Solved

Proxy internal and External

Posted on 2009-04-02
7
689 Views
Last Modified: 2013-11-22
Hi all,

We are a large secondary school. We are looking for a solution to monitor internet usage per student.

At the moment all of our internet traffic is routed through and external proxy provided by our local authority. We have access to basic proxy reporting but not in detail as we would like. for example one of the reports we have is the top 100 sites used by the college for a day. Obviously if a website is used more often it will appear in the report but we cannot report on individual usage at any given time!

ideally what I would like to setup is an internal proxy that would log all traffic but just pass-through the traffic to the external proxy provided for us. I do not need to do any type of filtering as this is also provided by the existing external proxy.

We have not administrative control over the external proxy (squid Proxy) to pull out requested data.

Any help would be gratefully received
0
Comment
Question by:dblight
  • 3
  • 2
  • 2
7 Comments
 
LVL 11

Expert Comment

by:bmatumbura
ID: 24048095
Microsoft ISA server can do this
0
 
LVL 11

Expert Comment

by:bmatumbura
ID: 24048106
You'll have to join your student's workstations to a domain in which the ISA server is also a member. You'd then create usernames and passwords for your students on the domain and ask them to use these whenever they want to logon to the machines. ISA server can then be configured to monitor and report on what each student browses.
0
 

Author Comment

by:dblight
ID: 24048149
Thanks for replies.

We already have ISA setup for our internal intranet and external webiste its is used mainly for the authentication (single sign on) for all our internal systems.

can a seperate configuration be set that wont interfere with this? Also approx 200 of our laptops are student laptops that are not connected to the domain so authentication will be an issue as the leadership teams will not want students to authenticate again and again?
0
Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

 
LVL 11

Expert Comment

by:bmatumbura
ID: 24048308
0
 
LVL 77

Expert Comment

by:arnold
ID: 24049145
You could setup an internal transparen/chained squid proxy with NTLM.
The question is do you want to prompt all non Domain users for credentials prior to leting them access the outside/inside systems?
0
 

Author Comment

by:dblight
ID: 24057972
Hi Arnold,

I was just thinking the same, i'm installing Ubuntu as we speak to test this theory, all i want the "internal" proxy to do is trap the logs so i can parse them before they go out through the external "normal" proxy.

I dont really want any user to be prompted for any authentication as i want it just to be seemless and normal for them so they do not know that we are bypassing them to another proxy first.

i do have a question on the reporting side of things though. Ultimatley i want to be able to see where any particular USER has browsed and when, like you said with AD authentication but again i want it to be seemless so they are not prompted to enter any credentials. I suppose the laptops that are not domain intergrated can get away with just bypassing the "internal" proxy and carrying on as normal? does this sound possible?

Can you point me in the direction of any resources to configure squid as a transparent proxy and about AD intergration? at the moment im trawling through http://wiki.squid-cache.org/SquidFaq 

0
 
LVL 77

Accepted Solution

by:
arnold earned 250 total points
ID: 24068277
A transparent proxy deals with requests on port 80 being redirected by the router/ISA back to the proxy server which based on your setting will pass the requests to the external proxy.

You could setup the system to check NTLM to detect AD systems. and then let it fall through which will allow all access through. (no deny)
This will let non AD systems access, but will also let AD systems where the user did not login into the domain to pass through unidentified.

There are many resources on setting up transparent proxy:
http://tldp.org/HOWTO/TransparentProxy.html
http://www.cyberciti.biz/tips/linux-setup-transparent-proxy-squid-howto.html
http://www.deckle.co.za/squid-users-guide/Transparent_Caching/Proxy

Currently do you have your ISA configured to redirect port 80 requests to the external proxy or is the external proxy setup as a transparent?
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
macbook with parasites / two issues 4 101
.XTBL Ramsomware 2 180
Yet another Ransome ware 13 167
Ransomware and encrypted backups 5 86
These are on the increase and getting more common these days. Users who use the Google search engine may complain of having their search redirected to unwanted sites, regardless of what browser is used. This happens when the system is infected with…
OVERVIEW This guide provides information on the process performed when the Symantec Endpoint Protection (SEP) client checks in with the Symantec Endpoint Protection Manager (SEPM). AUDIENCE Information Technology personnel responsible for suppo…
This Micro Tutorial will give you a basic overview how to record your screen with Microsoft Expression Encoder. This program is still free and open for the public to download. This will be demonstrated using Microsoft Expression Encoder 4.
Many functions in Excel can make decisions. The most simple of these is the IF function: it returns a value depending on whether a condition you describe is true or false. Once you get the hang of using the IF function, you will find it easier to us…

863 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

26 Experts available now in Live!

Get 1:1 Help Now