LinuxQuestions.org
Share your knowledge at the LQ Wiki.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 04-08-2011, 08:41 PM   #1
hewittrj
Member
 
Registered: Mar 2007
Posts: 83

Rep: Reputation: 15
security and a school computer lab


Not too sure if this is the right forum to as this but here goes. I have a Computer lab at my Church School and we are concerned about inapproiate web sights getting to the children screen. We don't want this to happen. I am probablly gonna use IPCop as a start but I want to be able to block out certain other things like IM programs. Also a request was made of me to find a program that will inabel the teacher to view whatever is on a students screen from the teachers desk. Now I know that some people wil chim in on it is wrong to block IM programs and spying on what is on a student screen is bad too, but this is what is requested.

All the PC in the classroom are Dell P4 with windows XP Pro installed the internet gateway is a Dell PowerEdge 2650 NO os is as yest installed.

Robert
 
Old 04-08-2011, 09:17 PM   #2
MS3FGX
LQ Guru
 
Registered: Jan 2004
Location: NJ, USA
Distribution: Slackware, Debian
Posts: 5,852

Rep: Reputation: 361Reputation: 361Reputation: 361Reputation: 361
Certainly not the right forum, no.

The only way I could see Linux fitting into this is by being used on the server, but even still that doesn't make this a Security question.
 
Old 04-08-2011, 10:30 PM   #3
win32sux
LQ Guru
 
Registered: Jul 2003
Location: Los Angeles
Distribution: Ubuntu
Posts: 9,870

Rep: Reputation: 380Reputation: 380Reputation: 380Reputation: 380
Quote:
Originally Posted by MS3FGX View Post
Certainly not the right forum, no.

The only way I could see Linux fitting into this is by being used on the server, but even still that doesn't make this a Security question.
I think it's fine here, as it's about setting up a GNU/Linux firewall. I do, however, request that a separate thread be opened for the screen monitoring question. Furthermore, since it sounds like both teacher and students are running Windows, that question should probably go in General.

hewittrj, have you considered simply making a list of allowed websites for the children? Said approach would be the simplest (and quite likely the most effective too). Granted, it's not an option everyone finds attractive, but I still wanted to ask.

Last edited by win32sux; 04-08-2011 at 10:31 PM.
 
1 members found this post helpful.
Old 04-09-2011, 05:20 AM   #4
Noway2
Senior Member
 
Registered: Jul 2007
Distribution: Gentoo
Posts: 2,125

Rep: Reputation: 781Reputation: 781Reputation: 781Reputation: 781Reputation: 781Reputation: 781Reputation: 781
I agree with Win32. From a behavioral perspective, making your intentions known and clearly understood will get you better results than placing obvious barriers in front of them. If they are aware that you are deliberately blocking stuff from them, for some at least, it will become a challenge just to avoid your block. From experience, I think it is safe to say that this is a game that you would likely lose. Also, one of the absolute worst responses to "inappropriate content" that your organization could make would be to "make a big ordeal about it" as this would only enhance the experience and make for a more enticing game. Instead you would be better off to use it as an opportunity to teach and discuss about why it is inappropriate for a public setting like school or the work place. I don't mean to preach here, but on a talk radio station that I listen to in the mornings on the way to work, variations of this subject come up frequently. Far too often the school systems react in an insane and very non-adult manner and their response is usually far more controversial than the original offense.

If you do decide to go with filtering software, there are several options, both commercial and free. Typically these act as proxy servers, receiving the request, making a determination as to whether or not the site is allowed and then fulfill the request by relaying the data. The most common commercial one I am aware of is a programm called Bluecoat. In the free realm, a lot of people use Squid / Squidguard as a proxy, but I couldn't provide you with a lot of details on how to use it for content filtering. Here is a link to one that is a how-to implement content filtering site using squidguard, dansguardian, and Ubuntu Linux, from a reputable author.

Such a system would also contain logs that could be used to review a students activity in regards to where they have been. You might consider this as a compromise to the desire to have the children's monitors spied on. It would still achieve the same goal, but in a more subtle fashion. It would identify any violators, who could be dealt with, while not sending the undesirable message that "we are watching you because you can't be trusted"; a message that, if given, they will certainly live up to.
 
1 members found this post helpful.
Old 04-09-2011, 06:07 AM   #5
jschiwal
LQ Guru
 
Registered: Aug 2001
Location: Fargo, ND
Distribution: SuSE AMD64
Posts: 15,733

Rep: Reputation: 682Reputation: 682Reputation: 682Reputation: 682Reputation: 682Reputation: 682
One simple thing you can do is use Open DNS. Register, and enable the family filtering.
I imagine you have a NAT router, and the computers use DHCP to get their IP address and the DNS address. You can put enter the IP addresses for OpenDNS in the routers config page so the computers use it instead of your ISP's name server.

Some ISP's offer a similar service for $1 or $2 a month.

Another option is a device such as an Astaro gateway. There will be an upfront charge for the device and a monthly charge.

If you will go for the home brew proxy server route, google for terms in the link provided in the last post. I've seen pages giving complete configurations for Dan's guardian & squid that is used in a school proxy. Such a system will not only block sites on a black list, but can also scan pages visited and block pages containing objectionable text. If you can identify a school that uses Dan's Guardian, contact the IT department at that school. They will probably be glad to offer advice.

Another thing that is important is the the kids are supervised when they are online.

Last edited by jschiwal; 04-09-2011 at 06:11 AM.
 
Old 04-09-2011, 07:04 AM   #6
unSpawn
Moderator
 
Registered: May 2001
Posts: 29,415
Blog Entries: 55

Rep: Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600
Quote:
Originally Posted by jschiwal View Post
Such a system will not only block sites on a black list, but can also scan pages visited and block pages containing objectionable text.
In terms of effectiveness and maintenance using a blacklist is less optimal than using a whitelist. Using that instead will also help enforce the educating users and policy aspects (which I agree are important things to emphasize) from Noway2's post.
 
Old 04-09-2011, 07:56 AM   #7
jschiwal
LQ Guru
 
Registered: Aug 2001
Location: Fargo, ND
Distribution: SuSE AMD64
Posts: 15,733

Rep: Reputation: 682Reputation: 682Reputation: 682Reputation: 682Reputation: 682Reputation: 682
Quote:
Originally Posted by unSpawn View Post
In terms of effectiveness and maintenance using a blacklist is less optimal than using a whitelist. Using that instead will also help enforce the educating users and policy aspects (which I agree are important things to emphasize) from Noway2's post.
I don't disagree with this point. Using OpenDNS as well as white listing could provide redundancy, in case of a mistake or misspelling in the white list.

Is there such a thing as a white list download? It sounds like it could be a maintenance nightmare if not meant for younger children who only need to visit a handful of sites.
 
Old 04-09-2011, 12:29 PM   #8
unSpawn
Moderator
 
Registered: May 2001
Posts: 29,415
Blog Entries: 55

Rep: Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600
Quote:
Originally Posted by jschiwal View Post
in case of a mistake or misspelling in the white list.
Good point. BTW what happens if OpenDNS fails to filter a site?


Quote:
Originally Posted by jschiwal View Post
Is there such a thing as a white list download? It sounds like it could be a maintenance nightmare if not meant for younger children who only need to visit a handful of sites.
Heh, the phrase "maintenance nightmare" is exactly what I had in mind for describing a blacklist ;-p Whitelists must be tailored for a specific sites needs so I doubt there's any generic parental control type of whitelists for free D/L (there is a restricted search engine for little children though). A maintenance nightmare to me would be having to find out, not from the FQDN or URI, but by manually visiting a page to see if it would be fit for whatever place.
 
Old 04-10-2011, 03:36 PM   #9
hewittrj
Member
 
Registered: Mar 2007
Posts: 83

Original Poster
Rep: Reputation: 15
I think I will be usig IPCop as a firewall filter setup I need to start the server install for it but it still leaves out the monitoring. A blacklist is a nightmare but it my be the only way to go as the students use the computers for web research on various subjects. My only real concern is accidental access to pg-13; R; and X rated web sites, and the school has asked to block Myspace and Facebook. I am not too worried about IM as the grade level is 1st to 6th grade. As for the screen monitoring You could look at as security, I know of business that do this to their employees.


RObert
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Recommend software for an elementary school computer lab jsugi Linux - Software 11 08-18-2010 04:00 PM
Local school Linux PC lab (Help with buying PC's) ctkroeker Linux - General 4 12-10-2006 08:19 PM
LXer: Linux school lab 'expelled' LXer Syndicated Linux News 0 07-08-2006 05:54 AM
LXer: Toronto high school expels Linux lab LXer Syndicated Linux News 0 07-07-2006 03:21 PM
Unveiled: First Open Source Computer Lab in a NYC Public School alaithea Linux - News 0 02-28-2006 02:37 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 07:10 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration