On Feb 16, 2011, at 7:17 PM, Michael C. Robinson wrote: > OpenDNS only solves the filtering issue if you are pointed at the > correct DNS servers. No Internet service provider that I know of will > force that issue, so there is a weakness between the server that should > force use of the correct DNS servers and the modem. If you can bypass > the server, you're unfiltered. If what you have to plug into beyond the > server requires authentication and you don't know the secret, you aren't > toast. So what I really need is an authenticating switch that I can > lock inside my modem cabinet. So what is this switch called and what > does it cost? >
Nothing you do will be 100%, unless you unplug from the net. So. you need to decide how much risk you are willing to take. This is what every IT manager discusses with the CEO and corporate attorneys. You have it easy, in that you are all three in this case. :) What you are talking about is a proxy server. There are commercial ones (like netnanny) and I'm sure there are FLOSS ones too. What you do, is place your 'modem' in your closet. Then put that connection to the system running the proxy also in your closet. The proxy is also your filter. ALL connections go through the proxy server. If you don't allow DNS connections THROUGH the proxy, then those systems inside the proxy HAVE to use the DNS service you offer INSIDE the proxy. This won't stop someone that tethers their cell phone, but it does stop any connection you want to stop over the wire you have control over. Oh, and you remember that proxy/filter I told you about at one of my places of employment? I showed the IT manager I could bypass it without causing any logs to be created by simply going to a search engine, and looking at the cached content of the search engine, without going to the originating site. Russell Johnson [email protected] _______________________________________________ PLUG mailing list [email protected] http://lists.pdxlinux.org/mailman/listinfo/plug
