Problem solve Get help with specific problems with your technologies, process and projects.

How can I use Linux for secure Internet access serving?

I want to install a Linux server that gives Internet access to my users. But I only want to give access to selected users or groups, no matter which computer of the LAN they're using. I'm currently using Microsoft Proxy Server 2.0, but I don't want to update it.

Which software and/or Linux distribution will best fit my needs if I want to install to give users the same access they have now and have the capability to select users for special access? Also, what other basic security measures should I take when installing a new Linux distribution?
Internet access serving is one of the top six applications that Linux has found a niche for. The Linux application that provides Web and FTP proxy services is called SQUID. You can read more about this tool here: http://www.squid-cache.org.

From the Linux distribution perspective the four most used products are:

  • Red Hat Linux
  • SuSE Linux
  • Mandrake Linux
  • Debian Linux (free)
Which is best for you depends on whether or not you intend to roll your own solution or buy a pre-packaged and fully supported solution. You would need to check in with each vendor as well as with the Debian community to form your own opinion. Before you call anyone, I'd suggest that you carefully determine what your decision criteria are.

SQUID is a very capable proxy server that implements a concept known as Access Control Lists (ACLs). ACLs can be based on network address, machine or host names (of clients), direct per-user authentication, transparent authentication using MS Windows login IDs, etc.

SQUID also allows you to set URL filters that will effectively block all traffic from sites that may serve up unfriendly words or terms in the URL or in content. In addition to SQUID itself you can use a companion tool like squidguard to provide even tighter and more finely-grained control over Internet access.

Rules? Firstly, make your SQUID server your Internet gateway. Secondly, block every port (UDP and TCP) that you do not want to let through your gateway. A good firewall configuration is essential. Next, configure SQUID to be your Gestapo security defense barrier.

Lastly, configure SQUID to use a port other than the default 3128, as the default is a bit of a give-away to potential crackers. Oh, by the way, you should of course block all incoming connections to your SQUID server if they do not originate from within your network.

You might also be interested in the auth_ntlm module for SQUID. A Google search should have you in touch with more than you can digest in a matter of strokes.

Dig Deeper on Linux servers

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

You will be able to add details on the next page.

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.