[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now


The best web filter

Posted on 2004-11-16
Medium Priority
Last Modified: 2008-01-09
I am administering a network at a school.  The kids seem to think it is funny to hit and print hard core porn.  The administration is freaking out.  Does anyone have any good experience with some rock solid, lean web filters?  Thanks.
Question by:fletchman
LVL 18

Expert Comment

ID: 12597989
I would invest in a good hardware firewall!

Author Comment

ID: 12598606
I have one of those.  I need something to that can get an updated filter to keep out the hardcore sites, whether it is violence or porn.

Expert Comment

ID: 12598700
I'd suggest n2h2's bess filter, it works very well.  It has several predefined categories of sites set up and monitored by n2n2 that you can choose whether or not to block.  It also fits in with a variety of devices (cisco routers, pix firewalls, isa server, sonicwall, and the list goes on).

A Cyber Security RX to Protect Your Organization

Join us on December 13th for a webinar to learn how medical providers can defend against malware with a cyber security "Rx" that supports a healthy technology adoption plan for every healthcare organization.

LVL 23

Expert Comment

ID: 12599056
Hi fletchman,

I would suggest installing a websense filter, you can protect more than just sites, it helps with spyware, Malicious Mobile Code, Peer-to-Peer File Sharing, Instant Messaging, Streaming Media and Student Hacking. A lot of people are opting to avoid the web filters as none are 100% effective and they are opting to use Student education and Supervision. I personally like the carrot and stick approach....

Good luck.


Expert Comment

ID: 12600043
LOL, had the same problem a while back.

Now you can do it 2 ways, both will involve investing a little bit of cash though.

Firstly you will need to get a spear PC less then 1Ghz's, 256mb ram will be fine, put 2 ethernet cards in it.

Download smoothwall http://www.smoothwall.org/

This program is one amazing firewall, during installation you will need to configure the firewall to use the gateway which the school has been given.
Once install you can add on diffrent modules to filter and ban sites words porn etc few more thing, these work well but not perfectly.
For that solution they request you by there pro version which will set u back about £600 for 40pc.

Major benifits of this kind of firewall all web and files surfed are logs with graphical stats and you can limits usage on port plus so much more.

Highly recommended.

Another open is if you are in the uk you can contact RM (Research Machines) and they offer a remote filtering process which they manage and maintain. kinda expensive though, we found it was best to just use smoothwall and monitor usage ban sites when we need to.

Hope this has been of some help


Accepted Solution

syn_ack_fin earned 750 total points
ID: 12604153
The three best filters I have had experience with:
SurfControl - www.surfcontrol.com
Websense - www.websense.com
N2H2 - www.n2h2.com

For a school, I'd go with anom's advice and look at N2H2. Their pricing for education is usually incredibly lower than the competition and they work with many firewalls.

I'd first look at a content filter that works directly with my firewall. If the firewall you have does not integrate with any of the above, then SurfControl may be the way to go. They have a pass-by mode that allows you to place it on a hub between your firewall and trusted side and it will still monitor and block. Essentially, when it sees a request it doesn;t like go out, it sends a connection RST packet to the server and a redirect to the cleint. Works well.

Good Luck

Expert Comment

ID: 12605519
A simple 1ghz box with decent ram and a good harddrive would be perfect for your filtering needs.
Place it between the gateway and your LAN with the following configuration:
--Debian     (or your favorite distro)                http://www.debian.org
--Squid set to transparent mode                     http://www.squid-cache.org/
--squidGuard                                                 http://www.squidguard.org/

Once that box is setup, your good to go.
No configuration required on client machines.

Well supported, documented, and easy support forums as well as mailing lists if you have any questions/issues.

Expert Comment

ID: 12610646
Very simple setup and administration and great results....



Expert Comment

ID: 12610874
from ccproxy's site, "Open proxy server graphic guide page and set up the IE browsers at clients."

That is a lot of setting up to do in a school environment.  Although it is possible to create a custom script that would directly edit the registry to do it.  Push that down, given its all domain.  But then students can still change the proxy setting in IE, or just use a different web browser.  Which of course, both can be avoided with proper lockdowns.

I still recommend Squid.  No client configuration. Most of the time, easy setup.  And any problems you have you can easily ask for help.
> 100,000 lines of url/key word filteration with squidguard.
LVL 25

Expert Comment

by:Ron Malmstead
ID: 12639261
enable content ratings on internet explorer...(no cost)

you could also get ISA server 2003 (you can manage blocklists, content ratings, and user access / or subscribe to a service that does it for you)

or you could use an aol browser and setup the usernames as child accounts.

there are alot of software companies that provide lockdown software for school computers....google it.

Expert Comment

ID: 12667532
i would go with the ISA server route and block the content at the gateway rather than at the client machine. we use websense here and it uses a policy based blocking which you can customize and configure. it has worked pretty well and also blocks other things like peer-peer file sharing which can be annoying if those kids are trying to download music, movies and software.

Featured Post

What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Your business may be under attack from a silent enemy that is hard to detect. It works stealthily in the shadows to access and exploit your critical business information, sensitive confidential data and intellectual property, for commercial gain. T…
Last month Marc Laliberte, WatchGuard’s Senior Threat Analyst, contributed reviewed the three major email authentication anti-phishing technology standards: SPF, DKIM, and DMARC. Learn more in part 2 of the series originally posted in Cyber Defense …
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
Sometimes it takes a new vantage point, apart from our everyday security practices, to truly see our Active Directory (AD) vulnerabilities. We get used to implementing the same techniques and checking the same areas for a breach. This pattern can re…

873 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question