Filtering of **** etc

Khattab

Hi Guys,

Our network doesnt currently have any content filtering - so people are free to access all sorts of things without restriction (****, gambling etc). Obviously, i want this to change, but i havent had to do this before.....

Any ideas on how i would go about doing this? Do i need 3rd party software, or can it be done without it?

Otherwise, how would i go about doing it, what needs to be done etc?

Thanks

sprkymrk

Unless you want to build your own proxy and database of ten's of thousands (or hundreds of thousands) of nasty sites, you'll want to go with a third party solution.

There is Web Sense and Blue Coat for expensive starters. You might find an open source solution that works with Squid, but I'm not positive on that. Many firewalls have add-ons that do filtering as well (Symantec SGS, Microsoft ISA has third party support for content filtering, Cisco ASA contracts with Trend for content filtering, etc.).

How many users do you support, and what do you currently use for a firewall?

shednik

Khattab wrote:

Hi Guys,

Our network doesnt currently have any content filtering - so people are free to access all sorts of things without restriction (xxxxxxx, gambling etc). Obviously, i want this to change, but i havent had to do this before.....

Any ideas on how i would go about doing this? Do i need 3rd party software, or can it be done without it?

Otherwise, how would i go about doing it, what needs to be done etc?

Thanks

In addition to mark's reply i found this about a week ago but haven't had time to install on my linux server at home...
http://dansguardian.org/?page=whatisdg

Khattab

Hi,

We currently use ISA2004 for the firewall, and are supporting between 80 - 100 users.

We have a pure windows network, so i'd prefer to use a product that is windows compatible if possible.....

Mishra

At a previous job we used Cymphonix. They aren't too bad.

Lee H

Hi

I would like some kind of filter for myself in the not so distant future, blocking the obvious adult content and such i also dont like the dropdown box selections which can be changed to "Man" seeking "Man", i do not want my 5 year old playing amending the options, which may promt a birds and the bees conversation. This is inapropriate for young people to see.

To pre-empt comments "Always keep an eye on them when they surf", i would prefer a peice of software preferably freeware to do this for me with minimal time spent. If there has to be a cost then i would consider it depending on functionality and if its good value.

Any ideas would be much appreciated, i am sure other people will also find this information usefull

Lee H

liven

I have to deal with this kinda of stuff everyday for my job.

Dans gaurdian and squid are a great FREE resource. It is not as good as:


bluecoat
websense
webwasher

or anything like that.

BUT it is free and works pretty good. Just starting with squid and blocking bad sites will be a great place to start.

To be honest we have deployed squid in a very large commercial environment and it did just fine.


Yes it will add a layer of administration, but it also adds a layer of protection. But any kind of content filtering/proxy is going to increase administrative over head. Especially upon inintial installation. A lot of legit sites will be inadvertently blocked, and will have to be allowed. But once you get through that maintaining is pretty smooth.

sprkymrk

Khattab wrote:

Hi,

We currently use ISA2004 for the firewall, and are supporting between 80 - 100 users.

We have a pure windows network, so i'd prefer to use a product that is windows compatible if possible.....

Lots of options:

http://www.microsoft.com/isaserver/partners/accesscontrol.mspx

Ahriakin

Another great and very easy to use product is the Barracuda Web Filter. You just put it inline before your firewall, set some basic rules and you're good to go. No need to reconfigure any other device or proxy settings.

dynamik

You could always get creative and do something like this: http://www.ex-parrot.com/pete/upside-down-ternet.html

You could probably find a way to do it based on domain names instead of having it network-based.

darkuser

wow .... the cartoon is precious ....

dynamik

Haven't seen xkcd before? It's great geek humor.

http://xkcd.com/

snadam

sprkymrk wrote:

Khattab wrote:

Hi,

We currently use ISA2004 for the firewall, and are supporting between 80 - 100 users.

We have a pure windows network, so i'd prefer to use a product that is windows compatible if possible.....

Lots of options:

http://www.microsoft.com/isaserver/partners/accesscontrol.mspx

+1 if you already have ISA implemented, then building off that might be a little more cost effective than starting fresh.

hypnotoad

Cisco routers can be programmed to block certain sites using NBAR. Hopefully you don't have too many sites you need to block though.

changlinn

There is a script at the site below that lets you import domain lists from a file into ISA, it even has a link to a nice creative commons, aka free list, that updates, so you can script it to download this list once a week/month and apply it pre your isa reboot.
http://www.isascripts.org/

I am looking at implementing this at a clients in the near future.

hypnotoad

Actually, one of the most kick-ass programs I've seen lately is called Untangle (www.untangle.com). It's a linux distro that gives you a virtual rack that you can drop Web Filters, Virus Scanners, Routers, OpenVPN appliances, IPS, etc.

Get a (preferably server-class PC) with 2 NICs and use it as a bridge.