Windows NT Proxy Server gives you an extra
measure of security when you connect your network to the Internet
The direct route to the Internet might not be the safest. A proxy server can
give you an extra measure of security as you provide access to TCP/IP networks
such as the Internet. Microsoft's Proxy Server lets you connect to the Internet
but keep workstation addresses anonymous. Without a workstation address, an
intruder doesn't know where to attack. (Mark Joseph Edwards explains proxy
servers in "Microsoft's Internet Access Server," September 1966, and "Configuring
Microsoft's Internet Access Server," October 1996.)
To connect network workstations to the Internet through Microsoft's Proxy
Server, you need a server running Windows NT Server and the latest version of
Internet Information Server (IIS), and a communications link to your local
Internet Service Provider (ISP). I used an Integrated Services Digital Network
(ISDN) line and for communication support, a U.S. Robotics internal Courier
I-Modem. The I-Modem is an ISDN terminal adapter that looks and acts like a
modem with respect to the server, so the procedures outlined here are identical
for any modem.
Proxy Server provides two kinds of services, Web proxy server and a Winsock
proxy server. You can use one or both. Both services can use dynamic
connections, and both can operate at the same time using the same connection.
The Web proxy server works with any client that supports a Web proxy
server. For example, a Macintosh running Netscape Navigator can use the Web
proxy server to access a Web server on the Internet. The Web proxy server works
with a Web browser and assumes a TCP/IP connection between the workstation and
the NT Server's IIS Web server. Most Web browsers, such as Microsoft's Internet
Explorer (IE) and Netscape Navigator, support Web proxy servers. To conFigure
the proxy server settings in IE, select the Connection tab from the View,
Options menu. The Web proxy server supports only a few Internet protocols, such
as Web access and FTP support. You can't use the Web proxy server for Internet
applications such as videophones or to pick up email.
The Winsock proxy server uses a special version of the Winsock DLL on each
workstation that uses the server. The ordinary Winsock DLL accesses the network
directly and provides access to the Web server on the network. In contrast, the
proxy Winsock DLL connects to the Winsock proxy server, which redirects any
requests to the appropriate server. The proxy server can access local or remote
servers. The workstation Winsock DLL can communicate with the proxy server using
IPX, NetBIOS, or TCP/IP protocol, whereas the Web proxy server uses TCP/IP to
access the requested server.
The Winsock proxy server works with any Winsock application to let the
application use any higher level protocol, such as Post Office Protocol (POP) 3
email services and videoconferencing support. Of course, you need the
appropriate application. The Winsock proxy server provides transparent access to
any TCP/IP service, including email, but you must have matching Winsock support
on the client. Currently, only Windows 3.x, Windows 95, and NT have Winsock
support. I will describe how to install and conFigure both the Web proxy server
and the Winsock proxy server, and the Winsock client.
Although I will discuss here only Microsoft's Proxy Server, it is not the
only proxy server you can get. Other options are dedicated hardware units, such
as Bay Networks Instant Internet, and software solutions, such as Virtual
Motion's Internet LanBridge.
Installing the Hardware
The U.S. Robotics Courier I-Modem I used is an internal 16-bit ISA ISDN
terminal adapter. I followed U.S. Robotics' instructions for installing the
adapter and conFigured the adapter to appear as COM2. You use U.S. Robotics'
DOS-based application to conFigure the ISDN and to set the ISDN Service Profile
Identifier (SPID) numbers. You also need to set the type of ISDN switch your
telephone company provides. Telephone company installers provide this
information when they install the ISDN line.
The next step is to conFigure NT to use the modem. First, add the modem (in
this case, the I-Modem). You need the configuration floppy supplied with the
modem. Second, install the NT Remote Access Service (RAS). From Control Panel,
Network; choose the Services tab, then Remote Access Service. In the Remote
Access Setup dialog box, Click Add. Select the modem from the RAS Capable
Devices list on the Add RAS Device dialog, and conFigure it as Dial out only,
as you see in Screen 1. The protocol you select depends on the kind of
connection you need, TCP/IP in this case. Choose dynamic IP or fixed IP address
according to the type of service your ISP provides.
Close down the network configuration and restart NT Server. You can now use
the NT dial-up networking support to test the modem. In Programs, Accessories,
Dial-Up Networking, create a new phone book entry. Your ISP supplies the
telephone number for its new phone book entry and related information, including
the name and password you need to make the connection. Select More, and
be sure that the idle time settings in User preferences and Logon preferences
are set to the same value; 300 seconds is a good starting point to avoid
excessive connect time.
Previous
Register
