Showing posts with label Networking. Show all posts
Showing posts with label Networking. Show all posts

Tuesday, February 1, 2011

IPv6 Basics III - IPv6 Addressing

The IPv6 Address Space

The most obvious distinguishing feature of IPv6 is its use of much larger addresses. The size of an address in 

IPv6 is 128 bits, which is four times the larger than an IPv4 address. A 32-bit address space allows for 232 or 4,294,967,296 possible addresses. A 128-bit address space allows for 2128 or 340,282,366,920,938,463,463,374,607,431,768,211,456 (or 3.4´1038 or 340 undecillion) possible addresses.

In the late 1970s when the IPv4 address space was designed, it was unimaginable that it could be exhausted. 

However, due to changes in technology and an allocation practice that did not anticipate the recent explosion of hosts on the Internet, the IPv4 address space was consumed to the point that by 1992 it was clear a replacement would be necessary.

With IPv6, it is even harder to conceive that the IPv6 address space will be consumed. To help put this number in perspective, a 128-bit address space provides 655,570,793,348,866,943,898,599 (6.5´1023) addresses for every square meter of the Earth’s surface.

It is important to remember that the decision to make the IPv6 address 128 bits in length was not so that every square meter of the Earth could have 6.5´1023 addresses. Rather, the relatively large size of the IPv6 address is designed to be subdivided into hierarchical routing domains that reflect the topology of the modern-day Internet. The use of 128 bits allows for multiple levels of hierarchy and flexibility in designing hierarchical addressing and routing that is currently lacking on the IPv4-based Internet.

The IPv6 addressing architecture is described in RFC 4291.


IPv6 Address Syntax

IPv4 addresses are represented in dotted-decimal format. This 32-bit address is divided along 8-bit boundaries. Each set of 8 bits is converted to its decimal equivalent and separated by periods. For IPv6, the 128-bit address is divided along 16-bit boundaries, and each 16-bit block is converted to a 4-digit hexadecimal number and separated by colons. The resulting representation is called colon-hexadecimal.

The following is an IPv6 address in binary form:                                       
0010000000000001000011011011100000000000000000000010111100111011 0000001010101010000000001111111111111110001010001001110001011010

The 128-bit address is divided along 16-bit boundaries:
0010000000000001   0000110110111000   0000000000000000   0010111100111011   0000001010101010   0000000011111111   1111111000101000   1001110001011010   

Each 16-bit block is converted to hexadecimal and delimited with colons. The result is:

IPv6 representation can be further simplified by removing the leading zeros within each 16-bit block. However, each block must have at least a single digit. With leading zero suppression, the address representation becomes:

Compressing Zeros

Some types of addresses contain long sequences of zeros. To further simplify the representation of IPv6 addresses, a contiguous sequence of 16-bit blocks set to 0 in the colon hexadecimal format can be compressed to “::”, known as double-colon.

For example, the link-local address of FE80:0:0:0:2AA:FF:FE9A:4CA2 can be compressed to FE80::2AA:FF:FE9A:4CA2. The multicast address FF02:0:0:0:0:0:0:2 can be compressed to FF02::2.

Zero compression can only be used to compress a single contiguous series of 16-bit blocks expressed in colon hexadecimal notation. You cannot use zero compression to include part of a 16-bit block. For example, you cannot express FF02:30:0:0:0:0:0:5 as FF02:3::5. The correct representation is FF02:30::5.

To determine how many 0 bits are represented by the “::”, you can count the number of blocks in the compressed address, subtract this number from 8, and then multiply the result by 16. For example, in the address FF02::2, there are two blocks (the “FF02” block and the “2” block.) The number of bits expressed by the “::” is 96 (96 = (8 – 2)´16).

Zero compression can only be used once in a given address. Otherwise, you could not determine the number of 0 bits represented by each instance of “::”.

IPv6 Prefixes


The prefix is the part of the address that indicates the bits that have fixed values or are the bits of the subnet prefix. Prefixes for IPv6 subnets, routes, and address ranges are expressed in the same way as Classless Inter-Domain Routing (CIDR) notation for IPv4. An IPv6 prefix is written in address/prefix-length notation. 

For example, 21DA:D3::/48 and 21DA:D3:0:2F3B::/64 are IPv6 address prefixes.

Note  IPv4 implementations commonly use a dotted decimal representation of the network prefix known as the subnet mask. A subnet mask is not used for IPv6. Only the prefix length notation is supported.

Types of IPv6 Addresses


There are three types of IPv6 addresses:

1.   Unicast
A unicast address identifies a single interface within the scope of the type of unicast address. With the appropriate unicast routing topology, packets addressed to a unicast address are delivered to a single interface.

2.   Multicast
A multicast address identifies multiple interfaces. With the appropriate multicast routing topology, packets addressed to a multicast address are delivered to all interfaces that are identified by the address. A multicast address is used for one-to-many communication, with delivery to multiple interfaces.

3.   Anycast
An anycast address identifies multiple interfaces. With the appropriate routing topology, packets addressed to an anycast address are delivered to a single interface, the nearest interface that is identified by the address. 

The “nearest” interface is defined as being closest in terms of routing distance. An anycast address is used for one-to-one-of-many communication, with delivery to a single interface.

In all cases, IPv6 addresses identify interfaces, not nodes. A node is identified by any unicast address assigned to one of its interfaces.

Note  RFC 4291 does not define a broadcast address. All types of IPv4 broadcast addressing are performed in IPv6 using multicast addresses. For example, the subnet and limited broadcast addresses from IPv4 are replaced with the link-local scope all-nodes multicast address of FF02::1.

Links and Subnets

Similar to IPv4, an IPv6 subnet prefix is assigned to a single link. Multiple subnet prefixes can be assigned to the same link. This technique is called multinetting.

IPv6 Basics I - Features of IPv6

IPv6 Features

The following are the features of the IPv6 protocol:
·         New header format
·         Large address space
·         Efficient and hierarchical addressing and routing infrastructure
·         Stateless and stateful address configuration
·         Built-in security
·         Better support for prioritized delivery
·         New protocol for neighboring node interaction
·         Extensibility
The following sections discuss each of these new features in detail.

New Header Format

The IPv6 header has a new format that is designed to keep header overhead to a minimum. This is achieved by moving both non-essential fields and optional fields to extension headers that are placed after the IPv6 header. The streamlined IPv6 header is more efficiently processed at intermediate routers.
IPv4 headers and IPv6 headers are not interoperable. IPv6 is not a superset of functionality that is backward compatible with IPv4. A host or router must use an implementation of both IPv4 and IPv6 in order to recognize and process both header formats. The new IPv6 header is only twice as large as the IPv4 header, even though IPv6 addresses are four times as large as IPv4 addresses.

Large Address Space

IPv6 has 128-bit (16-byte) source and destination IP addresses. Although 128 bits can express over 3.4´1038 possible combinations, the large address space of IPv6 has been designed to allow for multiple levels of subnetting and address allocation from the Internet backbone to the individual subnets within an organization.
Even though only a small number of the possible addresses are currently allocated for use by hosts, there are plenty of addresses available for future use. With a much larger number of available addresses, address-conservation techniques, such as the deployment of NATs, are no longer necessary.

Efficient and Hierarchical Addressing and Routing Infrastructure

IPv6 global addresses used on the IPv6 portion of the Internet are designed to create an efficient, hierarchical, and summarizable routing infrastructure that is based on the common occurrence of multiple levels of Internet service providers. 

Stateless and Stateful Address Configuration

To simplify host configuration, IPv6 supports both stateful address configuration, such as address configuration in the presence of a DHCP server, and stateless address configuration (address configuration in the absence of a DHCP server). With stateless address configuration, hosts on a link automatically configure themselves with IPv6 addresses for the link (called link-local addresses) and with addresses derived from prefixes advertised by local routers. Even in the absence of a router, hosts on the same link can automatically configure themselves with link-local addresses and communicate without manual configuration.

Built-in Security

Support for IPsec is an IPv6 protocol suite requirement. This requirement provides a standards-based solution for network security needs and promotes interoperability between different IPv6 implementations.

Better Support for Prioritized Delivery

New fields in the IPv6 header define how traffic is handled and identified. Traffic identification using a Flow Label field in the IPv6 header allows routers to identify and provide special handling for packets belonging to a flow, a series of packets between a source and destination. Because the traffic is identified in the IPv6 header, support for prioritized delivery can be achieved even when the packet payload is encrypted with IPsec.

New Protocol for Neighboring Node Interaction

The Neighbor Discovery protocol for IPv6 is a series of Internet Control Message Protocol for IPv6 (ICMPv6) messages that manage the interaction of neighboring nodes (nodes on the same link). Neighbor Discovery replaces the broadcast-based Address Resolution Protocol (ARP), ICMPv4 Router Discovery, and ICMPv4 Redirect messages with efficient multicast and unicast Neighbor Discovery messages.


IPv6 can easily be extended for new features by adding extension headers after the IPv6 header. Unlike options in the IPv4 header, which can only support 40 bytes of options, the size of IPv6 extension headers is only constrained by the size of the IPv6 packet.

Monday, January 3, 2011

The Legal Issues of Cloud Computing

Cloud Computing can help your business reduce costs as you don’t have to invest in hardware and other physical infrastructure, your data is stored on a secure location and you only pay for what you use – there are no licensing fees associated with cloud computing.

Legal Issues associated with Cloud Computing

cloudsThat said, there are some important legal issues that must be taken care of before you sign-up with any of the cloud vendors for your business.
These issues, discussed below, are more relevant for business owners who are planning to shift to the cloud and may not really matter if you are a consumer who merely uses the cloud for storing emails or office documents.

1. The Physical Location of your Data

1a. Where is your data stored physically?

Your data could be stored in any country and you may not even know where the data centre is situated. The ‘physical location’ raises the question of legal governance over the data. The customer must be clear so as to the provisions of the prevailing law in that particular nation.

1b. If a dispute arises, what will be the place of jurisdiction?

In case a conflict arises between the cloud vendor and the customer (you), which country’s court system will settle the dispute?
Say you are a business owner in China and your cloud service provider is based in the US. The vendor will definitely prefer settling the case in in an American court but as a customer, do you have the financial means and resources to get the dispute settled in the jurisdiction of another nation?

2. Responsibility of your Data

2a. What if the data centre is hit by a disaster?

It might happen that the vendor’s premises is severely affected due to a disaster. Even the 10-Q filings of Google Inc. with the U.S Securities and Exchange Commission mentions such a risk:
Our systems are vulnerable to damage or interruption from earthquakes, terrorist attacks, floods, fires, power loss, telecommunications failures, computer viruses, computer denial of service attacks, or other attempts to harm our systems.
The question is whether you are indemnified by the insurance company for loss of your business or not?

2b. Is there any liability coverage for breach of privacy?

If a privacy breach occurs due to a fault of cloud vendor, is there any liability coverage policy taken up by the vendor? The scope of breach of privacy has widened considerably over the years in the field of cyber insurance. Some insurance carriers offer coverage even for breach of minor information and the customer is compensated on on behalf of the cloud vendor.

2c. What can be done if the data center gets hacked?

Though all cloud vendors try their best to fend off hackers, no security setting is assumed to be foolproof. If the data center gets hacked, can you move against the vendor for claiming lost profits?

3. Intellectual Property Rights

3a. Is your data protected under intellectual property rights?

If it happens that the data is your own creation (like photographs, literature, etc), then is it protected under the intellectual property rights of that country? What means do you have if they get infringed?

3b. How secure are trade secrets?

Your data stored in the ‘cloud’ may have trade secrets or privileged information which must be protected under attorney-client relationship. How secure will such information be in hands of the cloud vendor?
Or consider a reverse situation. If you leak out a trade secret of another business entity, how far will your cloud storage provider go to protect your data when they have been summoned to the court with all your stored data, access logs, etc.

3c. Third party access?

The vendor may grant some privileged third parties access to your stored data. The identity of such parties, if any, must be disclosed to the customer. Here, the third party could be a legal authority or even an internal employee. The customer should always be informed before the vendor allows third parties to access the stored data.
To protect the interest of your business, it may therefore be extremely essential that your read the terms and conditions meticulously before signing up for a cloud based services.
If the vendor provides a standard form of contract (which is a general practice), then you must be must be fully aware of all the terms and conditions. It will save you from nasty surprises and you will be financially, mentally and legally prepared to save your business from unfavorable consequences of cloud computing.

Sunday, January 2, 2011

VPN Tutorial

The Virtual Private Network - VPN - has attracted the attention of many organizations looking to both expand their networking capabilities and reduce their costs.
The VPN can be found in workplaces and homes, where they allow employees to safely log into company networks. Telecommuters and those who travel often find a VPN a more convenient way to stay connected to the corporate intranet. No matter your current involvement with VPNs, this is a good technology to know something about. This VPN tutorial involves many interesting aspects of network protocol design, Internet security, network service outsourcing, and technology standards.

What Exactly Is A VPN?

A VPN supplies network connectivity over a possibly long physical distance. In this respect, a VPN is a form of Wide Area Network (WAN). The key feature of a VPN, however, is its ability to use public networks like the Internet rather than rely on private leased lines. VPN technologies implement restricted-access networks that utilize the same cabling and routers as a public network, and they do so without sacrificing features or basic security.
A VPN supports at least three different modes of use:
  • Remote access client connections
  • LAN-to-LAN internetworking
  • Controlled access within an intranet

VPN Pros and Cons

Like many commercialized network technologies, a significant amount of sales and marketing hype surrounds VPN. In reality, VPNs provide just a few specific potential advantages over more traditional forms of wide-area networking. These advantages can be significant, but they do not come for free.

The potential problems with the VPN outnumber the advantages and are generally more difficult to understand. The disadvantages do not necessarily outweigh the advantages, however. From security and performance concerns, to coping with a wide range of sometimes incompatible vendor products, the decision of whether or not to use a VPN cannot be made without significant planning and preparation.

Technology Behind VPNs

Several network protocols have become popular as a result of VPN developments:
  • PPTP
  • L2TP
  • IPsec
These protocols emphasize authentication and encryption in VPNs. Authentication allows VPN clients and servers to correctly establish the identity of people on the network. Encryption allows potentially sensitive data to be hidden from the general public. Many vendors have developed VPN hardware and/or software products. Unfortunately, immature VPN standards mean that some of these products remain incompatible with each other.

A VPN supplies network connectivity over a possibly long physical distance. In this respect, a VPN is a form of Wide Area Network (WAN). VPNs enable file sharing, video conferencing and similar network services. Virtual private networks generally don't provide any new functionality that isn't already offered through alternative mechanisms, but a VPN implements those services more efficiently / cheaply in most cases.

A key feature of a VPN is its ability to work over both private networks as well as public networks like the Internet. Using a method called tunneling, a VPN use the same hardware infrastructure as existing Internet or intranet links. VPN technologies includes various security mechanisms to protect the virtual, private connections.

Specifically, a VPN supports at least three different modes of use:
  • Internet remote access client connections
  • LAN-to-LAN internetworking
  • Controlled access within an intranet

Internet VPNs for Remote Access

In recent years, many organizations have increased the mobility of their workers by allowing more employees to telecommute. Employees also continue to travel and face a growing need to stay connected to their company networks. A VPN can be set up to support remote, protected access to the corporate home offices over the Internet. An Internet VPN solution uses a client/server design works as follows:
    1. A remote host (client) wanting to log into the company network first connects to any public Internet Service Provider (ISP).
    2. Next, the host initiates a VPN connection to the company VPN server. This connection is made via a VPN client installed on the remote host.
    3. Once the connection has been established, the remote client can communicate with the internal company systems over the Internet just as if it were a local host.
Before VPNs, remote workers accessed company networks over private leased lines or through dialup remote access servers. While VPN clients and servers careful require installation of hardware and software, an Internet VPN is a superior solution in many situations.

VPNs for Internetworking

Besides using virtual private networks for remote access, a VPN can also bridge two networks together. In this mode of operation, an entire remote network (rather than just a single remote client) can join to a different company network to form an extended intranet. This solution uses a VPN server to VPN server connection.

Intranet / Local Network VPNs

Internal networks may also utilize VPN technology to implement controlled access to individual subnets within a private network. In this mode of operation, VPN clients connect to a VPN server that acts as the network gateway. This type of VPN use does not involve an Internet Service Provider (ISP) or public network cabling. However, it allows the security benefits of VPN to be deployed inside an organization. This approach has become especially popular as a way for businesses to protect their WiFi local networks.

VPN Network Scalability

The cost to an organization of building a dedicated private network may be reasonable at first but increases exponentially as the organization grows. A company with two branch offices, for example, can deploy just one dedicated line to connect the two locations, but 4 branch offices require 6 lines to directly connect them to each other, 6 branch offices need 15 lines, and so on. Internet based VPNs avoid this scalability problem by simply tapping into the the public lines and network capability readily available. Particularly for remote and international locations, an Internet VPN offers superior reach and quality of service.

Using a VPN

To use a VPN, each client must possess the appropriate networking software or hardware support on their local network and computers. When set up properly, VPN solutions are easy to use and sometimes can be made to work automatically as part of network sign on. VPN technology also works well with WiFi local area networking. Some organizations use VPNs to secure wireless connections to their local access points when working inside the office. These solutions provide strong protection without affecting performance excessively.

Limitations of a VPN

Despite their popularity, VPNs are not perfect and limitations exist as is true for any technology. Organizations should consider issues like the below when deploying and using virtual private networks in their operations:
    1. VPNs require detailed understanding of network security issues and careful installation / configuration to ensure sufficient protection on a public network like the Internet. 
    2. The reliability and performance of an Internet-based VPN is not under an organization's direct control. Instead, the solution relies on an ISP and their quality of service.
    3. Historically, VPN products and solutions from different vendors have not always been compatible due to issues with VPN technology standards. Attempting to mix and match equipment may cause technical problems, and using equipment from one provider may not give as great a cost savings.
Virtual private network technology is based on the idea of tunneling. VPN tunneling involves establishing and maintaining a logical network connection (that may contain intermediate hops). On this connection, packets constructed in a specific VPN protocol format are encapsulated within some other base or carrier protocol, then transmitted between VPN client and server, and finally de-encapsulated on the receiving side.

For Internet-based VPNs, packets in one of several VPN protocols are encapsulated within Internet Protocol (IP) packets. VPN protocols also support authentication and encryption to keep the tunnels secure.

Types of VPN Tunneling

VPN supports two types of tunneling - voluntary and compulsory. Both types of tunneling are commonly used.
In voluntary tunneling, the VPN client manages connection setup. The client first makes a connection to the carrier network provider (an ISP in the case of Internet VPNs). Then, the VPN client application creates the tunnel to a VPN server over this live connection.

In compulsory tunneling, the carrier network provider manages VPN connection setup. When the client first makes an ordinary connection to the carrier, the carrier in turn immediately brokers a VPN connection between that client and a VPN server. From the client point of view, VPN connections are set up in just one step compared to the two-step procedure required for voluntary tunnels.

Compulsory VPN tunneling authenticates clients and associates them with specific VPN servers using logic built into the broker device. This network device is sometimes called the VPN Front End Processor (FEP), Network Access Server (NAS) or Point of Presence Server (POS). Compulsory tunneling hides the details of VPN server connectivity from the VPN clients and effectively transfers management control over the tunnels from clients to the ISP. In return, service providers must take on the additional burden of installing and maintaining FEP devices.

VPN Tunneling Protocols

Several computer network protocols have been implemented specifically for use with VPN tunnels. The three most popular VPN tunneling protocols listed below continue to compete with each other for acceptance in the industry. These protocols are generally incompatible with each other.
Point-to-Point Tunneling Protocol (PPTP)
Several corporations worked together to create the PPTP specification. People generally associate PPTP with Microsoft because nearly all flavors of Windows include built-in client support for this protocol. The initial releases of PPTP for Windows by Microsoft contained security features that some experts claimed were too weak for serious use. Microsoft continues to improve its PPTP support, though.
 Layer Two Tunneling Protocol (L2TP)
The original competitor to PPTP for VPN tunneling was L2F, a protocol implemented primarily in Cisco products. In an attempt to improve on L2F, the best features of it and PPTP were combined to create a new standard called L2TP. Like PPTP, L2TP exists at the data link layer (Layer Two) in the OSI model -- thus the origin of its name.

Internet Protocol Security (IPsec)
IPsec is actually a collection of multiple related protocols. It can be used as a complete VPN protocol solution or simply as the encryption scheme within L2TP or PPTP. IPsec exists at the network layer (Layer Three) of the OSI model.

PPTP - Point-to-Point Tunneling Protocol - extends the Point to Point Protocol (PPP) standard for traditional dial-up networking. PPTP is best suited for the remote access applications of VPNs, but it also supports LAN internetworking. PPTP operates at Layer 2 of the OSI model.

PTP packages data within PPP packets, then encapsulates the PPP packets within IP packets (datagrams) for transmission through an Internet-based VPN tunnel. PPTP supports data encryption and compression of these packets. PPTP also uses a form of General Routing Encapsulation (GRE) to get data to and from its final destination.
PPTP-based Internet remote access VPNs are by far the most common form of PPTP VPN. In this environment, VPN tunnels are created via the following two-step process:
    1. The PPTP client connects to their ISP using PPP dial-up networking (traditional modem or ISDN).
    2. Via the broker device (described earlier), PPTP creates a TCP control connection between the VPN client and VPN server to establish a tunnel. PPTP uses TCP port 1723 for these connections.
PPTP also supports VPN connectivity via a LAN. ISP connections are not required in this case, so tunnels can be created directly as in Step 2 above.
Once the VPN tunnel is established, PPTP supports two types of information flow:
  • control messages for managing and eventually tearing down the VPN connection. Control messages pass directly between VPN client and server.
  • data packets that pass through the tunnel, to or from the VPN client  
PPTP Security
PPTP supports authentication, encryption, and packet filtering. PPTP authentication uses PPP-based protocols like EAP, CHAP, and PAP. PPTP supports packet filtering on VPN servers. Intermediate routers and other firewalls can also be configured to selectively filter PPTP traffic. 

In general, PPTP relies on the functionality of PPP for these aspects of virtual private networking.
  • authenticating users and maintaining the remote dial-up connection
  • encapsulating and encrypting IP, IPX, or NetBEUI packets
PPTP directly handles maintaining the VPN tunnel and transmitting data through the tunnel. PPTP also supports some additional security features for VPN data beyond what PPP provides. 

PPTP Pros and Cons
PPTP remains a popular choice for VPNs thanks to Microsoft. PPTP clients are freely available in all popular versions of Microsoft Windows. Windows servers also can function as PPTP-based VPN servers.
One drawback of PPTP is its failure to choose a single standard for authentication and encryption. Two products that both fully comply with the PPTP specification may be totally incompatible with each other if they encrypt data differently, for example. Concerns also persist over the questionable level of security PPTP provides compared to alternatives.

Proxy Servers Basics - II (Contd..)

Proxy Servers and Microsoft Internet Explorer

To take advantage of a proxy server's capabilities, Web browsers like Internet Explorer (IE) must be configured to explicitly use it. In many proxied environments, the client computers do not have direct Internet access, and browsers generally are not configured to use proxies "out of the box." Clients will be unable to access public Web sites in this scenario until proxy settings have been correctly made. 

Microsoft Internet Explorer 5 Tools menu

Figure 2: IE5 Tools menu
For example, to configure IE5 to use a proxy server, first click on Tools to access the drop-down menu. Click on the Internet Options... menu item to raise the Internet Options dialog. This dialog is a property sheet featuring multiple tabs. 

Clicking on the Connections tab makes available a dialog that includes a button in the bottom-right corner named LAN Settings... . Finally, click this button to raise the Local Area Network (LAN) Settings dialog; here is where proxy information must be entered. 

Microsoft Internet Explorer 5 Options menu, Connections tab

Figure 3: IE5 Internet Options, Connections tab
IE5 supports both manual and automatic configuration options. As shown the Figure, the "Use a proxy server" check box must be checked to enable the manual entering of a proxy. 

Either the network host name or the IP address of the proxy server must be typed in the "Address" field. In addition, any internal domains (such as intranet sites) that do not need to go through a proxy can be entered here in order to bypass the server. 

Microsoft Internet Explorer 5 local area network (LAN) settings

Figure 4: IE5 Internet Options, Connections tab
Microsoft provides Knowledge Base article Q135982 to assist in manually configuring proxy servers using other versions of Internet Explorer. Using the Automatically detect settings check box invokes the WPAD mechanism (discussed earlier) to auto-discover the proxy configuration. Finally, using the Use automatic configuration script check box allows clients to specify the URL that points to the JavaScript configuration file.

Proxy Servers and Netscape Navigator

Netscape Navigator (NN) may also be configured manually or automatically to work with a proxy server.

Netsape Navigator 4 edit menu

Figure: NN4 Edit menu
For example, to manually configure NN4, first click on Edit to access the drop-down menu. Click on the Preferences... menu item to raise the Netscape Preferences dialog. 

This dialog is a property sheet featuring a hierarchical arrangement of buttons in the left channel (as compared to the tabs in IE). Double-clicking on the Advanced item (or single-clicking on the small arrow graphic to the left of this text) displays the Proxies sub-item. Finally, clicking on Proxies displays the proxy server configuration dialog within the window. 

Netscape Navigator 4 Preferences, Proxies dialog

Figure 6: NN4 Preferences, Proxies dialog
Within this dialog, use the Direct connection to the Internet option to bypass proxy servers, and use the Automatic proxy configuration option to work with the automation script mechanism discussed earlier. (Navigator does not support WPAD.) 

To manually configure the proxy configuration, choose the middle option and click View to raise another dialog where the proxy server's host name or IP address can be entered. 

Free Web-Based Anonymous Proxy Servers
The sites listed below support free, Web-based anonymous proxy servers. 
An anonymous Web proxy is a type of proxy server that works through a Web form (also often called a CGI proxy). Instead of configuring the address of the server in the browser as is done for HTTP or SOCKS proxies, you simply navigate to the home page of the Web / CGI proxy, where proxy functionality is then enabled for each browsing session. The top free anonymous Web proxy servers are described below.

1. Proxify

Unlike most other anonymous Web proxies, Proxify supports encryption via the SSL and HTTPS network protocols. Proxify also handles the basic functions of an anonymous proxy server well including hiding your IP address and filtering of cookies.

2. Anonymouse

Anonymouse supports Web, email and Usenet (news) proxies and has existed on the Internet for many years now. In addition to the free open access, a low-cost subscription is available for those who want to upgrade to faster proxy servers and additional services. Anonymouse supports both English and German languages.

3. Anonymizer

Anonymizer may the best-known name among the anonymous Web proxy services. While it does offer a free service, most of the Anonymizer site is decided to "up-selling" various related products. WHen using the free proxy, be prepared to see flashing "UPGRADE NOW!" messages in the status bar of your browser.

4. The Cloak

The Cloak is an HTTP/HTTPS free anonymous proxy. A pay service is also available that avoids the bandwidth throttling used in the free version.

Free Proxy Lists (Anonymous and Elite)

Internet proxy servers allow you to (mostly) hide your home IP address and navigate anonymously. However, these free public servers often are taken offline without warning, and some may offer a less reputable service than others. If you are interested in using anonymous proxies, you should maintain a free proxy server list on your home network to ensure at least one is accessible at all times.
Follow these links to obtain free proxy list downloads.
These free proxy lists are updated regularly.