Simple Notes, A Place to Break Down Problems into Their Smallest / Simplest Parts By 12131294.
Squid Server Proxy To Secure Local Network
Introduction
This document is only temporary and as a sign for the progress of the individual version of the group assignment. Each member is only allowed access (view/comment). It is not allowed to make modifications (edit/delete). Each member can create their own footprint in this folder to be accessed (view/comment) by other members. The final decision will be stated in a document with the name "TUGAS KEJAR (Network Security)"
Assignment Title
SECURE NETWORK WITH PROXY
Cule Lecturer
"Build a Proxy Server & How to Secure It"
README.txt
===========================================
-{ Selamat Datang Di Tugas KEJAR }-
===========================================
_ +-------------------------------------------+ _
| Oleh |
| * Fahmi |
/o)| * Linda |(o\
/ / | * Rudi | \ \
( (_ | _ * Wawan _ | _) )
((\ \)+-/o)-----------------------------------(o\-+(/ /))
(\\\ \_/ / \ \_/ ///)
\ / __ \ /
\____/ | | \____/
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
+ ** +
+ Aturan main: +
+ +
+ 1. Pembahasan teori berkaitan dengan proyek max. 3 lembar +
+ 2. Tinjauan pustaka terhadap materi max. 2 lembar +
+ 3. Pembuatan simulasi pokok materi max. 4 lembar +
+ 4. Pembuatan kesimpulan dari hasil praktek max. 1 lembar +
+ 5. Pembuatan laporan dilengkapi dengan Pengantar, Daftar Isi, Dartar Pustaka +
+ 6. Hardcopy diprint A4 dijilid rapi, min. pake mika +
+ 7. Space 1cm, Font_size: 12, Font: Times News Roman +
+ 8. Kumpul di pertemuan ke-11 +
+ 9. Presentasi Randomize +
+ ** +
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
| |
| |
/| |\
STMIK EL RAHMA YOGYAKARTADefinition
A proxy server is an intermediary host where websites that have been visited/accessed by a client are stored. This device also stores all URL logs that the client has accessed.[1]*valid
3 Main Functions of a Proxy Server [2][3]
- Connection Sharing
- Filtering
- Caching of web servers requested by clients.
Implementation, Tutorial & Demo
Alternative 1 - Proxy Server Scenario and Configuration on Linux [4] -> The required environment is Squid.
Alternative 2 - Proxy Server Scenario and Configuration on Windows [5] -> The required environment is Squid. True Story of Proxy Server Implementation [6] -> Phenomenon of boarding school children... 
Alternative 3 - Proxy Server Scenario and Configuration in Virtual Machine [5]*under evaluation The scenario in alternative 3 adopts task 1 of network communication security, when receiving a DHCP Starvation quota, based on a search for references, it turns out that the topology in GNS3 also allows for connecting to the internet via a laptop network adapter, only special settings are needed so that the master PC (laptop) as administrator delegates its authority to the GNS3 application.
The environment required is:
- GNS3.
- GNS3 VM.
- Linux.iso image.
- Squids.
Steps that need to be taken:
- Install and configure the Loopback adapter in a Windows virtual machine
(1004779) [7] - Install GNS3
- Open GNS3 VM
- Install several OS on GNS3 VM (Windows & Ubuntu) for example.
- Create a simple computer network topology in GNS3 (for example, adopt a true story of a boarding house kid)
- GNS3 VM Network Adapter Configuration [8]
- Run topology scenario
- If you are connected to the internet, install Squid on the PC that is used as a proxy server.
- Proxy server pc configuration.
- Play.
- Finished....
REFERENCE
[1]:Modul Administering a Scure Network.pdf (hal:15).
[2]:https://imadearjanablog.wordpress.com/2012/10/21/bagaimana-cara-kerja-proxy/
[3]:https://dunovteck.wordpress.com/2010/03/26/bagaimana-proxy-server-hosting-melindungi-privasi-anda
[4]:http://rizky-pohan.blogspot.co.id/2014/12/konfigurasi-proxy-server-debian-6.html
[5]:http://prasetyoo21.blogspot.co.id/2015/01/cara-install-dan-konfigurasi-proxy.html
[6]:https://bytescode.wordpress.com/2009/10/28/proxy-server-manajemen-bandwith-internet-studi-kasus-speedy-di-kosan-saya/
[7]:https://kb.vmware.com/s/article/1004779
[8]:https://gns3.com/news/article/connect-gns3-to-internet-over-laNETWORK SECURITY PROJECT REPORT
SECURE NETWORK WITH PROXY
Compiled By
- Fahmi Faishol Majid NIM: 12151491
- Rudi Setyawan Student ID: 12141382
- Linda Saraswati Student ID: 12151492
- Wawan Chahyo Nugroho Student ID Number: 12131294
FOREWORD
We express our gratitude to the presence of God Almighty for His guidance and blessings, so that we can complete the report on assignment 3 entitled "Secure Network with Proxy" in the Network Security course of the Informatics Engineering Study Program, STMIK EL RAHMA Yogyakarta.
On this occasion, we the authors would like to thank the honorable Mr. Eko Yunianto, S.Kom. as the supervising lecturer and Rudi, Fahmi, Linda, Wawan as a solid team who have sacrificed a lot of energy, time and thoughts in compiling this report. I would also like to express my gratitude to my brother Reza Bayu Permana for his willingness to make a 0.5m LAN cable even though we were in different groups and in a tired state after returning from Semarang.
We realize that there are still shortcomings in the presentation of this paper. Therefore, we accept constructive criticism and suggestions for the perfection of this paper.
Finally, I hope this written work can provide benefits, especially for the author, and generally for readers.
TABLE OF CONTENTS
FOREWORD
TABLE
OF CONTENTS LIST OF TABLES
LIST OF FIGURES
CHAPTER I INTRODUCTION
1.1 Background of the Problem
1.2 Problem Formulation
1.3 Research Objectives
1.4 Benefits of Research
1.5 Writing Systematics
CHAPTER II LITERATURE REVIEW
CHAPTER III THEORETICAL BASIS
3.1 Definition of Server
3.2 Definition of Proxy
3.3 Proxy Server / Proxy Server
3.4 Squid
3.5 Functions of Computers in Networks
3.6 Firewall
3.7 TCP / IP Protocol
CHAPTER IV RESEARCH RESULTS AND DISCUSSION
4.1 Installing a Proxy Server on Windows 7
4.2 Web Filtering With Squid on Windows 7
CHAPTER V CONCLUSIONS AND SUGGESTIONS
5.1 Conclusions
5.2 Suggestions
BIBLIOGRAPHY
LIST OF TABLES
Table 2.1 Literature review
Table 5.1 Examples of server computer operating systems
LIST OF FIGURES
Figure 3.1 Comparison of OSI and TCP/IP layer architecture models
Figure 4.1 Squid folder destination
Figure 4.2 Squid icon
Figure 4.3 Adding a new rule in Windows Firewall
Figure 4.4 Squid server rule appears in the inbound rules list
Figure 4.5 Proxy configuration on the client-side
Figure 4.7 Blocking campus sites
Figure 4.7 Campus sites before being blocked
Figure 4.7 Campus sites after being blocked
CHAPTER I INTRODUCTION
1.1 Background of the Problem
The development of the number of Information Technology users, especially the Internet, is currently very rapid, this is due to the increasing number of people who spread their information via the internet. Starting from simple to complex information, information is individual or organizational. In addition, some people make the internet a basic need, and from day to day the number tends to increase. The development of the number of users is generally not followed by the addition of appropriate bandwidth, so that problems often arise related to the speed of access to obtain services via the internet. In addition, people generally pay less attention to the security of the system used to avoid attacks.
Access control is essential to prevent misuse of resources on the network. Security systems such as Proxy Servers and Firewalls can be used to manage network traffic and access rights for each client and easily calculate the use of internet connections by each client.
1.2 Problem Formulation
As Informatics Engineering students, we are still unfamiliar with the implementation of proxy servers to secure computer networks.
1.3 Research Objectives
Create a computer network with peer to peer topology and increase its security by implementing the proxy server concept using the squid application.
1.4 Benefits of Research
The benefits of this research are:
- We as students understand what a proxy server is.
- We as students understand how to implement a proxy server.
1.5 Writing Systematics
CHAPTER I - INTRODUCTION.
Contains the background of the problem, problem formulation, research objectives, research benefits and writing systematics.
CHAPTER II - LITERATURE REVIEW.
Contains sources and quotes of several sentences that support this research.
CHAPTER III - THEORETICAL BASIS.
Contains explanations or descriptions used in creating this application system.
CHAPTER IV - RESEARCH RESULTS AND DISCUSSION.
Contains the implementation of the application system that has been successfully created and tested.
CHAPTER V - CONCLUSION AND SUGGESTIONS.
Contains conclusions from the entire application system created.
CHAPTER II - LITERATURE REVIEW
Wahyudi, Rohendi, Putra (2017), Information System, STMIK Indonesia, Padang. The title of the research is "Building a Proxy Server for CV Global Max Using the Linux Blankon 6.0 Ombilin Operating System as Network Access Management". The benefits of this research are that CV Global Max has a proxy server that can be used to minimize attacks from viruses, worms, spyware and DDOS, besides that it can also save bandwidth and shorten the download time of a web page.
Yuisar, Yulianti, Suzantry H. (2015), Computer System Faculty of Computer Science, Dehasen University, Bengkulu. Research title "Analysis of Proxy Server Utilization as Filtering and Caching Media on Computer Networks". The benefits of this research are to be able to determine the difference in web page load speed, to be able to limit access to a particular web address (filtering) and to be able to determine the possibility of errors that can occur in proxy server configuration.
Sondakh, Najoan, ST., MT., Lumenta, ST., MT. (2014), Electrical Engineering, FT. UNSRAT, Manado. Research title "Filtering Firewall Design Using Iptables In Unsrat Information Technology Center Network". The benefits of this research are to improve the security of the local network of PTI UNSRAT using positive list filtering method which by default closes all ports.
From the explanation above, it can be summarized in Table 2.1 Literature review.
Table 2.1 Literature review
| No. | Nama | Judul | Tahun | Hasil |
|-----|----------------------------------------------|----------------------------------------------------------------------------------------------------------------------------|-------|---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
| 1. | Wahyudi, Rohendi, Putra | Membangun Proxy Server Cv Global Max Menggunakan Sistem Operasi Linux Blankon 6.0 Ombilin Sebagai Manajemen Akses Jaringan | 2017 | CV Global Max mempunyai proxy server yang dapat digunakan untuk meminimalisir serangan virus, worm, spyware dan DDOS, selain itu juga dapat menghemat bandwidth dan mempersingkat waktu unduh suatu halaman web. |
| 2. | Yuisar, Yulianti, Suzantry H. | Analisa Pemanfaatan Proxy Server Sebagai Media Filtering dan Caching Pada Jaringan Komputer | 2015 | Dapat mengetahui perbedaan kecepatan load halaman web, dapat membatasi akses ke suatu alamat web tertentu (filtering) dan dapat mengetahui kemungkinan kesalahan yang dapat terjadi dalam konfigurasi proxy server. |
| 3. | Sondakh, Najoan, ST., MT., Lumenta, ST., MT. | Perancangan Filtering Firewall Menggunakan Iptables Di Jaringan Pusat Teknologi Informasi Unsrat | 2014 | Meningkatkan keamanan jaringan lokal PTI UNSRAT menggunakan filtering metode positif list yang secara default menutup semua port. |CHAPTER III - THEORETICAL BASIS
3.1 Understanding Servers
According to Firdian, a server is a computer system that provides a certain type of service in a computer network. The server is supported by a scalable processor and large RAM, and is also equipped with a special operating system, called a network operating system. The server also runs administrative software that controls access to the network and the resources contained therein, such as files or printers, and provides access to network member workstations.
3.2 Understanding Proxy
The term proxy is often used in a variety of fields of expertise, but never strays from its literal meaning, as explained in oxforddictionaries.com which can mean:
- An agency, function, or representative that acts as a substitute for another person.
- A document that gives authority or power to act for another person.
- A person authorized to act on behalf of another person.
3.3 Proxy Server / Proxy Server
A proxy server is an intermediary host where websites that have been visited/accessed by a client are stored. This device also stores all URL logs that the client has accessed (Module, Administering a Secure Network.pdf, page 15).
A proxy server is a server computer or computer program that can act as another computer to make requests for content from the internet or intranet. A proxy server acts as a gateway to the internet for each client computer. Proxy servers are invisible to client computers, a user who interacts with the internet through a proxy server will not know that a proxy server is handling the request he is making. The web server that receives requests from the proxy server will interpret the requests as if they came directly from the client computer, not from the proxy server.
Proxy Server is a server placed between a client application and the server application being contacted. Client applications can be web browsers, FTP clients, and so on. While server applications can be web servers, FTP servers and so on. Proxy Servers placed between client applications and server applications can be used to control or monitor the traffic of data packets passing through them (Wagito, 2007).
3.4 Squid
Squid is a caching proxy for the Web that supports HTTP, HTTPS, FTP, and more. Squid can save bandwidth and improve response time by caching and reusing frequently requested web pages. Squid has extensive access control and improves server acceleration. Squid runs on most existing operating systems, including Windows, and is licensed under the GNU GPL.
3.5 Computer Functions in a Network
- Client Server Network. In this network, one computer functions as a service center (server) and the other computer functions to request services (client). As the name implies, client-server means that there is a division of work in processing client and server data.
- Peer-to-Peer Network. In this network, there is no computer that functions specifically, and all computers can function as clients and servers at the same time. Users of each computer are responsible for administering computer resources (by creating user names, creating shares, marking permissions to access the shares).
3.6 Firewall
Firewall is a security system, so firewall can be anything either hardware or software. Firewall can be used to filter packets from outside and inside the network where it is located. If under normal conditions everyone from outside your network can play around on your computer, with a firewall all that can be overcome easily.
A simple firewall usually does not have the ability to filter packets based on their contents. For example, a firewall does not have the ability to filter virus-ridden e-mails that you download or inappropriate web pages. What a firewall can do is block the IP address of the mail server that sent the virus or the address of a prohibited web page. In other words, a firewall is the first line of defense for your network.
3.7 TCP/IP Protocol
TCP/IP is one of the computer network software (networking software) found in the system, and is used in data communication in local area networks (LAN) and the Internet. TCP stands for Transmission Control Protocol and IP stands for Internet Protocol. TCP/IP is one name because its function is always coupled with each other in data communication. TCP/IP is currently used in many local computer networks (LAN) connected to the Internet, because it has the following properties:
- It is an open standard protocol, free and developed separately from specific computer hardware. Therefore, this protocol is widely supported by hardware vendors, so that TCP/IP is a unifier of computer hardware of various brands as well as a unifier of various software of various brands so that even though using different computer hardware and software, computers and other computers can communicate data via the Internet.
- Stands alone from any network hardware. This property allows TCP/IP to join many computer networks. TCP/IP can operate over an Ethernet, a dial-up line, and virtually over any physical data transmission medium.
- It can be used as a public address so that every device that uses TCP/IP will have a unique address in a local computer network, or in a global computer network such as the Internet.
Figure 3.1 Comparison of OSI and TCP/IP layer architecture models
CHAPTER IV - RESEARCH RESULTS AND DISCUSSION
4.1 Installing a Proxy Server on Windows 7
This article explains how to easily install Squid Server v.3.5.x on Microsoft Windows. We will use the MSI provided by Diladele BV.
MSI is the result of Diladele's team's work to promote the Squid community on Windows and is based on the Cygwin Squid server component. This installer is an open source project hosted on GitHub, so if you are willing to contribute or have any issues please contact support@diladele.com .
The installation process is actually very easy and consists of the following steps.
1] Download MSI squid for windows here http://squid.diladele.com/ currently only available for 64bit version.
2] After downloading, double-click squid.msi. You must be an administrator to install Squid on your computer.
3] Run the installer and click "Next" until you reach the destination folder setup window. We recommend following the default setting in C:... as shown in Figure 4.1 Squid folder destination.
Figure 4.1 Squid folder destination
4] Next, click "Next" until "Finish".
5] When the installation is complete, you should see the squid application with a squid icon appear in the Tray menu. This application allows you to start, stop, and change the configuration of the squid service.
Figure 4.2 Squid icon
During the installation process, MSI squid opens TCP port 3128 which is required to connect to other computers on your network. If for some reason it does not work as expected, then follow these steps to open the required TCP ports.
6] Type "Windows Firewall with Advanced Security" in Start Menu > Search on windows 7 or 8 and press Enter. Click "Inbound Rules" >> "New Rule".
Figure 4.3 Adding a new rule in Windows Firewall
7] Create an Inbound rule to allow clients to connect to TCP port 3128, the default port where squid runs. Follow the instructions provided in each firewall settings window. The settings start from Rule Type, Protocol and Ports, Action, Profile and Name.
8] Rule Type, select the port rule type, then click next.
9] Protocol and Port, select TCP and fill in Specific local ports: 3128, then click next.
10] Action, determine the action when the connection matches the rule, select Allow the connection, then click next.
11] Profile, determine the profile where the rule is applied, check Domain, Private, Public, then click next.
12] Name, determine the name for the rule, type "Squid Server", then click finish, then you will see a new list in Inbound Rules as shown in Figure 4.4. The squid server rule appears in the inbound rules list.
Figure 4.4 Squid server rule appears in the inbound rules list.
Okay, so far the server-side configuration can be said to be complete. Now let's configure the client side, then you need to set up a proxy for the client browser, here are the steps you need to do:
- Click the windows start menu, type "internet options" in the search, select and enter. Then select the "Connections" tab >> click LAN settings >> if the default setting is "Automatically detect settings" then change it to the Proxy server setting by unchecking it, then check Use proxy server for your LAN (These settings will not apply to dial-up or VPN connections).
- Then input the IP Address of the Ethernet adapter Local Area Connection on the server, you can find out by opening cmd on the server PC, type "ipconfig" coincidentally in our experiment we found the IP address 192.168.137.1, then fill in the TCP port where Squid is running, which is 3128, and click OK.
Figure 4.5 Proxy configuration on the client-side
13] Now the client browser is using Squid as a proxy.
4.2 Web Filtering With Squid on Windows 7
For example, we will try to block the campus site that uses http by default. Here are the steps:
1] Open squid in the tray menu, then click "Open squid configuration"
2] CTRL+F to search for the location of "acl CONNECT method CONNECT", if you have found it, then add the script/instructions as in Figure 4.7 Block campus sites
Figure 4.6 Block campus sites
3] Test on the client PC by accessing http://stmikelrahma.ac.id/
Figure 4.7 Campus website before being blocked
Figure 4.8 Campus site after being blocked
CHAPTER V - CONCLUSION AND SUGGESTIONS
5.1 Conclusion
Based on the results of the research and discussion that has been carried out, it can be concluded that:
- In this research, we have been able to build a proxy server with a peer to peer topology.
- By using a proxy server when doing internet activities, you can minimize the potential for virus attacks originating from dangerous sites by blocking them.
- Network and internet traffic management can save bandwidth and increase page loading speed by utilizing Squid cache.
5.2 Suggestions
Ideally a proxy server runs on an operating system and computer device dedicated to the server, but in the research above it still uses desktop devices and operating systems in general. For that, in production mode, we recommend that it can be implemented properly, at least according to the minimum standards of a server. For example, it is explained in Table 5.1 Example of a server computer operating system.
Table 5.1 Examples of server computer operating systems
| Windows | Mac OS | Linux | Other |
|----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|-----------------------------------------------------------------------------|----------------|
| Windows NT Windows 2000 Server Windows Server 2003 Windows Server 2008 Windows Server 2012 Windows Server 2016 Windows Small Business Server Windows Essential Business Server Windows Home Server | Mac OS X Server 1.0 (Rhapsody) Mac OS X Server 10.0 (Cheetah Server) Mac OS X Server 10.1 (Puma Server) Mac OS X Server 10.2 (Jaguar Server) Mac OS X Server 10.3 (Panther Server) Mac OS X Server 10.4 (Tiger Server) Mac OS X Server 10.5 (Leopard Server) Mac OS X Server 10.6 (Snow Leopard Server) Mac OS X 10.7 (Lion Server) | Ubuntu Debian OpenSUSE Fedora BackTrack Mandriva Slackware PCLinuxOS CentOS | Novell Netware |BIBLIOGRAPHY
- Wahyudi, Rohendi, Putra, 2017, Building a Proxy Server CV Global Max Using the Linux Blankon 6.0 Ombilin Operating System as Network Access Management, Journal, Information Systems, STMIK Indonesia Padang. http://download.portalgaruda.org/article.php?article=470518&val=8517&title=Building%20Proxy%20Server%20Cv%20Global%20Max%20Using%20the%20Linux%20Blankon%206.0%20Ombilin%20As%20Network%20Access%20Management , accessed December 17, 2017.
- Yuisar, Yulianti, Suzantry H., 2015, Analysis of Proxy Server Utilization as Filtering and Caching Media on Computer Networks, Journal, Computer Systems, Faculty of Computer Science, Dehasen University, Bengkulu. http://jurnal.unived.ac.id/index.php/jmi/article/viewFile/255/234 , accessed December 17, 2017.
- Sondakh, Najoan, ST., MT., Lumenta, ST., MT., 2014, Design of Firewall Filtering Using Iptables in Unsrat Information Technology Center Network, Journal, Electrical Engineering, Faculty of Engineering UNSRAT, Manado. https://ejournal.unsrat.ac.id/index.php/elekdankom/article/download/5909/5441 , accessed December 17, 2017.
- Diladele BV, Squid Proxy built for Microsoft Windows, 2017, https://github.com/diladele/squid-windows , accessed 17 December 2017.
- Diladele BV, How to Install Squid 3.5 on Windows, 2017, https://docs.diladele.com/howtos/installing_squid_windows/index.html , accessed 17 December 2017.
- Syed Balal Rumy, Block HTTPS Facebook in Squid Proxy Server, 2013, http://rumyittips.com/block-https-facebook-in-squid-proxy-server/ , accessed 17 December 2017.
- Anonymous, Operating Systems for Computer Servers, 2015, http://kasurnet.com/sistem-operasi-untuk-server-komputer/ , accessed 18 December 2017.
- Anonymous, Definition of proxy, 2017, https://www.merriam-webster.com/dictionary/proxy , accessed December 18, 2017.
- Anonymous, Definition of proxy in English, 2017, https://en.oxforddictionaries.com/definition/proxy , accessed 18 December 2017.