Posted: 2/23/2004 10:20:58 PM EDT
|
I manage 20 machines where I work. We have internet access through comcast so the line comes in goes to the router/firewall then to our hub. Is there a way to set up the server or another machine so that all internet requests go through it? I would like a way to monitor our internal traffic and I assume a proxy is the way to do it. I am very good with the workstation maintenace but I am not as good with network admin. Any help would be appreciated. |
|
It all depends on how much your company wants to spend (read...How valuble is security to them?). Setting up a *nix proxy it fairly easy from what I've heard altho I've never done it myself. I have 1 small office that uses Kerio's Winroute Pro. It has proxy and firewall capabilities as well as a mail server and a DHCP server. Not bad for a small business and is $500 for a 25-user license. I run it on a normal PC running NT 4.0 Workstation. I'm pretty sure C-net did a comparison with Winroute and some other comparable software a few years ago so you might wanna surf on over and look for that article. How you want to set it up is to put 2 NICS in the proxy computer, 1 "inside" and 1 "outside". Inside NIC hooks to your switch, outside hooks to your firewall or router. Set the gateway in either DHCP or on the static PC addys to the inside NIC on the proxy device. Also, get with your ISP and see it they can set a rule on the router to refuse all outgoing requests except those that come from the outside NIC on the proxy. This will prevent the smarter users from bypassing the proxy and having unmonitered access. You then need to set the proxy setting in IE. Make a custom install using the IE admin kit that requires the proxy use and install that on all the PC's. And remember, keep a backup copy of the weblogs at all times. It comes in handy when you need to blackmail management for a couple extra days off. [:D] |