[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: [K12OSN] Best solution for Internet access, control, and caching?

Huck wrote:
with the following addons
advanced proxy
url filter
update accelerator

deployed in many facilities...schools/churches/businesses...
works lovely..and if you want truly draconian control...
install BlockOutTraffic(BOT)...and nothing leave/enters without strict ACLs...

We have almost the exact same setup (with BOT but without zerina) and then use our account at OpenDNS for additional content filtering to back up the local filtering. With URL Filter (based on Squid) performing transparent proxying and BOT blocking (or restricting) all ports that the proxy doesn't handle, all traffic is logged by the firewall, proxy and by URL filter. The Advanced Proxy plug-in can be used with LDAP so user's could be made to authenticate (we don't do that, yet) and have their IDs logged along with their access. Not a lot of wiggle room, biggest headache is closing down access to "proxy tunnels", but analyzing the Squid logs with Webalizer (logs shipped via ssh to management station daily for analysis) turns them up eventually. BOT takes a bit of time to set up rules, but it is very effective.

Update accelerator really saves bandwidth; first download seeds the cache, subsequent updates fed from the cache. The plugin on IPCop checks for updates to updates in it's cache independently. Handles Window$, Linux, Mac, Avast, and Symantec updates.

        "History doesn't repeat itself; at best it rhymes."
                        - Mark Twain

| John Lucas                MrJohnLucas gmail com               |
| St. Thomas, VI 00802      http://mrjohnlucas.googlepages.com/ |
| 18.3°N, 65°W              AST (UTC-4)                         |

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]