160 likes | 300 Views
Internet Filtering with DansGuardian. By Daniel Zobel Director of Technology Heyworth CUSD#4. Who made it?. Daniel Barron. Me??? Daniel Zobel. Installation. There are lots of ways to install DansGuardian , but the easiest is to install it on a firewall called IPCop .
E N D
Internet Filtering with DansGuardian By Daniel Zobel Director of Technology Heyworth CUSD#4
Who made it? Daniel Barron Me??? Daniel Zobel
Installation There are lots of ways to install DansGuardian, but the easiest is to install it on a firewall called IPCop. Install IPCop and then install DansGuardian with the pre-complied package called Cop+. The instructions are found on the Install List file. With the new updated file there is also the availability to install Advanced Proxy which gives you lots of different features to control how the Internet and allows you to connect to Windows or eDirectory.
Configuration • Multiple Filters • Advanced Settings – Main functions of DG • Exception Sites/URLS – Allows sites or URLs • Banned Sites/URLS – Bans sites or URLs • Exception/Banned Users/IPs • Weighted Phrases – Filters words/phrases according to a point value • Grey Lists – Remove the URL filter from a site and just uses the weighted phrase list • Google Search – makes Google go onto a safe search • Mimetype List – blocks other content • HTML Template – This is what gets seen when denied • Naughtyness limit – Point value for what is too much • Blacklists – Blocks according to the domain
Lists • Most important lists • Exception site – This list over rules all lists • Be careful - If you have yahoo.com in the list all of yahoo.com is open to the public • If you need only part of a site opened then use Exception URL • Banned site/URL – This list blocks a site or URL from being seen. You will use this list the most. • Weighted Phrase list – If you need to block/allow many sites that use the same type of words then learn to use this list. I find that this list is the best one to learn how to use. • Block sites that have the word Jokes = <jokes><250> • Allow sites that have education = <education><-250> • Block a phrase <blonde>,<jokes><250>
What about HTTPS • Most people use a Transparent Proxy for their filtering, but secure traffic cannot be seen via transparent. • You must make everyone go through the proxy port to filter out https. • Transparent Proxy • Easiest to use because you don’t need to do anything to individual workstations • https://megaproxy.com - works • Non-Transparent Proxy • Must configure every browser to proxy to the filter (can be done via GPO which then is very easy- even for FireFox) • https://megaproxy.com - denied
Usernames Advanced Proxy can allow you to use identd, Ldap, Local and Radius authentication. After you have usernames then you can place them into different filters.
Groups • DG has built in itself the ability to manage groups using username or IP address. • To set this up you must be able to access the DG configuration lists and edit them in a editor. • Once setup DG will act like an independent program for each group – make sure you have lots of RAM in your box. • Very easy to setup.
Logs • With this setup of DG you have 3 months (12 weeks) of logs you can search. If you backup your log files and change names you can have unlimited. • You can search by • date range • IP address/username/URL • You can view the full log seeing the reason why it was blocked (if turned on) • You can see a summary of, by default, the top 100 allowed/denied URL/IP/User • I like searching by user to see who is the top people to do web searching. • I find it interesting that I am almost never in the top 5 and rarely in the 10. Is there a problem with that?
Questions that you might have? • 1 • 2 • 3 • 4 • 5
Best websites/support • Tech-geeks • IPCOP – ipcop.org • COP+ site • http://home.earthlink.net/~copplus/index.html • Advanced Proxy • http://www.advproxy.net/ • Yahoo groups • http://tech.groups.yahoo.com/group/dansguardian • Dansguardian.org • My contact • zobeld@husd4.k12.il.us