Search squid archive

Re: Need advice on some crazy access control requirements

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hey Victor,

I do not think it's too crazy.
It is a very common statement in the Law of Pharmacy to not operate "heavy" tools when taking a specific medicine. In most cases it is there since the operation of such tools(light\heavy) requires the worker\operator a specific amount of concentration and attention and since the desire of the usage is a change this is the right phrase.

I think that it depends also on the target of the ACL\policy in many cases.
For example there are many places that do allow Apple(which includes music, videos, books and many more) but do not allow YouTube or in some places even Google or Bing. If for example in a medical operating room there would be Internet available it can be potentially hacked and in many places the common policy is that VOIP(over the Internet) in these cases is in use. It's one of the tools for the room. The staff in the room tends to be very trusted but you cannot rely on specific tools to replace the soul which decides on the right thing to do "mid-flight" when there are tiny saws and scalpel on the stand.(and vice versa mind cannot replace specific tools).

The first thing that you can do in such a scenario is to analyze the network traffic using squid. It can give lots of output and feedback even if used only as a simple logging tool. When you do have a clear view with what you are handling you can see what are the realistic option about this specific group of Internet users. For example if they are trying to use a proxy service that is on other ports then 443 and 80 your goal would be to use a strict policy rather then simply monitoring the HTTP and HTTPS connections.

I do not have experience with psychology but I do think that if most of the undesired sites will be blocked it would fit most ACLs\policy ideas. I think it's a really good idea to somehow find the right tactic so that the request for such a crazy ACL requirement would be understood by the requester.

I do not remember if squid can "stop" a download after a specific amount of KB\MB for one file but again eventually it is possible to download them in chunks... So it's not really impossible but indeed it's not an easy task to implement. Also I know that there are couple products that does in a way what you just described. The issue with them in most cases is that they do cost more then a dime and sometimes the request for such a requirement being dropped by hearing only part of the costs.

Eliezer

On 11/03/2016 05:31, Victor Sudakov wrote:
Dear Colleagues,

New Internet access rules are being introduced in our company, among
them there is a requirement to have special groups of Internet users
who are permitted to:

1. Download files from the Internet.

2. Use Web forums.

3. Use streaming audio/video.

By default users should have no access to the above facilities.

These requirements may sound stupid and vague to some, but is there a
way to accomodate them at least partially, without keeping long lists
of prohibited file extensions and domains, which is very
counterproductive?

I am perfectly aware that an advanced Internet user will be able to
circumvent those prohibitions, but still, any recipes? I have looked
in http://wiki.squid-cache.org/SquidFaq/SquidAcl but found nothing
very useful.



_______________________________________________
squid-users mailing list
squid-users@xxxxxxxxxxxxxxxxxxxxx
http://lists.squid-cache.org/listinfo/squid-users




[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux