LinuxQuestions.org
Support LQ: Use code LQ3 and save $3 on Domain Registration
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices

View Poll Results: Which of the following do you think is the best Gateway firewall server?
ClearOS / ClarkConnect 2 28.57%
IPCop 0 0%
eBox 0 0%
Monowall: 0 0%
PfSense 1 14.29%
Smoothwall Express 3 42.86%
Others 1 14.29%
Voters: 7. You may not vote on this poll

Reply
 
LinkBack Search this Thread
Old 10-21-2010, 01:05 PM   #1
anoopch
Member
 
Registered: Oct 2010
Location: Tamil Nadu, India
Distribution: Slackware 13.1
Posts: 42

Rep: Reputation: 0
Talking Suggestions for Firewall and Content Restriction


Hi Friends and my dear LINUX brainiest family mates...

I'm joining a small company as a System Admin(LOL). The company is a small inbound call center. I will be paid around 500$.. Basically I'm not a genius in Linux.. What i can do, is just Install and configure Linux OS (just a basic admin..).. Or you can call me Admin in Practice (LOL).

In my office the network setup was bad. I corrected it and configured it. Fixed a couple of issues as well. Now its running good. But the employees are bad now. They use to download movies, porn, whatever they want.. So they are hiring me to stop this..

Basically the Internet configuration was wrong. Two internet connections were given directly to the Hub without Load Balancing. So i got a little help from bgeddy, niels.horn, SavoTU and vss2094 (LQ Members) and learnt what to do. Finally i have concluded to design a network as shown in new.png attachment. Please refer old.png for the old network layout.

Now i found (after surfing for over a week and from LQ members) that ClearOS would be best suited for me. I require further suggestions and comments about my choice.

Purpose of Clear OS:
1.) FireWall (Preventing File Download FTP...etc)
2.) Content Filtering (Allowing only specific websites to be viewed, blocking IM, File Download ..etc )
3.) Load Balancing between two ISPs

Planning For a Old Machine to be used. Specs as Follows
Intel Pentium 4 3 GHz HT
1 GB DDR RAM
40 GB HDD

I am in need of your valuable suggestions on my choice and review it..
Thank you..
Attached Images
File Type: png old.png (78.6 KB, 25 views)
File Type: png new.png (89.2 KB, 26 views)

Last edited by anoopch; 10-22-2010 at 04:07 PM.
 
Old 10-21-2010, 01:12 PM   #2
fbobraga
Member
 
Registered: Jul 2010
Location: São Paulo - Brasil
Distribution: Fedora 17 amd64 / Fedora 17 i686 LXDE (w e17)
Posts: 229

Rep: Reputation: 41
you can setup a free account on http://www.opendns.com/ for Content Filtering, and just setup the box to update the External IP address of the LAN...

then, you will have the other 2 items to setup :P

Last edited by fbobraga; 10-21-2010 at 01:14 PM.
 
Old 10-21-2010, 02:49 PM   #3
anoopch
Member
 
Registered: Oct 2010
Location: Tamil Nadu, India
Distribution: Slackware 13.1
Posts: 42

Original Poster
Rep: Reputation: 0
Smile Hmmm... Hpefully openDNS is good..

Quote:
Originally Posted by fbobraga View Post
you can setup a free account on http://www.opendns.com/ for Content Filtering, and just setup the box to update the External IP address of the LAN...

then, you will have the other 2 items to setup :P

Yes.. That Helps solve the Content Filtering Problem..
But colleges working along with me are brilliant enough to use online proxy servers to browse. So that i wanted an efficient Content Filtering.

Efficient Content Filtering:

1.) Disable searching of suspected keywods.. (such as proxy. web proxy...etc)

2.) Even scans for IM.. (Not available in OpenDNS i think)
And Block them if necessary..

3.) Disable File Download.

Also we have a Dynamic IP Address that make this little bit difficult. Even though openDNS has a s/w for updating this, i'd like to prefer a customized version of content filtering and domain filtering software.


Of-course openDNS is an excellent option.. But think.. What if I need to allow only a few computers on the same network to enjoy unrestricted Internet Accesses?
 
Old 10-21-2010, 03:25 PM   #4
anoopch
Member
 
Registered: Oct 2010
Location: Tamil Nadu, India
Distribution: Slackware 13.1
Posts: 42

Original Poster
Rep: Reputation: 0
Configuration Tips:
http://schoolitexpert.com/Network-To...learos-51.html

Some Good Video Tutorials for Installing ClearOS..

http://schoolitexpert.com/Network-Tools/ClearOS/

They are all basic videos from an expert.. Really awesome for all starters..

My YouTube Playlist of Good Videos related to ClearOS

http://www.youtube.com/view_play_lis...D06DAD9F1A2A5F

Last edited by anoopch; 10-21-2010 at 04:27 PM.
 
Old 10-22-2010, 03:12 PM   #5
anoopch
Member
 
Registered: Oct 2010
Location: Tamil Nadu, India
Distribution: Slackware 13.1
Posts: 42

Original Poster
Rep: Reputation: 0
Smile Top Firewall comparison

Found A firewall Comparison among the TOP 7 Contenders.. Interesting... you can read it here...


http://www.techradar.com/news/softwa...rewalls-697177

This thread seems little inactive so i'm getting a lot of answers my self.. LOL

Last edited by anoopch; 10-22-2010 at 04:04 PM.
 
Old 10-23-2010, 08:52 AM   #6
OlRoy
Member
 
Registered: Dec 2002
Posts: 304

Rep: Reputation: 86
I don't know how your company has handled this or other incidents, but when you have one, make sure you address not just the technical vulnerability like you're doing, but the vulnerability in the security policy. You may need to clarify that what they are doing is prohibited, why and the consequences of their actions. If there are no real consequences for breaking the security policy, then people are less likely to follow it.
 
Old 10-23-2010, 11:15 AM   #7
anoopch
Member
 
Registered: Oct 2010
Location: Tamil Nadu, India
Distribution: Slackware 13.1
Posts: 42

Original Poster
Rep: Reputation: 0
Smile Hey.. Just INstalled ClearOS...

I'm posting from clearOS Server.. Seems good so far.. I had a couple of issues with my old NIC cards from Realtek..

Finally I got a new NIC card and installed it...
Now it seems ok... The Display resolution is very poor..
 
Old 10-23-2010, 11:20 AM   #8
anoopch
Member
 
Registered: Oct 2010
Location: Tamil Nadu, India
Distribution: Slackware 13.1
Posts: 42

Original Poster
Rep: Reputation: 0
Post To err is human....

Quote:
Originally Posted by OlRoy View Post
I don't know how your company has handled this or other incidents, but when you have one, make sure you address not just the technical vulnerability like you're doing, but the vulnerability in the security policy. You may need to clarify that what they are doing is prohibited, why and the consequences of their actions. If there are no real consequences for breaking the security policy, then people are less likely to follow it.

Even though there are stricter punishments if caught they keep doing it... We cut salary.. Send a person on leave.. But how long can we do this? we are hiring them for mere 160$ per month. We cannot do repeatef hiring so we plan to do restriction thats all...


I'm going to allow only 5 websites needed for the official work. All others will be banned comprehensively.
 
  


Reply

Tags
content, filtering, firewall, loadbalance, loadbalancing


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off
Trackbacks are Off
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
firewall internet restriction hariiyer Linux - Security 4 11-16-2006 01:41 PM
Best firewall and access/content monitor wingnutLP Linux - Distributions 13 02-07-2006 11:56 PM
Firewall / Content Filtering - Recommendations 360 Linux - Security 1 09-25-2003 12:37 PM
content filter on firewall Nerun Linux - Security 3 02-21-2002 04:24 PM


All times are GMT -5. The time now is 08:13 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration