Home page logo
/

basics logo Security Basics mailing list archives

RE: Family protection - proxy?
From: "Bill Diamond" <bdiamond () citadel com>
Date: Thu, 30 Mar 2006 18:21:40 -0600

I don't disagree, but I may take this a step further.

I had the same problem a few years ago.  We all had pop accounts through
our ISP as well as various personal accounts.  The amount of spam,
malware, and plain yeech was astonishing. 

The solution I chose was to build a Linux server (but, you could do this
as easily with BSD).  I set up postfix, fetchmail, spamassassin and
clamav.  

All email gets pulled by the fetchmail process, processed through clamav
and spamassassin. Users connect to the Linux box via IMAP. 

I did use an Athlon XP 2400 box with 1 GB RAM for several years until it
suddenly died.  The replacement was an eMachines 62xx with 1.25 GB RAM.
Took less than a day to configure.  I spend less than 2 hours per week
keeping it up to date with new rules for procmail.  I did do some custom
spamassassin rules to change the subject line to reflect the spam score.
Scores of 5 points or less go into a "suspects" folder; 5 to 10 points
go into a "spam" folder.  Anything above 10 points goes into a folder
that's hidden from the user. 

The most effort was in creating the content filters for postfix, which
seemed scary at first but turned out to be nearly mindlessly easy and
pretty near foolproof. We're down to fewer than 5 false negatives that
slip through per day, and those are usually harmless solicitations. 

Concur as well with the recommendations regarding the configuration of
dansguardian. 

Bill

-----Original Message-----
From: ragdelaed [mailto:ragdelaed () gmail com] 
Sent: Thursday, March 30, 2006 11:52 AM
To: Paul Simons
Cc: security-basics () securityfocus com
Subject: Re: Family protection - proxy?

install debian on a headless walmart special with 2 nic cards, one for 
your lan, the other for the wan. install squid and dansguardian. install

clamav with anti-virus plugin, if you wish, but it will run slower. 
much. run sarg for the reports. run dglog.pl for quick logs.

the best way to do it is to look at the howto at the bottom, then 
download each component separately, install, mess it up, play around, 
break it, then start all over again. depending on your experience level,

this might take a while. if you are unfamiliar with much of the below, 
then count on at least a week to build, test, then deploy.

also, you need to configure the walmart special as your gateway. whether

you make it the dhcp server or not, it needs to be your gateway. then 
you can direct all port 80 traffic to the dansguardian filter without 
having to change any clients in your house. you make your box a 
transparent proxy. instructions are in the howto.

this might take a while, but it is very worth it. i have three boys that

love yugioh and junk like that, so they are on the net all the time. 
they get blocked a lot. :)

consider the enterprise equivalent. an enterprise proxy solution will 
run about 250k for product and support, a content filtering solution 
will be about 300k, an anti-virus solution will run about 100k, and the 
monitoring and logging in man hours will be huge. estimate 500k for a 
complete bundle solution, and your eyes bug out. and dansguardian is not

just a black list filter, but rather a weighted content solution that 
does not depend on pre existing blacklists but can catch things on the 
fly based on the content in the page. i like it. for about 300 bucks, 
you can have all of the above, plus the other coolness that linux gives
you.

walmart:
http://www.walmart.com/catalog/product.do?product_id=4659580
http://www.newegg.com/Product/Product.asp?Item=N82E16822998004
or
http://www.newegg.com/Product/Product.asp?Item=N82E16833315001

dansguardian:
http://dansguardian.org/

squid:
http://www.squid-cache.org/

AV:
http://www.pcxperience.org/dgvirus/
http://www.clamav.net/

sarg:
http://sarg.sourceforge.net/

dglog.pl:
http://www.tiger.org/technology/dg/

howto:
http://www.ysgnet.com/modules.php?op=modload&name=News&file=article&sid=
164
http://www.nyetwork.org/wiki/DansGuardian


Paul Simons wrote:
I am looking for advice on how I can best protect my family from the
'horrors' on the Internet.
We have a small ADSL/wireless network at home (with a firewall and AV
on
all systems) on which my kids have their PCs/Macs. My wife and I use
it
via our laptops.

What is the best way of stopping access to porn/violence/etc.?

I was looking at setting up a system with a proxy. Or maybe paying for
some sort of service?
I don't really want to have to install a package on every system
(expensive and unmanageable)
Any other suggestions gratefully considered

Paul


To find out more about Reuters visit www.about.reuters.com

Any views expressed in this message are those of the individual
sender, except where the sender specifically states them to be the views
of Reuters Ltd.



------------------------------------------------------------------------
---
EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
The Norwich University program offers unparalleled Infosec management 
education and the case study affords you unmatched consulting
experience. 
Tailor your education to your own professional goals with degree 
customizations including Emergency Management, Business Continuity
Planning, 
Computer Emergency Response Teams, and Digital Investigations. 

http://www.msia.norwich.edu/secfocus

------------------------------------------------------------------------
---


  

------------------------------------------------------------------------
---
EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
The Norwich University program offers unparalleled Infosec management 
education and the case study affords you unmatched consulting
experience. 
Tailor your education to your own professional goals with degree 
customizations including Emergency Management, Business Continuity
Planning, 
Computer Emergency Response Teams, and Digital Investigations. 

http://www.msia.norwich.edu/secfocus
------------------------------------------------------------------------
---


---------------------------------------------------------------------------
EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
The Norwich University program offers unparalleled Infosec management
education and the case study affords you unmatched consulting experience.
Tailor your education to your own professional goals with degree
customizations including Emergency Management, Business Continuity Planning,
Computer Emergency Response Teams, and Digital Investigations.

http://www.msia.norwich.edu/secfocus
---------------------------------------------------------------------------


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault