business · Linux · Proxy · router · squid

Internet, acceptable usage


The price of internet has become a cheaper then ever, how ever it is still not so inexpensive resource in South Asia. On the other hand internet contents has become very heavy (compared to old days) as well as internet applications has become real time. Use of internet is not limited to information and education any more.

In an educational institute or a in a corporate environment example bank, this wide range of services could be counter productive in many ways and requires some form of control.

  • Access to malicious content
  • Unwanted services which is counter productive for the organisation and individuals
  • Most impotently unwanted services chocking access to legitimate Internet usage

There are couple of ways to address this problem.

First and foremost you must have an acceptable internet/network usage policy which reflects the organisation policy. A good start could be http://www.businesslink.gov.uk/bdotg/action/detail?itemId=1076142205&type=RESOURCES

you may find many other templates and guideline with the help of any search.

While you decide on your policy.

You would like to look into the type of content resources they would like to access, if it is web only or other services such as remote access, p2p/torrent, media streaming etc.

You also would like to look in to category of websites your users need for their office or educational use.

A sample category list shall look something like this

Url block list category

At the same time you want to setup some kind of log monitoring and reporting, help you identify the bandwidth hogger, or probably help you comply with the policy.

Most of the time these two steps shall free up sufficient resources to let the legitimate  users roam around online freely.

The third and the most effective step (not usually a simple one) would be implementing a a bandwidth manager and control each users like the Internet service provides do. We shall cover that scope in a different article some other time.

As per the technical implementation goes

We can place a Linux box in the gateway and run a squid proxy on top of it, and configure it as a transparent proxy.  So that all traffic passes on transparently without needing to reconfigure clients for proxy address.

You may only arouce  NAT https or any other ports you may need access to.

For web access control based on content type you may implement squidGuard, which is fairly simple to deploy. You may search and find your own black list, however I tried it out with the following list black list from www.shallalist.de they allow personal and commercial use for free. Squid Guard can easily be integrated with Squid proxy and works like a charm also very light to run.

And finally I use squint, a simple very easy to install extension to squid, will generate nightly logs and usage reports can be viewed nightly, weekly and monthly. It also provides  a report with tge top offenders in terms of data transfer, number of files transferred and on-line time are reported.  Squintalso generates a detailed history for each person which can be viewed with a browser.

squint report

So this implementation allows you to open up the way for productive internet usage and help enforce your organisations acceptable internet usage policy

Proxy squid squidGuard squint
Proxy squid squidGuard squint

If you need farther help implementing this model please feel free to get back to me, I shall be more then happy to share additional resources for this configuration if required.

This article is brought you by http://xeois.com your home to open sources office integration solution

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s