Re: [squid-users] Transparency and blocking other proxies

From: Henrik Nordstrom <henrik@dont-contact.us>
Date: Thu, 20 Apr 2006 03:31:29 +0200

ons 2006-04-19 klockan 20:08 -0400 skrev Dwayne Hottinger:

> use Novell. Keep us posted on what you find out. Im sure Im not the only
> network admin at a school that is curious how to keep kids (and teachers) from
> Skirting around the Internet filter.

As always the first line of defense is to have a clearly defined and
enforceable policy of use. Without this you won't get anywhere as every
measure you take will only encourage the determined to find ways around
it.

Second, have a proxy with suitable filters covering your back..

Third, make sure the computers are automatically configured by default
to use the proxy to make it easy to your users to comply with the policy
of use, and also acting as a reminder that there is a policy they have
to abide to.

Fourth, actively monitor usage and go after the people who actively
tries to violate the policy.

Fith, if this isn't sufficient to keep things at bay, stop routing to
the Internet, providing only the proxy access method.

And finally, if that isn't sufficient, build a whitelist of allowed
sites and block everything else..

Actually I might move the fifth up quite a bit in your situation, but I
live in a country much more liberal on these matters and where freedom
is considered very important, and where you can't sue someone only
because you saw content you didn't like on their screen while walking by
(there is actually a higher chance you could sue the one looking at your
screen without asking I think). But also I do know several companies who
are at the final stage above, and where trying to violate their policy
might cost you your yob..

Regards
Henrik

Received on Wed Apr 19 2006 - 19:31:42 MDT

This archive was generated by hypermail pre-2.1.9 : Mon May 01 2006 - 12:00:02 MDT