[squid-users] proxy landscape planning from Albrecht Marcus on 2006-07-13 (squid-users)

From: Albrecht Marcus <Marcus.Albrecht@dont-contact.us>
Date: Thu, 13 Jul 2006 18:17:32 +0200

Dear squid Users,

i am currently in the process of planning a new proxy infrastructure.

The guideline is to implement a "state of the art" proxy landscape with
anti-spyware, anti-virus and content/url filtering.
Also access to all applications or websites should be able to allow /
disallow on user / group level. Applications like instant messaging or
video confernecing should also work.

Also it should be a two layered landscape becaus the security policy
denies direct access from the internal user lan to the internet, even
through one firewall.

    USER LAN
        |
________|_________
| internal proxy |
|_________________|
        |
        |
################### Firewall
        |
________|_________
| DMZ proxy |
|_________________|
        |
        |
################### Firewall
        |
        |
        INTERNET

I am currently thinking about an MS ISA Server as the internal proxy.
All users can be authenticated against the existing ADS. As the filters
and so should be set on user level the filtering should take place
there.
Has anyone a good advice about what add ins to use?
SurfControl, Websense, Webwasher ... ?

The dmz proxy may only act as a forwarder. Maybee squid?
Is it possible to get things like instant messaging or active ftp
through? We are currently ony unsing squid for http/s and passive ftp.

Maybee doing the url filtering and so on internal and the anti virus on
the dmz proxy as it won't need user accounts?

Better ideas?

Am i totaly thinking in the wrong direction?

Blacklists or filter lists should be commercial ones, as they have to be
reliable for the customer.

Thanks for your input

Marcus

--
****************************************************************************************************************************
sycor plastics - die Branchenloesung fuer die Kunststoffindustrie 	www.sycor-plastics.de 
sycor plastics - the solution for the plastic industry 			www.sycor-plastics.com 
********************************************************************************************************************************
Diese E-Mail ist vertraulich und kann darueber hinaus persoenliche Informationen beinhalten. Wenn Sie nicht der bestimmungsgemaesse Empfaenger sind, loeschen Sie bitte die E-Mail und deren Anhaenge sofort und benachrichtigen Sie uns darueber. Die Firma sycor willigt in keine Vertraege oder vertragliche Verpflichtungen ein oder uebermittelt rechtsverbindliche Angebote, die in Form von E-Mail versandt werden, sofern dies nicht ausdruecklich in schriftlicher Form zwischen den Parteien vereinbart wurde.
This e-mail is confidential and may contain personal and/or privileged information. If you are not the intended recipient please delete this e-mail and all attachments immediately and inform us. The company sycor does not agree with contracts or contract obligations sent by e-mail, neither do we transmit legally binding offers by e-mail, unless this is expressly agreed upon between the parties and documented in written form.

Received on Thu Jul 13 2006 - 10:17:35 MDT

This archive was generated by hypermail pre-2.1.9 : Tue Aug 01 2006 - 12:00:01 MDT