Re: RES: [squid-users] No IP in URL

From: Christoph Haas <email@dont-contact.us>
Date: Tue, 6 Dec 2005 19:01:01 +0100

Please always keep the list on Cc!

On Tuesday 06 December 2005 18:29, you wrote:
> I totally agree with you but I can not afford an URL filter. In fact,
> having free access to these kinds of applications is why open source
> software is so successful and popular.

Take a look at SquidGuard. It has a moderately useful list of URLs which
are checked.

I know that many bosses don't want to spend money on it. But the problem
is that even with commercial URL/content filters (which we use at work)
an insane amount of sites is still not classified. I was told that
about 5,000 new domains are registered every day. A single person
just can't deal with that.

Without spending money you have to decide whether you seriously want
to block "bad sites". Solution: whitelisting. That surely will annoy
a lot of people at first. Otherwise you will hardly block more than
the casual stupid user who "accidentally" tries a porn URL. Just tell
your boss how reality looks like and he needs to decide who serious he
is about security. That often results either in "well, it's not that
important - just try your best" or "is it really that bad? heck, try
not to make it too expensive".

Squid is a good, fast and flexible proxy. But when it comes to seriously
enforcing a security policy it just isn't enough IMHO.

 Christoph

-- 
~
~
".signature" [Modified] 1 line --100%--                1,48         All
Received on Tue Dec 06 2005 - 11:01:11 MST

This archive was generated by hypermail pre-2.1.9 : Sat Dec 31 2005 - 12:00:02 MST