[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [cobalt-users] Email monitoring; Internet access restriction

Subject: Re: [cobalt-users] Email monitoring; Internet access restriction
From: Seth Mos <knuffie@xxxxxxxxx>
Date: Wed Aug 23 13:03:49 2000

At 03:25 PM 8/23/00 -0400, you wrote:

I have a client trying to procure a Government Job.  In order to do this,
they have to have certain security measures in place.

1)  They have to be able to monitor outbound email content for possible
transmissions of confidential information.

2)  They have to be able to restrict internet access by user and/or
workstation.


This customer has a Cube 2;  ISDN access; Netopia ISDN Router;  NT4;  and
they use IE and Outlook / Outlook Express.

I thought I had restricted internet access at the desktop, but inbound
emails with a url  or link in them still connects to the internet.  Also,
Outlook
Express has an internet search window beneath the inbox that I can't seem to
remove.

I think a proxy is called for in this situation.  Has anybody done this?


Install/compile the latest squid (search google to find it).

search google again for "smb_auth" and install and configure that too andparse the readme to make sure you configured it right :-)


This works - trust me :-)

We use it at work for a 50 user squid proxy on a 256Kbit framerelayauthenticating against a user group in the NT domain.

Although you lose the transperant authentication feature of MS proxy server.

This works better with MACS (it doesn't keep bothering for user andpassword) and is also much faster for PC's and MAC's.

I also need to account for outbound email monitoring, to be able to search
contents for specific words, phrases, etc.

Hmm you can make sendmail monitor the mail and block messages (or forwardthem to the admin) which match with the rule. This has a Significantperformance penalty.

There is some info about it on the sendmail.org site.

It is almost the same issue as the "I LOVE YOU" blocking rule (which checksagainst subject)

Can this be done with a proxy?  Has anybody been forced to implement this?


Yup. The like the faster internet squid provides (Not biased here).

I have gone from 2KB's throughput in the first week I worked there to 7.5(ISDN max.) after some very "naughty" and "rogue" hacking into the network.*blush*I changed the whole setup (same ISDN line) and suceeded in making it 4times as fast and getting rid off all the useless MS proxy errors(timeout/dns errors) that are produced for no reason (even with the framerelay line we use today).


--
Seth
"Have you gone mad?"
"Well, yes, but that's beyond the scope of this email."

References:
- [cobalt-users] Email monitoring; Internet access restriction
  - From: Anita Hayes

Prev by Date: Re: [cobalt-users] FormMail is SO slow.
Next by Date: Re: [cobalt-users] Qube 2 freezing up
Previous by thread: [cobalt-users] Email monitoring; Internet access restriction
Next by thread: RE: [cobalt-users] Email monitoring; Internet access restriction

Sun Cobalt Users Message Index

Sun Cobalt Users Thread Index