08-01, 10:10–10:40 (Asia/Taipei), RB105 - Main Track
Language: 漢語
Make a network environment where there is no need to configure the proxy: Transform your proxy to a transparent proxy.
Talk Length –30
Abstract –你常常因為沒設定好proxy導致不能上網而困擾嗎?公司有proxy的存在對你造成麻煩嗎?你是否花很多時間尋找軟體的proxy設定?如果你有以上這些問題的話,我將介紹你一個專案,可以在不改變proxy server和user不用設定proxy的情況下,讓你的程式能夠上網,從此不用再花心力解決惱人的設定問題。本演講將介紹此專案如何利用OVS來達成任務。
現今許多企業為了強化自身網路安全,多會架設防火牆與代理伺服器(Proxy),以監聽員工電腦的封包是否存在威脅,連線網站是否安全等等,但代理伺服器的存在,卻也對員工造成許多的麻煩,因為使用者電腦必須設定好proxy,必須花時間看軟體文件找尋設定方式,而這往往耗時繁瑣,更糟的是,部分程式甚至無法設定proxy。
有一個解決辦法是使用Transparent Proxy,它會把封包重新導向到Proxy,使用者不需要知道Proxy的存在,所以不用煩惱如何設定。然而,即使已經有解法,如果公司的IT部門沒有採用transparent proxy,而使用一般的Proxy,那短時間內也很難去改變。
既然無法改變現有的IT設定,有沒有一種不用transparent proxy,又不用讓user設定proxy的方式呢?答案是有的,解決方法是利用OVS的封包處理技術將發包重新導向,再複寫請求來將你的proxy透明化。此演講將會分享如何利用Man in the middle (MITM)的概念,並搭配OVS把封包重新導向給MITM,透過MITM覆寫HTTP/HTTPS Request到Proxy,以及OVS上Flow的設計和封包重新導向的原理。
English Abstract –Are you having trouble connecting to the Internet because you do not configure the proxy setting correctly? Do you feel annoyed because of the presence of the proxy? Did you spend a lot of time figuring out how to configure the proxy? If you have the issues above, I will introduce you to a project, which can let your program connect to the Internet without the need to change the proxy server and configure the proxy. This talk will explain how this project achieves the intention with OVS.
Nowadays, many companies have firewalls and proxies installed for network security reasons. The employee’s packets are examined in order to determine if each packet has potential threats and to check if the connected websites are secure. However, the employment of the proxy server introduces trouble to the employees. Because the user’s computer must have the proxy setting well configured. And the user has to dive into the software manual to find out the way to configure it. This workflow is always time-consuming and unproductive. Even worse, some programs do not even have a way to configure the proxy.
One solution for this is to use the transparent proxy, which will redirect the traffic to the proxy server. Users will not know the existence of the proxy server so users do not bother to configure it. Even though there’s already a solution, however, the IT departments of the companies are not necessarily using the transparent proxy. And that is hard to change in a short time.
Is there a way that users do not have to configure the proxy while IT is not using a transparent proxy? The answer is yes. The solution is to make your normal proxy transparent by using OVS’s packet processing technology to redirect the packets and rewriting the requests. This talk will cover the adoption of the man in the middle (MITM) concept, using OVS to redirect the packet to the MITM, rewriting HTTP and HTTPS requests to the proxy server, the flow design of OVS, and how the packet redirection works.
您是否知悉並同意如採遠端形式分享,需提供預錄影片(您需同意大會才能接受您的稿件) – yes hackmd url –https://hackmd.io/@coscup/rymNETD0O/%2F%40coscup%2FH1kM4aw0u
slido url –