jsufee
asked on
Centralize Internet connection (internet monitoring)
I inhereted a network powered by Dell PowerEdge and windows server 2000. We have ADSL internet connection where the line goes into a router then to PIX firewall then to HP procurve switch and that's how users can access the internet rom the PC located at different rooms. We also have wireless internet (password protect) where users can use their laptops to connect.
I have the following dilemma I need to resolve:
We would like to install a web sensoring software on the network to prevent access to certain websites.
I can install individual software ont he workstation but I can't control the users laptop so I thought thebest way to do this is to try to figure out to to centralize the internet connection on the server so all request to the internet wether from pc or laptop has to pass through it and this was I only install one software on the server.
I tried to install some basic software on the server but this limited websites only when i try to access them from the server and I don't want that! :)
Any ideas?
I have the following dilemma I need to resolve:
We would like to install a web sensoring software on the network to prevent access to certain websites.
I can install individual software ont he workstation but I can't control the users laptop so I thought thebest way to do this is to try to figure out to to centralize the internet connection on the server so all request to the internet wether from pc or laptop has to pass through it and this was I only install one software on the server.
I tried to install some basic software on the server but this limited websites only when i try to access them from the server and I don't want that! :)
Any ideas?
SOLUTION
membership
Create a free account to see this answer
Signing up is free and takes 30 seconds. No credit card required.
Actually you can set up a block list through squid restricting sites, using URL masks. (eg Sex, .playboy.com etc). if that isnt enough protection, you can also install squid-guard if you need any further blocking which is a free application.
http://www.squidguard.org/
Personally I prefer squid myself, It is easy to set up, easy to manage and keeps detailed logs.
What you have to do though is close the firewall to ALL ip's other than the proxy server forcing all the machines to use the proxy as the gateway and not allow other connections... the problem once again is that these restrictions will only be enforced while on site.
http://www.squidguard.org/
Personally I prefer squid myself, It is easy to set up, easy to manage and keeps detailed logs.
What you have to do though is close the firewall to ALL ip's other than the proxy server forcing all the machines to use the proxy as the gateway and not allow other connections... the problem once again is that these restrictions will only be enforced while on site.
ASKER CERTIFIED SOLUTION
membership
Create a free account to see this answer
Signing up is free and takes 30 seconds. No credit card required.
ASKER
Thank you very much for your suggestions
your welcome
ASKER
Just to add... I still don't know how to a proxy server will help me if the internet connection is not going through the main server but rather through the procurve switch? Or should I read more about it before I speak! :)
if you block access for all ip addresses BUT that of the proxy at the firewall, the computers will be forced to use the proxy to see the outside world... they will then need to bounce data from the outside world, off the proxy and then to themselves
ASKER
Thank you SIr!
If you also want to restrict access to certain sites on laptops when they aren't onsite, a proxy won't be usefull and you'll need software installed on all the PC's locally. A good one is cybersitter (once installed on the PC you can manage it from a central location).
http://www.cybersitter.com/