Open Source ISA Alternative

[infernon]

Is anyone aware of an open source ISA server alternative? I am aware of Squid which works outstandingly for caching and logging, but I'm more interested in restricting web access at my company. I've done some searching, but keep coming up blank.

[MrLinus]

ISA is a combination of things. Not just a web caching but also IDS and Firewall. I'd suspect you'd need multiple products on one machine or multiple machines. This is in fact one of the reasons I dislike ISA (besides the piggish nature of the program itself on resources). Network security shouldn't have a single point of failure nor should one machine be relied on for so many important tasks.

Squid, AFAIK, is the most recognized web caching utility, iptables would be the most common firewall and SNORT the IDS.

[cheesegoduk]

Hey
We have recently changed our proxy servers at work(A school)to use a free linux distrobution called censornet.

It's designed for schools primaryly, But it could be used in a business enviroment.
The distro is designed to be an all in one proxy/firewall solution, and gives you full control over what users see, You can block sites, file downloads. It'll also pick out sites with words in that you enter and block them automatically via the dansguardain program
http://dansguardian.org/
It'll even scan images for pornographic content(Although you have to pay for this) and block them accordingly

You can either add users yourself, Or if your running a Windows NT or active directory domain you can import the users from them.
You can set access times, eg don't allow access during lunch hours, Ban users for X amount of days, limit users to a set list of sites and even limit the bandwidth they get.
When users attempt to access the internet, They will be shown a log in box, from which they must type in there password and user name.

I havn't tried out the firewall part of it myself (we run a seperate machine for that) But it sounds like it'll do what your after

Get it Here

[infernon]

just as a follow-up on the censornet distro...
SWEET!!!
i have it almost up completely (too lazy to move the box to the actual location until tomorrow) and it took a little more than an hour to get there. awesome, thanks for the advice!!!
i'm guessing it runs on debian from the banner at startup? another cool thing was the support for apc ups' which we happen to use here....

[cheesegoduk]

Hehe no problem. Glad to help, Its a great piece of software. The students at school hate it and we love it

Yer the base of the distro appears to be Debian, which means you get the full power of the apt-get command. If you need to install anything else on the server just use the apt-get command. Be careful though with what you install this way, because although its debian, Its a very highly modded debian install, and some of the debian updates break the censornet packages, I b0rked our test server by apt-gettting one to many updates.

Keep an eye on the censornet forums for the offical updates, make sure you get the update that was released the other day here Else your users will be able to bypass the filter by simply adding a full stop to the end of a web address.

Anyway have fun using the distro and keep us updated on how you get on with it
Cheese