internet filtering options

[Tom Sparks]

I looking at internet filtering options for work, we have 10 computer running windows XP/vista, the filter well need to be transparent/forced because we have public laptops that connect to the network.
what are my options?

---
tom_a_sparks "It's a nerdy thing I like to do"
Please use ISO approved file formats excluding Office Open XML - http://www.gnu.org/philosophy/no-word-attachments.html
Ubuntu wiki page https://wiki.ubuntu.com/tomsparks
3 x (x)Ubuntu 10.04, Amiga A1200 WB 3.1, UAE AF 2006 Premium Edition, AF 2012 Plus Edition, Sam440 AOS 4.1.2, Roland DXY-1300 pen plotter, Cutok DC330 cutter/pen plotter
Wanted: RiscOS system, GEOS system (C64/C128), Atari ST, Apple Macintosh (6502/68k/PPC only)

--
ubuntu-au mailing list
ubun...@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-au

[Dave Hall]

Dear Senator Conroy,

On 10/03/12 20:22, Tom Sparks wrote:
> I looking at internet filtering options for work, we have 10 computer running windows XP/vista, the filter well need to be transparent/forced because we have public laptops that connect to the network.
> what are my options?

You haven't specified what material you want to limit access to. You
could use OpenDNS's blacklisting services and block all outbound
requests to port 53 while having an internal DNS that used OpenDNS to
lookup all DNS queries? Another option is to use iptables to send all
outbound port 80 traffic through squid which would be configured in
transparent mode and use a filtering tool such as squidGuard or
DansGuardian.

Both of these systems can be circumvented by someone with half a clue,
but so can most filtering systems.

Cheers

Dave

[Boden Matthews]

I would use one of the Linux firewall/filtering distros on a dedicated box, like CensorNet (http://distrowatch.com/table.php?distribution=censornet) or Untangle (http://www.untangle.com/)

Regards,

Boden Matthews,

http://bodenm.wordpress.com

[Paul Gear]

On 10/03/12 19:40, Dave Hall wrote:
> Dear Senator Conroy,
>
> On 10/03/12 20:22, Tom Sparks wrote:
>> I looking at internet filtering options for work, we have 10 computer
>> running windows XP/vista, the filter well need to be
>> transparent/forced because we have public laptops that connect to the
>> network.
>> what are my options?
>
> You haven't specified what material you want to limit access to. You
> could use OpenDNS's blacklisting services and block all outbound
> requests to port 53 while having an internal DNS that used OpenDNS to
> lookup all DNS queries? Another option is to use iptables to send all
> outbound port 80 traffic through squid which would be configured in
> transparent mode and use a filtering tool such as squidGuard or
> DansGuardian.

Another similar one to OpenDNS is Dyn's Internet Guide
(http://dyn.com/labs/dyn-internet-guide/). They are both a quick & easy
way to add basic filtering, both have the ability to add whitelists &
blacklists. Nowadays, hosted solutions like these are a better choice
for most sites than locally-hosted solutions; the benefit of protection
against common malware sites with almost no effort is pretty compelling,
IMO.

Paul

[Keith]

On 10/03/12 20:22, Tom Sparks wrote:

I looking at internet filtering options for work, we have 10 computer running windows XP/vista, the filter well need to be transparent/forced because we have public laptops that connect to the network.
what are my options?

---
tom_a_sparks "It's a nerdy thing I like to do"
Please use ISO approved file formats excluding Office Open XML - http://www.gnu.org/philosophy/no-word-attachments.html
Ubuntu wiki page https://wiki.ubuntu.com/tomsparks
3 x (x)Ubuntu 10.04, Amiga A1200 WB 3.1, UAE AF 2006 Premium Edition, AF 2012 Plus Edition, Sam440 AOS 4.1.2, Roland DXY-1300 pen plotter, Cutok DC330 cutter/pen plotter
Wanted: RiscOS system, GEOS system (C64/C128), Atari ST, Apple Macintosh (6502/68k/PPC only)

Not sure what exactly your requirements are? Are you after something for an Ubuntu server or a hardware device?
 
I've been using QuintoLabs Proxy server which is basically a Content proxy (ICAP) running Squid. You can download their VM Appliance or build it yourself - give the appliance a go as it's an Ubuntu VM anyway and it's free. http://www.quintolabs.com/

You could build a server with this as well and place it in transparent or in-line mode with your current firewall once you are happy it meets your requirements.

Good luck!

Regards
Keith

[Tom Sparks]

--- On Sat, 10/3/12, Paul Gear <pa...@libertysys.com.au> wrote:

> From: Paul Gear <pa...@libertysys.com.au>
> Subject: Re: internet filtering options
> To: ubun...@lists.ubuntu.com
> Received: Saturday, 10 March, 2012, 10:17 PM
> On 10/03/12 19:40, Dave Hall wrote:
> > Dear Senator Conroy,
> >
> > On 10/03/12 20:22, Tom Sparks wrote:

<snip>

> Another similar one to OpenDNS is Dyn's Internet Guide
> (http://dyn.com/labs/dyn-internet-guide/).  They
> are both a quick & easy
> way to add basic filtering, both have the ability to add
> whitelists &
> blacklists.  Nowadays, hosted solutions like these are
> a better choice
> for most sites than locally-hosted solutions; the benefit of
> protection
> against common malware sites with almost no effort is pretty
> compelling,
> IMO.
>

this dyn's internet guide looks interesting as I only need to change the routers DNS server addresses :)

> Paul
tom
> -----Inline Attachment Follows-----

[Josh McFarlane]

Hi,
I think that a proxy would be best suited to what you are trying to achieve.
Check out this guide: http://www.howtoforge.com/dansguardian-content-filtering-with-transparent-proxy-on-ubuntu-9.10-karmic
Also have a look at howto configure Dansgardian and Squid on help.ubuntu.com
Josh.

[Matthew Hannigan]

I've used DansGuardian and can recommend it.
It might go too far or not far enough for you though.
Depends on the age of your users and the policy you're trying to enforce.

I recommend AGAINST 'transparent' proxying. It rarely is truly transparent and can much things up.

Use the proxy setting abilities of DHCP instead.

Matt