Internet Connectivity  «Prev  Next»

Lesson 7Integrating Proxy Server into the Existing Network
ObjectiveDescribe how to select the Proxy Server interface characteristics that affect the integration of the Proxy Server into the network.

Integrating Proxy Server into the Existing Network

Depending on the size of the network, your network design can include a number of proxy servers. Each proxy server in the network design must have at least one interface. Specify one interface in the proxy server if the design requires only Proxy Server caching or if Proxy Server provides IPX to Transmission Control Protocol/Internet Protocol (TCP/IP) translation. This single-homed Proxy Server is contained entirely within the private network.
  • Selecting the Interface Address and Subnet Mask
    When selecting the proxy server interface address and subnet mask, remember that:
    1. Each proxy server interface requires an IP address and subnet mask. This includes proxy servers that are accepting requests from internal network clients that are using IPX/SPX.
    2. The IP address assigned to the proxy server interface must be within the range of addresses that are assigned to the network segment that is directly connected to the interface. That is to say, the proxy server interface must be on the same subnet as the machines with which it needs to communicate directly.
    3. The subnet mask assigned to the proxy server interface must match the subnet mask that is assigned to the network segment that is directly connected to the interface.

Selecting the Interface data rate and the Persistence

Each proxy server interface connects to a private or public network segment. These network segments can be persistent or nonpersistent. The data rates for these network segments can vary considerably. You must specify the data rate and persistence for proxy server interfaces so that the proxy server can connect to private and public network segments. The following MouseOver discusses the interface characteristics for private and public network segments.
Internet Characteristics
Internet Characteristics

Private Network Segments Characteristics

A public network segment is a network that is directly accessible from the public internet, and is typically used to provide internet connectivity for end-users or to host publicly accessible services. Public network segments have several characteristics that distinguish them from private networks:
  1. Public IP addresses: Public network segments typically use IP addresses that are globally routable and accessible from the public internet. Public IP addresses are assigned by Internet Service Providers (ISPs) or other organizations that manage the allocation of IP addresses.
  2. Unrestricted access: Public network segments are generally accessible to anyone on the internet, without requiring any special permissions or credentials. This makes them convenient for hosting public services such as websites or email servers, but also makes them vulnerable to attacks and security breaches.
  3. High bandwidth: Public network segments typically have high bandwidth to accommodate the large volume of traffic generated by internet users accessing public services or content. This requires robust network infrastructure, including high-speed routers, switches, and other networking devices.
  4. Firewall protection: Public network segments may be protected by firewalls and other security measures to restrict access to sensitive data or services, and to prevent unauthorized access or attacks.
  5. Internet connectivity: Public network segments are connected to the public internet, which provides access to a wide range of online resources and services. This requires robust connectivity, including multiple redundant connections to ensure high availability and reliability.
In summary, public network segments are characterized by their use of globally routable IP addresses, unrestricted access, high bandwidth, firewall protection, and internet connectivity. These characteristics make public network segments ideal for hosting publicly accessible services and content, but also require robust security measures to protect against attacks and security breaches.
  • Data Transfer Rate for a modern LAN?
    Modern Local Area Networks (LANs) typically have data transfer rates ranging from **1 Gbps** (Gigabit per second) to **10 Gbps** for standard setups, with "1 Gbps" being the common baseline for most enterprise and home networks. Advanced LANs in data centers or high-performance environments can support even faster rates, such as 40 Gbps or 100 Gbps with specialized hardware.
    • 1 Gbps (1000 Mbps): Standard speed for most home and office LANs, often sufficient for typical network demands.
    • 2.5 Gbps and 5 Gbps: Intermediate speeds, gaining popularity as upgrades from 1 Gbps in high-demand settings.
    • 10 Gbps: Common in enterprise LANs and data centers, supporting high-speed data transfer for bandwidth-intensive applications .
    • 40 Gbps and 100 Gbps: Used in high-performance and specialized environments, such as data centers and research facilities, where very large data sets and high-speed connections are necessary.

    For most environments, 1 Gbps or 10 Gbps is ample, but demand for higher speeds is growing, driven by advances in technology and increased data consumption.

Each proxy server interface connect to either a private network or public network segment. Private network segments are based on local area network (LAN) technologies that are persistent interfaces. The data rate of the private network segment is determined by the LAN technology, such as 100 megabits per second (Mbps) data transfer rate for 100 Mbps Fast Ethernet.

Top 3 modern Network Security Technologies

Here's a description of each of these top modern network security technologies:
  1. Secure Web Gateways (SWGs)

    A Secure Web Gateway (SWG) is a security solution that protects organizations by monitoring, filtering, and securing web traffic before it reaches the internal network. SWGs are typically cloud-based, allowing them to provide consistent, scalable protection for users, whether on-premises or remote.

    • Functionality: SWGs block access to malicious websites, prevent data leakage, and enforce web filtering policies (e.g., blocking inappropriate content). They analyze web traffic for suspicious activity and can restrict certain file downloads.
    • Key Features: URL filtering, malware detection, data loss prevention (DLP), application control, and SSL decryption to inspect encrypted web traffic.
    • Benefits: They enable secure internet access by inspecting traffic in real time, reducing risks from web-based threats and helping ensure compliance with security policies.
  2. Cloud-Based Proxies

    A Cloud-Based Proxy is a proxy service hosted in the cloud rather than on local servers. It functions as an intermediary server between users and the internet, adding a layer of security and privacy. These proxies are particularly valuable in organizations adopting remote and hybrid work models.

    • Functionality: Cloud proxies intercept, filter, and secure all outbound and inbound internet traffic, providing anonymity, security, and, often, caching to optimize performance.
    • Key Features: Real-time content filtering, IP masking, monitoring and reporting, and integration with security tools like SWGs and firewalls.
    • Benefits: They offer scalability, centralized management, and reduced latency for global workforces. By being cloud-based, they adapt more easily to fluctuating workloads and don't require extensive on-premises infrastructure.
  3. Advanced VPN Configurations

    Advanced Virtual Private Networks (VPNs) offer secure, private connections over public networks with enhanced features designed for modern security needs. Unlike traditional VPNs, advanced configurations focus on scalability, integration, and enhanced encryption techniques.

    • Functionality: Advanced VPNs create secure "tunnels" for data, encrypting traffic between users and internal network resources. They are increasingly managed through the cloud, offering easier deployment and centralized control.
    • Key Features: Multi-protocol support (e.g., OpenVPN, IPsec, WireGuard), multifactor authentication, endpoint and identity verification, split tunneling, and integration with Zero Trust security models.
    • Benefits: They provide high levels of security, especially for remote and hybrid workforces. Advanced VPNs also support flexible configurations, allowing administrators to tailor access and authentication methods based on user roles and security requirements.

Each of these technologies addresses specific modern network security needs, enabling flexible, secure, and scalable solutions for a world with increasingly mobile and remote work environments.
To connect to another location across the Internet, one solution is to specify a VPN tunnel over a DSL network segment. In this case, you will need to include a LAN interface that supports the persistent DSL network segment, and a demand-dial interface to perform the authentication required by the VPN tunnel. The following paragraphs review public and private network segments.

Private versus Public - Network Segments

  1. Private network segments are based on local area network (LAN) technologies that are: persistent interface connections.
  2. Public network segments are based on: LAN and demand-dial technologies.
  3. To connect to another private network across the Internet, one solution is to specify: VPN tunnels instead of DSL network segments.
  4. Public network segments that appear as demand-dial interfaces are: nonpersistent interface connections.

  • Physical and Logical Layout Before you can successfully configure a network for DHCP, you need to know the physical and logical layout of the network.
    If you are fortunate, this information
    1. has already been recorded,
    2. is kept up-to-date, and
    3. you can actually find the necessary documentation.
    If so, immediately track down the responsible administrator to obtain this information. If you are not so fortunate, grab a pen and notepad and start walking through the network. Make note of every hub or switch and how many devices are plugged into each. Work your way toward the server closet and record the number of routers or LAN router interfaces. Find the locations of any
    1. DNS servers,
    2. WINS servers, and
    3. any other servers that may require static addresses.
    When you are finished, create a diagram of your results.
    Next, determine which IP addressing scheme, if any, is currently in use on the network and add it to your sketch. If you are responsible for creating the addressing scheme, you will most likely be using one of the private range addresses:

In the next lesson, you will learn how to identify the client requirements to be included in a Proxy Server design.

SEMrush Software 7 SEMrush Banner 7