|
| hello,
I got an unusual request today. I site wants to control internet access for
it's users (a school). They are having a lot of problems with microsoft
viruses/worms as well as trying to stop P2P stuff like Kazaa. They would
like to only let users who have been authenticated have internet access.
They currently have routers doing DHCP for IP addresses, so anyone can plug
into the network and get out.
So...after thinking about this for a while, I started thinking about using a
decent PC box running linux with firewall, a few NICs and squid. The next
thing became setting up squid so it can do user authentication before giving
internet access, after some research I see that I'd have to use one of the
mod_auth_db or mod_auth_mysql modules. Since it's a school with a bunch of
kids, I started wondering about how to control user accounts and passwords.
For sure, I'd have to use mysql or something like it for the ACL's and
accounts/passwords. Then, I was wondering about an intranet management
website for this system, I've seen some CGI scripts for this.
So, the kids would come into school, sign in at the front desk, their info
gets entered into the system - at this point so they can get a user account
and password. The password would only last a few months and expire. The
firewall would control what traffic is allowed in ( I have to also figure
out a way to stop Kazaa or other P2P sharing), the squid running proxy
authentication would give only authenticated users access to the internet.
I don't want the internal machines to see each other (helps to reduce spread
of viruses) so I block microsoft file sharing ports (135, 139, etc.). The
kids have no rights or say over the network! My goal is to make it as fast
and reliable as possible, if some microsoft windows functionality is lost,
so be it.
The last thing is monitoring of IP addresses....I have to come up with a log
monitoring system that catches any IP addresses that are being used too much
(being abused - either virus, worms, P2P file-sharing, etc) and stop them.
The user account using that IP address would be emailed or called by the
school and told that their account has been disabled. Of course, they'll
know it's been disabled before the school will! So, the school just has to
wait for them to call.
I recall seeing pflog or some name like that which does log
monitoring........is this correct? I'd have to figure out a way to parse
the logs and if an IP address shows up too frequently within a period of
time, that IP address needs to be blocked somehow.
Basically...from what you see, am I on the right track? Any hints, advice,
experiences trying to tame crazy microsoft windows machines are all welcome
! 
Oskar
|
|