I've been working on a web filtering solution today. It seems that unfortunately in today's society it has become acceptable for individuals to waste inordinate amounts of time surfing the Internet to the detriment of themselves and their employer. Combine that with the incredibly letigious nature of the modern employee and you have to protect employees from each others "surfing" from creating a hostile work environment.

Enter today's web filtering poducts. We have been using Squid Web Proxy as a caching web proxy for years. It has saved our company thousands of dollars over the years in bandwidth costs. In addition, it provides logging and some manual regex based filtering. The product I'm going to soon be implementing is Websense. Websense does for the Web what a Barracuda SPAM firewall does for email.

Websense will allow us to take a more proactive stance on web filtering with live databse updates via subscription that group sites into categories which can be allowed or disallowed based on global, group and individual policies. Now, instead of having to do reactive detective work most issues can be thwarted proactively by blocking access to non-work-related sites during business hours.

Best of all, it both runs on Linux and integrates with our existing network of Squid servers. We'll be able to purchase one physical server, and have it host (2) virtual server using VMware Server 1.x. One virtual server will run the Websense software stack, and the other virtual server will be our Tampa office's new Squid proxy. Then we can configure all of our Squid servers at all our remote offices to check with the Websense server prior to fulfilling HTTP/HTTPS/FTP requests from local clients. And important part of this will be to configure this solutions to fail-open should a remote office's VPN connection to Tampa go down for any reason.

No comments: