Windows strengths and weaknesses The overwhelming majority of computers, both personal and corporate, the use of Microsoft Windows, which has included Internet access well over a decade and, as Windows has become more complex, so has its software for Internet connection. Windows 98 Second Edition introduced Internet Connection Sharing (ICS) group to provide Internet access from a local network. More complexities were added to the outbreak of Routing and Remote Access Service, in 2000 Widows Server with its Network Address Translation (NAT) functions.
It took some time before experts noted that ICS has specific shortcomings. ICS changes network card addresses, which can cause problems on intranets. Because of this, ICS can only be used in small offices or home networks and even then, the office of the ICS networks is not recommended, because there is no user with authorization or validation of the ICS. Even using it on a home network is any connection to the Internet unsafe, because it is so easy for criminals to gain access to their computers by falsifying where they are from (their IP addresses and MAC). Help is needed
Some Windows can organize Internet sharing, but security has never been a strong point. In practice, whether hardware or software solutions from other companies are generally purchased to provide security solutions needed. One of the most important of these is UserGate proxy Server.
UserGate Proxy Server local network offers users a secure Internet access by setting policies of access, including prohibiting Internet resources, and limit the traffic or the working time of the Internet user. Additionally, UserGate can keep traffic separate calculations of users and protocols, which greatly simplifies cost control Internet traffic. Lately, among Internet Service Provider (ISP) has been a tendency to limit traffic and to this end, UserGate Proxy Server provides a very flexible system of rules.
UserGate Proxy Server with support NAT works on Windows 2000/2003/XP with the Internet (using the standard TCP / IP protocols). UserGate can also work with Windows 98 and Windows NT 4.0, but without support NAT. UserGate not require any special facilities for its operation, it simply needs a relatively small amount of hard disk for your cache and log files. UserGate can also be installed on a computer dedicated to maximize its network of servers resources.
Proxy Your browser (whether it is Internet Explorer, Firefox, Safari, Netscape, Opera or Mozilla for the most popular name) is already capable of documents cache. However, there is significant disk space set aside for such purposes if the Internet connection is shared by an entire office. The reason for this is that the likelihood of a person visiting the same Web pages is much less than if tens or hundreds of people are sharing the connection. Creating a hideout for a joint venture of banda can greatly reduce waste and make almost instantaneous the receipt of documents that are commonly accessed by employees. UserGate proxy server can also link with the outside cascade proxy servers (of your Internet Service Provider) to increase the speed of receiving data and reduce their Internet bill (a provider of traffic costs are generally less when using a proxy server).
Program Setting the cache configuration settings is made from the & 39;Services& 39; page. The first step is to allow the cache, then you can set its separate options, which include cache POST requests, dynamic objects, cookies, FTP and content. You can also set the cache size of the disk into space and time-to-live cache documents.
Other options also should be fixed before you can begin working with the program. As a rule, this task is completed in the following order:
1. Create users of program.
2. Set DNS and NAT UserGate on the server. At this stage you can configure NAT using wizard.
3. Set parameters of the various protocols (HTTP, FTP, SOCKS), the intranet interface on which must be heard, and will be done in cascade. All these can be fixed in their respective service settings.
4 pages. Set up the network connection to each client computer, including gateway and DNS on TCP / IP in network connection properties, which must be set.
5. Create an Internet access policy.
Modules to make things easier To make the program more user friendly, we are divided into several modules:
The Server module is launched into a computer that has Internet access. This module monitors the implementation of all tasks.
UserGate administration is performed using a special module: UserGate Administrator, which handles all servers settings.
UserGate Authentication Client is a client application installed on each user& 39;s computer. This module monitors and controls the authorization for the user UserGate server, if you choose an independent authorization of IP + IP or MAC.
Security Permissions UserGate Proxy Server and locks out unauthorized access. Each user can be authorized by its IP address automatically by itself or by a right combination of IP and hardware (MAC) address. Each user can be assigned specific permissions
To make it easy to quickly add users and assign the same permissions similar to a group of users is a separate page for the management of users and groups. Groups make it easier to manage users should have common definitions, including network access and tariffs. You can create as many groups as you need. The groups are usually created based on the company structure and hierarchy.
Each group may be given its own rate which is used to manage Internet access costs. The rate may be defined by default or vacuum, in which case the connections of all users in a group are not paid unless a different rate is set at a user& 39;s own properties.
There are a set of rules provided in standard NAT program. These rules are access via Telnet, POP3, SMTP, HTTP, ICQ and other protocols. While setting group properties you can identify what rules will apply to the group and its users.
A dial on demand option can be used when a connection to the Internet through a modem. In this case, the modem dials up the connection only when it is requested. Dial-demand can also be used in ADSL in order to get connected to the Internet provider that is necessary to book a VPN connection. In this case, the VPN connection can be defined as the marking demand.
If a computer with UserGate is a field in Active Directory, users can be imported into the then divided into groups that need access similar rights: type of permit fee, the rules NAT (if group rules do not fully meet the needs of the user).
Authorization Types and Rules UserGate Proxy Server supports various types of authorization, including the authorization through Active Directory and the Windows login, to integrate existing network UserGate in infrastructures.
UserGate uses its own client authentication module for some types of authorisation. Depending on the type of commitment you choose, you must enter a user options, or the user& 39;s IP address (or range of IP addresses), assign a login (user name and password) or allocate only a username. If you want to send to a user, reports of Internet traffic, its use you can enter the user& 39;s e-mail here.
UserGate rules can be configured more flexibly than RRAS Remote Access Policy. Using rules you can block access to specific URLs, limiting the traffic in certain protocols, set deadlines, set a maximum size of file that a user can download, so Windows does not offer the functionality required to fulfill these tasks can be created with .
Rules the help of assistant provided. Each state has conditions and implementation of an object that is executed when one or more conditions are met. For example, a close, to a rate or speed, so conditions include protocols used, working hours, a limit of the user traffic (incoming and outgoing), the money remaining in mind, and IP address and list URL list. Settings also allow the specification of any file extensions that users can not download.
In a number of organizations the use of instant messengers such as ICQ, is prohibited. This is easy with UserGate. ICQ you simply prohibit the creation of a rule, locking out any link with the host " login.icq.com * * & 39; and apply it to all users.
UserGate Proxy Server provides rules to allow variable rates by day or night time access, local or common resources (whether these variations are offered by your Internet provider). For example, for alternating between day and night rates are established two rules: one that runs at a fixed time to change from day to night rate and the other that changes back to the days rate.
DNS and NAT settings DNS (Domain Name System) is what is used on the Internet so you do not have to remember a site of numbers (his true Internet address), such as 53.128.182.67), but instead you can just remember his name, as www.famatech.com. One of the parties to control the Internet is the DNS DNS server, which is a computer (there are many DNS servers) on the Internet that translates the names of the sites to their numbers, so when your browser to vai www.famatech. com.br, the DNS server knows the correct IP number to send the request browser to.
The DNS configuration in UserGate Proxy Server is simply the local (IP addresses) of one or two of DNS servers (the closest is the DNS server to your ISP & 39; S physical location, usually the best), where each customer& 39;s DNS requests will be sent to Others It is necessary to indicate the IP address in its network interface, UserGate Proxy Server as the gateway and DNS, on TCP / IP properties of each user of the network of liaison with their local computer.
There is another way to define the DNS. You can add a new rule NTA, in which the receiver IP (the interface internal) and the sender IP (the external interface) are set to port 53 and for the UDP protocol. If you use this method, this rule should apply to all users. For the settings of each local computer, the IP address of the DNS servers of the ISP has to be defined as the DNS and IP address of UserGate proxy server set as the gateway in each location computer.
Mail customers may be defined by either port mapping or through the NTA. If instant messaging is allowed to be used in the organization, the network settings must be changed for them: both user firewall and proxy, the IP address of the network interface internal UserGate Proxy Server must be reported and the HTTPS protocol or needs SOCKS be selected. If you use Yahoo Messenger, you must keep in mind that when you work through a proxy server, the chat rooms of Yahoo and video chats are unavailable.
Statistics for each user are recorded in a log. These include data on the time began each route, duration, cost, URLs visited and the IP, the number of bytes sent and received bytes. It is impossible to annul or falsify the record of any information about this user connections in the statistics of the Proxy Server UserGate file. The statistics can be viewed from the Server Manager or from a particular module Statistics. Statistics data can be filtered by the user, protocol and period, and those statistics can be exported to Microsoft Excel for new versions of processing.
The early UserGate proxy cache server only HTTP (Web) pages. The latest version introduced new elements to ensure the security of information. UserGate Now users can take advantage of Kaspersky Antivirus and firewall built modules. The firewall can control (allow or block) specific TCP ports and can also publish a company& 39;s resources on the Internet. UserGate Proxy Server processes all packages received from the network. Each door that is open on the program, for example, HTTP, SOCKS and others, or are selected by the administrator or can be opened in the firewall automatically. You can see what doors are open in self rules on the table Firewall Rules page.
Future development plans UserGate Proxy Server include creation of its own VPN server-so you have an alternative solution for VPN that offered by Windows-an introduction of a mail server that has its own antispam and support the development of an intelligent firewall at the application level.
Bookmark it:
No comments:
Post a Comment