Ask the Expert

How can I use Linux for secure Internet access serving?

I want to install a Linux server that gives Internet access to my users. But I only want to give access to selected users or groups, no matter which computer of the LAN they're using. I'm currently using Microsoft Proxy Server 2.0, but I don't want to update it.

Which software and/or Linux distribution will best fit my needs if I want to install to give users the same access they have now and have the capability to select users for special access? Also, what other basic security measures should I take when installing a new Linux distribution?

    Requires Free Membership to View

Internet access serving is one of the top six applications that Linux has found a niche for. The Linux application that provides Web and FTP proxy services is called SQUID. You can read more about this tool here: http://www.squid-cache.org.

From the Linux distribution perspective the four most used products are:

  • Red Hat Linux
  • SuSE Linux
  • Mandrake Linux
  • Debian Linux (free)
Which is best for you depends on whether or not you intend to roll your own solution or buy a pre-packaged and fully supported solution. You would need to check in with each vendor as well as with the Debian community to form your own opinion. Before you call anyone, I'd suggest that you carefully determine what your decision criteria are.

SQUID is a very capable proxy server that implements a concept known as Access Control Lists (ACLs). ACLs can be based on network address, machine or host names (of clients), direct per-user authentication, transparent authentication using MS Windows login IDs, etc.

SQUID also allows you to set URL filters that will effectively block all traffic from sites that may serve up unfriendly words or terms in the URL or in content. In addition to SQUID itself you can use a companion tool like squidguard to provide even tighter and more finely-grained control over Internet access.

Rules? Firstly, make your SQUID server your Internet gateway. Secondly, block every port (UDP and TCP) that you do not want to let through your gateway. A good firewall configuration is essential. Next, configure SQUID to be your Gestapo security defense barrier.

Lastly, configure SQUID to use a port other than the default 3128, as the default is a bit of a give-away to potential crackers. Oh, by the way, you should of course block all incoming connections to your SQUID server if they do not originate from within your network.

You might also be interested in the auth_ntlm module for SQUID. A Google search should have you in touch with more than you can digest in a matter of strokes.

This was first published in June 2003

There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: