Hello all,
I am not much of a Forum guy but I am starting to fray at the ends trying to get a solution that fits my situation well. I apologize if this should have been in Router's and Gateways instead or somewhere else in the Forum, please feel free to move it or tell me where to put it and I will be more than willing to oblige.
I will now briefly describe what I am looking for. I want a transparent, low cost, effective, content filter to use in 3 different SOHO environments. 2 are personal homes and one is a Church.
I have already looked into DansGuardian but it has no more support and the newest stuff I can find online documenting how to use it is from 2009, regardless I tried it myself on several different Linux based servers including CentOS, Ubuntu, and the Smoothwall* firewall "os", I was unable to get a working solution in place on any of these systems. If I could get DansGuardian to work it is the best solution I have found so far since it is free but I have a few issues with it.
It is difficult to install.
It is complicated to configure.
Would be hard to manage for anyone not intensely familiar with the solution.
My two favorite aspects are that it is open source and instead of just relying on a "Whitelist/Blacklist" setup it scans each individual website for unwanted content and blocks it accordingly without blocking common mistakes, for instance, someone searching sites that contain the word "Breast" are likely to get blocked, but when found with words like "medical" it is less likely to be blocked based on a user set threshold.
I have also very briefly looked into nTop (this looked like an excellent solution but I could not ascertain what they offered on the free side compared to their enterprise solution) but quickly found it would be too difficult for me as I was unable to find any good documentation on it and although I may be mistaken the technical aspect of it looked to be beyond me.
SafeSquid is another one I tried and found lacking. It is very simple to install although adding transparency can be a small chore with only one network card, assuming you really want this solution to work you bought another and from there it was a lot easier but still time consuming to get the transparency working. Anyways this solution also mainly relies on lists and it does not block https at all out of the box and I never got that working right, or the caching for that matter, all in all this solution was very difficult to manage and did not do the job in the end.
Untangled was another place I looked but it uses a Whitelist/Blacklist for its filtering and it only offers a small portion of its database to the free user and it is not actively updated. (you can pay for their solution but its over 1400 for just the web filtering aspect alone and slightly more for their hardware solution and a yearly rate of 300+ dollars which is out of my price range.)
Speaking of Whitelist/Blacklist you cant use Google to find a solution like what I am looking for without coming across OpenDNS. The only way this would fail to be my favorite solution was if Dansguardian were still supported. The only problems with this solution are that it is too easy to get around (I did a simple Google search and found no less than 4 ways to get around the service of which 2 did not occur to me at first, with today's generation knowing more and more about technology its not something I'm willing to risk)
So I'll stop rambling and get to my point. I want a solution that I can install on my own hardware, Linux based is preferred, to provide transparent, intelligent, content filtering for anything on the network. Such a solution could easily also use services such as clamAV to provide anti-virus on the network level as well as caching to help improve internet speeds somewhat and a firewall solution, NAS, plex, and so much more. (The more you use the more $$$ you are going to need for hardware) but most of these are not very demanding process wise and would be very easy to integrate onto an old system.
Also its not required but it goes without much thought that it would be very helpful to have "monitoring" for such a solution. Perhaps something can take all the logs that could or would be setup/created by each service on the server and analyze them for viewing. I would like this to be capable of bandwidth monitoring and report on the device name, MAC, current IP, and time of any such logged traffic (so that I can pinpoint users that are trying to abuse the system and react accordingly as well as perhaps improve the solution if they do manage to find a way around it)
I know that I have said a lot here and most of it is what some would consider an enterprise solution, and perhaps it is, but this is at the heart of what I need to protect my users from the internet at large. If their are any ready to go solutions such as "Shade" (just found this today have not had much time to look into it) I would be willing to try them but only if they work in a way as described above.
Please lend me a hand as I am struggling to find a good way to make this happen and I'm sure I'm not the only one.
Thanks,
Bergie
*Smoothwall replaced Dansguardian and they do offer a free firewall solution which is easy to setup and install that I liked a lot but sadly it did not offer any filtering out of the box you have to add Dansguardian and there are a lot of compability issues.
I am not much of a Forum guy but I am starting to fray at the ends trying to get a solution that fits my situation well. I apologize if this should have been in Router's and Gateways instead or somewhere else in the Forum, please feel free to move it or tell me where to put it and I will be more than willing to oblige.
I will now briefly describe what I am looking for. I want a transparent, low cost, effective, content filter to use in 3 different SOHO environments. 2 are personal homes and one is a Church.
I have already looked into DansGuardian but it has no more support and the newest stuff I can find online documenting how to use it is from 2009, regardless I tried it myself on several different Linux based servers including CentOS, Ubuntu, and the Smoothwall* firewall "os", I was unable to get a working solution in place on any of these systems. If I could get DansGuardian to work it is the best solution I have found so far since it is free but I have a few issues with it.
It is difficult to install.
It is complicated to configure.
Would be hard to manage for anyone not intensely familiar with the solution.
My two favorite aspects are that it is open source and instead of just relying on a "Whitelist/Blacklist" setup it scans each individual website for unwanted content and blocks it accordingly without blocking common mistakes, for instance, someone searching sites that contain the word "Breast" are likely to get blocked, but when found with words like "medical" it is less likely to be blocked based on a user set threshold.
I have also very briefly looked into nTop (this looked like an excellent solution but I could not ascertain what they offered on the free side compared to their enterprise solution) but quickly found it would be too difficult for me as I was unable to find any good documentation on it and although I may be mistaken the technical aspect of it looked to be beyond me.
SafeSquid is another one I tried and found lacking. It is very simple to install although adding transparency can be a small chore with only one network card, assuming you really want this solution to work you bought another and from there it was a lot easier but still time consuming to get the transparency working. Anyways this solution also mainly relies on lists and it does not block https at all out of the box and I never got that working right, or the caching for that matter, all in all this solution was very difficult to manage and did not do the job in the end.
Untangled was another place I looked but it uses a Whitelist/Blacklist for its filtering and it only offers a small portion of its database to the free user and it is not actively updated. (you can pay for their solution but its over 1400 for just the web filtering aspect alone and slightly more for their hardware solution and a yearly rate of 300+ dollars which is out of my price range.)
Speaking of Whitelist/Blacklist you cant use Google to find a solution like what I am looking for without coming across OpenDNS. The only way this would fail to be my favorite solution was if Dansguardian were still supported. The only problems with this solution are that it is too easy to get around (I did a simple Google search and found no less than 4 ways to get around the service of which 2 did not occur to me at first, with today's generation knowing more and more about technology its not something I'm willing to risk)
So I'll stop rambling and get to my point. I want a solution that I can install on my own hardware, Linux based is preferred, to provide transparent, intelligent, content filtering for anything on the network. Such a solution could easily also use services such as clamAV to provide anti-virus on the network level as well as caching to help improve internet speeds somewhat and a firewall solution, NAS, plex, and so much more. (The more you use the more $$$ you are going to need for hardware) but most of these are not very demanding process wise and would be very easy to integrate onto an old system.
Also its not required but it goes without much thought that it would be very helpful to have "monitoring" for such a solution. Perhaps something can take all the logs that could or would be setup/created by each service on the server and analyze them for viewing. I would like this to be capable of bandwidth monitoring and report on the device name, MAC, current IP, and time of any such logged traffic (so that I can pinpoint users that are trying to abuse the system and react accordingly as well as perhaps improve the solution if they do manage to find a way around it)
I know that I have said a lot here and most of it is what some would consider an enterprise solution, and perhaps it is, but this is at the heart of what I need to protect my users from the internet at large. If their are any ready to go solutions such as "Shade" (just found this today have not had much time to look into it) I would be willing to try them but only if they work in a way as described above.
Please lend me a hand as I am struggling to find a good way to make this happen and I'm sure I'm not the only one.
Thanks,
Bergie
*Smoothwall replaced Dansguardian and they do offer a free firewall solution which is easy to setup and install that I liked a lot but sadly it did not offer any filtering out of the box you have to add Dansguardian and there are a lot of compability issues.