LinuxQuestions.org
Register a domain and help support LQ
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices

Reply
 
Search this Thread
Old 06-03-2008, 10:21 AM   #1
rajthampi
LQ Newbie
 
Registered: May 2008
Location: Kuwait
Distribution: RHEL5, Ubuntu, PSlinuxOS
Posts: 15

Rep: Reputation: 1
Linux web proxy for Windows 2003 domain


Hi guys

I am more familiar with Windows 2003 domains. We have geographically seperated branches all around Kuwait and the typical network deployment is like following:

|--Windows 2003 DC (Replicated/GC)->ISA 2004/2006->Internet Connection--->Internet

ISA 2004/2006 servers are taking care of limiting the employees from downloading and browsing non-business websites (mostly video streaming sites).

For a long interval of time, we had replicated the same for most of our branches where users exceeded a minimum 15 to 25 and couple of our new branches are hardly having less than 10 users where deploying ISA 2004/2006 on Windows 2003 mean too costly for us.

Right now we are planning to use Linux boxes (preferably free distros) to regulate and control the internet traffic. Could anybody provide us some guidelines which will clearly explain how we could use a linux box to read the user information from Windows 2003 domain and allow/block the users from accessing the internet and related services?

Thanks and regards,
 
Old 06-03-2008, 01:32 PM   #2
stress_junkie
Senior Member
 
Registered: Dec 2005
Location: Massachusetts, USA
Distribution: Ubuntu 10.04 and CentOS 5.5
Posts: 3,873

Rep: Reputation: 331Reputation: 331Reputation: 331Reputation: 331
The kind of services that you want to set up can use generic network software such as is available on Linux and the BSD systems. Windows has nothing to do with it. Of course Microsoft has expensive Windows based solutions but it you take the Linux or BSD route you don't have to do anything special just because the client machines are running Windows.

You should take inventory of the capabilities of the equipment that you already have such as routers that are already in service. If possible make use of their capabilities. That will spread the load over more machines. For instance a cable modem or dsl modem actually provides several network services. Typically these little boxes provide DHCP server, inbound and outbound firewall, IPSec tunnels, and possibly other network services.

Then figure out what is left. In your case you want a web proxy server at a minimum. Almost any distribution can be configured for this but there are a couple that are geared specifically for network security services. These include, but are not limited to, Monowall and IPCop.

The software that provides these types of services are Squid for web proxy and Snort for intrusion detection.

Squid can actually perform several useful services. The documentation has complete information.

Monowall http://m0n0.ch/wall/

IPCop http://www.ipcop.org/

OpenWall http://www.openwall.com/

Squid web proxy software http://www.squid-cache.org/

Snort intrusion detection software http://www.snort.org/

Dans Guardian web proxy software http://dansguardian.org/

That should keep you busy for a while.
 
1 members found this post helpful.
Old 06-04-2008, 12:03 AM   #3
rajthampi
LQ Newbie
 
Registered: May 2008
Location: Kuwait
Distribution: RHEL5, Ubuntu, PSlinuxOS
Posts: 15

Original Poster
Rep: Reputation: 1
Smile

Quote:
Originally Posted by stress_junkie View Post
The kind of services that you want to set up can use generic network software such as is available on Linux and the BSD systems. Windows has nothing to do with it. Of course Microsoft has expensive Windows based solutions but it you take the Linux or BSD route you don't have to do anything special just because the client machines are running Windows.

You should take inventory of the capabilities of the equipment that you already have such as routers that are already in service. If possible make use of their capabilities. That will spread the load over more machines. For instance a cable modem or dsl modem actually provides several network services. Typically these little boxes provide DHCP server, inbound and outbound firewall, IPSec tunnels, and possibly other network services.

Then figure out what is left. In your case you want a web proxy server at a minimum. Almost any distribution can be configured for this but there are a couple that are geared specifically for network security services. These include, but are not limited to, Monowall and IPCop.

The software that provides these types of services are Squid for web proxy and Snort for intrusion detection.

Squid can actually perform several useful services. The documentation has complete information.

Monowall http://m0n0.ch/wall/

IPCop http://www.ipcop.org/

OpenWall http://www.openwall.com/

Squid web proxy software http://www.squid-cache.org/

Snort intrusion detection software http://www.snort.org/

Dans Guardian web proxy software http://dansguardian.org/

That should keep you busy for a while.
A beautiful way to greet a new comer! Appreciate your post SJ. I shall look onto those links and post my comments (As you mentioned, am sure those whole links are gonna cost me some time

Thanks and regards
 
1 members found this post helpful.
  


Reply

Tags
domain, firewall, linux, windows


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Joining a linux machine to a windows domain having a wndows 2003 as domain contoller sukalyan_g Suse/Novell 1 03-28-2008 01:31 AM
Is it possible to ad a windows 2003 Server to a domain using a Linux domaincontroller slimliner Linux - Networking 1 08-10-2006 04:51 AM
windows 2003 can't join linux domain niggersak Linux - Networking 1 08-10-2005 06:25 AM
Red Hat Linux 9 + Windows Server 2003 + Windows XP + Fedora in same domain wolfy339 Linux - Networking 5 03-02-2005 06:03 AM
Joining Linux Distro's to Windows 2003 Domain klawh Linux - Networking 1 12-10-2003 05:46 PM


All times are GMT -5. The time now is 08:06 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration