10 pages

Lab 10

This document outlines a lab focused on network security through the use of proxy servers, specifically detailing the installation and configuration of a Squid HTTP Proxy Server on Linux. It includes instructions for setting up the lab environment, configuring the proxy server, and implementing URL filtering techniques such as blacklisting. The lab aims to provide hands-on experience with proxy server functionalities and their applications in managing web traffic and security.

Uploaded by

treekengmanow
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
26 views10 pages

Lab 10

This document outlines a lab focused on network security through the use of proxy servers, specifically detailing the installation and configuration of a Squid HTTP Proxy Server on Linux. It includes instructions for setting up the lab environment, configuring the proxy server, and implementing URL filtering techniques such as blacklisting. The lab aims to provide hands-on experience with proxy server functionalities and their applications in managing web traffic and security.

Uploaded by

treekengmanow
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 10

Lab 10: Network Security – Proxy Servers

Rich Macfarlane 2013

9.1 Details
Aim: The aim of this lab is to investigate proxy servers, including the installation and
configuration of a HTTP Proxy Server on Linux.

9.2 Overview – Proxy Servers


Proxy servers are typically used for proxying outbound traffic, originating within the
internal local network (also known as reverse proxies). Web proxy servers are commonly
used for caching of web pages, black and white list URL filtering, and filtering of malicious
software in the return traffic. Black list URL filtering simply blocks access to a black list of
URLs (an open security stance), whereas white list filtering only allows access to a specified
list of URLs (a closed security stance).
Web
Server Untrusted
Internet

Bobs Ilusion

Trusted, Internal
Network
Actual
Connection

Policy
Actual violations,
Bob
Connection Active
content –
HTTP Web ActiveX,
Proxy JavaScript
Proxy Server Server
Policy
violations,
Blacklist
URLs

9.3 Lab Setup


The lab can be done on two standalone machines, or two VMs, or a combination.
In the lab architecture shown in the figure below, we will set up the proxy on an Ubuntu
machine PROXY, and the internal host machine will be another Linux VM HOST.

e-Security Network Security –Rich Macfarlane 1


Host PC

DESKTOP
Host OS - Windows7
VM Workstation

Host OS Virtual NIC VMnet VM Workstation


192.168. .1 Virtual Switch

Virtual NIC
192.168.
VMNet Gateway
Physical NIC 192.168. .2 VM Workstation
146.176. HOST machine

Virtual NIC Proxy Server Proxy


192.168. Server

PROXY
Linux VM

From VM Workstation open the two VMs, run command windows, and complete the lab IP
Addressing diagram above, using the ipconfig or ifconfig commands.

9.4 Activities
9.2.1 Host Web Client
From HOST test that the networking and web connection is working. Using a command
shell check you have connectivity to the Internet.

From a browser check you can access webpages on the Internet.

e-Security Network Security –Rich Macfarlane 2


9.2.2 Squid Proxy Server
Squid is a free web proxy caching server serer which provides proxy and cache services for
Web (HTTP), FTP, and other popular network protocols.

Install Proxy Server


On PROXY install the squid proxy software with a command such as the following:
apt-get install squid

Configure Proxy Server


Squid is configured by editing the the /etc/squid/squid.conf configuration file. It’s a
good idea to make a copy for reference, and which can be roll backed to.

From PROXY make a backup of the squid.config, such as:


cd /etc/squid
sudo cp squid.conf squid.conf.OLD
sudo chmod 400 squid.conf.OLD
ls –l

Edit the squid.config file using vi or gedit, with sudo as root owns the file.
sudo vi squid.conf

This file is rather large, but only a few changes are needed to configure a basic HTTP proxy.
In vi, to check where you are in the file you can use CTRL+G, as shown below. In vi CTRL+F
and CTRL+B can be used to page forward and back.

e-Security Network Security –Rich Macfarlane 3


In vi the { and } characters (SHIFT+[ and SHIFT+]) can be used to move to the next/previous
blank line. This is useful in these types of configuration files as the sections tend to be
divided by a single blank line. Try using } several times and you should move between
sections.

Allow Access to Our Host Machines


To configure the internal host machines that the proxy server will allow access to the
Internet, we need to amend the the acl section.

The sections of this configuration file are in the format TAG: sectionname. In vi the search
command /TAG: acl command can be used.

In the acl section add a rule to allow access from our internal network of hosts, with a rule
such as the following: (using your internal virtual network range)
acl localnet src 192.168.80.0/24

To allow web traffic proxying from our localnet hosts, we need to add a rule for that to
the http_access section. Find this section in the file:

e-Security Network Security –Rich Macfarlane 4


To allow web traffic proxying from our localnet hosts, we need to add a rule such as:
http_access allow localnet

It’s a good idea to give the proxy a unique name, so if there are any problems, we can
identify the proxy (youmay have many proxies). This is done in the visible_hostname
section, with a command such as:
visible_hostname proxy_1

To check which port the proxy server is listening on by default search for the http_port
section of the configuration file.

e-Security Network Security –Rich Macfarlane 5


Questions

Q: Which port is squid proxy running on by default?

Change the http_port setting to something different from the default:


http_port 8888

Save and exit the configuration file. This can be done with the :wq command in vi.

The squid proxy should be running straight from the installation. Use netstat to check if it I
srunning:

Questions

Q: Which port is it running on?

Configure HOST to Use the Proxy Server


From the HOST machine, set it to use the Proxy Server for Internet access, rather than
directly.

From the Firefox browser we can set up the machine to sue the Proxy server. Run Firefox
and From the Preferences dialog select the Advanced tab.

e-Security Network Security –Rich Macfarlane 6


Click Settings button, and configure to send web traffic to the Proxy server (to its default
port), such as:

Test Proxy
From HOST, using Firefox, try to access an Internet server such as www.google.com.

e-Security Network Security –Rich Macfarlane 7


Questions

Q: Can the HOST machine successfully access the web server?

You should get an error, as the Proxy Server still has default configurations set.

From PROXY, restart the Squid proxy server using:


sudo service squid3 restart

Use netstat to check if the proxy server is running:

Questions

Q: Which port is it running on now?

From the HOST machine, from Firefox configure the new port number for the proxy.

Test Proxy
From HOST, using Firefox, try to access an Internet server such as www.google.com.

Questions

Q: Can the HOST machine successfully access the web server?

e-Security Network Security –Rich Macfarlane 8


Your web access should now work, but via the Proxy Server.

Questions

Q: What is the downside to having to configure the host machines like this?

Q: How might this be avoided?

Blacklist Webpages/Sites
To blacklist webpages we can add rules to the http proxy.

One of the most common reasons for using a http proxy server is to block access to certain
websites. This may be to enforce policy such as to prevent employees watching YouTube
videos or chatting on Facebook instead of working. It may also be a safeguard against
liability issues in cases of illegal activities by employees, such as watching pornography on
the corporate network.

There are various ways to blacklist specific sites or domains by configuration in squid.conf.
A good way is to create a black list of blocked domain names in a separate file of patterns to
match against and point to it from squid.conf using these two config lines:

acl blacklist_name url_regex blacklist_filename


http_access deny blacklist_name

For example, we may want to use the label "blacklist" to refer to the access control list rule
that we are creating, and we may want to use the name "blacklist_URLs" for the file that will
contain the banned domain names, using:
e-Security Network Security –Rich Macfarlane 9
acl blacklist url_regex "/etc/squid/blacklist_URLs"
http_access deny blacklist

If we want to block access to Facebook add the following pattern to the blacklist_URL file:

.facebook.com

This would match any domain name containing these strings, such as "www.facebook.com"
or "facebook.com/login.php."

Make sure to start domain name patterns with a dot if you want to block all sub-domains
belonging to that domain. For instance, ".youtube.com" will block "www.youtube.com"
while "youtube.com" will only block "youtube.com" and no sub-domains of it.

Try adding this URL facebook filter to your Proxy server. (Remember to restart the quid
server)

Questions

Q: Is the host now blocked from facebook related URLs?

The following patterns could be used to block any URLs with the strings "hacking", "porn"
or in them:

hacking
porn

Try accessing a hacking site such as http://www.hackthissite.org/

Questions

Q: Is the site blocked?

Q: What is blocked the site?

Try blocking some sites (which you have access to already) from your own Proxy server
using string patterns. Try asecuritysite.com and some general sites such as all bbc related
sites.

e-Security Network Security –Rich Macfarlane 10

You might also like