SlideShare a Scribd company logo

Unidade3 roteiro proxy

Leandro Almeida
Leandro Almeida

The document describes how to configure a proxy server using Squid Cache on a Linux server. It provides instructions for installing Squid Cache via yum, downloading, compiling and installing the Squid tarball. It also includes an example Squid configuration file with ACL rules to allow access from local networks and deny access to blocked sites and unsafe ports.

1 of 3
Download to read offline
Curso Superior de Tecnologia em Redes de Computadores Segurança da Informação Prof. Leandro Almeida Roteiro – Proxy 1 Cenário • Proxy: eth0: 192.168.0.254 ◦ eth1: DHCP(ip real - Internet) • PC0: ◦ eth0: 192.168.0.10 • PC1: ◦ eth0: 192.168.0.11 • PC2: ◦ eth0: 192.168.0.12 2 Proxy/Cache A idéia é baixar, compilar e instalar o Squid-Cache no servidor Proxy. Os passos necessários para isso estão descritos abaixo
#Instalar requisitos yum install gcc gcc­c++ wget perl #Download do pacote  wget http://www.squid­cache.org/Versions/v3/3.1/squid­3.1.19.tar.gz #Descompactar o pacote tar ­xvzf squid­3.1.19.tar.gz #Compilar e instalar ./configure ­­prefix=/opt/squid ­­with­logdir=/var/log/squid  ­­with­pidfile=/var/run/squid.pid –enable­storeio=ufs,aufs ­­enable­removal­policies=lru,heap ­­enable­icmp –enable­ useragent­log ­­enable­referer­log ­­enable­cache­digests  ­­with­large­files make make install Após a instalação, podemos editar os arquivos de configuração. Abaixo temos um exemplo do arquivo squid.conf: #  # Recommended minimum configuration:  #  acl manager proto cache_object acl localhost src 127.0.0.1/32 ::1 acl to_localhost dst 127.0.0.1/8 0.0.0.0/32 ::1 # Example rule allowing access from your local networks.  # Adapt to list your (internal) IP networks from where browsing  # should be allowed  #acl localnet src 10.0.0.0/8 # RFC1918 possible internal network  #acl localnet src 172.16.0.0/12 # RFC1918 possible internal network  acl localnet src 192.168.0.0/24 # RFC1918 possible internal network  acl localnet src fc00::/7       # RFC 4193 local private network range  acl localnet src fe80::/10      # RFC 4291 link­local (directly plugged)  machines  acl SSL_ports port 443  acl Safe_ports port 80 # http  acl Safe_ports port 21 # ftp  acl Safe_ports port 443 # https  acl Safe_ports port 70 # gopher  acl Safe_ports port 210 # wais  acl Safe_ports port 1025­65535 # unregistered ports  acl Safe_ports port 280 # http­mgmt  acl Safe_ports port 488 # gss­http  acl Safe_ports port 591 # filemaker  acl Safe_ports port 777 # multiling http  acl CONNECT method CONNECT  #  # Recommended minimum Access Permission configuration:  #   # Only allow cachemgr access from localhost  http_access allow localhost manager  http_access deny manager 
  # Deny requests to certain unsafe ports  http_access deny !Safe_ports  # Deny CONNECT to other than secure SSL ports  http_access deny CONNECT !SSL_ports  # We strongly recommend the following be uncommented to protect innocent  # web applications running on the proxy server who think the only  # one who can access services on "localhost" is a local user  #http_access deny to_localhost  #   # INSERT YOUR OWN RULE(S) HERE TO ALLOW ACCESS FROM YOUR CLIENTS  #  acl sites_bloqueados dstdomain '/opt/squid/etc/sites_bloqueados.txt' #Obs: lembre de criar o arquivo sites_bloqueados.txt, com a listagem de   sites que não devem ser acessados # Example rule allowing access from your local networks.  # Adapt localnet in the ACL section to list your (internal) IP networks  # from where browsing should be allowed  http_access deny sites_bloqueados http_access allow localnet  http_access allow localhost  # And finally deny all other access to this proxy  http_access deny all  # Squid normally listens to port 3128  http_port 3128  # Uncomment and adjust the following to add a disk cache directory.  cache_dir ufs /var/spool/squid 100 16 256  # Leave coredumps in the first cache dir  coredump_dir /var/spool/squid  # Add any of your own refresh_pattern entries above these.  refresh_pattern ^ftp: 1440 20% 10080  refresh_pattern ^gopher: 1440 0% 1440  refresh_pattern ­i (/cgi­bin/|?) 0 0% 0  refresh_pattern . 0 20% 4320

Recommended

Netmiko library
Netmiko libraryNetmiko library
Netmiko library
Manjunath annure
 
Triangle OpenStack meetup 09 2013
Triangle OpenStack meetup 09 2013Triangle OpenStack meetup 09 2013
Triangle OpenStack meetup 09 2013
Dan Radez
 
Lamp configuration u buntu 10.04
Lamp configuration u buntu 10.04Lamp configuration u buntu 10.04
Lamp configuration u buntu 10.04mikehie
 
Openstack installation using rdo multi node
Openstack installation using rdo multi nodeOpenstack installation using rdo multi node
Openstack installation using rdo multi node
Narasimha sreeram
 
Nginx
NginxNginx
Nginx
Shaopeng He
 
Installing OpenStack Juno using RDO on RHEL
Installing OpenStack Juno using RDO on RHELInstalling OpenStack Juno using RDO on RHEL
Installing OpenStack Juno using RDO on RHEL
openstackstl
 
Squid server
Squid serverSquid server
Squid server
Rohit Phulsunge
 
Arduino práctico ethernet
Arduino práctico ethernetArduino práctico ethernet
Arduino práctico ethernet
Jose Antonio Vacas
 

Recommended

Netmiko library
Netmiko libraryNetmiko library
Netmiko library
Manjunath annure
 
Triangle OpenStack meetup 09 2013
Triangle OpenStack meetup 09 2013Triangle OpenStack meetup 09 2013
Triangle OpenStack meetup 09 2013
Dan Radez
 
Lamp configuration u buntu 10.04
Lamp configuration u buntu 10.04Lamp configuration u buntu 10.04
Lamp configuration u buntu 10.04mikehie
 
Openstack installation using rdo multi node
Openstack installation using rdo multi nodeOpenstack installation using rdo multi node
Openstack installation using rdo multi node
Narasimha sreeram
 
Nginx
NginxNginx
Nginx
Shaopeng He
 
Installing OpenStack Juno using RDO on RHEL
Installing OpenStack Juno using RDO on RHELInstalling OpenStack Juno using RDO on RHEL
Installing OpenStack Juno using RDO on RHEL
openstackstl
 
Squid server
Squid serverSquid server
Squid server
Rohit Phulsunge
 
Arduino práctico ethernet
Arduino práctico ethernetArduino práctico ethernet
Arduino práctico ethernet
Jose Antonio Vacas
 
Nat
NatNat
NatMohamed Gamel
 
Openstack installation using rdo
Openstack installation using rdoOpenstack installation using rdo
Openstack installation using rdo
Narasimha sreeram
 
Openstack kilo installation using rdo
Openstack kilo installation using rdoOpenstack kilo installation using rdo
Openstack kilo installation using rdoNarasimha sreeram
 
Squid Server
Squid ServerSquid Server
Squid Server
Sumant Garg
 
8 steps to protect your cisco router
8 steps to protect your cisco router8 steps to protect your cisco router
8 steps to protect your cisco router
IT Tech
 
Squidinstallation
SquidinstallationSquidinstallation
Squidinstallation
Chirag Gupta
 
Squid
SquidSquid
Squid
Syeda Javeria
 
Project on squid proxy in rhel 6
Project on squid proxy in rhel 6Project on squid proxy in rhel 6
Project on squid proxy in rhel 6
Nutan Kumar Panda
 
Squid file
Squid fileSquid file
Squid file
Nalin Peiris
 
Pound & Varnish - Cache e Balanceamento de Carga
Pound & Varnish - Cache e Balanceamento de CargaPound & Varnish - Cache e Balanceamento de Carga
Pound & Varnish - Cache e Balanceamento de Carga
gsroma
 
Config websocket on apache
Config websocket on apacheConfig websocket on apache
Config websocket on apache
baran19901990
 
Squid
SquidSquid
Squid
Chirag Gupta
 
Squid proxy-configuration-guide
Squid proxy-configuration-guideSquid proxy-configuration-guide
Squid proxy-configuration-guidejasembo
 
Squid Proxy Server
Squid Proxy ServerSquid Proxy Server
Squid Proxy Server
13bcs0012
 
SnortReport Presentation
SnortReport PresentationSnortReport Presentation
SnortReport Presentationwebhostingguy
 
Unbreakable VPN using Vyatta/VyOS - HOW TO -
Unbreakable VPN using Vyatta/VyOS - HOW TO -Unbreakable VPN using Vyatta/VyOS - HOW TO -
Unbreakable VPN using Vyatta/VyOS - HOW TO -
Naoto MATSUMOTO
 
Cluster setup multinode_aws
Cluster setup multinode_awsCluster setup multinode_aws
Cluster setup multinode_aws
sparrowAnalytics.com
 
Unidade5 roteiro
Unidade5 roteiroUnidade5 roteiro
Unidade5 roteiroLeandro Almeida
 
Manual instalação winxp
Manual instalação winxpManual instalação winxp
Manual instalação winxpLeandro Almeida
 
Manual instalacao-cent os
Manual instalacao-cent osManual instalacao-cent os
Manual instalacao-cent osLeandro Almeida
 
Unidade8 roteiro
Unidade8 roteiroUnidade8 roteiro
Unidade8 roteiroLeandro Almeida
 
D do s
D do sD do s
D do sLeandro Almeida
 

More Related Content

What's hot

Openstack installation using rdo
Openstack installation using rdoOpenstack installation using rdo
Openstack installation using rdo
Narasimha sreeram
 
Openstack kilo installation using rdo
Openstack kilo installation using rdoOpenstack kilo installation using rdo
Openstack kilo installation using rdoNarasimha sreeram
 
Squid Server
Squid ServerSquid Server
Squid Server
Sumant Garg
 
8 steps to protect your cisco router
8 steps to protect your cisco router8 steps to protect your cisco router
8 steps to protect your cisco router
IT Tech
 
Squidinstallation
SquidinstallationSquidinstallation
Squidinstallation
Chirag Gupta
 
Squid
SquidSquid
Squid
Syeda Javeria
 
Project on squid proxy in rhel 6
Project on squid proxy in rhel 6Project on squid proxy in rhel 6
Project on squid proxy in rhel 6
Nutan Kumar Panda
 
Squid file
Squid fileSquid file
Squid file
Nalin Peiris
 
Pound & Varnish - Cache e Balanceamento de Carga
Pound & Varnish - Cache e Balanceamento de CargaPound & Varnish - Cache e Balanceamento de Carga
Pound & Varnish - Cache e Balanceamento de Carga
gsroma
 
Config websocket on apache
Config websocket on apacheConfig websocket on apache
Config websocket on apache
baran19901990
 
Squid
SquidSquid
Squid
Chirag Gupta
 
Squid proxy-configuration-guide
Squid proxy-configuration-guideSquid proxy-configuration-guide
Squid proxy-configuration-guidejasembo
 
Squid Proxy Server
Squid Proxy ServerSquid Proxy Server
Squid Proxy Server
13bcs0012
 
SnortReport Presentation
SnortReport PresentationSnortReport Presentation
SnortReport Presentationwebhostingguy
 
Unbreakable VPN using Vyatta/VyOS - HOW TO -
Unbreakable VPN using Vyatta/VyOS - HOW TO -Unbreakable VPN using Vyatta/VyOS - HOW TO -
Unbreakable VPN using Vyatta/VyOS - HOW TO -
Naoto MATSUMOTO
 
Cluster setup multinode_aws
Cluster setup multinode_awsCluster setup multinode_aws
Cluster setup multinode_aws
sparrowAnalytics.com
 

What's hot (17)

Nat
NatNat
Nat
 
Openstack installation using rdo
Openstack installation using rdoOpenstack installation using rdo
Openstack installation using rdo
 
Openstack kilo installation using rdo
Openstack kilo installation using rdoOpenstack kilo installation using rdo
Openstack kilo installation using rdo
 
Squid Server
Squid ServerSquid Server
Squid Server
 
8 steps to protect your cisco router
8 steps to protect your cisco router8 steps to protect your cisco router
8 steps to protect your cisco router
 
Squidinstallation
SquidinstallationSquidinstallation
Squidinstallation
 
Squid
SquidSquid
Squid
 
Project on squid proxy in rhel 6
Project on squid proxy in rhel 6Project on squid proxy in rhel 6
Project on squid proxy in rhel 6
 
Squid file
Squid fileSquid file
Squid file
 
Pound & Varnish - Cache e Balanceamento de Carga
Pound & Varnish - Cache e Balanceamento de CargaPound & Varnish - Cache e Balanceamento de Carga
Pound & Varnish - Cache e Balanceamento de Carga
 
Config websocket on apache
Config websocket on apacheConfig websocket on apache
Config websocket on apache
 
Squid
SquidSquid
Squid
 
Squid proxy-configuration-guide
Squid proxy-configuration-guideSquid proxy-configuration-guide
Squid proxy-configuration-guide
 
Squid Proxy Server
Squid Proxy ServerSquid Proxy Server
Squid Proxy Server
 
SnortReport Presentation
SnortReport PresentationSnortReport Presentation
SnortReport Presentation
 
Unbreakable VPN using Vyatta/VyOS - HOW TO -
Unbreakable VPN using Vyatta/VyOS - HOW TO -Unbreakable VPN using Vyatta/VyOS - HOW TO -
Unbreakable VPN using Vyatta/VyOS - HOW TO -
 
Cluster setup multinode_aws
Cluster setup multinode_awsCluster setup multinode_aws
Cluster setup multinode_aws
 

Viewers also liked

Manual instalação winxp
Manual instalação winxpManual instalação winxp
Manual instalação winxpLeandro Almeida
 
Manual instalacao-cent os
Manual instalacao-cent osManual instalacao-cent os
Manual instalacao-cent osLeandro Almeida
 

Viewers also liked (6)

Unidade5 roteiro
Unidade5 roteiroUnidade5 roteiro
Unidade5 roteiro
 
Manual instalação winxp
Manual instalação winxpManual instalação winxp
Manual instalação winxp
 
Manual instalacao-cent os
Manual instalacao-cent osManual instalacao-cent os
Manual instalacao-cent os
 
Unidade8 roteiro
Unidade8 roteiroUnidade8 roteiro
Unidade8 roteiro
 
D do s
D do sD do s
D do s
 
Unidade7 roteiro
Unidade7 roteiroUnidade7 roteiro
Unidade7 roteiro
 

Similar to Unidade3 roteiro proxy

DEFCON 22: Bypass firewalls, application white lists, secure remote desktops ...
DEFCON 22: Bypass firewalls, application white lists, secure remote desktops ...DEFCON 22: Bypass firewalls, application white lists, secure remote desktops ...
DEFCON 22: Bypass firewalls, application white lists, secure remote desktops ...
Zoltan Balazs
 
Real World Experience of Running Docker in Development and Production
Real World Experience of Running Docker in Development and ProductionReal World Experience of Running Docker in Development and Production
Real World Experience of Running Docker in Development and Production
Ben Hall
 
Building an ActionScript Game Server with over 15,000 Concurrent Connections
Building an ActionScript Game Server with over 15,000 Concurrent Connections Building an ActionScript Game Server with over 15,000 Concurrent Connections
Building an ActionScript Game Server with over 15,000 Concurrent Connections
Renaun Erickson
 
Basic Cisco ASA 5506-x Configuration (Firepower)
Basic Cisco ASA 5506-x Configuration (Firepower)Basic Cisco ASA 5506-x Configuration (Firepower)
Basic Cisco ASA 5506-x Configuration (Firepower)
NetProtocol Xpert
 
Reverse engineering Swisscom's Centro Grande Modem
Reverse engineering Swisscom's Centro Grande ModemReverse engineering Swisscom's Centro Grande Modem
Reverse engineering Swisscom's Centro Grande Modem
Cyber Security Alliance
 
Jfrog artifactory as private docker registry
Jfrog artifactory as private docker registryJfrog artifactory as private docker registry
Jfrog artifactory as private docker registry
Vipin Mandale
 
17937858 squid-server - [the-xp.blogspot.com]
17937858 squid-server - [the-xp.blogspot.com]17937858 squid-server - [the-xp.blogspot.com]
17937858 squid-server - [the-xp.blogspot.com]Krisman Tarigan
 
Home Automation Using RPI
Home Automation Using RPIHome Automation Using RPI
Home Automation Using RPI
Ankara JUG
 
26.1.7 lab snort and firewall rules
26.1.7 lab snort and firewall rules26.1.7 lab snort and firewall rules
26.1.7 lab snort and firewall rules
Freddy Buenaño
 
Docker Networking - Common Issues and Troubleshooting Techniques
Docker Networking - Common Issues and Troubleshooting TechniquesDocker Networking - Common Issues and Troubleshooting Techniques
Docker Networking - Common Issues and Troubleshooting Techniques
Sreenivas Makam
 
Hacking Highly Secured Enterprise Environments by Zoltan Balazs
Hacking Highly Secured Enterprise Environments by Zoltan BalazsHacking Highly Secured Enterprise Environments by Zoltan Balazs
Hacking Highly Secured Enterprise Environments by Zoltan Balazs
Shakacon
 
Server hardening
Server hardeningServer hardening
Server hardening
Teja Babu
 
Cisco Ios advanced
Cisco Ios advancedCisco Ios advanced
Cisco Ios advanced
Nallaparaju Varma
 
FreeBSD and Hardening Web Server
FreeBSD and Hardening Web ServerFreeBSD and Hardening Web Server
FreeBSD and Hardening Web Server
Muhammad Moinur Rahman
 
Making Spinnaker Go @ Stitch Fix
Making Spinnaker Go @ Stitch FixMaking Spinnaker Go @ Stitch Fix
Making Spinnaker Go @ Stitch Fix
Diana Tkachenko
 
Docker Security Overview
Docker Security OverviewDocker Security Overview
Docker Security Overview
Sreenivas Makam
 
DEF CON 27 - ORANGE TSAI and MEH CHANG - infiltrating corporate intranet like...
DEF CON 27 - ORANGE TSAI and MEH CHANG - infiltrating corporate intranet like...DEF CON 27 - ORANGE TSAI and MEH CHANG - infiltrating corporate intranet like...
DEF CON 27 - ORANGE TSAI and MEH CHANG - infiltrating corporate intranet like...
Felipe Prado
 
Defcon 22-zoltan-balazs-bypass-firewalls-application-whiteli
Defcon 22-zoltan-balazs-bypass-firewalls-application-whiteliDefcon 22-zoltan-balazs-bypass-firewalls-application-whiteli
Defcon 22-zoltan-balazs-bypass-firewalls-application-whiteli
Priyanka Aash
 
Hacker Halted 2014 - Post-Exploitation After Having Remote Access
Hacker Halted 2014 - Post-Exploitation After Having Remote AccessHacker Halted 2014 - Post-Exploitation After Having Remote Access
Hacker Halted 2014 - Post-Exploitation After Having Remote Access
EC-Council
 
Velocity 2011 - Our first DDoS attack
Velocity 2011 - Our first DDoS attackVelocity 2011 - Our first DDoS attack
Velocity 2011 - Our first DDoS attack
Cosimo Streppone
 

Similar to Unidade3 roteiro proxy (20)

DEFCON 22: Bypass firewalls, application white lists, secure remote desktops ...
DEFCON 22: Bypass firewalls, application white lists, secure remote desktops ...DEFCON 22: Bypass firewalls, application white lists, secure remote desktops ...
DEFCON 22: Bypass firewalls, application white lists, secure remote desktops ...
 
Real World Experience of Running Docker in Development and Production
Real World Experience of Running Docker in Development and ProductionReal World Experience of Running Docker in Development and Production
Real World Experience of Running Docker in Development and Production
 
Building an ActionScript Game Server with over 15,000 Concurrent Connections
Building an ActionScript Game Server with over 15,000 Concurrent Connections Building an ActionScript Game Server with over 15,000 Concurrent Connections
Building an ActionScript Game Server with over 15,000 Concurrent Connections
 
Basic Cisco ASA 5506-x Configuration (Firepower)
Basic Cisco ASA 5506-x Configuration (Firepower)Basic Cisco ASA 5506-x Configuration (Firepower)
Basic Cisco ASA 5506-x Configuration (Firepower)
 
Reverse engineering Swisscom's Centro Grande Modem
Reverse engineering Swisscom's Centro Grande ModemReverse engineering Swisscom's Centro Grande Modem
Reverse engineering Swisscom's Centro Grande Modem
 
Jfrog artifactory as private docker registry
Jfrog artifactory as private docker registryJfrog artifactory as private docker registry
Jfrog artifactory as private docker registry
 
17937858 squid-server - [the-xp.blogspot.com]
17937858 squid-server - [the-xp.blogspot.com]17937858 squid-server - [the-xp.blogspot.com]
17937858 squid-server - [the-xp.blogspot.com]
 
Home Automation Using RPI
Home Automation Using RPIHome Automation Using RPI
Home Automation Using RPI
 
26.1.7 lab snort and firewall rules
26.1.7 lab snort and firewall rules26.1.7 lab snort and firewall rules
26.1.7 lab snort and firewall rules
 
Docker Networking - Common Issues and Troubleshooting Techniques
Docker Networking - Common Issues and Troubleshooting TechniquesDocker Networking - Common Issues and Troubleshooting Techniques
Docker Networking - Common Issues and Troubleshooting Techniques
 
Hacking Highly Secured Enterprise Environments by Zoltan Balazs
Hacking Highly Secured Enterprise Environments by Zoltan BalazsHacking Highly Secured Enterprise Environments by Zoltan Balazs
Hacking Highly Secured Enterprise Environments by Zoltan Balazs
 
Server hardening
Server hardeningServer hardening
Server hardening
 
Cisco Ios advanced
Cisco Ios advancedCisco Ios advanced
Cisco Ios advanced
 
FreeBSD and Hardening Web Server
FreeBSD and Hardening Web ServerFreeBSD and Hardening Web Server
FreeBSD and Hardening Web Server
 
Making Spinnaker Go @ Stitch Fix
Making Spinnaker Go @ Stitch FixMaking Spinnaker Go @ Stitch Fix
Making Spinnaker Go @ Stitch Fix
 
Docker Security Overview
Docker Security OverviewDocker Security Overview
Docker Security Overview
 
DEF CON 27 - ORANGE TSAI and MEH CHANG - infiltrating corporate intranet like...
DEF CON 27 - ORANGE TSAI and MEH CHANG - infiltrating corporate intranet like...DEF CON 27 - ORANGE TSAI and MEH CHANG - infiltrating corporate intranet like...
DEF CON 27 - ORANGE TSAI and MEH CHANG - infiltrating corporate intranet like...
 
Defcon 22-zoltan-balazs-bypass-firewalls-application-whiteli
Defcon 22-zoltan-balazs-bypass-firewalls-application-whiteliDefcon 22-zoltan-balazs-bypass-firewalls-application-whiteli
Defcon 22-zoltan-balazs-bypass-firewalls-application-whiteli
 
Hacker Halted 2014 - Post-Exploitation After Having Remote Access
Hacker Halted 2014 - Post-Exploitation After Having Remote AccessHacker Halted 2014 - Post-Exploitation After Having Remote Access
Hacker Halted 2014 - Post-Exploitation After Having Remote Access
 
Velocity 2011 - Our first DDoS attack
Velocity 2011 - Our first DDoS attackVelocity 2011 - Our first DDoS attack
Velocity 2011 - Our first DDoS attack
 

More from Leandro Almeida

Unidade2 projeto lógico da rede
Unidade2 projeto lógico da redeUnidade2 projeto lógico da rede
Unidade2 projeto lógico da redeLeandro Almeida
 
Unidade6 roteiro pentest
Unidade6 roteiro pentestUnidade6 roteiro pentest
Unidade6 roteiro pentestLeandro Almeida
 
Unidade5 roteiro footprint
Unidade5 roteiro footprintUnidade5 roteiro footprint
Unidade5 roteiro footprintLeandro Almeida
 
Unidade3 seg perimetral-vpn
Unidade3 seg perimetral-vpnUnidade3 seg perimetral-vpn
Unidade3 seg perimetral-vpnLeandro Almeida
 
Unidade3 seg perimetral-vpn
Unidade3 seg perimetral-vpnUnidade3 seg perimetral-vpn
Unidade3 seg perimetral-vpnLeandro Almeida
 

More from Leandro Almeida (20)

Segurança de-redes
Segurança de-redesSegurança de-redes
Segurança de-redes
 
Unidade2 projeto lógico da rede
Unidade2 projeto lógico da redeUnidade2 projeto lógico da rede
Unidade2 projeto lógico da rede
 
Roteiro cups
Roteiro cupsRoteiro cups
Roteiro cups
 
Roteiro sambaswat
Roteiro sambaswatRoteiro sambaswat
Roteiro sambaswat
 
Roteiro samba
Roteiro sambaRoteiro samba
Roteiro samba
 
Unidade6 roteiro pentest
Unidade6 roteiro pentestUnidade6 roteiro pentest
Unidade6 roteiro pentest
 
Roteiro vsftpd
Roteiro vsftpdRoteiro vsftpd
Roteiro vsftpd
 
Roteiro sshd
Roteiro sshdRoteiro sshd
Roteiro sshd
 
Roteiro nfs
Roteiro nfsRoteiro nfs
Roteiro nfs
 
Unidade5 roteiro footprint
Unidade5 roteiro footprintUnidade5 roteiro footprint
Unidade5 roteiro footprint
 
Unidade5 footprint
Unidade5 footprintUnidade5 footprint
Unidade5 footprint
 
Unidade 8 ieee802-11i
Unidade 8 ieee802-11iUnidade 8 ieee802-11i
Unidade 8 ieee802-11i
 
Unidade4 cripto
Unidade4 criptoUnidade4 cripto
Unidade4 cripto
 
Roteiro dns
Roteiro dnsRoteiro dns
Roteiro dns
 
Unidade 6 servico dns
Unidade 6 servico dnsUnidade 6 servico dns
Unidade 6 servico dns
 
Roteiro web
Roteiro webRoteiro web
Roteiro web
 
Unidade 7 cripto
Unidade 7 criptoUnidade 7 cripto
Unidade 7 cripto
 
Unidade 5 servico web
Unidade 5 servico webUnidade 5 servico web
Unidade 5 servico web
 
Unidade3 seg perimetral-vpn
Unidade3 seg perimetral-vpnUnidade3 seg perimetral-vpn
Unidade3 seg perimetral-vpn
 
Unidade3 seg perimetral-vpn
Unidade3 seg perimetral-vpnUnidade3 seg perimetral-vpn
Unidade3 seg perimetral-vpn
 

Recently uploaded

LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
DanBrown980551
 
UiPath Test Automation using UiPath Test Suite series, part 4
UiPath Test Automation using UiPath Test Suite series, part 4UiPath Test Automation using UiPath Test Suite series, part 4
UiPath Test Automation using UiPath Test Suite series, part 4
DianaGray10
 
State of ICS and IoT Cyber Threat Landscape Report 2024 preview
State of ICS and IoT Cyber Threat Landscape Report 2024 previewState of ICS and IoT Cyber Threat Landscape Report 2024 preview
State of ICS and IoT Cyber Threat Landscape Report 2024 preview
Prayukth K V
 
Connector Corner: Automate dynamic content and events by pushing a button
Connector Corner: Automate dynamic content and events by pushing a buttonConnector Corner: Automate dynamic content and events by pushing a button
Connector Corner: Automate dynamic content and events by pushing a button
DianaGray10
 
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
Product School
 
Accelerate your Kubernetes clusters with Varnish Caching
Accelerate your Kubernetes clusters with Varnish CachingAccelerate your Kubernetes clusters with Varnish Caching
Accelerate your Kubernetes clusters with Varnish Caching
Thijs Feryn
 
From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...
From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...
From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...
Product School
 
DevOps and Testing slides at DASA Connect
DevOps and Testing slides at DASA ConnectDevOps and Testing slides at DASA Connect
DevOps and Testing slides at DASA Connect
Kari Kakkonen
 
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024
Tobias Schneck
 
When stars align: studies in data quality, knowledge graphs, and machine lear...
When stars align: studies in data quality, knowledge graphs, and machine lear...When stars align: studies in data quality, knowledge graphs, and machine lear...
When stars align: studies in data quality, knowledge graphs, and machine lear...
Elena Simperl
 
FIDO Alliance Osaka Seminar: Overview.pdf
FIDO Alliance Osaka Seminar: Overview.pdfFIDO Alliance Osaka Seminar: Overview.pdf
FIDO Alliance Osaka Seminar: Overview.pdf
FIDO Alliance
 
Epistemic Interaction - tuning interfaces to provide information for AI support
Epistemic Interaction - tuning interfaces to provide information for AI supportEpistemic Interaction - tuning interfaces to provide information for AI support
Epistemic Interaction - tuning interfaces to provide information for AI support
Alan Dix
 
GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...
GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...
GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...
Sri Ambati
 
How world-class product teams are winning in the AI era by CEO and Founder, P...
How world-class product teams are winning in the AI era by CEO and Founder, P...How world-class product teams are winning in the AI era by CEO and Founder, P...
How world-class product teams are winning in the AI era by CEO and Founder, P...
Product School
 
Assuring Contact Center Experiences for Your Customers With ThousandEyes
Assuring Contact Center Experiences for Your Customers With ThousandEyesAssuring Contact Center Experiences for Your Customers With ThousandEyes
Assuring Contact Center Experiences for Your Customers With ThousandEyes
ThousandEyes
 
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
Product School
 
PHP Frameworks: I want to break free (IPC Berlin 2024)
PHP Frameworks: I want to break free (IPC Berlin 2024)PHP Frameworks: I want to break free (IPC Berlin 2024)
PHP Frameworks: I want to break free (IPC Berlin 2024)
Ralf Eggert
 
Transcript: Selling digital books in 2024: Insights from industry leaders - T...
Transcript: Selling digital books in 2024: Insights from industry leaders - T...Transcript: Selling digital books in 2024: Insights from industry leaders - T...
Transcript: Selling digital books in 2024: Insights from industry leaders - T...
BookNet Canada
 
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdfSmart TV Buyer Insights Survey 2024 by 91mobiles.pdf
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf
91mobiles
 
The Art of the Pitch: WordPress Relationships and Sales
The Art of the Pitch: WordPress Relationships and SalesThe Art of the Pitch: WordPress Relationships and Sales
The Art of the Pitch: WordPress Relationships and Sales
Laura Byrne
 

Recently uploaded (20)

LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
 
UiPath Test Automation using UiPath Test Suite series, part 4
UiPath Test Automation using UiPath Test Suite series, part 4UiPath Test Automation using UiPath Test Suite series, part 4
UiPath Test Automation using UiPath Test Suite series, part 4
 
State of ICS and IoT Cyber Threat Landscape Report 2024 preview
State of ICS and IoT Cyber Threat Landscape Report 2024 previewState of ICS and IoT Cyber Threat Landscape Report 2024 preview
State of ICS and IoT Cyber Threat Landscape Report 2024 preview
 
Connector Corner: Automate dynamic content and events by pushing a button
Connector Corner: Automate dynamic content and events by pushing a buttonConnector Corner: Automate dynamic content and events by pushing a button
Connector Corner: Automate dynamic content and events by pushing a button
 
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
 
Accelerate your Kubernetes clusters with Varnish Caching
Accelerate your Kubernetes clusters with Varnish CachingAccelerate your Kubernetes clusters with Varnish Caching
Accelerate your Kubernetes clusters with Varnish Caching
 
From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...
From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...
From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...
 
DevOps and Testing slides at DASA Connect
DevOps and Testing slides at DASA ConnectDevOps and Testing slides at DASA Connect
DevOps and Testing slides at DASA Connect
 
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024
 
When stars align: studies in data quality, knowledge graphs, and machine lear...
When stars align: studies in data quality, knowledge graphs, and machine lear...When stars align: studies in data quality, knowledge graphs, and machine lear...
When stars align: studies in data quality, knowledge graphs, and machine lear...
 
FIDO Alliance Osaka Seminar: Overview.pdf
FIDO Alliance Osaka Seminar: Overview.pdfFIDO Alliance Osaka Seminar: Overview.pdf
FIDO Alliance Osaka Seminar: Overview.pdf
 
Epistemic Interaction - tuning interfaces to provide information for AI support
Epistemic Interaction - tuning interfaces to provide information for AI supportEpistemic Interaction - tuning interfaces to provide information for AI support
Epistemic Interaction - tuning interfaces to provide information for AI support
 
GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...
GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...
GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...
 
How world-class product teams are winning in the AI era by CEO and Founder, P...
How world-class product teams are winning in the AI era by CEO and Founder, P...How world-class product teams are winning in the AI era by CEO and Founder, P...
How world-class product teams are winning in the AI era by CEO and Founder, P...
 
Assuring Contact Center Experiences for Your Customers With ThousandEyes
Assuring Contact Center Experiences for Your Customers With ThousandEyesAssuring Contact Center Experiences for Your Customers With ThousandEyes
Assuring Contact Center Experiences for Your Customers With ThousandEyes
 
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
 
PHP Frameworks: I want to break free (IPC Berlin 2024)
PHP Frameworks: I want to break free (IPC Berlin 2024)PHP Frameworks: I want to break free (IPC Berlin 2024)
PHP Frameworks: I want to break free (IPC Berlin 2024)
 
Transcript: Selling digital books in 2024: Insights from industry leaders - T...
Transcript: Selling digital books in 2024: Insights from industry leaders - T...Transcript: Selling digital books in 2024: Insights from industry leaders - T...
Transcript: Selling digital books in 2024: Insights from industry leaders - T...
 
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdfSmart TV Buyer Insights Survey 2024 by 91mobiles.pdf
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf
 
The Art of the Pitch: WordPress Relationships and Sales
The Art of the Pitch: WordPress Relationships and SalesThe Art of the Pitch: WordPress Relationships and Sales
The Art of the Pitch: WordPress Relationships and Sales
 

Unidade3 roteiro proxy

  • 1. Curso Superior de Tecnologia em Redes de Computadores Segurança da Informação Prof. Leandro Almeida Roteiro – Proxy 1 Cenário • Proxy: eth0: 192.168.0.254 ◦ eth1: DHCP(ip real - Internet) • PC0: ◦ eth0: 192.168.0.10 • PC1: ◦ eth0: 192.168.0.11 • PC2: ◦ eth0: 192.168.0.12 2 Proxy/Cache A idéia é baixar, compilar e instalar o Squid-Cache no servidor Proxy. Os passos necessários para isso estão descritos abaixo
  • 2. #Instalar requisitos yum install gcc gcc­c++ wget perl #Download do pacote  wget http://www.squid­cache.org/Versions/v3/3.1/squid­3.1.19.tar.gz #Descompactar o pacote tar ­xvzf squid­3.1.19.tar.gz #Compilar e instalar ./configure ­­prefix=/opt/squid ­­with­logdir=/var/log/squid  ­­with­pidfile=/var/run/squid.pid –enable­storeio=ufs,aufs ­­enable­removal­policies=lru,heap ­­enable­icmp –enable­ useragent­log ­­enable­referer­log ­­enable­cache­digests  ­­with­large­files make make install Após a instalação, podemos editar os arquivos de configuração. Abaixo temos um exemplo do arquivo squid.conf: #  # Recommended minimum configuration:  #  acl manager proto cache_object acl localhost src 127.0.0.1/32 ::1 acl to_localhost dst 127.0.0.1/8 0.0.0.0/32 ::1 # Example rule allowing access from your local networks.  # Adapt to list your (internal) IP networks from where browsing  # should be allowed  #acl localnet src 10.0.0.0/8 # RFC1918 possible internal network  #acl localnet src 172.16.0.0/12 # RFC1918 possible internal network  acl localnet src 192.168.0.0/24 # RFC1918 possible internal network  acl localnet src fc00::/7       # RFC 4193 local private network range  acl localnet src fe80::/10      # RFC 4291 link­local (directly plugged)  machines  acl SSL_ports port 443  acl Safe_ports port 80 # http  acl Safe_ports port 21 # ftp  acl Safe_ports port 443 # https  acl Safe_ports port 70 # gopher  acl Safe_ports port 210 # wais  acl Safe_ports port 1025­65535 # unregistered ports  acl Safe_ports port 280 # http­mgmt  acl Safe_ports port 488 # gss­http  acl Safe_ports port 591 # filemaker  acl Safe_ports port 777 # multiling http  acl CONNECT method CONNECT  #  # Recommended minimum Access Permission configuration:  #   # Only allow cachemgr access from localhost  http_access allow localhost manager  http_access deny manager 
  • 3.   # Deny requests to certain unsafe ports  http_access deny !Safe_ports  # Deny CONNECT to other than secure SSL ports  http_access deny CONNECT !SSL_ports  # We strongly recommend the following be uncommented to protect innocent  # web applications running on the proxy server who think the only  # one who can access services on "localhost" is a local user  #http_access deny to_localhost  #   # INSERT YOUR OWN RULE(S) HERE TO ALLOW ACCESS FROM YOUR CLIENTS  #  acl sites_bloqueados dstdomain '/opt/squid/etc/sites_bloqueados.txt' #Obs: lembre de criar o arquivo sites_bloqueados.txt, com a listagem de   sites que não devem ser acessados # Example rule allowing access from your local networks.  # Adapt localnet in the ACL section to list your (internal) IP networks  # from where browsing should be allowed  http_access deny sites_bloqueados http_access allow localnet  http_access allow localhost  # And finally deny all other access to this proxy  http_access deny all  # Squid normally listens to port 3128  http_port 3128  # Uncomment and adjust the following to add a disk cache directory.  cache_dir ufs /var/spool/squid 100 16 256  # Leave coredumps in the first cache dir  coredump_dir /var/spool/squid  # Add any of your own refresh_pattern entries above these.  refresh_pattern ^ftp: 1440 20% 10080  refresh_pattern ^gopher: 1440 0% 1440  refresh_pattern ­i (/cgi­bin/|?) 0 0% 0  refresh_pattern . 0 20% 4320