Web Content Filtering for k-12 School I need some input

Discussion in 'Mac OS X Server, Xserve, and Networking' started by shadyMedia, Feb 8, 2011.

  1. shadyMedia macrumors newbie

    Apr 6, 2009
    Hello as the title say's were looking for a web content filter for our lab.

    The Lab is small only 26 Computer's but we also offer wireless networking which is mostly used for teachers but we might expand that to all others in the future.

    So our setup goes like this

    ISP Modem-->Mac OSX Server (MacPro Server)--ASANTE GX5-2400W (24 port Giaga Bit Switch...That we need to replace soonish---And from there to the local computer's and to the AP's throughout the school

    The server act's as our-
    -OD (Open Directory)
    -Software Update

    We have 1 other server on the network Running just AFP and it's also a Open Directory replica

    In the past we have used Apple Parental Control's but let's face it that's not that great so we looked into other option mostly free to save cost but they have all been very tricky and not really what were looking for

    We really need something ether software or Hardware i,e rack or a stand alone computer. We would prefer a hardware option so if something happen's not everything goes down if you know what I mean.

    We need content filtering for websites for google searches the ability to block websites and allow ones that might of been blocked.

    We also want the ability to filter certain groups such as teachers compared to student's if we could get a combo unit that handles a firewall aswell then perfect!

    So if anyone has any idea's please share.

  2. belvdr macrumors 603

    Aug 15, 2005
    No longer logging into MR
    There's always Websense, which allows you to filter by users, groups, or IPs.

    On the other hand, OpenDNS is really cheap.
  3. jedigeek5, Feb 8, 2011
    Last edited: Feb 8, 2011

    jedigeek5 macrumors newbie

    Feb 8, 2011
    Web content filtering: K9

    K9 from BlueCoat is a good way to go. It's free for single users (I think there is per/user pricing for schools) and uses their cloud rating system for categories, allow/deny lists, Google safe search (and other search engines) and provides reporting. It is one desktop at a time however (also has an iPad/iPhone app).


    and yes....I do work for BlueCoat (but not K9).
  4. pismobrat macrumors regular

    Aug 13, 2007
    I would recommend seeking a solution from Fortinet or Sonicwall

    I've overseen the network in a private k-12 school as well as a NFP organization. In both situations I've deployed Sonicwall and Fortinet.

    Having a hardware content filtering system is the most ideal for overhead and manageability. The sonicwall has been the easiest by far to impliment.

    I currently use a NSA-240, but depending on the scale of throughput you need, a TZ-100 and up could do the job for you.

    If you want to know more, I can post some screen shots. It can be managed by groups, acl's. You can have different filtering options per group via LDAP connectivity.

  5. Les Kern macrumors 68040

    Les Kern

    Apr 26, 2002
    OpenDNS is free and does a pretty good job of blocking sites. Lock your machines down, set them and/or your DHCP server to ODNS's servers, done. It works just fine. We upgraded to the Pro version for 500 bucks. Good with most proxies, BUT will NOT block SSL https:// sites, so that to me is a huge deal-breaker. Won't block keywords, just domains. Students cracked it in seconds.

    I use a SonicWall NSA firewall. They are the next step up perhaps. Not too pricey, BUT their yearly fees are. Their Intrusion Prevention is incredible, filter is fine. A little shaky on identifying proxies. REAL easy to manage. Students found holes in minutes. on non-IPS sites.

    For the ultimate, use a packet shaper, in my case Cymphonix. Unbreakable as far as I can see. Don't go there. $$$$$

    Good luck.
  6. Old Muley macrumors 6502a

    Old Muley

    Jan 6, 2009
    Titletown USA
    We use LightSpeed Systems at work. I don't know anything about it other than it keeps the kids and staff out of places someone thinks they shouldn't go.
  7. Chocomonsters macrumors regular

    May 22, 2007
    Have you looked at few Linux based UTM?

    I have looked at using SonicWall and Netgear ProSecure UTM for home use, but decided against them mainly due to high throughput penalty with all UTM features and VPN option turned on (upto 60-90% hit). Main problem with these appliances are lack of CPU power needed for all those UTM features and VPN.

    I found software based UTM solutions such as Astaro or Untangle to be better. I am running Astaro Security Gateway on old Dell OptiPlex 745 Small Form Factor (Core2 Duo E6600/2.4GHz, 2 GB memory) headless. Added second NIC card and took out videocard to save energy. Even with all antivirus, antispam, IPS, firewall, Webserver protection with proxy servers, antispyware, URL filtering, and SSL VPN for laptops and L2TP over IPSec VPN for iPhone running, there is absolutely no throughput penalty at all. It uses dual Avira and ClamAV for antivirus and allows bandwidth management for IM/P2P/Torrent, etc. My guess is that you will likely have extra spare PC laying around at school, you can pick appropriate level of hardware to scale up to support the number of users at school.

    I found both Untangle and Astaro to be excellent, but chose Astaro as it supports more VPN options (SSL, PPTP, L2TP over IPSec, IPSec, and CISCO VPN) vs just OPEN VPN for Untangle. Astaro also has fast and excellent GUI.

    I had no prior knowledge of server / UTM before implementing current setup of
    ISP --> Astaro Gateway --> HP ProCurve 2848 Switch --> MacMini OSX server (DNS, DHCP, AFP, Address Book, iCal, NFS, OD, SMB, Webserver), PC's, Mac's, AP, Home Automation, and etc.

    Both are free for Home usage but charge for SMB, Enterprise, and Education.
  8. earlution, Feb 21, 2011
    Last edited: Feb 21, 2011

    earlution macrumors newbie

    Feb 21, 2011

    I think I have everything you need here and it's all free :)

    Firstly, check Wazmacs site, it's a great resource for K-12 providers using OS X servers.

    Most of the rest of the stuff you need can be found drilling in to this site, but for convienience:

    Proxy - SquidMan
    Filter - Dans Guardian
    GUI for DG - WebMin

    Wazmac's guide for setting up and configuring all the above ;)

  9. funkahdafi macrumors 6502

    Mar 16, 2009
    Planet Earth, Old World
    I second that recommendation. Blue Coat products are top notch and are being used by large enterprises. You might consider their smallest ProxySG model, it does much more than their K9 product and is affordable.

    If you need help with that, drop me a message.
  10. shadyMedia thread starter macrumors newbie

    Apr 6, 2009

    Wazmac's Site is very good but certain things are very outdated and in this case that Wazmac's walkthrough for DG and Squid is for 10.4 and finding the software is tricky.

    Were looking for something that we can set it up with not much work.

    Tho we are using WebMin now which is very nice btw.
  11. shadyMedia thread starter macrumors newbie

    Apr 6, 2009

    I like the idea of Untangle DL yesterday just haven't had anytime to test it out. Hoping we can get it to run on a mac ether locally or through VMware
  12. Airforcekid macrumors 65816


    Sep 29, 2008
    United States of America
    +1 for OpenDns only VPNs get around it but 99.9 percent of students have no clue what that is and most cost them also deepfreeze is good to ensure your computers always remain like new.
  13. albanwr macrumors newbie

    Jul 24, 2002
    Wales, UK
    Web filtering

    Try Bloxx Web Filtering, easy integration into Open Directory. www.bloxx.com
    It's not cheap but good.

    OpenDNS would work but tracking users is hard.
  14. Waragainstsleep macrumors regular

    Oct 15, 2003
    You might also look at Kerio's new firewall offerings.
  15. Cabbit macrumors 68020


    Jan 30, 2006
    This may perhaps be a odd question to ask but why filter at all. During my time in Primary(7th year school got internet) and High School we were taught not to access these sites and to exercise our own judgement.

    Is it the case that students are not able to do this or outside factors that make such filtering necessary?
  16. shadyMedia, Mar 7, 2011
    Last edited: Mar 7, 2011

    shadyMedia thread starter macrumors newbie

    Apr 6, 2009
    Same rule applies to driving people know they shouldn't speed but they still do. So it's easier for us to just remove the temptation. But it's nice to see some student's police there own usage

Share This Page