RE: Firewalls in a K-12 [More info from me]

From: Taiss Quartapa (xntrek@iprimus.com.au)
Date: 08/22/01 

From: "Taiss Quartapa" <xntrek@iprimus.com.au>
To: "'Michael Boman'" <michael@ayeka.dyndns.org>, "'kath'" <kath@kathweb.net>, <SECURITY-BASICS@securityfocus.com>
Subject: RE: Firewalls in a K-12 [More info from me]
Date: Wed, 22 Aug 2001 09:38:32 +1000
Message-ID: <003701c12a9a$6779cbd0$8b2d32d2@home.alchemist.id>

On Wednesday, 22 August 2001 00:01, Michael Boman wrote:

>If you use Squid (MS probably have this functionality as well) you can
>enable proxy password, so the user needs to login to squid before surfing.
>Kinda cool, if you like the Big Brother stuff.

I don't believe that MS Proxy does that (although if I'm wrong - can someone
let me know how?).

However, with squid you can do the following:

- Assign username/password access to use the proxy : this can be achieved by
htaccess style password lists or (my favourite) via PAM (Pluggable
Authentication Modules). Using PAM, you can set up access to NIS, SAMBA,
NT/2000 or even Novell.
- Put in SquidGuard (www.squidguard.org). It plugs in under the redirector
section of squid.conf and allows you to put in ACLs in a variety of fashions
(such as user lists, sites that can/can't be accessed) and works quite well.
- Using webalizer, you can do a full analysis of squids logs to view
accessed sites, user names, which IPs they've originated from, etc.

This sort of solution really takes the cake from this point of view,
although it is very big brotherish.

Kind Regards,

Taiss Quartapa

----------------------------------------------------------------
       Member of: SAGE-AU SANS ISSA LUV HTCIA AUUG
----------------------------------------------------------------
                *** WILL WORK FOR BANDWIDTH ***
----------------------------------------------------------------
            http://home.iprimus.com.au/xntrek/resume.html
----------------------------------------------------------------
#!/bin/sh
cups=5
cd /home/kitchen
mv /dev/coffeemaker/pot ./sink
dd if=/dev/water/cold of=./sink/pot bs=$CUP count=$cups
mv ./sink/pot /dev/coffeemaker
cat /dev/coffeemaker/pot > /dev/coffeemaker/tank
cat ./cupboards/dry_foods/coffee/filter > /dev/coffeemaker/filter_holder
dd if=./cupboards/dry_foods/coffee/grinds of=/dev/coffeemaker/filter \
  bs=$COFFEE_MEASURE count=$cups
/opt/coffee/bin/close_filter_holder
/opt/coffee/bin/brew start
exit

Relevant Pages

  • RE: Squid question
    ... I believe you want transparent proxy services. ... Point the new machines to the squid box as their gateway, ... > discovery, such as the physician-patient privilege, or a peer review ...
    (RedHat)
  • Re: parental control with squid and dansguardian
    ... I need to configure the browser to look for proxy on port ... if someone just changes the port in their browser to 3128 (squid ... as the box is behind a router firewall anyway but I would appreciate your ...
    (freebsd-questions)
  • Re: bypass intranet sites
    ... I have solved this issue using "Proxy Auto-Config" files ... The issue is that if your client connect to the squid server no matter ... I have a couple of sites in my intranet and all my locals users are ...
    (RedHat)
  • Re: monitoring software
    ... The firewall also redirected all port 80 traffic back ... to the squid proxy. ... As seems to be often the case what the boss ...
    (alt.os.linux.suse)
  • Re: Proxy Server - web filtering?
    ... A word filter is only going to be partially effective. ... Expanding it to include other detestable words, can end up blocking ... certain addresses, and you can use their block list, with a local proxy, ... and the Squid documentation has hints about blocking ...
    (alt.os.linux.redhat)