Educause Security Discussion mailing list archives

Re: Internet filtering device

From: "Di Fabio, Andrea" <adifabio () NSU EDU>
Date: Tue, 17 Feb 2009 13:49:51 -0500

We use Squid in transparent mode with SquidGuard.  We had used Dansguardian
for a few years and started running into capacity and growth problems.
SquidGuard performs much better especially coupled with the Squid Setting:



#  TAG: redirector_bypass

#       When this is 'on', a request will not go through the

#       redirector if all redirectors are busy.  If this is 'off'

#       and the redirector queue grows too large, Squid will exit

#       with a FATAL error and ask you to increase the number of

#       redirectors.  You should only enable this if the redirectors

#       are not critical to your caching system.  If you use

#       redirectors for access control, and you enable this option,

#       users may have access to pages they should not

#       be allowed to request.

#

#Default:

# redirector_bypass off

redirector_bypass on





From: The EDUCAUSE Security Constituent Group Listserv
[mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of HALL, NATHANIEL D.
Sent: Tuesday, February 17, 2009 11:30 AM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: Re: [SECURITY] Internet filtering device



Yes and no.  We do on the network where students bring their own laptops,
but we do not on our internal network.  I am in the process of creating a
database driven system using DansGuardian and Squid to primarily block
malware.



--

Nathaniel Hall, GSEC GCFW GCIA GCIH GCFA

Network Security System Administrator

OTC Computer Networking



Office: (417) 447-7535



From: The EDUCAUSE Security Constituent Group Listserv
[mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Kellogg, Brian D.
Sent: Tuesday, February 17, 2009 9:57 AM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: [SECURITY] Internet filtering device



Just wondering if anyone is using a network security device to filter
malicious internet traffic particularly for Malware/rootkits?  If so can you
comment on what you are using and its effectiveness.







Thank you,



Brian Kellogg

Network Services Manager

St. Bonaventure University

716-375-4092

Attachment: smime.p7s
Description:

Current thread:

Internet filtering device Kellogg, Brian D. (Feb 17)
- <Possible follow-ups>
- Re: Internet filtering device HALL, NATHANIEL D. (Feb 17)
- Re: Internet filtering device Randall C Grimshaw (Feb 17)
- Re: Internet filtering device Cal Frye (Feb 17)
- Re: Internet filtering device Di Fabio, Andrea (Feb 17)