December 3rd, 2003 01:48 PM
Open Source ISA Alternative
Is anyone aware of an open source ISA server alternative? I am aware of Squid which works outstandingly for caching and logging, but I'm more interested in restricting web access at my company. I've done some searching, but keep coming up blank.
December 3rd, 2003 01:54 PM
ISA is a combination of things. Not just a web caching but also IDS and Firewall. I'd suspect you'd need multiple products on one machine or multiple machines. This is in fact one of the reasons I dislike ISA (besides the piggish nature of the program itself on resources). Network security shouldn't have a single point of failure nor should one machine be relied on for so many important tasks.
Squid, AFAIK, is the most recognized web caching utility, iptables would be the most common firewall and SNORT the IDS.
December 3rd, 2003 02:47 PM
We have recently changed our proxy servers at work(A school)to use a free linux distrobution called censornet.
It's designed for schools primaryly, But it could be used in a business enviroment.
The distro is designed to be an all in one proxy/firewall solution, and gives you full control over what users see, You can block sites, file downloads. It'll also pick out sites with words in that you enter and block them automatically via the dansguardain program
It'll even scan images for pornographic content(Although you have to pay for this) and block them accordingly
You can either add users yourself, Or if your running a Windows NT or active directory domain you can import the users from them.
You can set access times, eg don't allow access during lunch hours, Ban users for X amount of days, limit users to a set list of sites and even limit the bandwidth they get.
When users attempt to access the internet, They will be shown a log in box, from which they must type in there password and user name.
I havn't tried out the firewall part of it myself (we run a seperate machine for that) But it sounds like it'll do what your after
Get it Here
December 3rd, 2003 09:28 PM
just as a follow-up on the censornet distro...
i have it almost up completely (too lazy to move the box to the actual location until tomorrow) and it took a little more than an hour to get there. awesome, thanks for the advice!!!
i'm guessing it runs on debian from the banner at startup? another cool thing was the support for apc ups' which we happen to use here....
December 3rd, 2003 11:03 PM