Content filtering options

RojoLoco

Has anyone found a filtering service that they like better than Strongarm? Obviously OpenDNS is out (because Cisco)... just wondering if there are others I should be researching.

DustinB3403

Is DansGuardian not an option? (or is it hated here?)

JaredBusch

@rojoloco said in Content filtering options:

Has anyone found a filtering service that they like better than Strongarm? Obviously OpenDNS is out (because Cisco)... just wondering if there are others I should be researching.

I do not know of any other ones other than those two.

I really lamented DNS filtering services because the only solution was Cisco until Strongarm came out.. But now that WatchGuard bought them, I dunno ..

*Only solution other than doing it yourself with PiHole or other in house DNS lists.

RojoLoco

@jaredbusch yeah, that recent acquisition had me wondering. But their service is reasonably priced.

JaredBusch

@rojoloco said in Content filtering options:

@jaredbusch yeah, that recent acquisition had me wondering. But their service is reasonably priced.

Can you still buy it as a separate service? I know that WatchGuard bought it to bake into their Firewall OS.

RojoLoco

@jaredbusch said in Content filtering options:

@rojoloco said in Content filtering options:

@jaredbusch yeah, that recent acquisition had me wondering. But their service is reasonably priced.

Can you still buy it as a separate service? I know that WatchGuard bought it to bake into their Firewall OS.

It looks like you can. But I haven't contacted them yet because they actually show pricing.

RojoLoco

We just need to lock down approx. 20 folks at our India office. 9,000 miles and no local HR department means we have to treat them like children I suppose.

DustinB3403

@rojoloco said in Content filtering options:

We just need to lock down approx. 20 folks at our India office. 9,000 miles and no local HR department means we have to treat them like children I suppose.

What makes you think they simply won't bypass whatever you install?

RojoLoco

@dustinb3403 said in Content filtering options:

@rojoloco said in Content filtering options:

We just need to lock down approx. 20 folks at our India office. 9,000 miles and no local HR department means we have to treat them like children I suppose.

What makes you think they simply won't bypass whatever you install?

The fact that they've already signed an AUP and we will fire the shit out of them.

DustinB3403

Wasn't there a conversation here on ML about ClearOS as a content filter not to long ago?

DustinB3403

@rojoloco said in Content filtering options:

@dustinb3403 said in Content filtering options:

@rojoloco said in Content filtering options:

We just need to lock down approx. 20 folks at our India office. 9,000 miles and no local HR department means we have to treat them like children I suppose.

What makes you think they simply won't bypass whatever you install?

The fact that they've already signed an AUP and we will fire the shit out of them.

So then why do you need an CF on top of the AUP. . . or are you just really wanting to monitor if they break the AUP and then fire them?

RojoLoco

@dustinb3403 said in Content filtering options:

@rojoloco said in Content filtering options:

@dustinb3403 said in Content filtering options:

@rojoloco said in Content filtering options:

We just need to lock down approx. 20 folks at our India office. 9,000 miles and no local HR department means we have to treat them like children I suppose.

What makes you think they simply won't bypass whatever you install?

The fact that they've already signed an AUP and we will fire the shit out of them.

So then why do you need an CF on top of the AUP. . . or are you just really wanting to monitor if they break the AUP and then fire them?

That's what the bosses want. Only 1 person on that side to keep them inline, and he's been interviewing and hiring lately. They've been warned, but in order for that office to be cost effective, we have to block them from shopping online and watching cricket matches.

DustinB3403

So doing HR's job because there is no HR onsite. Well that sucks.

DustinB3403

I've not used this but Privoxy might work well enough.

https://www.privoxy.org/
https://www.pcmech.com/article/build-web-content-filter-using-linux-privoxy/

RojoLoco

@dustinb3403 meh. I've had way more stupid assignments in other "IT" jobs before. Should be basically set-and-forget after whitelisting customer websites. One thing our overseas workers do not do is whine about stuff like filtered internet... that's a huge positive.

RojoLoco

@dustinb3403 said in Content filtering options:

I've not used this but Privoxy might work well enough.

https://www.privoxy.org/
https://www.pcmech.com/article/build-web-content-filter-using-linux-privoxy/

Way too much complexity. They want simplicity (so do I, since I'll be managing it). A hosted DNS service is ideal.

momurda

What do you have at the site already?
Many firewall devices have this stuff built in now.
I could block anything by category or even strings 'cricket' 'viagra' stuff like that. Any traffic passing through the interface out to the web gets inspected.
Any requests that use these words get blocked with a warning in the browser and logged.
Not quite the same as a dns filtering though.

jmoore

You might look at Clouflare. They have a free option and are hosted. I use them on my websites so been a while since I set them up but I think you can do some filtering and white listing.

JaredBusch

@momurda said in Content filtering options:

What do you have at the site already?
Many firewall devices have this stuff built in now.
I could block anything by category or even strings 'cricket' 'viagra' stuff like that. Any traffic passing through the interface out to the web gets inspected.
Any requests that use these words get blocked with a warning in the browser and logged.
Not quite the same as a dns filtering though.

No, firewalls do not have that. Those are UTM devices. But that is a totally different discussion.

Also there is no way for most of those devices to block anything HTTPS unless you let the UTM perform MitM on your SSL. This generally causes more problems than it solves.

RojoLoco

@momurda said in Content filtering options:

What do you have at the site already?
Many firewall devices have this stuff built in now.
I could block anything by category or even strings 'cricket' 'viagra' stuff like that. Any traffic passing through the interface out to the web gets inspected.
Any requests that use these words get blocked with a warning in the browser and logged.
Not quite the same as a dns filtering though.

There is a crappy Cisco ASA firewall there. Yuck.