[Gllug] Proxy Server

[Mark Lowes]

On Tue, 2002-11-12 at 12:37, Xander D Harkness wrote:
> Mark Lowes wrote:
> >Block all incoming connections, punch holes incoming for the mail
> >server.
> >Block all websites, allow trusted admins to add sites to the allow list,
> >when email goes live hook in spamassassin and make sure there's a strong
> >AUP for the students to abide by or lose their access.
> >In this situation go for 'tight as a ducks arse' filtering.
[...]
> I deal with a number of schools,some use white lists, some use black lists.

Agreed, there's no such thing as a one size fits all policy with network
security / content 

> The white lists are very difficult to maintain as you will often find a 
> teacher has prepared a class at home to run though a number of web sites 
> she has googled for, of which none are on the white list :-)

I think the expression here is "tough, you know the policy or would you
prefer to explain to the parents when a porn image slips through the
filters?"

[...]
> I also run Calamaris as a nightly script and this reports on every URL 
> requested.  If there are nasty ones there I created a small script that 
> the teachers can find out who requested it.  All students and staff have 
> to  log in to use the internet, using the same password as their mail 
> and account logins.  All traffic is forced through the web proxy.
> They get the picture very quickly that they will get caught if they are 
> going to sites that they should not.

Nice, however there are DPA issues the school needs to be aware of
there, particularly with making sure that the logging is detailed and
who is allowed access to the logs (as they tie information back to a
person) is controlled.

-- 
The Flying Hamster <hamster at korenwolf.net>     
http://www.korenwolf.net/
"I am damn unsatisfied to be killed in this way."
        - English subtitles used in a film made in Hong Kong

-- 
Gllug mailing list  -  Gllug at linux.co.uk
http://list.ftech.net/mailman/listinfo/gllug