[CS-FSLUG] Locking down a machine in the Church
Stephen J. McCracken
smccracken at hcjb.org.ec
Fri Sep 8 15:37:16 CDT 2006
>> I simply set up a gateway on a Linux box and tell the WIndows machine
>> to use it? They then could modify the gateway to the high
>> speed connection (and yes, they would try something like that).
>>
>> Looking for some thoughts.....
>>
>> Thank you!
>>
>> -Scott
>>
> Install a transparent proxy as your gateway. Make all machines go
> through it to get to the internet. Make it a physical barrier like this
I you have access to the firewall/gateway, then just block the machine
from getting direct access out. Give the proxy access out. Then it
won't matter if they change the gateway or proxy settings on the
machine, because it won't get anywhere. On your proxy (Squid?
DansGuardian/Squid?) provide two ports for the proxy with
filtered/unfiltered access. Lock down the unfiltered access with the
firewall on the proxy itself.
sjm
More information about the Christiansource
mailing list