Re: N00b Question

[jayson.agagnier () aero bombardier com]

Ahh...info. sec. people never get a break do we?  ;-)

SQUID Proxy will do just what you're looking for and much more. :)

We have several squid proxies in place in a HA load balanced setup with
over 10,000 users going through it.  All major webmail sites are blocked,
based on host, domain and IP address.  We also have blocked all web
messenger apps. as well as standard client apps, ie. Yahoo!, MSN, ICQ, AOL,
again based on destination host, domain and IP address.

In addition, we use squid to limit certain sites that are not business
related, but users might want to use, such as news, sports, banking, etc.
to a limit of 1 hour per day.  That way people can do their banking, etc on
break or lunch time, but they can not waste their entire day on the web.

Squid also lets you setup exceptions, some people may need to be on news
sites all day since that is their job.  All users have to authenticate to
the proxy, and weekly usage reports are generated by user id, listing who
used it the most in terms of volume, and connection time.

SQUID is extremely flexible and should serve your purpose quite well.

Good luck & Happy New Year! :)

Jayson Agagnier, CISSP, CISA
Sr. Information Security Analyst
Bombardier Aerospace


Various people from <security-basics () security-focus com> wrote:

> I believe this can be done with SQUID PROXY [http://www.squid-cache.org/
].
> Never set it up, but I have looked into.
>
> Can any other list members please verify?

> The problem with MSN/Yahoo! chat programs is that they can be
> configure to use the same port as web browsing (80) therefore the best
> solution is to not let them install the programs in the first place.

[SNIP]

> I am very new to the firewall and network security world. I have a
> situation wherein  I need to block webbased email access and the ability
> to upload attachments to web-based email. I also need to ensure that
> MSN/yahoo chat is disabled and quotas are established for web surfing.
>
> Is there an Open Source solution to this problem. The network comprises
> Cisco Routers and 500 series firewalls.





E-mail disclaimer:
This message contains information, which is intended for the sole
use of the recipient or authorized representative. Any person who
receives this e-mail by mistake shall immediately notify the
sender and destroy it. E-mail transmissions cannot be guaranteed
to be error-free as information could be intercepted, altered, or
contain viruses. The sender therefore does not accept any
liability for damages caused by the fraudulent alteration of this
message including, without limitations, damages caused by any
virus transmitted by it.

Ce message contient de l'information destinée au seul usage du
destinataire ou de son représentant autorisé. Toute personne qui
reçoit ce courriel par erreur doit en aviser immédiatement
l"expéditeur et détruire le courriel. Les transmissions de
courriels ne peuvent être garanties exemptes d'erreurs puisque
l'information peut être interceptée, modifiée ou contenir des
virus.  L'expéditeur ne peut donc accepter de responsabilité
quant aux dommages causés par une modification frauduleuse du
message, y compris, sans s'y limiter, tout dommage occasionné par
un virus qu'il aurait transmis.