Most homes have an unrestricted access to the internet. Most parents don't want their children going to certain sites, but they wouldn't have the first idea how to control this.
VM idea...
Create a cut down linux box running squid and something along the lines of squidguard or dansguardian. Allow automatic downloading of blacklists etc..
Create a nice web interface so that they can unblock/block certain sites. View info on who went where. Incorporate authentication if desired. Setup dhcp so gateway addresses, dns are sent to PCs... The easier this is to setup for non-techies the more used it will be.
Keep it small. Don't install packages if they aren't needed. i assume the more work you put in yourself to customize this VM the better. e.g. don't just use webadmin or the likes.
And most important good documentation...
This is something that I have been asked for before. Don't have the time to put in, and would not begrudge anybody who puts in the effort and gets the prize. At least i can point parents to the new vm to 'protect' their kids.
A sort of open source instant-on WebSense content filtering VM.
Not bad at all...
Alessandro Perilli, CISSP, MVP
http://www.alessandroperilli.com
Blogging about IT Security on http://www.securityzero.com
Blogging about Virtualization on http://www.virtualization.info
Hey there,
This is a great idea.
Ummm, I would use this if someone built it.
-Daryll
I like your idea, and think it would make a useful appliance.
But, and I hope I'm mistaken, a thorough reading of the contest rules convinced me that my three favorite ideas would not be allowed due to various rules. One of those ideas had some similarity to yours, and one or both of the following rules seem to apply:
The appliance may not, "...surreptitiously intercept or expropriate any system, data or personal information."
and
The appliance may not be, "...infringing, threatening, invasive of anothers privacy..."
In the scenario you describe, protecting children, I see no problem. But the appliance could clearly be used in other situations where both rules might be broken.
In another posting someone suggested a security scanning tool, which also sounds like a good idea, but could be a useful tool for a hacker, which is explicitly verboten.
Is there someone from VMware who could comment on this for the record or to whom we could present questionable appliance concepts before we devote time and effort?
Thanks - and Good Luck,
_John
Funny, I've actually started to work on this exact thing.
I wouldn't feel comfortable making an "official" statement on VMware's behalf about exactly what would or would not break the rules, but I'll comment on this particular item (my opinion only, of course).
The appliance may not, "...surreptitiously intercept
or expropriate any system, data or personal
information."
and
The appliance may not be, "...infringing,
threatening, invasive of anothers privacy..."
IMHO the appliance idea as described above by de8o does not violate these rules. It blocks some content, but it does not intercept personal information or invade privacy. If it sent a list of URLs you tried to visit to the appliance author's email address, that would be a different question. But if it just sits there and blocks certain websites, that doesn't seem like a problem to me.
Bear in mind also that you have to configure your network to use this appliance in the first place -- it's not the kind of thing that someone can set up and surreptitiously capture traffic, because you have to replace whatever existing network infrastructure is currently providing web access.
Just my opinion.
I will use this if someone builds it. Not in the line of what I am thinking to build, so cheers to those that do.
Dallas
Ok,
maybe to be compliant you might remove ....View info on who went where....
Does anybody else have any ideas that they would like to see somebody incorporate?
If like me you are not planning on entering, why not give some tips and pointers to improve this.
If you are working on this, best of luck.
You should be able to add/remove protocol/URL filters on the fly, ideally using a HTML interface, or if you're so inclined, after the VM is offered, allow people to add their own black/whitelists after recieving the VM, but if you were to intercept and filter in this manner, your entry would probably be denied.
Just a thought...
but if you were to intercept and filter in this manner, your entry would probably be denied.
Why? The rules state that the appliance cannot be "invasive of anothers privacy" or "surreptitiously intercept or expropriate any system, data or personal information". By allowing the user to filter URL's on the fly, you are not intercepting and filtering surrpertitiously - you are doing it explicitely. The user is making the decision to block that URL.
I'm just guessing here, but I think the purpose of those statements in the rules is to prevent people from adding virus/spyware-type programs into the appliciances which would grab the user's personal info without their knowledge and use or post it somewhere without the user's knowledge. By creating a filtering proxy server appliance, and allowing the user to specify what should or shouldn't be filtered, the rules are not violated. The user knows that they are being blocked and they are deciding what to or not to block - nothing is being done without the user's knowledge.
Just my opinion. Any thoughts? (esp from the VMWare people)
I'm just guessing here, but I think the purpose of
those statements in the rules is to prevent people
from adding virus/spyware-type programs into the
appliciances which would grab the user's personal
info without their knowledge and use or post it
somewhere without the user's knowledge. By creating
a filtering proxy server appliance, and allowing the
user to specify what should or shouldn't be filtered,
the rules are not violated. The user knows that they
are being blocked and they are deciding what to or
not to block - nothing is being done without the
user's knowledge.
Just my opinion. Any thoughts? (esp from the VMWare
people)
That's my take on this as well. As far as I can tell, the point is that the VM should not be doing anything sketchy that the user of the VM[/i] doesn't know about. Filtering traffic seems perfectly legitimate and if the VM does what it advertises to do then I see no problem.
I'm not the one running the contest so I can't speak officially on this, but that's my interpretation of it.
Curiously enough I am already doing this.
I have used SmoothWall with DansGuardian for some time as a standalone firewall.
In order to make T&D easier I ended up running Smoothwall in a VM environment.
Since then it has been a perfectly usable environment. However for lots of reasons I still prefer to keep the separate physical box.
JConroy
I'm not sure how the k12ltsp appliance is set up, but squidguard and dansguardian are easily installable with yum if they aren't already there.