Our small college needs a server to filter, monitor, and log everything going over our T1 line.
It will initially have to handle about 100 users but be expandable to more.
The traditional solutions run about $10,000 plus an annual fee for the filter list. Way out of budget!
It is my guess that someone has a Linux-Apache-OpenSource app and who charges only for the filter updates, or perhaps a Linux-Apache based-app for which he/she charges a reasonable initial fee.
The computer folks at the college are limited in knowledge, and that is limited to M$ stuff. They do have some volunteer folks who are familiar with Cisco, M$, and have some knowledge of Linux & Unix.
The solution really needs to be turnkey.
Any recommendations, please?
log + ids: www.snort.org --> www.mysql.com <-- eg. acid (search on the snort site) on seperate server/s eg p1/100-mhz and higher
filter: www.iptables.org = www.netfilter.org on your gateway, alow only what you will let out/in p1 /100-mhz and higher, good nic´s
www.squid-cache.org
on a seperate server p1/100mhz/2 gb hdd/32 mb ram (only 1 nic :-( ) for 30 clients without any problems
install here the caching-nameserver
only port 80, 443 are allowed for the normal-users (modify Safe_ports)
with user_authentication
#vi /etc/squid/squid.conf
authenticate_program /usr/lib/squid/ncsa_auth /usr/lib/squid/etc/passwd
-->
eg
# vi /var/log/squid/access.log
172.16.2.3 here_u_see_the_user_name - [02/Jun/2003:10:29:21 +0200] "GET http://www.xxxxxxxx.de/yyy/zzzzzzzzzz.html HTTP/1.0" 200 1621 TCP_MISS:DIRECT
the clients have only an dns-server for the lan and no gateway
monitor: www.ntop.org
you need: little linux-knowledge good network-knowledge a few hours for installation same for configuration and minimal hardware
-- shrek-m
