I want to install a Linux server that gives Internet access to my users. But I only want to give access to selected users or groups, no matter which computer of the LAN they're using. I'm currently using Microsoft Proxy Server 2.0, but I don't want to update it.
By submitting your email address, you agree to receive emails regarding relevant topic offers from TechTarget and its partners. You can withdraw your consent at any time. Contact TechTarget at 275 Grove Street, Newton, MA.
Which software and/or Linux distribution will best fit my needs if I want to install to give users the same access they have now and have the capability to select users for special access? Also, what other basic security measures should I take when installing a new Linux distribution?
Internet access serving is one of the top six applications that Linux has found a niche for. The Linux application that provides Web and FTP proxy services is called SQUID. You can read more about this tool here: http://www.squid-cache.org.
From the Linux distribution perspective the four most used products are:
- Red Hat Linux
- SuSE Linux
- Mandrake Linux
- Debian Linux (free)
SQUID is a very capable proxy server that implements a concept known as Access Control Lists (ACLs). ACLs can be based on network address, machine or host names (of clients), direct per-user authentication, transparent authentication using MS Windows login IDs, etc.
SQUID also allows you to set URL filters that will effectively block all traffic from sites that may serve up unfriendly words or terms in the URL or in content. In addition to SQUID itself you can use a companion tool like squidguard to provide even tighter and more finely-grained control over Internet access.
Rules? Firstly, make your SQUID server your Internet gateway. Secondly, block every port (UDP and TCP) that you do not want to let through your gateway. A good firewall configuration is essential. Next, configure SQUID to be your Gestapo security defense barrier.
Lastly, configure SQUID to use a port other than the default 3128, as the default is a bit of a give-away to potential crackers. Oh, by the way, you should of course block all incoming connections to your SQUID server if they do not originate from within your network.
You might also be interested in the auth_ntlm module for SQUID. A Google search should have you in touch with more than you can digest in a matter of strokes.
Dig Deeper on Linux security tools
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.