SlideShare une entreprise Scribd logo

Unidade3 roteiro proxy

Leandro Almeida
Leandro Almeida
TechnologieBusiness
1  sur  3
Télécharger pour lire hors ligne
Curso Superior de Tecnologia em Redes de Computadores Segurança da Informação Prof. Leandro Almeida Roteiro – Proxy 1 Cenário • Proxy: eth0: 192.168.0.254 ◦ eth1: DHCP(ip real - Internet) • PC0: ◦ eth0: 192.168.0.10 • PC1: ◦ eth0: 192.168.0.11 • PC2: ◦ eth0: 192.168.0.12 2 Proxy/Cache A idéia é baixar, compilar e instalar o Squid-Cache no servidor Proxy. Os passos necessários para isso estão descritos abaixo
#Instalar requisitos yum install gcc gcc­c++ wget perl #Download do pacote  wget http://www.squid­cache.org/Versions/v3/3.1/squid­3.1.19.tar.gz #Descompactar o pacote tar ­xvzf squid­3.1.19.tar.gz #Compilar e instalar ./configure ­­prefix=/opt/squid ­­with­logdir=/var/log/squid  ­­with­pidfile=/var/run/squid.pid –enable­storeio=ufs,aufs ­­enable­removal­policies=lru,heap ­­enable­icmp –enable­ useragent­log ­­enable­referer­log ­­enable­cache­digests  ­­with­large­files make make install Após a instalação, podemos editar os arquivos de configuração. Abaixo temos um exemplo do arquivo squid.conf: #  # Recommended minimum configuration:  #  acl manager proto cache_object acl localhost src 127.0.0.1/32 ::1 acl to_localhost dst 127.0.0.1/8 0.0.0.0/32 ::1 # Example rule allowing access from your local networks.  # Adapt to list your (internal) IP networks from where browsing  # should be allowed  #acl localnet src 10.0.0.0/8 # RFC1918 possible internal network  #acl localnet src 172.16.0.0/12 # RFC1918 possible internal network  acl localnet src 192.168.0.0/24 # RFC1918 possible internal network  acl localnet src fc00::/7       # RFC 4193 local private network range  acl localnet src fe80::/10      # RFC 4291 link­local (directly plugged)  machines  acl SSL_ports port 443  acl Safe_ports port 80 # http  acl Safe_ports port 21 # ftp  acl Safe_ports port 443 # https  acl Safe_ports port 70 # gopher  acl Safe_ports port 210 # wais  acl Safe_ports port 1025­65535 # unregistered ports  acl Safe_ports port 280 # http­mgmt  acl Safe_ports port 488 # gss­http  acl Safe_ports port 591 # filemaker  acl Safe_ports port 777 # multiling http  acl CONNECT method CONNECT  #  # Recommended minimum Access Permission configuration:  #   # Only allow cachemgr access from localhost  http_access allow localhost manager  http_access deny manager 
  # Deny requests to certain unsafe ports  http_access deny !Safe_ports  # Deny CONNECT to other than secure SSL ports  http_access deny CONNECT !SSL_ports  # We strongly recommend the following be uncommented to protect innocent  # web applications running on the proxy server who think the only  # one who can access services on "localhost" is a local user  #http_access deny to_localhost  #   # INSERT YOUR OWN RULE(S) HERE TO ALLOW ACCESS FROM YOUR CLIENTS  #  acl sites_bloqueados dstdomain '/opt/squid/etc/sites_bloqueados.txt' #Obs: lembre de criar o arquivo sites_bloqueados.txt, com a listagem de   sites que não devem ser acessados # Example rule allowing access from your local networks.  # Adapt localnet in the ACL section to list your (internal) IP networks  # from where browsing should be allowed  http_access deny sites_bloqueados http_access allow localnet  http_access allow localhost  # And finally deny all other access to this proxy  http_access deny all  # Squid normally listens to port 3128  http_port 3128  # Uncomment and adjust the following to add a disk cache directory.  cache_dir ufs /var/spool/squid 100 16 256  # Leave coredumps in the first cache dir  coredump_dir /var/spool/squid  # Add any of your own refresh_pattern entries above these.  refresh_pattern ^ftp: 1440 20% 10080  refresh_pattern ^gopher: 1440 0% 1440  refresh_pattern ­i (/cgi­bin/|?) 0 0% 0  refresh_pattern . 0 20% 4320

Recommandé

Netmiko library
Netmiko libraryNetmiko library
Netmiko library
Manjunath annure
 
Triangle OpenStack meetup 09 2013
Triangle OpenStack meetup 09 2013Triangle OpenStack meetup 09 2013
Triangle OpenStack meetup 09 2013
Dan Radez
 
Lamp configuration u buntu 10.04
Lamp configuration u buntu 10.04Lamp configuration u buntu 10.04
Lamp configuration u buntu 10.04
mikehie
 
Openstack installation using rdo multi node
Openstack installation using rdo multi nodeOpenstack installation using rdo multi node
Openstack installation using rdo multi node
Narasimha sreeram
 
Nginx
NginxNginx
Nginx
Shaopeng He
 
Installing OpenStack Juno using RDO on RHEL
Installing OpenStack Juno using RDO on RHELInstalling OpenStack Juno using RDO on RHEL
Installing OpenStack Juno using RDO on RHEL
openstackstl
 
Squid server
Squid serverSquid server
Squid server
Rohit Phulsunge
 
Arduino práctico ethernet
Arduino práctico ethernetArduino práctico ethernet
Arduino práctico ethernet
Jose Antonio Vacas
 

Recommandé

Netmiko library
Netmiko libraryNetmiko library
Netmiko library
Manjunath annure
 
Triangle OpenStack meetup 09 2013
Triangle OpenStack meetup 09 2013Triangle OpenStack meetup 09 2013
Triangle OpenStack meetup 09 2013
Dan Radez
 
Lamp configuration u buntu 10.04
Lamp configuration u buntu 10.04Lamp configuration u buntu 10.04
Lamp configuration u buntu 10.04
mikehie
 
Openstack installation using rdo multi node
Openstack installation using rdo multi nodeOpenstack installation using rdo multi node
Openstack installation using rdo multi node
Narasimha sreeram
 
Nginx
NginxNginx
Nginx
Shaopeng He
 
Installing OpenStack Juno using RDO on RHEL
Installing OpenStack Juno using RDO on RHELInstalling OpenStack Juno using RDO on RHEL
Installing OpenStack Juno using RDO on RHEL
openstackstl
 
Squid server
Squid serverSquid server
Squid server
Rohit Phulsunge
 
Arduino práctico ethernet
Arduino práctico ethernetArduino práctico ethernet
Arduino práctico ethernet
Jose Antonio Vacas
 
Nat
NatNat
Nat
Mohamed Gamel
 
Openstack installation using rdo
Openstack installation using rdoOpenstack installation using rdo
Openstack installation using rdo
Narasimha sreeram
 
Openstack kilo installation using rdo
Openstack kilo installation using rdoOpenstack kilo installation using rdo
Openstack kilo installation using rdo
Narasimha sreeram
 
Squid Server
Squid ServerSquid Server
Squid Server
Sumant Garg
 
8 steps to protect your cisco router
8 steps to protect your cisco router8 steps to protect your cisco router
8 steps to protect your cisco router
IT Tech
 
Squidinstallation
SquidinstallationSquidinstallation
Squidinstallation
Chirag Gupta
 
Squid
SquidSquid
Squid
Syeda Javeria
 
Project on squid proxy in rhel 6
Project on squid proxy in rhel 6Project on squid proxy in rhel 6
Project on squid proxy in rhel 6
Nutan Kumar Panda
 
Squid file
Squid fileSquid file
Squid file
Nalin Peiris
 
Pound & Varnish - Cache e Balanceamento de Carga
Pound & Varnish - Cache e Balanceamento de CargaPound & Varnish - Cache e Balanceamento de Carga
Pound & Varnish - Cache e Balanceamento de Carga
gsroma
 
Config websocket on apache
Config websocket on apacheConfig websocket on apache
Config websocket on apache
baran19901990
 
Squid
SquidSquid
Squid
Chirag Gupta
 
Squid proxy-configuration-guide
Squid proxy-configuration-guideSquid proxy-configuration-guide
Squid proxy-configuration-guide
jasembo
 
Squid Proxy Server
Squid Proxy ServerSquid Proxy Server
Squid Proxy Server
13bcs0012
 
SnortReport Presentation
SnortReport PresentationSnortReport Presentation
SnortReport Presentation
webhostingguy
 
Unbreakable VPN using Vyatta/VyOS - HOW TO -
Unbreakable VPN using Vyatta/VyOS - HOW TO -Unbreakable VPN using Vyatta/VyOS - HOW TO -
Unbreakable VPN using Vyatta/VyOS - HOW TO -
Naoto MATSUMOTO
 
Cluster setup multinode_aws
Cluster setup multinode_awsCluster setup multinode_aws
Cluster setup multinode_aws
sparrowAnalytics.com
 
Unidade5 roteiro
Unidade5 roteiroUnidade5 roteiro
Unidade5 roteiro
Leandro Almeida
 
Manual instalação winxp
Manual instalação winxpManual instalação winxp
Manual instalação winxp
Leandro Almeida
 
Manual instalacao-cent os
Manual instalacao-cent osManual instalacao-cent os
Manual instalacao-cent os
Leandro Almeida
 
Unidade8 roteiro
Unidade8 roteiroUnidade8 roteiro
Unidade8 roteiro
Leandro Almeida
 
D do s
D do sD do s
D do s
Leandro Almeida
 

Contenu connexe

Tendances

Openstack kilo installation using rdo
Openstack kilo installation using rdoOpenstack kilo installation using rdo
Openstack kilo installation using rdo
Narasimha sreeram
 
8 steps to protect your cisco router
8 steps to protect your cisco router8 steps to protect your cisco router
8 steps to protect your cisco router
IT Tech
 
Pound & Varnish - Cache e Balanceamento de Carga
Pound & Varnish - Cache e Balanceamento de CargaPound & Varnish - Cache e Balanceamento de Carga
Pound & Varnish - Cache e Balanceamento de Carga
gsroma
 
Squid proxy-configuration-guide
Squid proxy-configuration-guideSquid proxy-configuration-guide
Squid proxy-configuration-guide
jasembo
 
SnortReport Presentation
SnortReport PresentationSnortReport Presentation
SnortReport Presentation
webhostingguy
 

Tendances (17)

Nat
NatNat
Nat
 
Openstack installation using rdo
Openstack installation using rdoOpenstack installation using rdo
Openstack installation using rdo
 
Openstack kilo installation using rdo
Openstack kilo installation using rdoOpenstack kilo installation using rdo
Openstack kilo installation using rdo
 
Squid Server
Squid ServerSquid Server
Squid Server
 
8 steps to protect your cisco router
8 steps to protect your cisco router8 steps to protect your cisco router
8 steps to protect your cisco router
 
Squidinstallation
SquidinstallationSquidinstallation
Squidinstallation
 
Squid
SquidSquid
Squid
 
Project on squid proxy in rhel 6
Project on squid proxy in rhel 6Project on squid proxy in rhel 6
Project on squid proxy in rhel 6
 
Squid file
Squid fileSquid file
Squid file
 
Pound & Varnish - Cache e Balanceamento de Carga
Pound & Varnish - Cache e Balanceamento de CargaPound & Varnish - Cache e Balanceamento de Carga
Pound & Varnish - Cache e Balanceamento de Carga
 
Config websocket on apache
Config websocket on apacheConfig websocket on apache
Config websocket on apache
 
Squid
SquidSquid
Squid
 
Squid proxy-configuration-guide
Squid proxy-configuration-guideSquid proxy-configuration-guide
Squid proxy-configuration-guide
 
Squid Proxy Server
Squid Proxy ServerSquid Proxy Server
Squid Proxy Server
 
SnortReport Presentation
SnortReport PresentationSnortReport Presentation
SnortReport Presentation
 
Unbreakable VPN using Vyatta/VyOS - HOW TO -
Unbreakable VPN using Vyatta/VyOS - HOW TO -Unbreakable VPN using Vyatta/VyOS - HOW TO -
Unbreakable VPN using Vyatta/VyOS - HOW TO -
 
Cluster setup multinode_aws
Cluster setup multinode_awsCluster setup multinode_aws
Cluster setup multinode_aws
 

En vedette

Manual instalação winxp
Manual instalação winxpManual instalação winxp
Manual instalação winxp
Leandro Almeida
 
Manual instalacao-cent os
Manual instalacao-cent osManual instalacao-cent os
Manual instalacao-cent os
Leandro Almeida
 

En vedette (6)

Unidade5 roteiro
Unidade5 roteiroUnidade5 roteiro
Unidade5 roteiro
 
Manual instalação winxp
Manual instalação winxpManual instalação winxp
Manual instalação winxp
 
Manual instalacao-cent os
Manual instalacao-cent osManual instalacao-cent os
Manual instalacao-cent os
 
Unidade8 roteiro
Unidade8 roteiroUnidade8 roteiro
Unidade8 roteiro
 
D do s
D do sD do s
D do s
 
Unidade7 roteiro
Unidade7 roteiroUnidade7 roteiro
Unidade7 roteiro
 

Similaire à Unidade3 roteiro proxy

DEFCON 22: Bypass firewalls, application white lists, secure remote desktops ...
DEFCON 22: Bypass firewalls, application white lists, secure remote desktops ...DEFCON 22: Bypass firewalls, application white lists, secure remote desktops ...
DEFCON 22: Bypass firewalls, application white lists, secure remote desktops ...
Zoltan Balazs
 
Building an ActionScript Game Server with over 15,000 Concurrent Connections
Building an ActionScript Game Server with over 15,000 Concurrent Connections Building an ActionScript Game Server with over 15,000 Concurrent Connections
Building an ActionScript Game Server with over 15,000 Concurrent Connections
Renaun Erickson
 
17937858 squid-server - [the-xp.blogspot.com]
17937858 squid-server - [the-xp.blogspot.com]17937858 squid-server - [the-xp.blogspot.com]
17937858 squid-server - [the-xp.blogspot.com]
Krisman Tarigan
 
26.1.7 lab snort and firewall rules
26.1.7 lab snort and firewall rules26.1.7 lab snort and firewall rules
26.1.7 lab snort and firewall rules
Freddy Buenaño
 
Hacking Highly Secured Enterprise Environments by Zoltan Balazs
Hacking Highly Secured Enterprise Environments by Zoltan BalazsHacking Highly Secured Enterprise Environments by Zoltan Balazs
Hacking Highly Secured Enterprise Environments by Zoltan Balazs
Shakacon
 
Hacker Halted 2014 - Post-Exploitation After Having Remote Access
Hacker Halted 2014 - Post-Exploitation After Having Remote AccessHacker Halted 2014 - Post-Exploitation After Having Remote Access
Hacker Halted 2014 - Post-Exploitation After Having Remote Access
EC-Council
 

Similaire à Unidade3 roteiro proxy (20)

DEFCON 22: Bypass firewalls, application white lists, secure remote desktops ...
DEFCON 22: Bypass firewalls, application white lists, secure remote desktops ...DEFCON 22: Bypass firewalls, application white lists, secure remote desktops ...
DEFCON 22: Bypass firewalls, application white lists, secure remote desktops ...
 
Real World Experience of Running Docker in Development and Production
Real World Experience of Running Docker in Development and ProductionReal World Experience of Running Docker in Development and Production
Real World Experience of Running Docker in Development and Production
 
Building an ActionScript Game Server with over 15,000 Concurrent Connections
Building an ActionScript Game Server with over 15,000 Concurrent Connections Building an ActionScript Game Server with over 15,000 Concurrent Connections
Building an ActionScript Game Server with over 15,000 Concurrent Connections
 
Basic Cisco ASA 5506-x Configuration (Firepower)
Basic Cisco ASA 5506-x Configuration (Firepower)Basic Cisco ASA 5506-x Configuration (Firepower)
Basic Cisco ASA 5506-x Configuration (Firepower)
 
Reverse engineering Swisscom's Centro Grande Modem
Reverse engineering Swisscom's Centro Grande ModemReverse engineering Swisscom's Centro Grande Modem
Reverse engineering Swisscom's Centro Grande Modem
 
Jfrog artifactory as private docker registry
Jfrog artifactory as private docker registryJfrog artifactory as private docker registry
Jfrog artifactory as private docker registry
 
17937858 squid-server - [the-xp.blogspot.com]
17937858 squid-server - [the-xp.blogspot.com]17937858 squid-server - [the-xp.blogspot.com]
17937858 squid-server - [the-xp.blogspot.com]
 
Home Automation Using RPI
Home Automation Using RPIHome Automation Using RPI
Home Automation Using RPI
 
26.1.7 lab snort and firewall rules
26.1.7 lab snort and firewall rules26.1.7 lab snort and firewall rules
26.1.7 lab snort and firewall rules
 
Docker Networking - Common Issues and Troubleshooting Techniques
Docker Networking - Common Issues and Troubleshooting TechniquesDocker Networking - Common Issues and Troubleshooting Techniques
Docker Networking - Common Issues and Troubleshooting Techniques
 
Hacking Highly Secured Enterprise Environments by Zoltan Balazs
Hacking Highly Secured Enterprise Environments by Zoltan BalazsHacking Highly Secured Enterprise Environments by Zoltan Balazs
Hacking Highly Secured Enterprise Environments by Zoltan Balazs
 
Server hardening
Server hardeningServer hardening
Server hardening
 
Cisco Ios advanced
Cisco Ios advancedCisco Ios advanced
Cisco Ios advanced
 
FreeBSD and Hardening Web Server
FreeBSD and Hardening Web ServerFreeBSD and Hardening Web Server
FreeBSD and Hardening Web Server
 
Making Spinnaker Go @ Stitch Fix
Making Spinnaker Go @ Stitch FixMaking Spinnaker Go @ Stitch Fix
Making Spinnaker Go @ Stitch Fix
 
Docker Security Overview
Docker Security OverviewDocker Security Overview
Docker Security Overview
 
DEF CON 27 - ORANGE TSAI and MEH CHANG - infiltrating corporate intranet like...
DEF CON 27 - ORANGE TSAI and MEH CHANG - infiltrating corporate intranet like...DEF CON 27 - ORANGE TSAI and MEH CHANG - infiltrating corporate intranet like...
DEF CON 27 - ORANGE TSAI and MEH CHANG - infiltrating corporate intranet like...
 
Defcon 22-zoltan-balazs-bypass-firewalls-application-whiteli
Defcon 22-zoltan-balazs-bypass-firewalls-application-whiteliDefcon 22-zoltan-balazs-bypass-firewalls-application-whiteli
Defcon 22-zoltan-balazs-bypass-firewalls-application-whiteli
 
Hacker Halted 2014 - Post-Exploitation After Having Remote Access
Hacker Halted 2014 - Post-Exploitation After Having Remote AccessHacker Halted 2014 - Post-Exploitation After Having Remote Access
Hacker Halted 2014 - Post-Exploitation After Having Remote Access
 
Velocity 2011 - Our first DDoS attack
Velocity 2011 - Our first DDoS attackVelocity 2011 - Our first DDoS attack
Velocity 2011 - Our first DDoS attack
 

Plus de Leandro Almeida

Unidade2 projeto lógico da rede
Unidade2 projeto lógico da redeUnidade2 projeto lógico da rede
Unidade2 projeto lógico da rede
Leandro Almeida
 
Unidade6 roteiro pentest
Unidade6 roteiro pentestUnidade6 roteiro pentest
Unidade6 roteiro pentest
Leandro Almeida
 
Unidade5 roteiro footprint
Unidade5 roteiro footprintUnidade5 roteiro footprint
Unidade5 roteiro footprint
Leandro Almeida
 
Unidade3 seg perimetral-vpn
Unidade3 seg perimetral-vpnUnidade3 seg perimetral-vpn
Unidade3 seg perimetral-vpn
Leandro Almeida
 
Unidade3 seg perimetral-vpn
Unidade3 seg perimetral-vpnUnidade3 seg perimetral-vpn
Unidade3 seg perimetral-vpn
Leandro Almeida
 

Plus de Leandro Almeida (20)

Segurança de-redes
Segurança de-redesSegurança de-redes
Segurança de-redes
 
Unidade2 projeto lógico da rede
Unidade2 projeto lógico da redeUnidade2 projeto lógico da rede
Unidade2 projeto lógico da rede
 
Roteiro cups
Roteiro cupsRoteiro cups
Roteiro cups
 
Roteiro sambaswat
Roteiro sambaswatRoteiro sambaswat
Roteiro sambaswat
 
Roteiro samba
Roteiro sambaRoteiro samba
Roteiro samba
 
Unidade6 roteiro pentest
Unidade6 roteiro pentestUnidade6 roteiro pentest
Unidade6 roteiro pentest
 
Roteiro vsftpd
Roteiro vsftpdRoteiro vsftpd
Roteiro vsftpd
 
Roteiro sshd
Roteiro sshdRoteiro sshd
Roteiro sshd
 
Roteiro nfs
Roteiro nfsRoteiro nfs
Roteiro nfs
 
Unidade5 roteiro footprint
Unidade5 roteiro footprintUnidade5 roteiro footprint
Unidade5 roteiro footprint
 
Unidade5 footprint
Unidade5 footprintUnidade5 footprint
Unidade5 footprint
 
Unidade 8 ieee802-11i
Unidade 8 ieee802-11iUnidade 8 ieee802-11i
Unidade 8 ieee802-11i
 
Unidade4 cripto
Unidade4 criptoUnidade4 cripto
Unidade4 cripto
 
Roteiro dns
Roteiro dnsRoteiro dns
Roteiro dns
 
Unidade 6 servico dns
Unidade 6 servico dnsUnidade 6 servico dns
Unidade 6 servico dns
 
Roteiro web
Roteiro webRoteiro web
Roteiro web
 
Unidade 7 cripto
Unidade 7 criptoUnidade 7 cripto
Unidade 7 cripto
 
Unidade 5 servico web
Unidade 5 servico webUnidade 5 servico web
Unidade 5 servico web
 
Unidade3 seg perimetral-vpn
Unidade3 seg perimetral-vpnUnidade3 seg perimetral-vpn
Unidade3 seg perimetral-vpn
 
Unidade3 seg perimetral-vpn
Unidade3 seg perimetral-vpnUnidade3 seg perimetral-vpn
Unidade3 seg perimetral-vpn
 

Dernier

Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
sammart93
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
panagenda
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
Igalia
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Drew Madelung
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc
 

Dernier (20)

How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
 
MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)
 
HTML Injection Attacks: Impact and Mitigation Strategies
HTML Injection Attacks: Impact and Mitigation StrategiesHTML Injection Attacks: Impact and Mitigation Strategies
HTML Injection Attacks: Impact and Mitigation Strategies
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
 
Manulife - Insurer Innovation Award 2024
Manulife - Insurer Innovation Award 2024Manulife - Insurer Innovation Award 2024
Manulife - Insurer Innovation Award 2024
 
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CV
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 

Unidade3 roteiro proxy

  • 1. Curso Superior de Tecnologia em Redes de Computadores Segurança da Informação Prof. Leandro Almeida Roteiro – Proxy 1 Cenário • Proxy: eth0: 192.168.0.254 ◦ eth1: DHCP(ip real - Internet) • PC0: ◦ eth0: 192.168.0.10 • PC1: ◦ eth0: 192.168.0.11 • PC2: ◦ eth0: 192.168.0.12 2 Proxy/Cache A idéia é baixar, compilar e instalar o Squid-Cache no servidor Proxy. Os passos necessários para isso estão descritos abaixo
  • 2. #Instalar requisitos yum install gcc gcc­c++ wget perl #Download do pacote  wget http://www.squid­cache.org/Versions/v3/3.1/squid­3.1.19.tar.gz #Descompactar o pacote tar ­xvzf squid­3.1.19.tar.gz #Compilar e instalar ./configure ­­prefix=/opt/squid ­­with­logdir=/var/log/squid  ­­with­pidfile=/var/run/squid.pid –enable­storeio=ufs,aufs ­­enable­removal­policies=lru,heap ­­enable­icmp –enable­ useragent­log ­­enable­referer­log ­­enable­cache­digests  ­­with­large­files make make install Após a instalação, podemos editar os arquivos de configuração. Abaixo temos um exemplo do arquivo squid.conf: #  # Recommended minimum configuration:  #  acl manager proto cache_object acl localhost src 127.0.0.1/32 ::1 acl to_localhost dst 127.0.0.1/8 0.0.0.0/32 ::1 # Example rule allowing access from your local networks.  # Adapt to list your (internal) IP networks from where browsing  # should be allowed  #acl localnet src 10.0.0.0/8 # RFC1918 possible internal network  #acl localnet src 172.16.0.0/12 # RFC1918 possible internal network  acl localnet src 192.168.0.0/24 # RFC1918 possible internal network  acl localnet src fc00::/7       # RFC 4193 local private network range  acl localnet src fe80::/10      # RFC 4291 link­local (directly plugged)  machines  acl SSL_ports port 443  acl Safe_ports port 80 # http  acl Safe_ports port 21 # ftp  acl Safe_ports port 443 # https  acl Safe_ports port 70 # gopher  acl Safe_ports port 210 # wais  acl Safe_ports port 1025­65535 # unregistered ports  acl Safe_ports port 280 # http­mgmt  acl Safe_ports port 488 # gss­http  acl Safe_ports port 591 # filemaker  acl Safe_ports port 777 # multiling http  acl CONNECT method CONNECT  #  # Recommended minimum Access Permission configuration:  #   # Only allow cachemgr access from localhost  http_access allow localhost manager  http_access deny manager 
  • 3.   # Deny requests to certain unsafe ports  http_access deny !Safe_ports  # Deny CONNECT to other than secure SSL ports  http_access deny CONNECT !SSL_ports  # We strongly recommend the following be uncommented to protect innocent  # web applications running on the proxy server who think the only  # one who can access services on "localhost" is a local user  #http_access deny to_localhost  #   # INSERT YOUR OWN RULE(S) HERE TO ALLOW ACCESS FROM YOUR CLIENTS  #  acl sites_bloqueados dstdomain '/opt/squid/etc/sites_bloqueados.txt' #Obs: lembre de criar o arquivo sites_bloqueados.txt, com a listagem de   sites que não devem ser acessados # Example rule allowing access from your local networks.  # Adapt localnet in the ACL section to list your (internal) IP networks  # from where browsing should be allowed  http_access deny sites_bloqueados http_access allow localnet  http_access allow localhost  # And finally deny all other access to this proxy  http_access deny all  # Squid normally listens to port 3128  http_port 3128  # Uncomment and adjust the following to add a disk cache directory.  cache_dir ufs /var/spool/squid 100 16 256  # Leave coredumps in the first cache dir  coredump_dir /var/spool/squid  # Add any of your own refresh_pattern entries above these.  refresh_pattern ^ftp: 1440 20% 10080  refresh_pattern ^gopher: 1440 0% 1440  refresh_pattern ­i (/cgi­bin/|?) 0 0% 0  refresh_pattern . 0 20% 4320