Link to home
Create AccountLog in
Avatar of jsufee
jsufee

asked on

Centralize Internet connection (internet monitoring)

I inhereted a network powered by Dell PowerEdge and windows server 2000. We have ADSL internet connection where the line goes into a router then to PIX firewall then to HP procurve switch and that's how users can access the internet rom the PC located at different rooms. We also have wireless internet (password protect) where users can use their laptops to connect.

I have the following dilemma I need to resolve:
We would like to install a web sensoring software on the network to prevent access to certain websites.
I can install individual software ont he workstation but I can't control the users laptop so I thought thebest way to do this is to try to figure out to to centralize the internet connection on the server so all request to the internet wether from pc or laptop has to pass through it and this was I only install one software on the server.

I tried to install some basic software on the server but this limited websites only when i try to access them from the server and I don't want that! :)
Any ideas?
Avatar of rindi
rindi
Flag of Switzerland image

Get a proxy server and through that you can control what is allowed and what isn't. A further advantage of a proxy server is that it logs all web access, and with the right software you can Analise those log files later. Personally I'd use a Linux PC with squid as proxy, but there are many around so just use google.

If you also want to restrict access to certain sites on laptops when they aren't onsite, a proxy won't be usefull and you'll need software installed on all the PC's locally. A good one is cybersitter (once installed on the PC you can manage it from a central location).

http://www.cybersitter.com/
SOLUTION
Avatar of Brian Pierce
Brian Pierce
Flag of United Kingdom of Great Britain and Northern Ireland image

Link to home
membership
Create a free account to see this answer
Signing up is free and takes 30 seconds. No credit card required.
See answer
Avatar of Soutie
Soutie

Actually you can set up a block list through squid restricting sites, using URL masks. (eg Sex, .playboy.com etc).  if that isnt enough protection, you can also install squid-guard if you need any further blocking which is a free application.

http://www.squidguard.org/

Personally I prefer squid myself, It is easy to set up, easy to manage and keeps detailed logs.

What you have to do though is close the firewall to ALL ip's other than the proxy server forcing all the machines to use the proxy as the gateway and not allow other connections... the problem once again is that these restrictions will only be enforced while on site.
ASKER CERTIFIED SOLUTION
Link to home
membership
Create a free account to see this answer
Signing up is free and takes 30 seconds. No credit card required.
Avatar of jsufee

ASKER

Thank you very much for your suggestions
your welcome
Avatar of jsufee

ASKER

Just to add... I still don't know how to a proxy server will help me if the internet connection is not going through the main server but rather through the procurve switch? Or should I read more about it before I speak! :)
if you block access for all ip addresses BUT that of the proxy at the firewall, the computers will be forced to use the proxy to see the outside world... they will then need to bounce data from the outside world, off the proxy and then to themselves
Avatar of jsufee

ASKER

Thank you SIr!