| View previous topic :: View next topic |
| Author |
Message |
Crimson Rider
Guru
Joined: 23 Jun 2003
Posts: 462
Location: Delft, the Netherlands
|
 Posted: Fri Jul 15, 2005 8:55 am Post subject: Detecting and Blocking Sites |
 |
|
Now to the other end of the spectrum, a few posts ago I asked for a solution on stealthed internet. Using OpenVPN and a few pointers I made that happen. Thank you.
Now, in yet another capacity, that of sysadmin, I need to be able to detect what sites my users are surfing to, and block access to these sites if management deems them inappropiate for work.
All the users use internet via a central Gentoo firewall, I am mostly interested in blocking MSN and maintaining a list of sites visited. I am not interested in who visited what, only in what sites where visited. And of course, I need to somehow maintain a list of blocked sites, and block those sites.
Any tips?
Thanx.
_________________
Code, justify, code - Pitr Dubovich |
|
| Back to top |
|
 |
nx12
Apprentice
Joined: 14 Jan 2004
Posts: 193
|
| Posted: Fri Jul 15, 2005 3:17 pm Post subject: |
|
|
Check the squid web-cache. There's plenty of docs on there page.
Also you can configure iptables on your firewall box to dump all the http requests your users do as well as put some rules to block whatever you feel like to block. Google is your best friend here
_________________
signature sucks |
|
| Back to top |
|
|
think4urs11
Bodhisattva
Joined: 25 Jun 2003
Posts: 6659
Location: above the cloud
|
| Posted: Fri Jul 15, 2005 8:21 pm Post subject: |
|
|
1) only allow internet access through a proxy - NO outgoing nat
2a) squid, blocking via acls in the config
2b) squid combined with either squidguard or dansguardian plus a good URL database (ads, porn, violence, whatever)
3) calamaris for the reporting
doesn't stop all your users completely but most of them (tunneling through proxy to an external 'free' proxy etc.)
_________________
Nothing is secure / Security is always a trade-off with usability / Do not assume anything / Trust no-one, nothing / Paranoia is your friend / Think for yourself |
|
| Back to top |
|
|
Antimatter
Guru
Joined: 11 Aug 2003
Posts: 463
|
| Posted: Fri Jul 15, 2005 8:44 pm Post subject: |
|
|
| Think4UrS11 wrote: |
doesn't stop all your users completely but most of them (tunneling through proxy to an external 'free' proxy etc.) |
is it possiable to block tunneling though the proxy to an exterial proxy? |
|
| Back to top |
|
|
think4urs11
Bodhisattva
Joined: 25 Jun 2003
Posts: 6659
Location: above the cloud
|
| Posted: Fri Jul 15, 2005 8:47 pm Post subject: |
|
|
depends on the knowledge of your users
one way would be to use a white list instead of a black list of sites but that gives a huge adminstrative burden...
_________________
Nothing is secure / Security is always a trade-off with usability / Do not assume anything / Trust no-one, nothing / Paranoia is your friend / Think for yourself |
|
| Back to top |
|
|
jdmulloy
Tux's lil' helper
Joined: 24 Dec 2004
Posts: 139
Location: Massachusetts, USA
|
| Posted: Fri Oct 14, 2005 1:21 am Post subject: Dansguardian is a content filter |
|
|
While dansguardian has a black list it also checks the pages so that if the filter deems it inappropriate even an external proxy won't work.
Last edited by jdmulloy on Sun Apr 09, 2006 6:41 pm; edited 1 time in total |
|
| Back to top |
|
|
HeXiLeD
Veteran
Joined: 20 Aug 2005
Posts: 1159
Location: Online
|
| Posted: Thu Mar 30, 2006 1:39 am Post subject: |
|
|
A very good way of blocking access to certain sites/ip's/domains is using a hosts file.
Take a look here
_________________
Do you hear the sound of inevitability?
With age, comes great grumpiness and that, was 20 years ago...
CertFP: becbbd161d5a5c31de3c45171b77bf710911db29 / d985d21f89fe2977b593c4d381a1a86802e62990d9328d893db76d59f9935244 |
|
| Back to top |
|
|
|
Networking & Security
