• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 739
  • Last Modified:

Proxy internal and External

Hi all,

We are a large secondary school. We are looking for a solution to monitor internet usage per student.

At the moment all of our internet traffic is routed through and external proxy provided by our local authority. We have access to basic proxy reporting but not in detail as we would like. for example one of the reports we have is the top 100 sites used by the college for a day. Obviously if a website is used more often it will appear in the report but we cannot report on individual usage at any given time!

ideally what I would like to setup is an internal proxy that would log all traffic but just pass-through the traffic to the external proxy provided for us. I do not need to do any type of filtering as this is also provided by the existing external proxy.

We have not administrative control over the external proxy (squid Proxy) to pull out requested data.

Any help would be gratefully received
0
dblight
Asked:
dblight
  • 3
  • 2
  • 2
1 Solution
 
bmatumburaCommented:
Microsoft ISA server can do this
0
 
bmatumburaCommented:
You'll have to join your student's workstations to a domain in which the ISA server is also a member. You'd then create usernames and passwords for your students on the domain and ask them to use these whenever they want to logon to the machines. ISA server can then be configured to monitor and report on what each student browses.
0
 
dblightAuthor Commented:
Thanks for replies.

We already have ISA setup for our internal intranet and external webiste its is used mainly for the authentication (single sign on) for all our internal systems.

can a seperate configuration be set that wont interfere with this? Also approx 200 of our laptops are student laptops that are not connected to the domain so authentication will be an issue as the leadership teams will not want students to authenticate again and again?
0
Who's Defending Your Organization from Threats?

Protecting against advanced threats requires an IT dream team – a well-oiled machine of people and solutions working together to defend your organization. Download our resource kit today to learn more about the tools you need to build you IT Dream Team!

 
arnoldCommented:
You could setup an internal transparen/chained squid proxy with NTLM.
The question is do you want to prompt all non Domain users for credentials prior to leting them access the outside/inside systems?
0
 
dblightAuthor Commented:
Hi Arnold,

I was just thinking the same, i'm installing Ubuntu as we speak to test this theory, all i want the "internal" proxy to do is trap the logs so i can parse them before they go out through the external "normal" proxy.

I dont really want any user to be prompted for any authentication as i want it just to be seemless and normal for them so they do not know that we are bypassing them to another proxy first.

i do have a question on the reporting side of things though. Ultimatley i want to be able to see where any particular USER has browsed and when, like you said with AD authentication but again i want it to be seemless so they are not prompted to enter any credentials. I suppose the laptops that are not domain intergrated can get away with just bypassing the "internal" proxy and carrying on as normal? does this sound possible?

Can you point me in the direction of any resources to configure squid as a transparent proxy and about AD intergration? at the moment im trawling through http://wiki.squid-cache.org/SquidFaq 

0
 
arnoldCommented:
A transparent proxy deals with requests on port 80 being redirected by the router/ISA back to the proxy server which based on your setting will pass the requests to the external proxy.

You could setup the system to check NTLM to detect AD systems. and then let it fall through which will allow all access through. (no deny)
This will let non AD systems access, but will also let AD systems where the user did not login into the domain to pass through unidentified.

There are many resources on setting up transparent proxy:
http://tldp.org/HOWTO/TransparentProxy.html
http://www.cyberciti.biz/tips/linux-setup-transparent-proxy-squid-howto.html
http://www.deckle.co.za/squid-users-guide/Transparent_Caching/Proxy

Currently do you have your ISA configured to redirect port 80 requests to the external proxy or is the external proxy setup as a transparent?
0

Featured Post

Evaluating UTMs? Here's what you need to know!

Evaluating a UTM appliance and vendor can prove to be an overwhelming exercise.  How can you make sure that you're getting the security that your organization needs without breaking the bank? Check out our UTM Buyer's Guide for more information on what you should be looking for!

  • 3
  • 2
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now