[K12OSN] Best solution for Internet access, control, and caching?
John Lucas
mrjohnlucas at gmail.com
Fri Dec 12 03:45:44 UTC 2008
Huck wrote:
> IPCOP...
> with the following addons
> advanced proxy
> url filter
> update accelerator
> zerina
>
> deployed in many facilities...schools/churches/businesses...
> works lovely..and if you want truly draconian control...
> install BlockOutTraffic(BOT)...and nothing leave/enters without strict
> ACLs...
>
>
We have almost the exact same setup (with BOT but without zerina) and then use
our account at OpenDNS for additional content filtering to back up the local
filtering. With URL Filter (based on Squid) performing transparent proxying and
BOT blocking (or restricting) all ports that the proxy doesn't handle, all
traffic is logged by the firewall, proxy and by URL filter. The Advanced Proxy
plug-in can be used with LDAP so user's could be made to authenticate (we don't
do that, yet) and have their IDs logged along with their access. Not a lot of
wiggle room, biggest headache is closing down access to "proxy tunnels", but
analyzing the Squid logs with Webalizer (logs shipped via ssh to management
station daily for analysis) turns them up eventually. BOT takes a bit of time
to set up rules, but it is very effective.
Update accelerator really saves bandwidth; first download seeds the cache,
subsequent updates fed from the cache. The plugin on IPCop checks for updates
to updates in it's cache independently. Handles Window$, Linux, Mac, Avast, and
Symantec updates.
--
"History doesn't repeat itself; at best it rhymes."
- Mark Twain
| John Lucas MrJohnLucas at gmail.com |
| St. Thomas, VI 00802 http://mrjohnlucas.googlepages.com/ |
| 18.3°N, 65°W AST (UTC-4) |
More information about the K12OSN
mailing list