Web Content Filtering for k-12 School I need some input

Discussion in 'Mac OS X Server, Xserve, and Networking' started by shadyMedia, Feb 8, 2011.

  1. macrumors newbie

    Joined:
    Apr 6, 2009
    Messages:
    27
    #1
    Hello as the title say's were looking for a web content filter for our lab.

    The Lab is small only 26 Computer's but we also offer wireless networking which is mostly used for teachers but we might expand that to all others in the future.

    So our setup goes like this

    ISP Modem-->Mac OSX Server (MacPro Server)--ASANTE GX5-2400W (24 port Giaga Bit Switch...That we need to replace soonish---And from there to the local computer's and to the AP's throughout the school


    The server act's as our-
    -AFP
    -DHCP
    -DNS
    -Firewall
    -NAT
    -Netboot
    -NFS
    -OD (Open Directory)
    -Software Update
    -VPN

    We have 1 other server on the network Running just AFP and it's also a Open Directory replica


    In the past we have used Apple Parental Control's but let's face it that's not that great so we looked into other option mostly free to save cost but they have all been very tricky and not really what were looking for

    We really need something ether software or Hardware i,e rack or a stand alone computer. We would prefer a hardware option so if something happen's not everything goes down if you know what I mean.

    We need content filtering for websites for google searches the ability to block websites and allow ones that might of been blocked.

    We also want the ability to filter certain groups such as teachers compared to student's if we could get a combo unit that handles a firewall aswell then perfect!

    So if anyone has any idea's please share.


    Thanks
     
  2. macrumors 601

    Joined:
    Aug 15, 2005
    Messages:
    4,519
    #2
    There's always Websense, which allows you to filter by users, groups, or IPs.

    On the other hand, OpenDNS is really cheap.
     
  3. jedigeek5, Feb 8, 2011
    Last edited: Feb 8, 2011

    macrumors newbie

    Joined:
    Feb 8, 2011
    Messages:
    2
    #3
    Web content filtering: K9

    K9 from BlueCoat is a good way to go. It's free for single users (I think there is per/user pricing for schools) and uses their cloud rating system for categories, allow/deny lists, Google safe search (and other search engines) and provides reporting. It is one desktop at a time however (also has an iPad/iPhone app).

    www.k9webprotection.com

    and yes....I do work for BlueCoat (but not K9).
     
  4. macrumors regular

    Joined:
    Aug 13, 2007
    Messages:
    104
    #4
    I would recommend seeking a solution from Fortinet or Sonicwall

    I've overseen the network in a private k-12 school as well as a NFP organization. In both situations I've deployed Sonicwall and Fortinet.

    Having a hardware content filtering system is the most ideal for overhead and manageability. The sonicwall has been the easiest by far to impliment.

    I currently use a NSA-240, but depending on the scale of throughput you need, a TZ-100 and up could do the job for you.

    If you want to know more, I can post some screen shots. It can be managed by groups, acl's. You can have different filtering options per group via LDAP connectivity.

    Cheers
    Shawn
     
  5. macrumors 68030

    Les Kern

    Joined:
    Apr 26, 2002
    Messages:
    2,918
    Location:
    Alabama
    #5
    OpenDNS is free and does a pretty good job of blocking sites. Lock your machines down, set them and/or your DHCP server to ODNS's servers, done. It works just fine. We upgraded to the Pro version for 500 bucks. Good with most proxies, BUT will NOT block SSL https:// sites, so that to me is a huge deal-breaker. Won't block keywords, just domains. Students cracked it in seconds.

    I use a SonicWall NSA firewall. They are the next step up perhaps. Not too pricey, BUT their yearly fees are. Their Intrusion Prevention is incredible, filter is fine. A little shaky on identifying proxies. REAL easy to manage. Students found holes in minutes. on non-IPS sites.

    For the ultimate, use a packet shaper, in my case Cymphonix. Unbreakable as far as I can see. Don't go there. $$$$$

    Good luck.
     
  6. macrumors 6502a

    Old Muley

    Joined:
    Jan 6, 2009
    Messages:
    629
    Location:
    Titletown USA
    #6
    We use LightSpeed Systems at work. I don't know anything about it other than it keeps the kids and staff out of places someone thinks they shouldn't go.
     
  7. macrumors member

    Joined:
    May 22, 2007
    Messages:
    75
    #7
    Have you looked at few Linux based UTM?

    I have looked at using SonicWall and Netgear ProSecure UTM for home use, but decided against them mainly due to high throughput penalty with all UTM features and VPN option turned on (upto 60-90% hit). Main problem with these appliances are lack of CPU power needed for all those UTM features and VPN.

    I found software based UTM solutions such as Astaro or Untangle to be better. I am running Astaro Security Gateway on old Dell OptiPlex 745 Small Form Factor (Core2 Duo E6600/2.4GHz, 2 GB memory) headless. Added second NIC card and took out videocard to save energy. Even with all antivirus, antispam, IPS, firewall, Webserver protection with proxy servers, antispyware, URL filtering, and SSL VPN for laptops and L2TP over IPSec VPN for iPhone running, there is absolutely no throughput penalty at all. It uses dual Avira and ClamAV for antivirus and allows bandwidth management for IM/P2P/Torrent, etc. My guess is that you will likely have extra spare PC laying around at school, you can pick appropriate level of hardware to scale up to support the number of users at school.

    I found both Untangle and Astaro to be excellent, but chose Astaro as it supports more VPN options (SSL, PPTP, L2TP over IPSec, IPSec, and CISCO VPN) vs just OPEN VPN for Untangle. Astaro also has fast and excellent GUI.

    I had no prior knowledge of server / UTM before implementing current setup of
    ISP --> Astaro Gateway --> HP ProCurve 2848 Switch --> MacMini OSX server (DNS, DHCP, AFP, Address Book, iCal, NFS, OD, SMB, Webserver), PC's, Mac's, AP, Home Automation, and etc.

    Both are free for Home usage but charge for SMB, Enterprise, and Education.
     
  8. earlution, Feb 21, 2011
    Last edited: Feb 21, 2011

    macrumors newbie

    Joined:
    Feb 21, 2011
    Messages:
    1
    #8
    Hi

    I think I have everything you need here and it's all free :)

    Firstly, check Wazmacs site, it's a great resource for K-12 providers using OS X servers.

    Most of the rest of the stuff you need can be found drilling in to this site, but for convienience:

    Proxy - SquidMan
    Filter - Dans Guardian
    GUI for DG - WebMin

    Wazmac's guide for setting up and configuring all the above ;)

    HTH
     
  9. macrumors regular

    Joined:
    Mar 16, 2009
    Messages:
    247
    Location:
    Planet Earth, Old World
    #9
    I second that recommendation. Blue Coat products are top notch and are being used by large enterprises. You might consider their smallest ProxySG model, it does much more than their K9 product and is affordable.

    If you need help with that, drop me a message.
     
  10. macrumors newbie

    Joined:
    Apr 6, 2009
    Messages:
    27
    #10

    Wazmac's Site is very good but certain things are very outdated and in this case that Wazmac's walkthrough for DG and Squid is for 10.4 and finding the software is tricky.

    Were looking for something that we can set it up with not much work.

    Tho we are using WebMin now which is very nice btw.
     
  11. macrumors newbie

    Joined:
    Apr 6, 2009
    Messages:
    27
    #11


    I like the idea of Untangle DL yesterday just haven't had anytime to test it out. Hoping we can get it to run on a mac ether locally or through VMware
     
  12. macrumors 65816

    Airforcekid

    Joined:
    Sep 29, 2008
    Messages:
    1,334
    Location:
    United States of America
    #12
    +1 for OpenDns only VPNs get around it but 99.9 percent of students have no clue what that is and most cost them also deepfreeze is good to ensure your computers always remain like new.
     
  13. macrumors newbie

    Joined:
    Jul 24, 2002
    Messages:
    3
    Location:
    Wales, UK
    #13
    Web filtering

    Try Bloxx Web Filtering, easy integration into Open Directory. www.bloxx.com
    It's not cheap but good.

    OpenDNS would work but tracking users is hard.
     
  14. macrumors regular

    Joined:
    Oct 15, 2003
    Messages:
    167
    Location:
    UK
    #14
    You might also look at Kerio's new firewall offerings.
     
  15. macrumors 68020

    Cabbit

    Joined:
    Jan 30, 2006
    Messages:
    2,129
    Location:
    Scotland
    #15
    This may perhaps be a odd question to ask but why filter at all. During my time in Primary(7th year school got internet) and High School we were taught not to access these sites and to exercise our own judgement.

    Is it the case that students are not able to do this or outside factors that make such filtering necessary?
     
  16. shadyMedia, Mar 7, 2011
    Last edited: Mar 7, 2011

    macrumors newbie

    Joined:
    Apr 6, 2009
    Messages:
    27
    #16
    Same rule applies to driving people know they shouldn't speed but they still do. So it's easier for us to just remove the temptation. But it's nice to see some student's police there own usage
     

Share This Page