Tuesday, December 29, 2009

Internet Information Service 2

INTERNET INFORMATION SERVICE 2

Version 7.5

IIS 7.5 is the latest update to the IIS 7.0 server. This release comes with Windows Server 2008 R2 and Windows 7. This integrates many separate downloads available from Microsoft into the release.

Highlights include:

* Integration of the new FTP with the OS
* Integration of Admin Pack Extension with the OS
* IIS Powershell provider
* Rich Application Hosting
* Improvements to FastCGI
* IIS Core changes and improvements
* IIS Best Practice Analyzer

IIS Media Pack

The IIS Media Pack is a set of free add-on modules for delivering digital audio and video files from an Internet Information Services 7.0 (IIS7) Web server. Download delivery from a Web server to media player software is often as a progressive download, which allows the end user's media player to quickly start rendering the media file even as the download is still in progress. Examples of media player software that will work with the IIS Media Pack include Adobe Flash Player, Apple QuickTime Player, RealNetworks RealPlayer, Microsoft Windows Media Player, and Microsoft Silverlight. The IIS Media Pack provides some of the cost savings and content control benefits of streaming media servers to Web server delivery of media files.


The first module, Bit Rate Throttling, was released to the general public on March 14, 2008. For media files, Bit Rate Throttling uploads the first few seconds of the file as fast as possible, allowing playback to begin very quickly, and then automatically detects the encoded bit rate of the file and meters out the rest of the download at that bit rate. If an end user stops playback before the end of the file, the server has only uploaded a few more seconds of file than were actually consumed, reducing bandwidth costs when compared to traditional send-and-forget HTTP downloads. Metering the delivery of media files also reduces overall bandwidth and CPU usage on the IIS server, freeing resources to serve a higher number of concurrent users. The following eleven media file formats are supported by default in the Bit Rate Throttling module: ASF, AVI, FLV, M4V, MOV, MP3, MP4, RM, RMVB, WMA, WMV. Additional media file formats can be added using the IIS configuration system. Non-media files may also be throttled at a server-administrator-specified delivery rate.


The second module is called Web Playlists, and is now in its second Customer Technology Preview (CTP) release. This feature allows an IIS server administrator to specify a sequenced playback order for a set of media files without exposing the source URLs. Playback order and the ability to limit whether an end user can seek within or skip a file are controlled on the IIS server. The Web Playlists feature can also be used to dynamically generate personalized playlists for users.





Internet Information Services


Internet Information Services

History

Sale Kutte The first Microsoft webserver was a research project by the European Microsoft Windows NT Academic Centre (EMWAC), part of the University of Edinburgh in Scotland, and was distributed as freeware. However since the EMWAC server was unable to scale sufficiently to handle the volume of traffic going to microsoft.com, Microsoft was forced to develop its own webserver, IIS.


IIS was initially released as an additional set of Internet-based services for Windows NT 3.51. IIS 2.0 followed, adding support for the Windows NT 4.0 operating system; and IIS 3.0 introduced the Active Server Pages dynamic scripting environment.


IIS 4.0 dropped support for the Gopher protocol and was bundled with Windows NT as a separate "Option Pack".[citation needed]


The current shipping version of IIS is 7.5 for Windows 7 and Windows Server 2008 R2, 7.0 for Windows Vista and Windows Server 2008, 6.0 for Windows Server 2003 and Windows XP Professional x64 Edition, and IIS 5.1 for Windows XP Professional. Windows XP has a restricted version of IIS 5.1 that supports only 10 simultaneous connections and a single web site. IIS 6.0 added support for IPv6. A FastCGI module is also available for IIS5.1, IIS6 and IIS7.


IIS 7.0 is not installed by Windows Vista by default but it can be selected from the list of optional components. It is available in all editions of Windows Vista including Home Basic. IIS 7 on Vista does not limit the number of allowed connections as IIS on XP did but limits concurrent requests to 10 (Windows Vista Ultimate, Business, and Enterprise Editions) or 3 (Vista Home Premium). Additional requests are queued which hampers performance but they are not rejected as with XP.


IIS 7.0 (Windows Vista/2008) is much faster than IIS 5.1 (Windows XP) because it relies on the HTTP.SYS kernel driver.


Microsoft Web Platform Installer

Microsoft Web Platform Installer (WPI) is a simple, free tool that automates the installation of Microsoft's Web Platform technologies (such as IIS, ASP.NET, and PHP) and certain 3rd-party software.


Security

Earlier versions of IIS were hit with a number of vulnerabilities, chief among them CA-2001-19 which led to the infamous Code Red worm; however, both versions 6.0 and 7.0 currently have no reported issues with this specific vulnerability. In IIS 6.0 Microsoft opted to change the behaviour of pre-installed ISAPI handlers, many of which were culprits in the vulnerabilities of 4.0 and 5.0, thus reducing the attack surface of IIS. In addition, IIS 6.0 added a feature called "Web Service Extensions" that prevents IIS from launching any program without explicit permission by an administrator. With the current release IIS 7.0 the components are modularised so that only the required components have to be installed, thus further reducing the attack surface. In addition, security features are added such as URLFiltering which rejects suspicious URLs based on a user-defined rule set.


By default IIS 5.1 and lower run websites in-process under the SYSTEM account,a default Windows account with 'superuser' rights. Under 6.0 all request handling processes have been brought under a Network Services account with significantly fewer privileges so that should there be a vulnerability in a feature or in custom code it won't necessarily compromise the entire system given the sandboxed environment these worker processes run in. IIS 6.0 also contained a new kernel HTTP stack (http.sys) with a stricter HTTP request parser and response cache for both static and dynamic content.


There are various built-in security features from Microsoft. Many companies offer third-party security tools and features, also known as "Web App Firewalls, or Web Application Firewalls." The advantage of such tools is that they offer much more comprehensive elements (such as easy-to-use GUI, etc.) that aid in protecting an IIS installation with an additional layer of protection at a higher level.


Authentication Mechanisms

IIS 5.0 and higher support the following authentication mechanisms:


* Basic access authentication
* Digest access authentication
* Integrated Windows Authentication
* .NET Passport Authentication (not supported in Windows Server 2008 and above)


IIS 6.0 Technet reference


IIS 7 Config reference


Authentication changed slightly between IIS6 and IIS7, most notably in that the anonymous user which was named "IUSR_{machinename}" is a built-in account in Vista and future operating systems and named "IUSR". Other changes in authentication are noted on the iis.net website


Notably, in IIS 7, each authentication mechanism is isolated into its own module and can be installed or uninstalled independently. See the Native Modules list in this article on IIS.net


Version 7.0

Debuting with Windows Vista, and included in Windows Server 2008, IIS 7.0 features a modular architecture, much like Apache. Instead of a monolithic server which features all services, IIS 7 has a core web server engine. Modules offering specific functionality can be added to the engine to enable its features. The advantage of having this architecture is that only the features required can be enabled and that the functionalities can be extended by using custom modules.


IIS 7 will ship with a handful of modules, but Microsoft will make other modules available online. The following sets of modules are slated to ship with the server:


1. HTTP Modules
2. Security Modules
3. Content Modules
4. Compression Modules
5. Caching Modules
6. Logging and Diagnostics Modules


Running IIS 7 with the extension component Ape by Helicon Tech allows emulating Apache's runtime environment including more than a dozen Apache modules (mod_rewrite, mod_proxy, mod_auth, mod_cache, etc.), as well as direct .htaccess support, inside IIS.


Writing extensions to IIS 7 using ISAPI has been deprecated in favor of the module API, which allows modules to be plugged in anywhere within the request processing pipeline. Much of IIS's own functionality is built on this API, and as such, developers will have much more control over a request process than was possible in prior versions. Modules can be written using C++, or using the IHttpModule interface from a .NET Framework language. Modules can be loaded globally where the services provided by the module can affect all sites, or loaded on a per-site basis. IIS 7 has an integrated mode application pool where .NET modules are loaded into the pipeline using the module API, rather than ISAPI. As a result ASP.NET code can be used with all requests to the server. For applications requiring strict IIS 6.0 compatibility, the Classic application pool mode loads asp.NET as an ISAPI.


A significant change from previous versions of IIS is that all Web server configuration information is stored solely in XML configuration files, instead of in the metabase. The server has a global configuration file that provides defaults, and each virtual web's document root (and any subdirectory thereof) may contain a web.config containing settings that augment or override the defaults. Changes to these files take effect immediately. This marks a significant departure from previous versions whereby web interfaces, or machine administrator access, were required to change simple settings such as default document, active modules and security/authentication. It also eliminates the need to perform metabase synchronization between multiple servers in a farm of web servers.


IIS 7 also features a completely rewritten administration interface that takes advantage of modern MMC features such as task panes and asynchronous operation. Configuration of ASP.NET is more fully integrated into the administrative interface.

Other changes:

* PICS content ratings, support for Microsoft Passport, and server-side image maps are no longer included.
* Executing commands via server-side includes is no longer permitted.
* IISRESET -reboot has been removed.
* The CONVLOG tool, which converts IIS log files into NCSA format, has been removed.
* Support for enabling a folder for "Web Sharing" via the Windows Explorer interface has been removed.
* IIS Media Pack (see below), which allows IIS to be used as a bare-bones media server, without using Windows Media Services.
* New FTP module, that integrates with the new configuration store, as well as the new management environment.

Wednesday, December 16, 2009

CLIENT - SERVER information

Client - Server - Networking (Network Range)

Client-server computing or networking is a distributed application architecture that partitions tasks or work loads between service providers (servers) and service requesters, called clients. Often clients and servers operate over a computer network on separate hardware. A server machine is a high-performance host that is running one or more server programs which share its resources with clients. A client does not share any of its resources, but requests a server's content or service function. Clients therefore initiate communication sessions with servers which await (listen to) incoming requests.

Description

The client-server characteristic describes the relationship of cooperating programs in an application. The server component provides a function or service to one or many clients, which initiate requests for such services.

Functions such as email exchange, web access and database access, are built on the client-server model. For example, a web browser is a client program running on a user's computer that may access information stored on a web server on the Internet. Users accessing banking services from their computer use a web browser client to send a request to a web server at a bank. That program may in turn forward the request to its own database client program that sends a request to a database server at another bank computer to retrieve the account information. The balance is returned to the bank database client, which in turn serves it back to the web browser client displaying the results to the user.

The client-server model has become one of the central ideas of network computing. Many business applications being written today use the client-server model. So do the Internet's main application protocols, such as HTTP, SMTP, Telnet, DNS. In marketing, the term has been used to distinguish distributed computing by smaller dispersed computers from the "monolithic" centralized computing of mainframe computers. But this distinction has largely disappeared as mainframes and their applications have also turned to the client-server model and become part of network computing.

Each instance of the client software can send data requests to one or more connected servers. In turn, the servers can accept these requests, process them, and return the requested information to the client. Although this concept can be applied for a variety of reasons to many different kinds of applications, the architecture remains fundamentally the same.

The most basic type of client-server architecture employs only two types of hosts: clients and servers. This type of architecture is sometimes referred to as two-tier. It allows devices to share files and resources. The two tier architecture means that the client acts as one tier and application in combination with server acts as another tier.

The interaction between client and server is often described using sequence diagrams. Sequence diagrams are standardized in the Unified Modeling Language.

Specific types of clients include web browsers, email clients, and online chat clients.

Specific types of servers include web servers, ftp servers, application servers, database servers, name servers, mail servers, file servers, print servers, and terminal servers. Most web services are also types of servers.



Comparison to peer-to-peer architecture

In peer-to-peer architectures, each host or instance of the program can simultaneously act as both a client and a server, and each has equivalent responsibilities and status.

Both client-server and peer-to-peer architectures are in wide usage today. Details may be found in Comparison of Centralized (Client-Server) and Decentralized (Peer-to-Peer) Networking

Comparison to client-queue-client architecture

While classic client-server architecture requires one of the communication endpoints to act as a server, which is much harder to implement,[citation needed] Client-Queue-Client allows all endpoints to be simple clients, while the server consists of some external software, which also acts as passive queue (one software instance passes its query to another instance to queue, e.g. database, and then this other instance pulls it from a database, makes a response, passes it to database etc.). This architecture allows greatly simplified software implementation. Peer-to-peer architecture was originally based on the Client-Queue-Client concept.

Advantages

* In most cases, a client-server architecture enables the roles and responsibilities of a computing system to be distributed among several independent computers that are known to each other only through a network. This creates an additional advantage to this architecture: greater ease of maintenance. For example, it is possible to replace, repair, upgrade, or even relocate a server while its clients remain both unaware and unaffected by that change.
* All data is stored on the servers, which generally have far greater security controls than most clients.[citation needed] Servers can better control access and resources, to guarantee that only those clients with the appropriate permissions may access and change data.
* Since data storage is centralized, updates to that data are far easier to administer than what would be possible under a P2P paradigm. Under a P2P architecture, data updates may need to be distributed and applied to each peer in the network, which is both time-consuming and error-prone,[citation needed] as there can be thousands or even millions of peers.
* Many mature client-server technologies are already available which were designed to ensure security, friendliness of the user interface, and ease of use.[citation needed]
* It functions with multiple different clients of different capabilities.


Disadvantages

* Traffic congestion on the network has been an issue since the inception of the client-server paradigm.[citation needed] As the number of simultaneous client requests to a given server increases, the server can become overloaded. Contrast that to a P2P network, where its aggregated bandwidth actually increases as nodes are added, since the P2P network's overall bandwidth can be roughly computed as the sum of the bandwidths of every node in that network.
* The client-server paradigm lacks the robustness of a good P2P network.[citation needed] Under client-server, should a critical server fail, clients’ requests cannot be fulfilled. In P2P networks, resources are usually distributed among many nodes. Even if one or more nodes depart and abandon a downloading file, for example, the remaining nodes should still have the data needed to complete the download.

Email : xtechnologies@gmx.com
Web : xtechnologies.blogspot.com

Friday, July 17, 2009

Proxy Server New Update Definition

In computer networks, a proxy server is a server (a computer system or an application program) that acts as a go-between for requests from clients seeking resources from other servers. A client connects to the proxy server, requesting some service, such as a file, connection, web page, or other resource, available from a different server. The proxy server evaluates the request according to its filtering rules. For example, it may filter traffic by IP address or protocol. If the request is validated by the filter, the proxy provides the resource by connecting to the relevant server and requesting the service on behalf of the client. A proxy server may optionally alter the client's request or the server's response, and sometimes it may serve the request without contacting the specified server. In this case, it 'caches' responses from the remote server, and returns subsequent requests for the same content directly.

A proxy server has two purposes:

  • To keep machines behind it anonymous (mainly for security).[1]
  • To speed up access to a resource (via caching). It is commonly used to cache web pages from a web server.[2]

A proxy server that passes requests and replies unmodified is usually called a gateway or sometimes tunneling proxy.

A proxy server can be placed in the user's local computer or at various points between the user and the destination servers or the Internet. A reverse proxy is a proxy used as a front-end to accelerate and cache in-demand resources (such as a web page).

Monday, June 15, 2009

X Server for Mac

X SERVER for MAC





----- In Coming Trivia@Undernet -----

TRIVIA@UNDERNET

HTML score automatic Update Database.

...InComing...



* Tat-Triv_TrivScores.Htm_xml *

Download Manual Guide and Information About Our Service For Trivia Online Update@Undernet HERE!

http://xtechnology-server.blogspot.com/
http://xtechnology-undernet.blogspot.com/
http://xtechnology-networks.blogspot.com/




M I R C



by Xtechnology®Network.Server
for
BrokenMindInstitute®

Sunday, March 8, 2009

Download FileZilla Server

Download FILE ZILLA SERVER

Apache HTTP Server Version 2.0




Apache Module mod_info

Summary

To configure mod_info, add the following to your httpd.conf file.


SetHandler server-info


You may wish to use mod_access inside the directive to limit access to your server configuration information:


SetHandler server-info
Order deny,allow
Deny from all
Allow from yourcompany.com


Once configured, the server information is obtained by accessing http://your.host.dom/server-info
Note that the configuration files are read by the module at run-time, and therefore the display may not reflect the running server's active configuration if the files have been changed since the server was last reloaded. Also, the configuration files must be readable by the user as which the server is running (see the User directive), or else the directive settings will not be listed.

It should also be noted that if mod_info is compiled into the server, its handler capability is available in all configuration files, including per-directory files (e.g., .htaccess). This may have security-related ramifications for your site.

In particular, this module can leak sensitive information from the configuration directives of other Apache modules such as system paths, usernames/passwords, database names, etc. Due to the way this module works there is no way to block information from it. Therefore, this module should only be used in a controlled environment and always with caution.




AddModuleInfo Directive
Description: Adds additional information to the module information displayed by the server-info handler
Syntax: AddModuleInfo module-name string
Context: server config, virtual host
Status: Extension
Module: mod_info
Compatibility: Apache 1.3 and above

This allows the content of string to be shown as HTML interpreted, Additional Information for the module module-name. Example:

AddModuleInfo mod_auth.c 'See \
http://www.apache.org/docs/2.0/mod/mod_auth.html
'

Thursday, January 8, 2009

Risks of using anonymous proxy servers

Risks of using anonymous proxy - Xtechnology®Network.Server -


Risks of using anonymous proxy servers

In using a proxy server (for example, anonymizing HTTP proxy), all data sent to the service being used (for example, HTTP server in a website) must pass through the proxy server before being sent to the service, mostly in unencrypted form. It is therefore possible, as has been demonstrated, for a malicious proxy server to record everything sent to the proxy: including unencrypted logins and passwords.

By chaining proxies which do not reveal data about the original requester, it is possible to obfuscate activities from the eyes of the user's destination. However, more traces will be left on the intermediate hops, which could be used or offered up to trace the user's activities. If the policies and administrators of these other proxies are unknown, the user may fall victim to a false sense of security just because those details are out of sight and mind.

The bottom line of this is to be wary when using proxy servers, and only use proxy servers of known integrity (e.g., the owner is known and trusted, has a clear privacy policy, etc.), and never use proxy servers of unknown integrity. If there is no choice but to use unknown proxy servers, do not pass any private information (unless it is properly encrypted) through the proxy.

An important fact is that even secure https (SSL) connections can not protect from a sniffing proxy. It has been demonstrated that the SSL handshake can be intercepted on the proxy. The browser will show a secure, encrypted connection but the proxy is able to read everything in clear text. When encrypting email traffic through a proxy, one more technique is frequently used to stop the encryption: The proxy intercepts the email servers response to the encryption (TLS, SSL) request and fakes a negative response. Almost all email clients use a default setting that uses cleartext transfer in such a case. Using a proxy is always dangerous if you do not own or trust it, keep this in mind. Even high anonymity and privacy services like Tor or Cloakfish can not protect from these risks. Whenever a proxy is used you are at risk that someone "in the middle" can read your data.

In what is more of an inconvenience than a risk, proxy users may find themselves being blocked from certain Web sites, as numerous forums and Web sites block IP addresses from proxies known to have spammed or trolled the site.


Add by FiQ@Xtechnology®Network.Server
YOUR SERVER STATION

Suffix proxy

Suffix proxy server - Xtechnology®Network.Server -

Suffix proxy

A suffix proxy server allows a user to access web content by appending the name of the proxy server to the URL of the requested content (e.g. "en.wikipedia.org.6a.nl").

Suffix proxy servers are easier to use than regular proxy servers. The concept appeared in 2003 in form of the IPv6Gate and in 2004 in form of the Coral Content Distribution Network, but the term suffix proxy was only coined in October 2008 by "6a.nl


Add by FiQ@Xtechnology®Network.Server
YOUR SERVER STATION

Content filter

Content filter - Xtechnology®Network.Server -

Content filter

Many work places, schools and colleges restrict the web sites and online services that are made available in their buildings. This is done either with a specialized proxy, called a content filter (both commercial and free products are available), or by using a cache-extension protocol such as ICAP, that allows plug-in extensions to an open caching architecture.

Requests made to the open internet must first pass through an outbound proxy filter. The web-filtering company provides a database of URL patterns (regular expressions) with associated content attributes. This database is updated weekly by site-wide subscription, much like a virus filter subscription. The administrator instructs the web filter to ban broad classes of content (such as sports, pornography, online shopping, gambling, or social networking). Requests that match a banned URL pattern are rejected immediately.

Assuming the requested URL is acceptable, the content is then fetched by the proxy. At this point a dynamic filter may be applied on the return path. For example, JPEG files could be blocked based on fleshtone matches, or language filters could dynamically detect unacceptable language. If the content is rejected then an HTTP fetch error is returned and nothing is cached.

Most web filtering companies use an internet-wide crawling robot that assesses the likelihood that a content is a certain type (i.e. "This content is 70% chance of porn, 40% chance of sports, and 30% chance of news" could be the outcome for one web page). The resultant database is then corrected by manual labor based on complaints or known flaws in the content-matching algorithms.

Unfortunately, web filtering proxies are not able to peer inside secure sockets HTTP transactions. As a result, users wanting to bypass web filtering will typically search the internet for an open and anonymous HTTPS transparent proxy. They will then program their browser to proxy all requests through the web filter to this anonymous proxy. Those requests will be encrypted with https. The web filter cannot distinguish these transactions from, say, a legitimate access to a financial website. Thus, content filters are only effective against unsophisticated users.

A special case of web proxies is "CGI proxies". These are web sites that allow a user to access a site through them. They generally use PHP or CGI to implement the proxy functionality. These types of proxies are frequently used to gain access to web sites blocked by corporate or school proxies. Since they also hide the user's own IP address from the web sites they access through the proxy, they are sometimes also used to gain a degree of anonymity, called "Proxy Avoidance".


Add by FiQ@Xtechnology®Network.Server
YOUR SERVER STATION

Circumventor

Circumventor - Xtechnology®Network.Server -

Circumventor

A circumventor is a method of defeating blocking policies implemented using proxy servers. Ironically, most circumventors are also proxy servers, of varying degrees of sophistication, which effectively implement "bypass policies".

A circumventor is a web-based page that takes a site that is blocked and "circumvents" it through to an unblocked web site, allowing the user to view blocked pages. A famous example is elgooG, which allowed users in China to use Google after it had been blocked there. elgooG differs from most circumventors in that it circumvents only one block.

Students are able to access blocked sites (games, chatrooms, messenger, offensive material, internet pornography, social networking, etc.) through a circumventor. As fast as the filtering software blocks circumventors, others spring up. However, in some cases the filter may still intercept traffic to the circumventor, thus the person who manages the filter can still see the sites that are being visited.

Circumventors are also used by people who have been blocked from a web site.

Another use of a circumventor is to allow access to country-specific services, so that Internet users from other countries may also make use of them. An example is country-restricted reproduction of media and webcasting.

The use of circumventors is usually safe with the exception that circumventor sites run by an untrusted third party can be run with hidden intentions, such as collecting personal information, and as a result users are typically advised against running personal data such as credit card numbers or passwords through a circumventor.

An example of one way to circumvent a content-filtering proxy server is by tunnelling through to another proxy server, usually controlled by the user, which has unrestricted access to the internet. This is often acheived by using a VPN type tunnel, such as VPN itself or SSH, through a port left open by the proxy (eg. Port 443 is nearly always left open to allow the use of HTTPS). Through the use of encryption, tunnelling to a remote proxy server, provided the remote proxy server is itself secure, is not only difficult to detect, but also difficult to intercept.


Add by FiQ@Xtechnology®Network.Server
YOUR SERVER STATION

Reverse proxy server

Reverse proxy server - Xtechnology®Network.Server -

Reverse proxy server

Main article: Reverse proxy

A reverse proxy is a proxy server that is installed in the neighborhood of one or more web servers. All traffic coming from the Internet and with a destination of one of the web servers goes through the proxy server. There are several reasons for installing reverse proxy servers:

* Encryption / SSL acceleration: when secure web sites are created, the SSL encryption is often not done by the web server itself, but by a reverse proxy that is equipped with SSL acceleration hardware. See Secure Sockets Layer. Furthermore, a hoster can provide a single "SSL proxy" to provide SSL encryption for an arbitrary number of hosts; removing the need for a separate SSL Server Certificate for each host, with the downside that all hosts behind the SSL proxy have to share a common DNS name or IP address for SSL connections.
* Load balancing: the reverse proxy can distribute the load to several web servers, each web server serving its own application area. In such a case, the reverse proxy may need to rewrite the URLs in each web page (translation from externally known URLs to the internal locations).
* Serve/cache static content: A reverse proxy can offload the web servers by caching static content like pictures and other static graphical content.
* Compression: the proxy server can optimize and compress the content to speed up the load time.
* Spoon feeding: reduces resource usage caused by slow clients on the web servers by caching the content the web server sent and slowly "spoon feeds" it to the client. This especially benefits dynamically generated pages.
* Security: the proxy server is an additional layer of defense and can protect against some OS and WebServer specific attacks. However, it does not provide any protection to attacks against the web application or service itself, which is generally considered the larger threat.
* Extranet Publishing: a reverse proxy server facing the Internet can be used to communicate to a firewalled server internal to an organization, providing extranet access to some functions while keeping the servers behind the firewalls. If used in this way, security measures should be considered to protect the rest of your infrastructure in case this server is compromised, as its web application is exposed to attack from the Internet.


Add by FiQ@Xtechnology®Network.Server
YOUR SERVER STATION

Open proxy server

Open proxy server - Xtechnology®Network.Server -

Open proxy server

Main article: Open proxy
.Because proxies might be used to abuse, system administrators have developed a number of ways to refuse service to open proxies. Many IRC networks automatically test client systems for known types of open proxy. Likewise, an email server may be configured to automatically test e-mail senders for open proxies.

Groups of IRC and electronic mail operators run DNSBLs publishing lists of the IP addresses of known open proxies, such as AHBL, CBL, NJABL, and SORBS.

The ethics of automatically testing clients for open proxies are controversial. Some experts, such as Vernon Schryver, consider such testing to be equivalent to an attacker portscanning the client host. [1] Others consider the client to have solicited the scan by connecting to a server whose terms of service include testing.


Add by FiQ@Xtechnology®Network.Server
YOUR SERVER STATION

Forced proxy

Forced proxy - Xtechnology®Network.Server -

Forced proxy

The term "forced proxy" is ambiguous. It means both "intercepting proxy" (because it filters all traffic on the only available gateway to the Internet) and its exact opposite, "non-intercepting proxy" (because the user is forced to configure a proxy in order to access the Internet).

Forced proxy operation is sometimes necessary due to issues with the interception of TCP connections and HTTP. For instance interception of HTTP requests can affect the usability of a proxy cache, and can greatly affect certain authentication mechanisms. This is primarily because the client thinks it is talking to a server, and so request headers required by a proxy are unable to be distinguished from headers that may be required by an upstream server (esp authorization headers). Also the HTTP specification prohibits caching of responses where the request contained an authorization header.


Add by FiQ@Xtechnology®Network.Server
YOUR SERVER STATION

Transparent and non-transparent proxy server

Transparent and non-transparent proxy - Xtechnology®Network.Server -

Transparent and non-transparent proxy server

The term "transparent proxy" is most often used incorrectly to mean "intercepting proxy" (because the client does not need to configure a proxy and cannot directly detect that its requests are being proxied). Transparent proxies can be implemented using Cisco's WCCP (Web Cache Control Protocol). This proprietary protocol resides on the router and is configured from the cache, allowing the cache to determine what ports and traffic is sent to it via transparent redirection from the router. This redirection can occur in one of two ways: GRE Tunneling (OSI Layer 3) or MAC rewrites (OSI Layer 2).

However, RFC 2616 (Hypertext Transfer Protocol -- HTTP/1.1) offers different definitions:

"A 'transparent proxy' is a proxy that does not modify the request or response beyond what is required for proxy authentication and identification".
"A 'non-transparent proxy' is a proxy that modifies the request or response in order to provide some added service to the user agent, such as group annotation services, media type transformation, protocol reduction, or anonymity filtering".


Add by FiQ@Xtechnology®Network.Server
YOUR SERVER STATION

Intercepting proxy server

Intercepting Proxy - Xtechnology®Network.Server -

Intercepting proxy server

An intercepting proxy (also known as a "transparent proxy") combines a proxy server with a gateway. Connections made by client browsers through the gateway are redirected through the proxy without client-side configuration (or often knowledge).

Intercepting proxies are commonly used in businesses to prevent avoidance of acceptable use policy, and to ease administrative burden, since no client browser configuration is required.

It is often possible to detect the use of an intercepting proxy server by comparing the external IP address to the address seen by an external web server, or by examining the HTTP headers on the server side.


Add by FiQ@Xtechnology®Network.Server
YOUR SERVER STATION

Hostile proxy

Hostile Proxy Server - Xtechnology®Network.Server -

Hostile proxy

Proxies can also be installed in order to eavesdrop upon the dataflow between client machines and the web. All accessed pages, as well as all forms submitted, can be captured and analyzed by the proxy operator. For this reason, passwords to online services (such as webmail and banking) should always be exchanged over a cryptographically secured connection, such as SSL


Add by FiQ@Xtechnology®Network.Server
YOUR SERVER STATION

Anonymizing Proxy Server

Anonymizing - Xtechnology®Network.Server -



Anonymizing proxy server

An anonymous proxy server (sometimes called a web proxy) generally attempts to anonymize web surfing. These can easily be overridden by site administrators, and thus rendered useless in some cases. There are different varieties of anonymizers. One of the more common variations is the open proxy. Because they are typically difficult to track, open proxies are especially useful to those seeking online anonymity, from political dissidents to computer criminals................

Access control: Some proxy servers implement a logon requirement. In large organizations, authorized users must log on to gain access to the web. The organization can thereby track usage to individuals.



Add by FiQ@Xtechnology®Network.Server
YOUR SERVER STATION

WEB PROXY

WEB PROXY - Xtechnology®Network.Server -


Content-filtering web proxy

Further information: Content-control software

A content-filtering web proxy server provides administrative control over the content that may be relayed through the proxy. It is commonly used in commercial and non-commercial organizations (especially schools) to ensure that Internet usage conforms to acceptable use policy.

Some common methods used for content filtering include: URL or DNS blacklists, URL regex filtering, MIME filtering, or content keyword filtering. Some products have been known to employ content analysis techniques to look for traits commonly used by certain types of content providers.

A content filtering proxy will often support user authentication, to control web access. It also usually produces logs, either to give detailed information about the URLs accessed by specific users, or to monitor bandwidth usage statistics. It may also communicate to daemon based and/or ICAP based antivirus software to provide security against virus and other malware by scanning incoming content in real time before it enters the network.


Add by FiQ@Xtechnology®Network.Server
YOUR SERVER STATION

WEB PROXY DEFINITION AND FUNCTION

WEB PROXY DEFINITION AND FUNCTION - Xtechnology®Network.Server -


Web proxy

A proxy that focuses on WWW traffic is called a "web proxy". The most common use of a web proxy is to serve as a web cache. Most proxy programs (e.g. Squid) provide a means to deny access to certain URLs in a blacklist, thus providing content filtering. This is usually used in a corporate environment, though with the increasing use of Linux in small businesses and homes, this function is no longer confined to large corporations. Some web proxies reformat web pages for a specific purpose or audience (e.g., cell phones and PDAs).

AOL dialup customers used to have their requests routed through an extensible proxy that 'thinned' or reduced the detail in JPEG pictures. This sped up performance, but caused trouble, either when more resolution was needed or when the thinning program produced incorrect results. This is why in the early days of the web many web pages would contain a link saying "AOL Users Click Here" to bypass the web proxy and to avoid the bugs in the thinning software.


Add by FiQ@Xtechnology®Network.Server
YOUR SERVER STATION!

Proxy Server Definition

PROXY SERVER DEFINITION - Xtechnology®Network.Server -

Proxy servers implement one or more of the following functions:-

[edit] Caching proxy server

A caching proxy server accelerates service requests by retrieving content saved from a previous request made by the same client or even other clients. Caching proxies keep local copies of frequently requested resources, allowing large organizations to significantly reduce their upstream bandwidth usage and cost, while significantly increasing performance. Most ISPs and large businesses have a caching proxy. These machines are built to deliver superb file system performance (often with RAID and journaling) and also contain hot-rodded versions of TCP. Caching proxies were the first kind of proxy server.

The HTTP 1.0 and later protocols contain many types of headers for declaring static (cacheable) content and verifying content freshness with an original server, e.g. ETAG (validation tags), If-Modified-Since (date-based validation), Expiry (timeout-based invalidation), etc. Other protocols such as DNS support expiry only and contain no support for validation.

Some poorly-implemented caching proxies have had downsides (e.g., an inability to use user authentication). Some problems are described in RFC 3143 (Known HTTP Proxy/Caching Problems).


Another important use of the proxy server is to reduce the hardware cost. In organization there may be many systems working in the same network or under control of one server, now in this situation we can not have individual connection for all systems with internet. We can simply connect those systems with one proxy server and proxy server with the main server.

Add by FiQ@Xtechnology®Network.Server
YOUR SERVER STATION

Server Definition

SERVER DEFINITION - Xtechnology®Network.Server -
http://xtechnology-microsoft.blogspot.com/

1. Definitions

1.1 In this Licence, the following terms shall have the following meanings:

Authorised User - Current members of the staff and faculty of the Licensee (whether on a permanent, temporary, contract or visiting basis) and individuals who are currently studying at the Licensee's institution, who are permitted to access the Secure Network from within the Licensee's Premises and from such other places where Authorised Users work or study (including but not limited to Authorised Users' offices and homes, halls of residence and student dormitories) and who have been issued by the Licensee with a password or other authentication, together with other persons who are permitted to use the Licensee's library or information service and access the Secure Network but only from computer terminals located within the Licensee's Premises.

Commercial Use - Use for the purposes of monetary reward (whether by or for the Licensee or Authorised User) by means of the sale, resale, loan, transfer, hire or other form of exploitation of the Licensed Material.

Fee - The subscription fee payable by the Licensee for the Licensed Materials

Licensed Material - The electronic material of the Publisher for which the Licensee has paid the Fee.

Licensee - The individual or single site organisation that purchases Licensed materials from the Publisher.

Licensee’s Premises - An institution located within one metropolitan boundary under single administration which may academic or non-academic.

Secure Network - A network which is only accessible to Authorised Users approved by the Licensee whose identity is authenticated at the time of login and whose conduct is subject to regulation by the Licensee.

Server - The server, either the Publisher's server or a third party server designated by the Publisher, in which the Licensed Material is mounted and may be accessed.

2. Grant of Licence

2.1 The Publisher agrees to grant to the Licensee the non-exclusive and non-transferable right to access the Licensed Material from the Server for the purposes of research, teaching and private study, subject to the terms and conditions of this Licence, and the Licensee agrees to pay the Fee.

2.2 On termination of this Licence, the Publisher shall use its reasonable endeavours to provide the Licensee with continuing access from the Server to that part of the Licensed Material which was published and paid for within the Subscription Period except where termination is due to breach of the Licence.

3. Permitted Uses

3.1 The Licensee, subject to Clause 4 below, may:

3.1.1 Allow Authorised Users to have access to the Licensed Material via the Secure Network.

3.1.2 Supply to Authorised Users, by electronic or other means, copies of one or more individual items taken from the Licensed Material.

3.1.3 Display, download or print a reasonable part of the Licensed Material for the purpose of internal promotion or testing of the service, or for training groups of Authorised Users.

3.1.4 Use the Licensed Material as part of an integrated information service for Authorised Users that will include links between the Licensed Material and the Licensee’s own indexes.

3.2 Authorised Users, subject to Clause 4 below, may:

3.2.1 Search, view, retrieve and display the Licensed Material.

3.2.2 Print single copies of individual items taken from the Licensed Material.

3.2.3 Electronically save individual items taken from the Licensed Material for personal use.

3.2.4 Distribute single copies of individual articles taken from the Licensed Material in print or electronic form to other Authorised Users.

3.2.5 Post single copies of the Licensed Materials on servers accessible only to Authorized Users via the secure network.

3.3 Course Packs - The Licensee may incorporate parts of the Licensed Material in Course Packs for the use of Authorised Users in the course of instruction at the Licensee's institution, but not for Commercial Use. Each such item shall carry appropriate acknowledgement of the source, listing title and author of the extract, title and author of the work, and the publisher. Copies of such items shall be deleted by the Licensee when they are no longer required for such purpose.

3.4 Inter-library Loan - The Licensee may supply a single printed copy of an electronic original of an individual document from the Licensed Content to an Authorized User of another library within the same country by post, fax or Ariel, for personal use or scholarly, educational or scientific research but not for Commercial Use.

4. Prohibited Uses

4.1 Neither the Licensee nor Authorised Users may:

4.1.1 Remove or alter the authors’ names or affiliations or the Publisher’s copyright notices or other means of identification or disclaimers as they appear in the Licensed Material.

4.1.2 Systematically make print or electronic copies of multiple extracts of the Licensed Material for any purpose.

4.1.3 Provide or make available by electronic means to any third party who is not an Authorised User a retained electronic copy of any part of the Licensed Material.

4.1.4 Mount or distribute any part of the Licensed Material on any electronic network, other than the Secure Network.

4.2 The Licensee and Authorised Users may not, without the Publisher's explicit written permission:

4.2.1 Use the whole or any part of the Licensed Material for any Commercial Use.

4.2.2 Distribute the whole or part of the Licensed Material to anyone other than Authorised User.

4.2.3 Publish, distribute or make available the Licensed Material, works based on the Licensed Material or works which combine it with any other material, other than as permitted in this Licence.

4.2.4 Alter, abridge, adapt or modify the Licensed Material, except to the extent necessary to make it perceptible on a computer screen to Authorised Users. For the avoidance of doubt, no alteration of the words or their order is permitted.

5. Licensee’s undertakings

5.1 The Licensee shall:

5.1.1 Use all reasonable endeavours to ensure that all Authorised Users are appropriately notified of the importance of respecting the intellectual property rights in the Licensed Material.

5.1.2 Use all reasonable endeavours to ensure that all Authorised Users are made aware of and agree to abide by the terms and conditions of this Licence.

5.1.3 Use all reasonable endeavours to monitor compliance and immediately on becoming aware of any unauthorised use or other breach, take all reasonable steps both to ensure that such activity ceases immediately and to prevent any recurrence, and shall inform the Publisher thereof.

5.1.4 Issue passwords or other access information to enable access to the Secure Network only to Authorised Users and use all reasonable endeavours to ensure that Authorised users do not divulge their passwords or other access information to any third party.

5.1.5 Use all reasonable endeavours to ensure that only Authorised Users are permitted access to the Licensed Material.

6. Publisher’s undertakings

6.1 The Publisher warrants to the Licensee that it is the owner of the copyright in the Licensed Material or that it is duly authorised to control the copyright contained in the Licensed Material and that the Licensed Material used as contemplated by this Licence does not infringe any copyright or other proprietary or intellectual property rights of any person. The Publisher shall indemnify and hold the Licensee harmless from and against any loss, damage, costs, liability and expenses arising out of any legal action taken against the Licensee claiming actual or alleged infringement of such rights. This indemnity shall survive the termination of this Licence for any reason. This indemnity shall not apply if the Licensee has amended the Licensed Material in any way not permitted by this Licence.

6.2 The Publisher shall use reasonable endeavours to:

6.2.1 Make the Licensed Material available to the Licensee via the Server.

6.2.2 Make available the electronic copy of each journal issue in the Licensed Material as soon as reasonably possible after the date of publication of the printed version.

6.2.3 Ensure that the Server has adequate capacity and bandwidth to support the usage of the Licensee at a level commensurate with the standards of availability for information services of similar scope operating via the World Wide Web; as such standards evolve from time to time over the term of this Licence.

6.2.4 Make the Licensed Material available to the Licensee and to Authorised Users at all times and on a twenty-four hour basis, save for routine maintenance, and to restore access to the Licensed Material as soon as possible in the event of an interruption or suspension of the service.

6.3 The Publisher reserves the right at any time to withdraw from the Licensed Material any item or part of an item for which it no longer retains the right to publish, or which it has reasonable grounds to believe infringes copyright or is defamatory, obscene, unlawful or otherwise objectionable.

6.4. The Publisher undertakes to use reasonable endeavours to provide or make arrangements for a third party to provide an archive of the Licensed Materials for the purpose of long term preservation of the Licensed Materials.

6.5 The Publisher confirms to the Licensee that usage statistics covering the online usage of the journals included in this licence will be provided. The Publisher further confirms that such usage statistics will adhere to the specifications of the COUNTER Code of Practice.

6.6 EXCEPT AS EXPRESSLY PROVIDED IN THIS LICENCE, THE PUBLISHER MAKES NO REPRESENTATIONS OR WARRANTIES OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO WARRANTIES OF DESIGN, ACCURACY OF THE INFORMATION CONTAINED IN THE LICENSED MATERIAL, MERCHANTABILITY OR FITNESS OF USE FOR A PARTICULAR PURPOSE. THE LICENCED MATERIAL IS SUPPLIED “AS IS”.

6.7 EXCEPT AS PROVIDED IN CLAUSE 6 .1, UNDER NO CIRCUMSTANCES SHALL THE PUBLISHER BE LIABLE TO THE LICENSEE OR ANY OTHER PERSON, INCLUDING BUT NOT LIMITED TO AUTHORISED USERS, FOR ANY SPECIAL, EXEMPLARY, INCIDENTAL OR CONSEQUENTIAL DAMAGES OF ANY CHARACTER ARISING OUT OF THE INABILITY TO USE, OR THE USE OF, THE LICENSED MATERIAL. IRRESPECTIVE OF THE CAUSE OR FORM OF ACTION, THE PUBLISHER’S AGGREGATE LIABILITY FOR ANY CLAIMS, LOSSES, OR DAMAGES ARISING OUT OF ANY BREACH OF THIS LICENCE SHALL IN NO CIRCUMSTANCES EXCEED THE FEE PAID BY THE LICENSEE TO THE PUBLISHER UNDER THIS LICENCE IN RESPECT OF THE SUBSCRIPTION PERIOD DURING WHICH SUCH CLAIM, LOSS OR DAMAGE OCCURRED. THE FOREGOING LIMITATION OF LIABILITY AND EXCLUSION OF CERTAIN DAMAGES SHALL APPLY REGARDLESS OF THE SUCCESS OR EFFECTIVENESS OF OTHER REMEDIES. REGARDLESS OF THE CAUSE OR FORM OF ACTION, THE LICENSEE MAY BRING NO ACTION ARISING FROM THIS LICENCE MORE THAN SIX (6) MONTHS AFTER THE CAUSE OF SUCH ACTION ARISES.

7. Mutual undertakings

7.1 Each party shall use its best endeavours to safeguard the intellectual property, confidential information and proprietary rights of the other party.

8. Term and Termination

8.1 In addition to automatic termination upon the expiry of the subscription period (unless renewed), this Licence shall be terminated if:

8.1.1 Either party or any of its current employees commits a material or persistent breach of any term of this Licence and fails to remedy the breach (if capable of remedy) within thirty days of notification in writing by the other party.

8.1.2 Either party becomes insolvent or becomes subject to receivership, liquidation or similar external administration.

8.2 On termination, all rights and obligations of the parties automatically terminate except for

8.2.1 Those specified in Clauses 6.1 and 7.1.

8.2.2 All obligations in respect of Licensed Material to which access continues to be permitted as provided in Clause 2.2.

8.3 On termination of this Licence by the Publisher for cause, as specified in Clauses 8.1.1, the Licensee shall immediately cease to distribute or make available the Licensed Materials to Authorised Users except as provided in Clause 2.2.

8.4 On termination of this Licence by the Licensee for cause, as specified in Clause 8.1.1 above, the Publisher shall forthwith refund the proportion of the Fee that represents the paid but unexpired part of the Subscription Period.

9. General

9.1 This Licence contains the full and complete understanding between the parties and supersedes all prior arrangements and understandings relating to the subject matter of this Licence.

9.2 Alterations to this Licence shall be valid only if they are in writing and signed by both parties.

9.3 Neither party shall be liable in any way for failure or delay in performing its obligations under this Licence if the failure or delay is due to causes outside the reasonable control of the party in default.

9.4 In the event that any provision of this Licence is held to be invalid, the remainder of the provisions shall continue in full force and effect.

9.5 This Licence shall be governed by and construed according to English Law.

Add by FiQ@xtechnology®Network.Server

-= YOUR SERVER STATION® =-