Searching \ for 'Re[4]: [OT]: ISP-based whitelisting service?' in subject line. ()
Make payments with PayPal - it's fast, free and secure! Help us get a faster server
FAQ page: www.piclist.com/techref/index.htm?key=isp+based+whitelisting
Search entire site for: '[OT]: ISP-based whitelisting service?'.

Truncated match.
PICList Thread
'Re[4]: [OT]: ISP-based whitelisting service?'
2006\06\26@175615 by Patrick Murphy

flavicon
face
Hi Bob,

Monday, June 26, 2006, 4:28:30 PM, you wrote:

> I am assuming that the expression "have the Internet filtered before it
> arrives on the place" is intended to ensure that even with physical access
> to the incoming wire from the ISP the young bucks cannot get to something
> they shouldn't.

Yes, that is what is intended.

> I believe the solution I outlined before can handle this, with the following
> simple notes:

> 1) Access from the router to the ISP requires knowledge of the ISP password,
> which would only be stored in the Router and unknown to anyone in the
> Colony.

Okay...

> 2) Access to the router setup is protected by the router's own password,
> which would not be known by anyone at the Colony either.

Okay...

> Thus to get to the internet you have to go through the router, and the
> router does all the filtering for you.

Sounds like I'll have to learn more about routers. Like how many sites
can be added to their whitelist, and just what can and can't be done
with them.

> The only way I can see to get around this is to get another account with the
> same ISP and use it on the same physical connection.

Sounds like a reasonably remote possibility - if they can do this, they will
probably set up their own, secret connection instead.

> Bob Ammerman
> RAm Systems

Thanks for your help. I've now got a better and more focused
understanding of our options!

--
Best regards,
Patrick Murphy
James Valley Colony

2006\06\26@180612 by Patrick Murphy

flavicon
face
Hi John,

Monday, June 26, 2006, 4:20:56 PM, you wrote:

> The problem is more widespread than you think.

> I am setting up a network at my church. I have come to a holding point
> because there is currently no way to provide access to the general user
> while limiting the possibility that a hormone driven teenager will be caught
> on a porn site.

There is a software solution for porn that you might be interested in
- I haven't tried it, but IIRC, PC Magazine recently reviewed it and
found it effective, although not foolproof.

<http://www.guardwareinc.com/ishield/>

Okay, I found the PC Magazine review here:

<http://www.pcmag.com/article2/0,1895,1927957,00.asp>


The FortiGate device I briefly tested was able to block sites based on
text content so I assume that would help as well.

<http://www.fortinet.com/>

--
Best regards,
Patrick Murphy
James Valley Colony

2006\06\26@180957 by Robert Ammerman

picon face
If the router is a cheap linux PC then virtually an infinite number of
routes can be added to their routing table. However, now you will have to
worry about physical access to the PC allowing someone to bypass security.

You might have to put it in a locked box.

Bob Ammerman
RAm Systems

{Original Message removed}

2006\06\27@131628 by Patrick Murphy

flavicon
face
Hi Herbert,

Monday, June 26, 2006, 3:10:38 PM, you wrote:

> How important is bandwidth?

I don't know - I assume if the colonies could have a connection that
doesn't drop below, say, three to four times as fast as Dial-up, they
would be satisfied for now.

{Quote hidden}

I don't think streaming video is currently desired - just basic email,
access to on-line banking, and business-related web sites. This will
likely expand greatly as the colonies become more familiar with the new
options that the Internet will provide.

I assume the base computer's connection to the Internet should be
faster than any other colony's connection - how much improvement
might extra bandwith give? I assume bandwith is more a bottleneck than
the VPN hardware?

> Basically you are creating a pseudo ISP that the clients connect to
> through VPN.

> Costs shouldn't be too bad. The VPN client routers are getting pretty
> cheap (since they are in the consumer space now), VPN servers are a
> little more expensive, but you only need one.

--
Best regards,
Patrick Murphy
James Valley Colony

2006\06\27@171537 by Herbert Graf

flavicon
face
On Tue, 2006-06-27 at 10:17 -0500, Patrick Murphy wrote:
> Hi Herbert,
>
> Monday, June 26, 2006, 3:10:38 PM, you wrote:
>
> > How important is bandwidth?
>
> I don't know - I assume if the colonies could have a connection that
> doesn't drop below, say, three to four times as fast as Dial-up, they
> would be satisfied for now.

Well, what you describe sounds very "bursty", so actual bandwidth
shouldn't be too bad.

> I don't think streaming video is currently desired - just basic email,
> access to on-line banking, and business-related web sites. This will
> likely expand greatly as the colonies become more familiar with the new
> options that the Internet will provide.

Well as a start this might be a good solution for you.

> I assume the base computer's connection to the Internet should be
> faster than any other colony's connection - how much improvement
> might extra bandwith give?

Unfortunately I don't have the experience to really be able to recommend
something specific. The most important thing for the "bases" internet
connection is that it's a "symmetric" connection, meaning the upstream
bandwidth is the same as the downstream. Most consumer connections are
asymmetric which wouldn't work to well for your application (since the
limit for be the slower direction. Best idea IMHO would be to get a
symmetric connection for the base with the option of upgrading the
bandwidth, therefore if your users complain things are too slow you just
call the ISP and have them up the bandwidth.

> I assume bandwith is more a bottleneck than
> the VPN hardware?

Unless you're dealing with hundreds of VPN clients you are correct,
bandwidth will be the bottleneck. Since each colony will only be one VPN
connection you should be OK.

Good luck! :)

TTYL

2006\06\28@103232 by Patrick Murphy

flavicon
face
Hi Herbert,

Tuesday, June 27, 2006, 4:19:49 PM, you wrote:

{Quote hidden}

If I use a computer running Linux, that should be a good deterrent by
itself, as there are very few in the colonies that have any experience
with Linux.

>> I like the idea of ISP transparency - some colonies can only get an
>> expensive satellite connection, while others would be able to choose a
>> less expensive connection.
>>
>> The tradeoff is, then, lower bandwidth vs. ISP transparency.

> Absolutely. That said, if email and a few webpages are the only things
> the clients are using bandwidth shouldn't be much of an issue.

That makes sense.

--
Best regards,
Patrick Murphy
James Valley Colony

2006\06\28@144446 by Herbert Graf

flavicon
face
On Wed, 2006-06-28 at 09:05 -0500, Patrick Murphy wrote:
> Hi Herbert,
> If I use a computer running Linux, that should be a good deterrent by
> itself, as there are very few in the colonies that have any experience
> with Linux.

True, but you have to think about a youngster in general. The more
difficult and "mysterious" something appears, the MORE interested they
will be in figuring out how it works and breaching it! :) There's
nothing in making somebody want something then telling them they can't
have it!

TTYL

More... (looser matching)
- Last day of these posts
- In 2006 , 2007 only
- Today
- New search...