Powered By Blogger

Friday, January 15, 2010

Proxy Server

Proxy Server

In an enterprise that uses the Internet, a proxy server is a server that acts as an intermediary between a workstation user and the Internet so that the enterprise can ensure security, administrative control, and caching service. A proxy server is associated with or part of a gateway server that separates the enterprise network from the outside network and a firewall server that protects the enterprise network from outside intrusion.




A proxy server receives a request for an Internet service (such as a Web page request) from a user. If it passes filtering requirements, the proxy server, assuming it is also a cache server , looks in its local cache of previously downloaded Web pages. If it finds the page, it returns it to the user without needing to forward the request to the Internet. If the page is not in the cache, the proxy server, acting as a client on behalf of the user, uses one of its own IP addresses to request the page from the server out on the Internet. When the page is returned, the proxy server relates it to the original request and forwards it on to the user.


To the user, the proxy server is invisible; all Internet requests and returned responses appear to be directly with the addressed Internet server. (The proxy is not quite invisible; its IP address has to be specified as a configuration option to the browser or other protocol program.





An advantage of a proxy server is that its cache can serve all users. If one or more Internet sites are frequently requested, these are likely to be in the proxy's cache, which will improve user response time. In fact, there are special servers called cache servers. A proxy can also do logging.


The functions of proxy, firewall, and caching can be in separate server programs or combined in a single package. Different server programs can be in different computers. For example, a proxy server may in the same machine with a firewall server or it may be on a separate server and forward requests through the firewall.

 A proxy server has many potential purposes, including:

* To keep machines behind it anonymous (mainly for security).[1]
* To speed up access to resources (using caching). Web proxies are commonly used to cache web pages from a web server.[2]
* To apply access policy to network services or content, e.g. to block undesired sites.
* To log / audit usage, i.e. to provide company employee Internet usage reporting.
* To bypass security/ parental controls.
* To scan transmitted content for malware before delivery.
* To scan outbound content, e.g., for data leak protection.
* To circumvent regional restrictions.

A proxy server that passes requests and replies unmodified is usually called a gateway or sometimes tunneling proxy.

A proxy server can be placed in the user's local computer or at various points between the user and the destination servers on the Internet.

A reverse proxy i
s (usually) an Internet-facing proxy used as a front-end to control and protect access to a server on a private network, commonly also performing tasks such as load-balancing, authentication, decryption or caching.

Caching proxy server
- accelerates service requests by retrieving content saved from a previous request made by the same client or even other clients. Caching proxies keep local copies of frequently requested resources, allowing large organizations to significantly reduce their upstream bandwidth usage and cost, while significantly increasing performance. Most ISPs and large businesses have a caching proxy. These machines are built to deliver superb file system performance (often with RAID and journaling) and also contain hot-rodded versions of TCP. Caching proxies were the first kind of proxy server.
Another important use of the proxy server is to reduce the hardware cost. An organization may have many systems on the same network or under control of a single server, prohibiting the possibility of an individual connection to the Internet for each system. In such a case, the individual systems can be connected to one proxy server, and the proxy server connected to the main server.

Web proxy

A proxy that focuses on World Wide Web traffic is called a "web proxy". The most common use of a web proxy is to serve as a web cache. Most proxy programs provide a means to deny access to URLs specified in a blacklist, thus providing content filtering. This is often used in a corporate, educational or library environment, and anywhere else where content filtering is desired. Some web proxies reformat web pages for a specific purpose or audience, such as for cell phones and PDAs.
.
Content-filtering web proxy

A content-filtering web proxy server provides administrative control over the content that may be relayed through the proxy. It is commonly used in both commercial and non-commercial organizations (especially schools) to ensure that Internet usage conforms to acceptable use policy. A content filtering proxy will often support user authentication, to control web access. It also usually produces logs, either to give detailed information about the URLs accessed by specific users, or to monitor bandwidth usage statistics. It may also communicate to daemon-based and/or ICAP-based antivirus software to provide security against virus and other malware by scanning incoming content in real time before it enters the network.

Anonymizing proxy server

An anonymous proxy server (sometimes called a web proxy) generally attempts to anonymize web surfing. There are different varieties of anonymizers. One of the more common variations is the open proxy. Because they are typically difficult to track, open proxies are especially useful to those seeking online anonymity, from political dissidents to computer criminals
Access control: Some proxy servers implement a logon requirement. In large organizations, authorized users must log on to gain access to the web. The organization can thereby track usage to individuals.

Hostile proxy

Proxies can also be installed in order to eavesdrop upon the dataflow between client machines and the web. All accessed pages, as well as all forms submitted, can be captured and analyzed by the proxy operator. For this reason, passwords to online services (such as webmail and banking) should always be exchanged over a cryptographically secured connection, such as SSL.

Intercepting proxy server


An intercepting proxy combines a proxy server with a gateway or router (commonly with NAT capabilities). Connections made by client browsers through the gateway are diverted to the proxy without client-side configuration (or often knowledge). Connections may also be diverted from a SOCKS server or other circuit-level proxies.

Intercepting proxies are also commonly referred to as "transparent" proxies, or "forced" proxies, presumably because the existence of the proxy is transparent to the user, or the user is forced to use the proxy regardless of local settings.

Purpose

Intercepting proxies are commonly used in businesses to prevent avoidance of acceptable use policy, and to ease administrative burden, since no client browser configuration is required. This second reason however is mitigated by features such as Active Directory group policy, or DHCP and automatic proxy detection.

Intercepting proxies are also commonly used by ISPs in some countries to save upstream bandwidth and improve customer response times by caching. This is more common in countries where bandwidth is more limited (e.g. island nations) or must be paid for.

Transparent and non-transparent proxy server


The term "transparent proxy" is most often used incorrectly to mean "intercepting proxy" (because the client does not need to configure a proxy and cannot directly detect that its requests are being proxied). Transparent proxies can be implemented using Cisco's WCCP (Web Cache Control Protocol). This proprietary protocol resides on the router and is configured from the cache, allowing the cache to determine what ports and traffic is sent to it via transparent redirection from the router. This redirection can occur in one of two ways: GRE Tunneling (OSI Layer 3) or MAC rewrites (OSI Layer 2).
Forced proxy The term "forced proxy" is ambiguous. It means both "intercepting proxy" (because it filters all traffic on the only available gateway to the Internet) and its exact opposite, "non-intercepting proxy" (because the user is forced to configure a proxy in order to access the Internet).Forced proxy operation is sometimes necessary due to issues with the interception of TCP connections and HTTP. For instance, interception of HTTP requests can affect the usability of a proxy cache, and can greatly affect certain authentication mechanisms. This is primarily because the client thinks it is talking to a server, and so request headers required by a proxy are unable to be distinguished from headers that may be required by an upstream server (esp authorization headers). Also the HTTP specification prohibits caching of responses where the request contained an authorization header.


Suffix proxy

A suffix proxy server allows a user to access web content by appending the name of the proxy server to the URL of the requested content (e.g. "en.wikipedia.org.6a.nl").
Open proxy server
Because proxies might be used to abuse, system administrators have developed a number of ways to refuse service to open proxies. Many IRC networks automatically test client systems for known types of open proxy. Likewise, an email server may be configured to automatically test e-mail senders for open proxies.


Reverse proxy server


A reverse proxy is a proxy server that is installed in the neighborhood of one or more web servers. All traffic coming from the Internet and with a destination of one of the web servers goes through the proxy server. There are several reasons for installing reverse proxy servers:

* Encryption / SSL acceleration: when secure web sites are created, the SSL encryption is often not done by the web server itself, but by a reverse proxy that is equipped with SSL acceleration hardware. See Secure Sockets Layer. Furthermore, a host can provide a single "SSL proxy" to provide SSL encryption for an arbitrary number of hosts; removing the need for a separate SSL Server Certificate for each host, with the downside that all hosts behind the SSL proxy have to share a common DNS name or IP address for SSL connections.
* Load balancing: the reverse proxy can distribute the load to several web servers, each web server serving its own application area. In such a case, the reverse proxy may need to rewrite the URLs in each web page (translation from externally known URLs to the internal locations).
* Serve/cache static content: A reverse proxy can offload the web servers by caching static content like pictures and other static graphical content.
* Compression: the proxy server can optimize and compress the content to speed up the load time.
* Spoon feeding: reduces resource usage caused by slow clients on the web servers by caching the content the web server sent and slowly "spoon feeding" it to the client. This especially benefits dynamically generated pages.
* Security: the proxy server is an additional layer of defense and can protect against some OS and WebServer specific attacks. However, it does not provide any protection to attacks against the web application or service itself, which is generally considered the larger threat.
* Extranet Publishing: a reverse proxy server facing the Internet can be used to communicate to a firewalled server internal to an organization, providing extranet access to some functions while keeping the servers behind the firewalls. If used in this way, security measures should be considered to protect the rest of your infrastructure in case this server is compromised, as its web application is exposed to attack from the Internet.

Tunneling proxy server


A tunneling proxy server is a method of defeating blocking policies implemented using proxy servers. Most tunneling proxy servers are also proxy servers, of varying degrees of sophistication, which effectively implement "bypass policies".A tunneling proxy server is a web-based page that takes a site that is blocked and "tunnels" it, allowing the user to view blocked pages. A famous example is elgooG, which allowed users in China to use Google after it had been blocked there. elgooG differs from most tunneling proxy servers in that it circumvents only one block.

Content filter

Many work places, schools, and colleges restrict the web sites and online services that are made available in their buildings. This is done either with a specialized proxy, called a content filter (both commercial and free products are available), or by using a cache-extension protocol such as ICAP, that allows plug-in extensions to an open caching architecture.
equests made to the open internet must first pass through an outbound proxy filter. The web-filtering company provides a database of URL patterns (regular expressions) with associated content attributes.

Asynchronous And Synchronous Transfer Mode(ATM)

Asynchronous Transfer Mode (ATM) is an International Telecommunication Union-Telecommunications Standards Section (ITU-T) standard for cell relay wherein information for multiple service types, such as voice, video, or data, is conveyed in small, fixed-size cells. ATM networks are connection-oriented. This chapter provides summaries of ATM protocols, services, and operation. Figure 27-1 illustrates a private ATM network and a public ATM network carrying voice, video, and data traffic. 


 A Private ATM Network and a Public ATM Network Both Can Carry Voice, Video, and Data Traffic








Standards


ATM is based on the efforts of the ITU-T Broadband Integrated Services Digital Network (B-ISDN) standard. It was originally conceived as a high-speed transfer technology for voice, video, and data over public networks. The ATM Forum extended the ITU-T's vision of ATM for use over public and private networks. The ATM Forum has released work on the following specifications:

User-to-Network Interface (UNI) 2.0

UNI 3.0

UNI 3.1

UNI 4.0

Public-Network Node Interface (P-NNI)

LAN Emulation (LANE)

Multiprotocol over ATM

ATM Devices and the Network Environment


ATM is a cell-switching and multiplexing technology that combines the benefits of circuit switching (guaranteed capacity and constant transmission delay) with those of packet switching (flexibility and efficiency for intermittent traffic). It provides scalable bandwidth from a few megabits per second (Mbps) to many gigabits per second (Gbps). Because of its asynchronous nature, ATM is more efficient than synchronous technologies, such as time-division multiplexing (TDM).

With TDM, each user is assigned to a time slot, and no other station can send in that time slot. If a station has much data to send, it can send only when its time slot comes up, even if all other time slots are empty. However, if a station has nothing to transmit when its time slot comes up, the time slot is sent empty and is wasted. Because ATM is asynchronous, time slots are available on demand with information identifying the source of the transmission contained in the header of each ATM cell.

ATM Cell Basic Format


ATM transfers information in fixed-size units called cells. Each cell consists of 53 octets, or bytes. The first 5 bytes contain cell-header information, and the remaining 48 contain the payload (user information). Small, fixed-length cells are well suited to transferring voice and video traffic because such traffic is intolerant of delays that result from having to wait for a large data packet to download, among other things. Figure 27-2 illustrates the basic format of an ATM cell. 


Synchronous Transfer Mode

Synchronous Transfer Mode/Transport Module

The STM-1 (Synchronous Transport Module level-1) is the SDH ITU-T fiber optic network transmission standard. It has a bit rate of 155.52 Mbit/s. The other levels are STM-4, STM-16 and STM-64. Beyond this we have wavelength-division multiplexing (WDM) commonly used in submarine cabling.The STM-1 frame is the basic transmission format for SDH. A STM-1 signal has a byte-oriented structure with 9 rows and 270 columns of bytes with a total of 2430 bytes (9 rows * 270 columns = 2430 bytes). Each byte corresponds to a 64kbit/s channel.

Tuesday, January 5, 2010

JUDE 1:3

Jude 1:3   

context

Condemnation of the False Teachers

Jude 1:3  "Dear friends, although I have been eager to write to you 1  about our common salvation, I now feel compelled 2  instead to write to encourage 3  you to contend earnestly 4  for the faith 5  that was once for all 6  entrusted to the saints. 7 "

 
comment:
 Although I don't understand the depths of this verse,but Saint Jude emphasizes that we must have great faith to God, Saint Jude encourages us to be faithful with all our hearts, faith that is doubtlessly for God.



 
Who is GOD?

Who is God? He's been described as everything from an impersonal life-force to a benevolent, personal, almighty Creator. He has been called by many names, including: "Zeus," "Jupiter," "Brahma," "Allah," "Ra," "Odin," "Ashur," "Izanagi," "Viracocha," "Ahura Mazda," and "the Great Spirit" to name just a few. He's seen by some as "Mother Nature" and by others as "Father God." But who is He really? Who does He claim to be?
Who Is God - Father God or Mother Nature?

Who is God? What has He revealed about Himself? To begin with, whenever He refers to Himself in parental terms, He always addresses Himself as "Father," never "Mother." He calls Himself "a Father to Israel,"1 and in one instance, when His "children" were particularly disrespectful to Him, He said to them, "A son honors his father, and a servant his master. If then I am the Father, where is My honor? And if I am a Master, where is My reverence?" 2

His prophets acknowledged Him as Father by saying, "You are our Father, we are the clay, and You our potter; And all of us are the work of Your hand,"3 and "do we not all have one Father? Has not one God created us?"4 Never once does God refer to Himself as "Mother" and never once is He called such by the prophets to whom He spoke. Calling God "Mother Nature" is comparable to calling your earthly father "Mom."
Who Is God - What Does God Care About?
Who is God in terms of moral attributes? What does God have to say about Himself in this regard? He says that He delights in justice and righteousness: "…Let not the wise man boast of his wisdom or the strong man boast of his strength or the rich man boast of his riches, but let him who boasts boast about this: that he understands and knows me, that I am the LORD, who exercises kindness, justice and righteousness on earth, for in these I delight."5 "For I, the LORD, love justice; I hate robbery and iniquity…"6

Justice and equity are very important to God. But so are grace and mercy. And so, while God will hold everyone accountable, each for their own lives, He extends His grace to the repentant sinner. He promises that, "'If the wicked man turns from all his sins which he has committed and observes all My statutes and practices justice and righteousness, he shall surely live; he shall not die. All his transgressions which he has committed will not be remembered against him; because of his righteousness which he has practiced, he will live. Do I have any pleasure in the death of the wicked,' declares the Lord GOD, 'rather than that he should turn from his ways and live?…I have no pleasure in the death of anyone who dies,' declares the Lord GOD. 'Therefore, repent and live.'"7

By "death" God is not referring to the physical death which we might have in mind. Rather, God is referring to something which will happen in eternity, after our physical deaths. The Scriptures refer to this event as the "second death."8 The first death separates us from our bodies and takes us from this world. The second death is different. It also entails a separation, but it's the separation of one group of people from another: the righteous and the forgiven on one hand and the wicked and the unrepentant on the other. The two groups will be judged separately.

The one group will be rewarded according to the good that they've done. Their evil deeds will be overlooked, forgiven by God. The other group will be judged according to the evil that they have done, and their good deeds will not keep them from their punishment. God says, "When a righteous man turns away from his righteousness, commits iniquity and dies because of it, for his iniquity which he has committed he will die." But "when a wicked man turns away from his wickedness which he has committed and practices justice and righteousness, he will save his life. Because he considered and turned away from all his transgressions which he had committed, he shall surely live; he shall not die. …Therefore, repent and live."9 In this way, God will see that justice ultimately prevails, but that mercy is given to the humble and the repentant.

God has made a provision for those who want to repent, a provision to atone for the sins of those who want to be made right with Him. He sent a "Messiah," a Servant who willingly suffered and died a vicarious death in order to pay for the sins of those who would repent and trust in Him. The Scriptures say, "Who has believed our message and to whom has the arm of the LORD been revealed?…Surely He took up our infirmities and carried our sorrows…He was pierced for our transgressions, He was crushed for our iniquities; the punishment that brought us peace was upon Him, and by His wounds we are healed. We all, like sheep, have gone astray, each of us has turned to his own way; and the LORD has laid on Him the iniquity of us all.…it was the LORD's will to crush Him and cause Him to suffer, and though the LORD makes His life a guilt offering, He will see His offspring and prolong His days, and the will of the LORD will prosper in His hand. After the suffering of His soul, He will see the light of life and be satisfied; by his knowledge my righteous servant will justify many, and he will bear their iniquities.…he poured out his life unto death, and was numbered with the transgressors. For he bore the sin of many, and made intercession for the transgressors." 10