hello, I got an unusual request today. I site wants to control internet access for it's users (a school). They are having a lot of problems with microsoft viruses/worms as well as trying to stop P2P stuff like Kazaa. They would like to only let users who have been authenticated have internet access. They currently have routers doing DHCP for IP addresses, so anyone can plug into the network and get out. So...after thinking about this for a while, I started thinking about using a decent PC box running Suse with the Susefirewall, a few NICs and squid. The next thing became setting up squid so it can do user authentication before giving internet access, after some research I see that I'd have to use one of the mod_auth_db or mod_auth_mysql modules. Since it's a school with a bunch of kids, I started wondering about how to control user accounts and passwords. For sure, I'd have to use mysql or something like it for the ACL's and accounts/passwords. Then, I was wondering about an intranet management website for this system, I've seen some CGI scripts for this. So, the kids would come into school, sign in at the front desk, their info gets entered into the system - at this point so they can get a user account and password. The password would only last a few months and expire. The susefirewall would control what traffic is allowed in ( I have to also figure out a way to stop Kazaa or other P2P sharing), the squid running proxy authentication would give only authenticated users access to the internet. I don't want the internal machines to see each other (helps to reduce spread of viruses) so I block microsoft file sharing ports (135, 139, etc.). The kids have no rights or say over the network! My goal is to make it as fast and reliable as possible, if some microsoft windows functionality is lost, so be it. The last thing is monitoring of IP addresses....I have to come up with a log monitoring system that catches any IP addresses that are being used too much (being abused - either virus, worms, P2P file-sharing, etc) and stop them. The user account using that IP address would be emailed or called by the school and told that their account has been disabled. Of course, they'll know it's been disabled before the school will! So, the school just has to wait for them to call. I recall seeing pflog or some name like that which does log monitoring........is this correct? I'd have to figure out a way to parse the logs and if an IP address shows up too frequently within a period of time, that IP address needs to be blocked somehow. Basically...from what you see, am I on the right track? Any hints, advice, experiences trying to tame crazy microsoft windows machines are all welcome ! :) Oskar
participants (1)
-
pheonix1t