Firewalling Proxy Server for Innopac 香港中文大學圖書館系統 University Library System The Chinese University of Hong Kong Ernest Yik,...
Proxy, Firewall and Innopac <ul><li>Proxy </li></ul><ul><li>Firewall </li></ul><ul><li>Combining proxy and firewall </li><...
Proxy : Description <ul><li>Transparent web proxy </li></ul><ul><li>Change of browser settings not required  </li></ul><ul...
Proxy : Encoding detection <ul><li>OPAC migrate to Unicode in July 2003 </li></ul><ul><li>R2002 phase 2 : browser encoding...
Proxy : Logging <ul><li>Logging of all WebPAC activities including </li></ul><ul><ul><li>OPAC searching & browsing </li></...
Proxy : Statistics
Proxy : Statistics (cont.)
Proxy : Other applications <ul><li>Fine-grain access control, e.g. </li></ul><ul><ul><li>Restricting access to Innopac man...
Firewall : Description <ul><li>Transparent bridging firewall </li></ul><ul><li>No modification to Innopac settings </li></...
Firewall : Security <ul><li>Another line of defence against security holes </li></ul><ul><ul><li>No software is perfect </...
Firewall : Security (cont.) <ul><li>Innopac - Limit Network Access </li></ul><ul><ul><li>PatronAPI, OCLCNET etc. </li></ul...
Firewall + proxy <ul><li>Firewall security </li></ul><ul><li>+ proxy features </li></ul><ul><li>Work together </li></ul><u...
HW/SW requirements <ul><li>Hardware </li></ul><ul><ul><li>Low hardware requirements </li></ul></ul><ul><ul><li>PC Server w...
Things to note <ul><li>What you want to achieve </li></ul><ul><li>Choose among available solutions </li></ul><ul><li>Extra...
Thank you <ul><li>Questions & comments </li></ul><ul><li>For technical details, please contact : </li></ul><ul><ul><li>Ern...
Upcoming SlideShare
Loading in...5
×

Firewalling Proxy Server for Innopac

574
-1

Published on

0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
574
On Slideshare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
13
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Firewalling Proxy Server for Innopac

  1. 1. Firewalling Proxy Server for Innopac 香港中文大學圖書館系統 University Library System The Chinese University of Hong Kong Ernest Yik, Information Technology & Planning December 9, 2003
  2. 2. Proxy, Firewall and Innopac <ul><li>Proxy </li></ul><ul><li>Firewall </li></ul><ul><li>Combining proxy and firewall </li></ul>
  3. 3. Proxy : Description <ul><li>Transparent web proxy </li></ul><ul><li>Change of browser settings not required </li></ul><ul><li>All access to WebPAC must first go through the proxy </li></ul><ul><li>Proxy software : Apache or Squid </li></ul>
  4. 4. Proxy : Encoding detection <ul><li>OPAC migrate to Unicode in July 2003 </li></ul><ul><li>R2002 phase 2 : browser encoding problem </li></ul><ul><li>Add an HTML META tag to facilitate automatic encoding detection </li></ul><ul><li><meta http-equiv=&quot;Content-Type&quot; content=&quot;text/html; charset=utf-8&quot;> </li></ul><ul><li>Solved in R2002 phase 3 </li></ul>
  5. 5. Proxy : Logging <ul><li>Logging of all WebPAC activities including </li></ul><ul><ul><li>OPAC searching & browsing </li></ul></ul><ul><ul><li>Downloading MARC records </li></ul></ul><ul><ul><li>Viewing book covers </li></ul></ul><ul><ul><li>etc etc… </li></ul></ul><ul><li>Many tools available to generate statistics from the standard log files </li></ul>
  6. 6. Proxy : Statistics
  7. 7. Proxy : Statistics (cont.)
  8. 8. Proxy : Other applications <ul><li>Fine-grain access control, e.g. </li></ul><ul><ul><li>Restricting access to Innopac manual </li></ul></ul><ul><ul><li>Controlling download of MARC records </li></ul></ul><ul><li>Banner display during software updates </li></ul><ul><ul><li>When WebPAC is down for maintenance </li></ul></ul><ul><li>Enhance WAM Rewrite Proxy </li></ul><ul><ul><li>Bypass WAM Proxy for on-campus users </li></ul></ul>
  9. 9. Firewall : Description <ul><li>Transparent bridging firewall </li></ul><ul><li>No modification to Innopac settings </li></ul><ul><li>All access to Innopac must first go through the firewall (not only WebPAC) </li></ul><ul><li>Firewall software : Linux kernel + iptables </li></ul>
  10. 10. Firewall : Security <ul><li>Another line of defence against security holes </li></ul><ul><ul><li>No software is perfect </li></ul></ul><ul><ul><li>Configuration error </li></ul></ul><ul><ul><li>Delay in software update </li></ul></ul><ul><li>Low level logging and monitoring </li></ul>
  11. 11. Firewall : Security (cont.) <ul><li>Innopac - Limit Network Access </li></ul><ul><ul><li>PatronAPI, OCLCNET etc. </li></ul></ul><ul><ul><li>Are they really secure? </li></ul></ul><ul><li>Operating system </li></ul>
  12. 12. Firewall + proxy <ul><li>Firewall security </li></ul><ul><li>+ proxy features </li></ul><ul><li>Work together </li></ul><ul><li>nicely within the </li></ul><ul><li>same box </li></ul>
  13. 13. HW/SW requirements <ul><li>Hardware </li></ul><ul><ul><li>Low hardware requirements </li></ul></ul><ul><ul><li>PC Server with two network interfaces </li></ul></ul><ul><li>Software </li></ul><ul><ul><li>All open source </li></ul></ul><ul><ul><li>Highly flexible and reliable </li></ul></ul>
  14. 14. Things to note <ul><li>What you want to achieve </li></ul><ul><li>Choose among available solutions </li></ul><ul><li>Extra resource may be required </li></ul><ul><li>What to do in case of failure – recovery plan </li></ul><ul><li>Study Innovative’s FAQ on Firewalls </li></ul><ul><li>Thorough testing to make sure that normal services are not adversely affected </li></ul><ul><li>Firewall itself is not perfect! </li></ul><ul><ul><li>Can only provide certain kind of protection </li></ul></ul><ul><ul><li>Do not blindly trust the firewall </li></ul></ul>
  15. 15. Thank you <ul><li>Questions & comments </li></ul><ul><li>For technical details, please contact : </li></ul><ul><ul><li>Ernest YIK, </li></ul></ul><ul><ul><li>Information Technology & Planning, </li></ul></ul><ul><ul><li>University Library System, CUHK </li></ul></ul><ul><ul><li>ernest @lib. cuhk . edu . hk </li></ul></ul>
  1. A particular slide catching your eye?

    Clipping is a handy way to collect important slides you want to go back to later.

×