[K12OSN] standalone spyware / content filter -- need suggestions
Petre Scheie
petre at maltzen.net
Wed May 11 16:46:08 UTC 2005
You can have two firewalls with no problems. Matter of fact, it's recommended if you
have a publicly-accessible server (web, mail, etc.). The 'space' between the two
firewalls is called a DMZ (De-Militarized Zone), and that's where you place your public,
internet-accessible servers. The idea is that the first firewall blocks out anyone
trying to get in except for the traffic you want to allow, e.g., port 80 so people can
get to your webserver. The second firewall, which presumably is set to block all
inbound traffic, separates the DMZ-with-webserver from your internal network. That way,
if your webserver is compromised, it doesn't make the rest of your internal network
vulnerable.
With that in mind, I'd go with the IPCop and Cop+ and just connect the red card to the
'inside' port of your existing firewall, and the green card to your internal network.
HTH
Petre
Rob Owens wrote:
> Thanks.
>
> Per your suggestion, I read up a bit on IPCop. It
> looks like it is a complete distribution, is that
> right? So it does not have to be installed "on top
> of" Fedora, or Debian, or whatever?
>
> My immediate need is for filtering spyware on a
> network that already has a firewall (and some custom
> configuration has already been done to allow certain
> services). IPCop says it's a firewall, so I guess
> I'll have to choose to use one or the other. Since
> this is the case, would I be better off running a
> plain linux install with no firewall and run
> Dansguardian?
>
> -Rob
>
> --- Jim Hays <haysja at sages.us> wrote:
>
>>My suggestion would be IPCop and add Cop+. Several
>>schools that I know
>>of are using this and are very happy with it. The
>>Cop+ addon will add
>>DansGuardian.
>>
>>Easy to set up. Easy to manage. I rarely touch
>>ours and it just plugs
>>away doing its job.
>>
>>ClarkConnect is another alternative.
>>
>>
>>
>>Rob Owens wrote:
>>
>>
>>>I've heard a few package names mentioned, like
>>>Dansguardian, but I was wondering if somebody could
>>>suggest the easiest one to use. The goal is mostly
>>
>>to
>>
>>>stop spyware. It will be a standalone box that
>>>doesn't need to run any other apps. Perhaps
>>
>>there's
>>
>>>even a distro out there that is specifically
>>
>>designed
>>
>>>for this kind of thing, I don't know. Any help
>>
>>would
>>
>>>be appreciated. I've never set one of these things
>>>up, so I'd prefer something that is 90% effective
>>
>>but
>>
>>>intuitive to set up, over something that is 95%
>>>effective but difficult to configure.
>>>
>>>Thanks
>>>
>>>-Rob
>>>
>>>
>>>
>>>Yahoo! Mail
>>>Stay connected, organized, and protected. Take the
>>
>>tour:
>>
>>>http://tour.mail.yahoo.com/mailtour.html
>>>
>>>_______________________________________________
>>>K12OSN mailing list
>>>K12OSN at redhat.com
>>>https://www.redhat.com/mailman/listinfo/k12osn
>>>For more info see <http://www.k12os.org>
>>>
>>>
>>>
>>>
>>
>>--
>>
>
> --------------------------------------------------------
>
>>Jim Hays, Technology Coordinator
>>Monticello CUSD#25
>>#2 Sage Drive
>>Monticello, IL 61856
>>(217) 762-8511 ext 1208
>>haysja at sages.us
>>
>
> --------------------------------------------------------
>
>>_______________________________________________
>>K12OSN mailing list
>>K12OSN at redhat.com
>>https://www.redhat.com/mailman/listinfo/k12osn
>>For more info see <http://www.k12os.org>
>>
>
>
>
> Yahoo! Mail
> Stay connected, organized, and protected. Take the tour:
> http://tour.mail.yahoo.com/mailtour.html
>
> _______________________________________________
> K12OSN mailing list
> K12OSN at redhat.com
> https://www.redhat.com/mailman/listinfo/k12osn
> For more info see <http://www.k12os.org>
>
More information about the K12OSN
mailing list