Hi All,
In light of recent revelations of governments and telco's monitoring our internet traffic, I have been thinking how I might blind the all seeing eye. I would greatly appreciate your input with the following...
I am a network admin for a small company with about 15-20 iMac's. I am running a 10.7 Server with AFP, DNS, DHCP, Mail, and Open Directory.
All is going well but I would like to increase our security by having all internet traffic protected by a VPN - such as ProXPN or AirVPN. Please note, when I say VPN, I am not having a VPN in the sense of allowing remote computers to connect back to the server so they appear on the local network, I am talking about creating an encrypted tunnel to a server in another country This will ensure telco's and the local government cannot monitor our internet usage. How would I go about ensuring that every iMac is connecting through a VPN? My understanding is that I would need a web proxy hosted locally, such as a Squid web proxy. Then I can push the proxy settings to the iMac's via Workgroup Manager so that all web traffic will be tunnelled through to the proxy. I also gain the advantage of data caching and a few other benefits by having a web proxy, but security is my main concern. The next question then is, how would I go about having the web proxy connect to the VPN (ProXPN or AirVPN for example) instead of forwarding traffic in the normal manner? Or maybe a web proxy isn't the only answer maybe I could push some other VPN settings to the iMac's in another way?
The second part of my question is, do you know of any software/solution that I could deploy that would allow me to monitor the internet usage of iMac clients? I have no desire to monitor what websites they go to (to me this would breech privacy), I simply want to be able to keep a tally of how much data each user is using. Again, I'm thinking a web proxy may be required for this? I am also guessing that the web proxy would have to support integration with Open Directory to ensure that the traffic is recorded against each logged in user.
Please let me know your thoughts as I have been unable to find a solution yet!
Many thanks all,
Rusty
In light of recent revelations of governments and telco's monitoring our internet traffic, I have been thinking how I might blind the all seeing eye. I would greatly appreciate your input with the following...
I am a network admin for a small company with about 15-20 iMac's. I am running a 10.7 Server with AFP, DNS, DHCP, Mail, and Open Directory.
All is going well but I would like to increase our security by having all internet traffic protected by a VPN - such as ProXPN or AirVPN. Please note, when I say VPN, I am not having a VPN in the sense of allowing remote computers to connect back to the server so they appear on the local network, I am talking about creating an encrypted tunnel to a server in another country This will ensure telco's and the local government cannot monitor our internet usage. How would I go about ensuring that every iMac is connecting through a VPN? My understanding is that I would need a web proxy hosted locally, such as a Squid web proxy. Then I can push the proxy settings to the iMac's via Workgroup Manager so that all web traffic will be tunnelled through to the proxy. I also gain the advantage of data caching and a few other benefits by having a web proxy, but security is my main concern. The next question then is, how would I go about having the web proxy connect to the VPN (ProXPN or AirVPN for example) instead of forwarding traffic in the normal manner? Or maybe a web proxy isn't the only answer maybe I could push some other VPN settings to the iMac's in another way?
The second part of my question is, do you know of any software/solution that I could deploy that would allow me to monitor the internet usage of iMac clients? I have no desire to monitor what websites they go to (to me this would breech privacy), I simply want to be able to keep a tally of how much data each user is using. Again, I'm thinking a web proxy may be required for this? I am also guessing that the web proxy would have to support integration with Open Directory to ensure that the traffic is recorded against each logged in user.
Please let me know your thoughts as I have been unable to find a solution yet!
Many thanks all,
Rusty