Open Source ISA Alternative
Results 1 to 5 of 5

Thread: Open Source ISA Alternative

  1. #1

    Open Source ISA Alternative

    Is anyone aware of an open source ISA server alternative? I am aware of Squid which works outstandingly for caching and logging, but I'm more interested in restricting web access at my company. I've done some searching, but keep coming up blank.

  2. #2
    Just a Virtualized Geek MrLinus's Avatar
    Join Date
    Sep 2001
    Location
    Redondo Beach, CA
    Posts
    7,324
    ISA is a combination of things. Not just a web caching but also IDS and Firewall. I'd suspect you'd need multiple products on one machine or multiple machines. This is in fact one of the reasons I dislike ISA (besides the piggish nature of the program itself on resources). Network security shouldn't have a single point of failure nor should one machine be relied on for so many important tasks.

    Squid, AFAIK, is the most recognized web caching utility, iptables would be the most common firewall and SNORT the IDS.
    Goodbye, Mittens (1992-2008). My pillow will be cold without your purring beside my head
    Extra! Extra! Get your FREE copy of Insight Newsletter||MsMittens' HomePage

  3. #3
    Senior Member cheesegoduk's Avatar
    Join Date
    May 2002
    Posts
    224
    Hey
    We have recently changed our proxy servers at work(A school)to use a free linux distrobution called censornet.

    It's designed for schools primaryly, But it could be used in a business enviroment.
    The distro is designed to be an all in one proxy/firewall solution, and gives you full control over what users see, You can block sites, file downloads. It'll also pick out sites with words in that you enter and block them automatically via the dansguardain program
    http://dansguardian.org/
    It'll even scan images for pornographic content(Although you have to pay for this) and block them accordingly

    You can either add users yourself, Or if your running a Windows NT or active directory domain you can import the users from them.
    You can set access times, eg don't allow access during lunch hours, Ban users for X amount of days, limit users to a set list of sites and even limit the bandwidth they get.
    When users attempt to access the internet, They will be shown a log in box, from which they must type in there password and user name.

    I havn't tried out the firewall part of it myself (we run a seperate machine for that) But it sounds like it'll do what your after

    Get it Here

  4. #4
    just as a follow-up on the censornet distro...
    SWEET!!!
    i have it almost up completely (too lazy to move the box to the actual location until tomorrow) and it took a little more than an hour to get there. awesome, thanks for the advice!!!
    i'm guessing it runs on debian from the banner at startup? another cool thing was the support for apc ups' which we happen to use here....

  5. #5
    Senior Member cheesegoduk's Avatar
    Join Date
    May 2002
    Posts
    224
    Hehe no problem. Glad to help, Its a great piece of software. The students at school hate it and we love it

    Yer the base of the distro appears to be Debian, which means you get the full power of the apt-get command. If you need to install anything else on the server just use the apt-get command. Be careful though with what you install this way, because although its debian, Its a very highly modded debian install, and some of the debian updates break the censornet packages, I b0rked our test server by apt-gettting one to many updates.

    Keep an eye on the censornet forums for the offical updates, make sure you get the update that was released the other day here Else your users will be able to bypass the filter by simply adding a full stop to the end of a web address.

    Anyway have fun using the distro and keep us updated on how you get on with it
    Cheese

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •