LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Security (http://www.linuxquestions.org/questions/linux-security-4/)
-   -   Suggestions for Firewall and Content Restriction (http://www.linuxquestions.org/questions/linux-security-4/suggestions-for-firewall-and-content-restriction-839601/)

anoopch 10-21-2010 02:05 PM

Suggestions for Firewall and Content Restriction
 
2 Attachment(s)
Hi Friends and my dear LINUX brainiest family mates...

I'm joining a small company as a System Admin(LOL:scratch:). The company is a small inbound call center. I will be paid around 500$.. Basically I'm not a genius in Linux.. What i can do, is just Install and configure Linux OS (just a basic admin..).. Or you can call me Admin in Practice (LOL).

In my office the network setup was bad. I corrected it and configured it. Fixed a couple of issues as well. Now its running good. But the employees are bad now. They use to download movies, porn, whatever they want.. So they are hiring me to stop this..

Basically the Internet configuration was wrong. Two internet connections were given directly to the Hub without Load Balancing. So i got a little help from bgeddy, niels.horn, SavoTU and vss2094 (LQ Members) and learnt what to do. Finally i have concluded to design a network as shown in new.png attachment. Please refer old.png for the old network layout.

Now i found (after surfing for over a week and from LQ members) that ClearOS would be best suited for me. I require further suggestions and comments about my choice.

Purpose of Clear OS:
1.) FireWall (Preventing File Download FTP...etc)
2.) Content Filtering (Allowing only specific websites to be viewed, blocking IM, File Download ..etc )
3.) Load Balancing between two ISPs

Planning For a Old Machine to be used. Specs as Follows
Intel Pentium 4 3 GHz HT
1 GB DDR RAM
40 GB HDD

I am in need of your valuable suggestions on my choice and review it..
Thank you..

fbobraga 10-21-2010 02:12 PM

you can setup a free account on http://www.opendns.com/ for Content Filtering, and just setup the box to update the External IP address of the LAN...

then, you will have the other 2 items to setup :P

anoopch 10-21-2010 03:49 PM

Hmmm... Hpefully openDNS is good..
 
Quote:

Originally Posted by fbobraga (Post 4135049)
you can setup a free account on http://www.opendns.com/ for Content Filtering, and just setup the box to update the External IP address of the LAN...

then, you will have the other 2 items to setup :P


Yes.. That Helps solve the Content Filtering Problem..
But colleges working along with me are brilliant enough to use online proxy servers to browse. So that i wanted an efficient Content Filtering.

Efficient Content Filtering:

1.) Disable searching of suspected keywods.. (such as proxy. web proxy...etc)

2.) Even scans for IM.. (Not available in OpenDNS i think)
And Block them if necessary..

3.) Disable File Download.

Also we have a Dynamic IP Address that make this little bit difficult. Even though openDNS has a s/w for updating this, i'd like to prefer a customized version of content filtering and domain filtering software.


Of-course openDNS is an excellent option.. But think.. What if I need to allow only a few computers on the same network to enjoy unrestricted Internet Accesses?

anoopch 10-21-2010 04:25 PM

Configuration Tips:
http://schoolitexpert.com/Network-To...learos-51.html

Some Good Video Tutorials for Installing ClearOS..

http://schoolitexpert.com/Network-Tools/ClearOS/

They are all basic videos from an expert.. Really awesome for all starters..

My YouTube Playlist of Good Videos related to ClearOS

http://www.youtube.com/view_play_lis...D06DAD9F1A2A5F

anoopch 10-22-2010 04:12 PM

Top Firewall comparison
 
Found A firewall Comparison among the TOP 7 Contenders.. Interesting... you can read it here...


http://www.techradar.com/news/softwa...rewalls-697177

This thread seems little inactive so i'm getting a lot of answers my self.. LOL :banghead:

OlRoy 10-23-2010 09:52 AM

I don't know how your company has handled this or other incidents, but when you have one, make sure you address not just the technical vulnerability like you're doing, but the vulnerability in the security policy. You may need to clarify that what they are doing is prohibited, why and the consequences of their actions. If there are no real consequences for breaking the security policy, then people are less likely to follow it.

anoopch 10-23-2010 12:15 PM

Hey.. Just INstalled ClearOS...
 
I'm posting from clearOS Server.. Seems good so far.. I had a couple of issues with my old NIC cards from Realtek..

Finally I got a new NIC card and installed it...
Now it seems ok... The Display resolution is very poor..

anoopch 10-23-2010 12:20 PM

To err is human....
 
Quote:

Originally Posted by OlRoy (Post 4136831)
I don't know how your company has handled this or other incidents, but when you have one, make sure you address not just the technical vulnerability like you're doing, but the vulnerability in the security policy. You may need to clarify that what they are doing is prohibited, why and the consequences of their actions. If there are no real consequences for breaking the security policy, then people are less likely to follow it.


Even though there are stricter punishments if caught they keep doing it... We cut salary.. Send a person on leave.. But how long can we do this? we are hiring them for mere 160$ per month. We cannot do repeatef hiring so we plan to do restriction thats all...


I'm going to allow only 5 websites needed for the official work. All others will be banned comprehensively.


All times are GMT -5. The time now is 05:19 PM.