Paranoid Penguin - Building a Secure Squid Web Proxy, Part I
I've explained (at a high level) how Web proxies work, described some of their security benefits and shown how they might fit into one's perimeter network architecture. What, exactly, will we be doing in subsequent articles?
First, we'll obtain and install Squid and create a basic configuration file. Next, we'll “harden” Squid so that only our intended users can proxy connections through it.
Once all that is working, we'll add SquidGuard for blacklisting, and DansGuardian for content filtering. I'll at least give pointers on using other add-on tools for Squid administration, log analysis and other useful functions.
Next month, therefore, we'll roll up our sleeves and plunge right in to the guts of Squid configuration and administration. Until then, be safe!
“Configuring and Using an FTP Proxy” by Mick Bauer, LJ, December 2002: www.linuxjournal.com/article/6333
The Squid home page, where you can obtain the latest source code and binaries for Squid: www.squid-cache.org
The Squid User's Guide: www.deckle.co.za/squid-users-guide/Main_Page
The SquidGuard home page—SquidGuard allows you to enforce blacklists with Squid: www.squidguard.org
The DansGuardian home page, a free content-filtering engine that can be used in conjunction with Squid: dansguardian.org
Mick Bauer (firstname.lastname@example.org) is Network Security Architect for one of the US's largest banks. He is the author of the O'Reilly book Linux Server Security, 2nd edition (formerly called Building Secure Servers With Linux), an occasional presenter at information security conferences and composer of the “Network Engineering Polka”.
|Non-Linux FOSS: Install Windows? Yeah, Open Source Can Do That.||Nov 24, 2015|
|Cipher Security: How to harden TLS and SSH||Nov 23, 2015|
|Web Stores Held Hostage||Nov 19, 2015|
|diff -u: What's New in Kernel Development||Nov 17, 2015|
|Recipy for Science||Nov 16, 2015|
|Firefox's New Feature for Tighter Security||Nov 13, 2015|
- Cipher Security: How to harden TLS and SSH
- Non-Linux FOSS: Install Windows? Yeah, Open Source Can Do That.
- Web Stores Held Hostage
- diff -u: What's New in Kernel Development
- Firefox's New Feature for Tighter Security
- November 2015 Issue of Linux Journal: System Administration
- Libreboot on an x60, Part II: the Installation
- It's a Bird. It's Another Bird!
- IBM LinuxONE Provides New Options for Linux Deployment
- Strengthening Diffie-Hellman in SSH and TLS