The best web filter

Posted on 2004-11-16
Last Modified: 2008-01-09
I am administering a network at a school.  The kids seem to think it is funny to hit and print hard core porn.  The administration is freaking out.  Does anyone have any good experience with some rock solid, lean web filters?  Thanks.
Question by:fletchman
    LVL 18

    Expert Comment

    I would invest in a good hardware firewall!

    Author Comment

    I have one of those.  I need something to that can get an updated filter to keep out the hardcore sites, whether it is violence or porn.
    LVL 3

    Expert Comment

    I'd suggest n2h2's bess filter, it works very well.  It has several predefined categories of sites set up and monitored by n2n2 that you can choose whether or not to block.  It also fits in with a variety of devices (cisco routers, pix firewalls, isa server, sonicwall, and the list goes on).

    LVL 23

    Expert Comment

    Hi fletchman,

    I would suggest installing a websense filter, you can protect more than just sites, it helps with spyware, Malicious Mobile Code, Peer-to-Peer File Sharing, Instant Messaging, Streaming Media and Student Hacking. A lot of people are opting to avoid the web filters as none are 100% effective and they are opting to use Student education and Supervision. I personally like the carrot and stick approach....

    Good luck.

    LVL 1

    Expert Comment

    LOL, had the same problem a while back.

    Now you can do it 2 ways, both will involve investing a little bit of cash though.

    Firstly you will need to get a spear PC less then 1Ghz's, 256mb ram will be fine, put 2 ethernet cards in it.

    Download smoothwall

    This program is one amazing firewall, during installation you will need to configure the firewall to use the gateway which the school has been given.
    Once install you can add on diffrent modules to filter and ban sites words porn etc few more thing, these work well but not perfectly.
    For that solution they request you by there pro version which will set u back about £600 for 40pc.

    Major benifits of this kind of firewall all web and files surfed are logs with graphical stats and you can limits usage on port plus so much more.

    Highly recommended.

    Another open is if you are in the uk you can contact RM (Research Machines) and they offer a remote filtering process which they manage and maintain. kinda expensive though, we found it was best to just use smoothwall and monitor usage ban sites when we need to.

    Hope this has been of some help

    LVL 4

    Accepted Solution

    The three best filters I have had experience with:
    SurfControl -
    Websense -
    N2H2 -

    For a school, I'd go with anom's advice and look at N2H2. Their pricing for education is usually incredibly lower than the competition and they work with many firewalls.

    I'd first look at a content filter that works directly with my firewall. If the firewall you have does not integrate with any of the above, then SurfControl may be the way to go. They have a pass-by mode that allows you to place it on a hub between your firewall and trusted side and it will still monitor and block. Essentially, when it sees a request it doesn;t like go out, it sends a connection RST packet to the server and a redirect to the cleint. Works well.

    Good Luck
    LVL 1

    Expert Comment

    A simple 1ghz box with decent ram and a good harddrive would be perfect for your filtering needs.
    Place it between the gateway and your LAN with the following configuration:
    --Debian     (or your favorite distro)      
    --Squid set to transparent mode           

    Once that box is setup, your good to go.
    No configuration required on client machines.

    Well supported, documented, and easy support forums as well as mailing lists if you have any questions/issues.
    LVL 1

    Expert Comment

    Very simple setup and administration and great results....

    LVL 1

    Expert Comment

    from ccproxy's site, "Open proxy server graphic guide page and set up the IE browsers at clients."

    That is a lot of setting up to do in a school environment.  Although it is possible to create a custom script that would directly edit the registry to do it.  Push that down, given its all domain.  But then students can still change the proxy setting in IE, or just use a different web browser.  Which of course, both can be avoided with proper lockdowns.

    I still recommend Squid.  No client configuration. Most of the time, easy setup.  And any problems you have you can easily ask for help.
    > 100,000 lines of url/key word filteration with squidguard.
    LVL 25

    Expert Comment

    by:Ron M
    enable content ratings on internet explorer...(no cost)

    you could also get ISA server 2003 (you can manage blocklists, content ratings, and user access / or subscribe to a service that does it for you)

    or you could use an aol browser and setup the usernames as child accounts.

    there are alot of software companies that provide lockdown software for school it.
    LVL 9

    Expert Comment

    i would go with the ISA server route and block the content at the gateway rather than at the client machine. we use websense here and it uses a policy based blocking which you can customize and configure. it has worked pretty well and also blocks other things like peer-peer file sharing which can be annoying if those kids are trying to download music, movies and software.

    Featured Post

    How to run any project with ease

    Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
    - Combine task lists, docs, spreadsheets, and chat in one
    - View and edit from mobile/offline
    - Cut down on emails

    Join & Write a Comment

    By default, Carbonite Server Backup manages your encryption key for you using Advanced Encryption Standard (AES) 128-bit encryption. If you choose to manage your private encryption key, your backups will be encrypted using AES 256-bit encryption.
    Healthcare organizations in the United States must adhere to the guidance of both the HIPAA (Health Insurance Portability and Accountability Act) and HITECH (Health Information Technology for Economic and Clinical Health Act) for securing and protec…
    Sending a Secure fax is easy with eFax Corporate ( First, Just open a new email message.  In the To field, type your recipient's fax number You can even send a secure international fax — just include t…
    In this seventh video of the Xpdf series, we discuss and demonstrate the PDFfonts utility, which lists all the fonts used in a PDF file. It does this via a command line interface, making it suitable for use in programs, scripts, batch files — any pl…

    732 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    18 Experts available now in Live!

    Get 1:1 Help Now