[SPAM-Score-7.2] [K12OSN] differentiated internet filtering by grade level question

Andrew Fisk andy at spitcomp.com
Wed Jan 18 15:17:53 UTC 2006 

Not that this real very helpful, but as a parent of childen in a  
school district that uses Bess, it seems it took the kids about a  
week to figure out ways around it -- they then did a remakable job of  
commincating the work arounds to each other!

Any chance you could setup different proxies for different subnets  
and handle it that way?



Andy
Spitfire Computer Services
441 Beaver Street
Suite 202
Sewickley, PA 15143
Phone (412) 749-0162
Fax: (412) 749-0203
andy at spitcomp.com
www.spitcomp.com

On Jan 17, 2006, at 10:19 AM, Bob McCaa wrote:

> We use Bess in our District for filtering, and I'm much in the same  
> boat
> as per it not being replaced.
>
> I'm not sure about filtering based on the proxy IP that's being
> requested.
>
> Newer versions of Bess/SmartFilter allow you to create rules based  
> on IP
> ranges and groups, you can even specify an LDAP search path to
> supposedly allow filter based on a user level.  I run more restrictive
> rules in the labs to keep the kids on task as they try to play a  
> lot of
> games.
>
> What version are you using?  Have you contacted N2H2/Secure Computing
> about support?  We had an ancient appliance on site here that I  
> replaced
> a few years ago with a desktop "server" to act as our filter.  If you
> paid for the product, you should be able to upgrade.
>
> If all else fails, try to research accomplishing your goal with squid,
> as that's the caching engine that Bess uses(assuming it's a Linux
> machine).
>
> Good luck,
>
> Bob McCaa
> Juniata County School District
>
> On Wed, 2006-01-11 at 21:26 -0500, Jesse McDonnell wrote:
>> On Wed, 11 Jan 2006 19:09:57 -0600
>> Tim Litwiller <tim at litwiller.net> wrote:
>>
>>> The most configurable with a web Gui I know of is to replace your  
>>> BESS
>>> with Censor.net Linux -
>>
>> I've got input but I'm not a decision-maker in this process and I  
>> don't expect that BESS will be replaced.  Do you/anyone have any  
>> suggestions on how to provide differentiated filtering with BESS?  
>> Can BESS be configured to allow users coming through proxy-IP-1 to  
>> go to sites and disallow access to the same sites to users coming  
>> through proxy-IP-2?
>>
>> I'm the computer volunteer at my local public library and run  
>> IPCOP with Dansguardian to provide firewalling and filtering.   
>> Doing what I'm suggesting would be relatively easy with this  
>> setup, though there may be some problems of scale I'm not aware  
>> of.   Any relaxing of the filtering that is implemented at school  
>> will have to be workable within our Windows and BESS environment.  
>> Thanks for the suggestions so far.
>>
>> Jesse
>>
>>>
>>>
>>> Jesse McDonnell wrote:
>>>> I'm a high school librarian and have a question on whether  
>>>> anyone is using the same proxy server and filtering software to  
>>>> provide different filtering to students at different grade  
>>>> levels.  Everyone in the district currently goes through the  
>>>> same proxy server and has the same level of filtering.  All Web- 
>>>> based email is blocked as are file transfer sites like  
>>>> yousendit. We're having an ongoing discussion of the filtering  
>>>> policy and how much of a threat web-based email presents.
>>>>
>>>> I have an override account on the BESS filter so students in the  
>>>> library can access their email to download large files they are  
>>>> transferring back-and-forth between home and school when  
>>>> students don't have jump drives. When they are in the computer  
>>>> lab or using wireless laptops in the classroom they are unable  
>>>> to do it since I'm the only one in the building with an  
>>>> override. I'm wondering how difficult it would be to have  
>>>> everyone in the high school go through a different (or aliased)  
>>>> proxy IP that would have unfiltered access to webmail.
>>>>
>>>> We are in a windows enviroinment and using BESS (N2H2) filtering  
>>>> software. IP addresses are assigned by a Windows DHCP server. We  
>>>> don't use roaming profiles. Students don't have email accounts  
>>>> through the school district and account names are of the form  
>>>> GraduationyearLastnameFirstinitial (06smithj is joe smith  
>>>> graduating in 2006). When they login the start menu and the apps  
>>>> available are mapped from a folder on one of the servers.  So it  
>>>> would simple to change the proxy IP address in IE for all high  
>>>> school students.
>>>>
>>>> How best to deal with this situation....?
>>>>
>>>> Jesse McDonnell
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>> _______________________________________________
>>>> K12OSN mailing list
>>>> K12OSN at redhat.com
>>>> https://www.redhat.com/mailman/listinfo/k12osn
>>>> For more info see <http://www.k12os.org>
>>>>
>>>>
>>>
>>>
>>> _______________________________________________
>>> K12OSN mailing list
>>> K12OSN at redhat.com
>>> https://www.redhat.com/mailman/listinfo/k12osn
>>> For more info see <http://www.k12os.org>
>>
>> _______________________________________________
>> K12OSN mailing list
>> K12OSN at redhat.com
>> https://www.redhat.com/mailman/listinfo/k12osn
>> For more info see <http://www.k12os.org>
>
> _______________________________________________
> K12OSN mailing list
> K12OSN at redhat.com
> https://www.redhat.com/mailman/listinfo/k12osn
> For more info see <http://www.k12os.org>
>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/k12osn/attachments/20060118/e09cb706/attachment.htm>

More information about the K12OSN mailing list