 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
|
|
|
|
|
|
|
|
|
|
|
|
|
SonicWall Firewall provides Content Filtering for Networks Doug Noble (2003) Recently, I was asked to help a school install Internet access for the classroom Macs. They already had an Ethernet network installed. I recommended DirecTVDSL (formerly Telocity) as the provider and ordered their DSL service. One advantage of their service over some cable and DSL providers is the provision of a fixed IP address. So if the school wanted to host their own website, it would be possible. Service was connected in less than 2 weeks. Usually to provide shared access to DSL, I install a Linksys DSL router, typically available under $75. It connects between the DSL modem's Ethernet port, and the Ethernet network, allowing Macs and PCs to share the DSL transparently. However in the case of a school, concerns over the content available on the net prompted us to investigate other options which would allow the blocking of XXX and other objectionable sites. One option would be to install software such as Intego ContentBarrier on each Mac. However, this would require individual installation on each machine, and keeping every Mac updated would be a challenge. Plus, there's the possibility of the software being circumvented by the users. A centralized solution would be more preferable. After doing some research, I found the SonicWALL Pro 100, (www.sonicwall.com) a firewall and DSL router which performs a similar function as the Linksys, but in addition offers a Content Filtering Subscription to CyberPatrol's CyberNOT List, ideal for educational institutions. The CyberNOT List classifies objectionable material into 12 categories from a dynamically updated database of over 1.5 million URLs. This enables the SonicWALL device to monitor usage and control access to unproductive and objectionable Web content according to established criteria. Every week, the SonicWALL automatically accesses the CyberNOT list and updates its list of URLs, without any manual intervention. You can set the Content Filter to allow/deny access to the following categories.
The Network Administrator can specify domains or hosts (e.g., "yahoo.com") that can access can be allowed ("Trusted") or denied ("Forbidden"). This feature can be used to customize the Content Filter List, or to allow Web access to sites on a custom list. With careful screening, this can be close to 100% effective at blocking objectionable material. The SonicWALL can optionally scan both the filename field and host field for specific keywords, and block any requests that contain them. For example, if the administrator enters the keyword "sex," access to sites such as http://www.hotsex.com will be blocked. When a site is blocked, a customized screen is displayed instead of the site, explaining that the site has been blocked. Overall, I am impressed by the SonicWALL. It is easily configured via a web browser, and offers many firewall options. There are three ports - the WAN port connects to the Ethernet port on the DSL modem. The LAN port connects to the Ethernet network. A third port, labeled DMZ, allows internal and external access to a web server. A log file is emailed to the administrator every day, so I can see the many intrusion attempts and viruses which have been blocked by the firewall, as well as attempts to access banned sites. The SonicWALL Pro 100 Education model, available for about $1000, includes the first year's Content Filter Subscription; after that it's approx $400/year. Not cheap, but the peace of mind it offers is worth it! -- copyright Doug Noble |
GCMAC
Listserv Message Archive Search
Database |
