Internet & Intranet Security

Team-Fly

10.3 PROXY SERVERS

Because proxy servers run at the application layer, separate servers are usually required for each application. Commercial firewalls typically come along with proxy server support for Telnet, FTP, SMTP, HTTP, and many other TCP-based applications and application protocols. Refer to Figures 9.2 and 9.3 for illustrations of the panels that can be used to configure the various proxy servers for Netscape Navigator and Microsoft Internet Explorer. Other software packages use similar panels to configure relevant proxies.

In addition to commercial firewalls that come along with many application-level gateways and proxy servers, there are also software packages that can be used to build and customize firewall systems. For example, in the early 1990s, Trusted Information Systems, Inc.,[3] developed an Internet Firewall Toolkit (FWTK) that is widely used and deployed on the Internet [7]. Because the TIS FWTK is written in the C programming language it should, with some effort at portability, run on most versions of the UNIX operating system. It is important to note that the TIS FWTK does not constitute a turnkey firewall solution, but rather provides the components from which an application-level gateway can be assembled and built. Components of the FWTK, while designed to work together, also can be used in isolation or can be combined with other firewall software components. The TIS FWTK provides proxy servers for most TCP-based applications in use today, such as Telnet, Rlogin, FTP, HTTP, Gopher, SMTP, NNTP, and X11. Also, the toolkit provides an authentication server that all proxy servers can use. The authentication server, in turn, supports many authentication mechanisms, ranging from simple passwords to one-time passwords and challenge-response mechanisms (e.g., S/Key, SecureNet Key, and SecurID). Also, the toolkit supports several firewall configurations, including dual-homed firewalls, screened host firewalls, and screened subnet firewalls.

The TIS FWTK software was officially released in October 1993. It is publicly and freely available but is copyrighted and must be licensed for commercial use.[4] Much of the functionality of the commercial Gauntlet Firewall from Network Associates, Inc., is built on top of the FWTK.

[3]As mentioned in Chapter 7, Trusted Information Systems, Inc., was acquired by Network Associates, Inc.

[4]Refer to the README file found at ftp://ftp.tis.com/pub/firewalls/toolkit/.


Team-Fly

Категории