Microsoft Proxy 2.0 runs on top of IIS 5.0.
Web Proxy Service

	HTTP/ HTTPS / FTP/ GOPHER (FTP requires CERN browsers)

WinSock Proxy Service

	Must install Winsock Proxy Service Client on client
	computers.

SOCKS Proxy Service


A Proxy Server (for security reasons) should not allow IP forwarding. To
disable: Proxy Properties / IP tab / uncheck: "Enable IP routing

Non Proxied clients (if at all possible) should use another default gateway
besides the proxy server.

Web and Winsock proxy access can be allowed or denied based on user and
security group permissions, but not with SOCKS. SOCKS can use per-server
with domain filtering and packet filtering.

Easy domain filter plug-ins: Websense or surfCONTROL

A proxy array = load balancing != fault tolerance
Network Load Balancing (DNS Round Robin) = some fault tolerance

To implement protocol isolation:

	IPX/SPX - internal clients, internal interface of proxy server
	TCP/IP  - external interface of proxy server

Enable filtering of "IP Fragments" to protect attacks like FRAG and SYN.