LinuxCBT.com

Syllabus

Focus: Squid Proxy Filtration

Duration: 11-Hours

  • Proxy Security - Module II

    • Squid Proxy Initialization
      • Discuss Squid concepts & applications
      • Discuss DNS application
      • Configure DNS on primary SuSE Linux server for the Squid Proxy environment
      • Confirm DNS environment
      • Start Squid and evaluate default configuration
      • Install Squid Proxy server
    •  
    • General Proxy Usage
      • Configure web browser to utilize proxy services
      • Grant permissions to permit local hosts to utilize proxy services
      • Discuss ideal file system layout - partitioning
      • Explore key configuration files
      • Use client to test the performance of proxy services
      • Discuss HIT/MISS logic for serving content
      • Configure proxy support for text-based (lftp/wget/lynx) HTTP clients
    •  
    • Squid Proxy Logs
      • Discuss Squid Proxy logging mechanism
      • Identify key log files
      • Discuss & explore the Access log to identify HITS and/or MISSES
      • Discuss & explore the Store log to identify cached content
      • Convert Squid logs to the Common Log Format (CLF) for easy processing
      • Discuss key CLF fields
      • Configure Webalizer to process Squid-CLF logs
      • Revert to Squid Native logs
      • Discuss key Native log fields
      • Configure Webalizer to process Squid Native logs
    •  
    • Squid Network Configuration & System Stats
      • Discuss cachemgr.cgi Common Gateway Interface(CGI) script
      • Explore the available metrics provided by cachemgr.cgi
      • Change default Squid Proxy port
      • Modify text/graphical clients and test communications
      • Discuss Safe Ports - usage & applications
    •  
    • Squid Access Control Lists (ACLs)
      • Intro to Access Control Lists (ACLs) - syntax
      • Define & test multiple HTTP-based ACLs
      • Define & test ACL lists - to support multiple hosts/subnets
      • Define & test time-based ACLs
      • Nest ACLs to tighten security
      • Implement destination domain based ACLs
      • Exempt destination domains from being cached to ensure content freshness
      • Define & test Anded ACLs
      • Discuss the benefits of Regular Expressions (Regexes)
      • Implement Regular Expressions ACLs to match URL patterns
      • Exempt hosts/subnets from being cached or using the Squid cache
      • Force cache usage
      • Configure enterprise-class Cisco PIX firewall to deny outbound traffic
      • Configure DNS round-robin with multiple Squid Proxy caches for load-balancing
      • Discuss delay pool concepts & applications - bandwidth management
      • Configure delay pools - to support rate-limiting
      • Examine results of various delay pool classes
      • Enforce maximum connections to deter Denial of Service (DoS) attacks
      • Verify maximum connections comply with security policy
    •  
    • Squid Proxy Hierarchies
      • Discuss Squid cache hierarchy concepts & applications
      • Ensure communications through a primary cache server - double-auditing
      • Discuss and configure parent-child bypass based on ACLs
      • Configure Intranet ACLs for peer-cache bypass
      • Discuss & implement Squid cache hierarchy siblings
      • Configure transparent proxy services
    •  
    • Squid on Windows
      • Download & Install
      • Manipulate configuration
      • Test connectivity from multiple platforms
      • Evaluate results
    •  
    • Reverse Proxy
      • Install Squid3
      • Configure forward proxy access for local subnet
      • Test connectivity
      • Discuss reverse proxy features
      • Configure reverse proxy
      • Evaluate results
    •  

LinuxCBT Proxy Edition

  •  
DEMO