Microsoft Proxy Server 2.0
- By Chip Andrews
Microsoft’s Proxy Server 2.0 isn’t exactly the new kid
on the block, but it still stands as one of the premier NT-based
firewall products in service. And don’t let the name fool you—Proxy
Server has packet-filtering capabilities. The product sports some
solid features including NT security model integration, Microsoft
Management Console integration, and proxy arrays, plus it’s
no surprise that Proxy Server fits NT and Windows 2000 like a glove.
The product also enjoys incredible plug-in support from third parties
that provides added functionality such as Web content filtering
and intrusion detection.
Proxy Server doesn’t provide NAT support in the same way as
other products mentioned in this article. The product consists of
a Web Proxy, SOCKS Proxy, and Winsock Proxy. When implementing the
Winsock Proxy, Proxy Server works by replacing the Winsock DLL located
on the client machines with a modified version designed to route
all authorized requests off the proxy server. This implementation
requires a software installation at each client and is Windows-centric.
Obviously, this approach isn’t attractive to heterogeneous
shops that must support a large variety of operating systems.
With a dizzying array of tuning options, Microsoft’s
Proxy Server 2.0 is designed with corporate networks in mind.
Remember that most of these powerful capabilities are limited
to the Web (HTTP) proxy. (Click image to view larger version.)
Proxy Server really shines when it comes to NT integration and
horizontal scalability. By creating arrays of proxy servers, it’s
possible to ease the load on a server cluster without having to
build bigger boxes. This type of configuration easily provides security
integration, performance, and fault-tolerance, with next-to-zero
administration or training required. For NT-only shops that require
mostly Web-only access (no traditional NAT), Proxy Server is a very
strong contender in the firewall arena.
Chip Andrews, MCSE+I, MCDBA is a software security architect at (Clarus Corp.). Chip maintains the (sqlsecurity.com) Web site and speaks at security conferences on SQL Server security issues.