mailing list archives
RE: N00b Question
From: "G.Crow" <secure.computing () gmail com>
Date: Thu, 30 Dec 2004 22:33:19 -0500
For blocking certain sites your best bet is a proxy of some sort, presumably
transparent. Lots of people on this list will point you towards Squid if
you're looking in the open-source realm. You *could* block site IPs in your
firewalls (PIX firewalls are almost all, if not all, in the 500-scheme. I
haven't looked at the lineup recently.) That is, however, not a great
solution for a variety of reasons.
If you are blocking the web-based email, why do you need to block the
ability to upload attachments?
For MSN/yahoo chat you can block the ports in your external firewall. This
will stop 95% of your users (possibly more if MSN/yahoo don't accept
connections on any port like AIM does.) You can also see if your
infrastructure supports deep packet inspection - Cisco has a good variety of
capabilities regarding that, but I can't for the life of me remember the
acronym, and my Cisco books are in the office. I avoid it, myself, since it
punts packets to the processor, but that doesn't matter as much with a
slower external link.
Quotas established for web surfing? Do you mean accounting per computer
(he's been on the web *this* much today) or do you actually mean cutting it
off after a certain point per day? Logging and log analysis is easy enough,
but true quotas would require authentication of some sort most likely, and
are probably more trouble then they're worth. If bandwidth is an issue I
would just implement QoS and put port 80/443 traffic in a low CoS.
From: Harshal Dedhia [mailto:harshal.dedhia () skybird-travel com]
Sent: December 30, 2004 11:42 AM
To: security-basics () securityfocus com
Subject: N00b Question
I am very new to the firewall and network security world. I have a
situation wherein I need to block webbased email access and the ability
to upload attachments to web-based email. I also need to ensure that
MSN/yahoo chat is disabled and quotas are established for web surfing.
Is there an Open Source solution to this problem. The network comprises
Cisco Routers and 500 series firewalls.