Welcome, Guest. Please login or register.
Did you miss your activation email?
Sunday 24 November 2024, 08:50:41 am

Login with username, password and session length

Visit the Official Endian Bug tracker  HERE
14261 Posts in 4377 Topics by 6517 Members
Latest Member: Sandro
Search:     Advanced search
+  EFW Support
|-+  Support
| |-+  General Support
| | |-+  Endian Internals
0 Members and 0 Guests are viewing this topic. « previous next »
Pages: [1] Go Down Print
Author Topic: Endian Internals  (Read 8612 times)
endboy
Jr. Member
*
Offline Offline

Posts: 1


« on: Friday 24 December 2010, 06:52:40 pm »

Hi,
  I currently manage a small companies network. Currently, I use a debian linux server with squid as proxy, iptables etc.
However, there are various things which I cannot do because of which I considering a custom firewall product like Endian.
   
I am able to do a lot of things with squid & iptables, but a few things seem difficult to achieve.

1) If I block facebook through their http url, people can still access https version of same URL because squid doesn't go through https traffic by default. However, if the users set the gateway IP address as proxy on their web browser, then https is also blocked. So I can do one thing - using iptables drop all outgoing 443 traffic, so that people are forced to set proxy on their browser in order to browse any HTTPS traffic. Can Endian offer a better solution than this?

2) Also if I want to block no of sites, I have enter all their URLs manually. Is there something Endian offers to ease this?

3) Block yahoo messenger, gtalk etc. There are so many ports on which these Instant Messenger softwares work. You need to drop lots of outgoing ports in iptables. However, new ports get added, so you have to keep adding them. And even if your list of ports is current, people can still use the web version of gtalk etc.

4) Blocking P2P. Does Endian do this? How?

So can current users of Endian tell me if Endian is suitable product for my needs?


Logged
bernieL0max
Full Member
***
Offline Offline

Posts: 30


« Reply #1 on: Monday 24 January 2011, 11:58:52 pm »

just a  of short responses...

1. If you wanted to filter all outgoing HTTP/HTTPS requests, and not require the proxy to be manually configured you would enable the Endian transparent proxy, and block direct outgoing requests on those ports.  I believe (and I may be wrong), that the content filter can then only block based on URL/IP from categorised sites and blacklists.

2. The Endian HTTP content filter is 'content aware', it can be configured to block based on categories, decided by a (configurable) combination of previously categorised sites, content, phrases and keywords, as well as custom blacklists and whitelists.

3. You need to disable Universal Plug and Play (UPnP), and/or the Internet Gateway Device protocol (IGD) on your router!

4. Your default outgoing rule should always be 'DENY'; only ports & services that you explicitly allowed should be allowed out... leaving apps that use random or unusual ports, such as P2P & Torrent unable to connect to servers/peers/seeds.  This will also improve when you disable UPnP/IGD.
Logged
Pages: [1] Go Up Print 
« previous next »
Jump to:  

Page created in 0.078 seconds with 19 queries.
Powered by SMF 1.1 RC2 | SMF © 2001-2005, Lewis Media Design by 7dana.com