de8o
Enthusiast
Enthusiast

Feel free to use and improve this idea. An open source idea....

Most homes have an unrestricted access to the internet. Most parents don't want their children going to certain sites, but they wouldn't have the first idea how to control this.

VM idea...

Create a cut down linux box running squid and something along the lines of squidguard or dansguardian. Allow automatic downloading of blacklists etc..

Create a nice web interface so that they can unblock/block certain sites. View info on who went where. Incorporate authentication if desired. Setup dhcp so gateway addresses, dns are sent to PCs... The easier this is to setup for non-techies the more used it will be.

Keep it small. Don't install packages if they aren't needed. i assume the more work you put in yourself to customize this VM the better. e.g. don't just use webadmin or the likes.

And most important good documentation...

This is something that I have been asked for before. Don't have the time to put in, and would not begrudge anybody who puts in the effort and gets the prize. At least i can point parents to the new vm to 'protect' their kids.

0 Kudos
12 Replies
Alessandro_Peri
Enthusiast
Enthusiast

A sort of open source instant-on WebSense content filtering VM.

Not bad at all...

Alessandro Perilli, CISSP, MVP

http://www.alessandroperilli.com

Blogging about IT Security on http://www.securityzero.com

Blogging about Virtualization on http://www.virtualization.info

0 Kudos
Daryll
Expert
Expert

Hey there,

This is a great idea.

Ummm, I would use this if someone built it.

-Daryll

0 Kudos
SoL
Contributor
Contributor

I like your idea, and think it would make a useful appliance.

But, and I hope I'm mistaken, a thorough reading of the contest rules convinced me that my three favorite ideas would not be allowed due to various rules. One of those ideas had some similarity to yours, and one or both of the following rules seem to apply:

The appliance may not, "...surreptitiously intercept or expropriate any system, data or personal information."

and

The appliance may not be, "...infringing, threatening, invasive of another’s privacy..."

In the scenario you describe, protecting children, I see no problem. But the appliance could clearly be used in other situations where both rules might be broken.

In another posting someone suggested a security scanning tool, which also sounds like a good idea, but could be a useful tool for a hacker, which is explicitly verboten.

Is there someone from VMware who could comment on this for the record or to whom we could present questionable appliance concepts before we devote time and effort?

Thanks - and Good Luck,

_John

0 Kudos
trevlix
Contributor
Contributor

Funny, I've actually started to work on this exact thing. Smiley Happy

0 Kudos
bac
Expert
Expert

I wouldn't feel comfortable making an "official" statement on VMware's behalf about exactly what would or would not break the rules, but I'll comment on this particular item (my opinion only, of course).

The appliance may not, "...surreptitiously intercept

or expropriate any system, data or personal

information."

and

The appliance may not be, "...infringing,

threatening, invasive of another’s privacy..."

IMHO the appliance idea as described above by de8o does not violate these rules. It blocks some content, but it does not intercept personal information or invade privacy. If it sent a list of URLs you tried to visit to the appliance author's email address, that would be a different question. Smiley Happy But if it just sits there and blocks certain websites, that doesn't seem like a problem to me.

Bear in mind also that you have to configure your network to use this appliance in the first place -- it's not the kind of thing that someone can set up and surreptitiously capture traffic, because you have to replace whatever existing network infrastructure is currently providing web access.

Just my opinion.

0 Kudos
Dallas
Enthusiast
Enthusiast

I will use this if someone builds it. Not in the line of what I am thinking to build, so cheers to those that do.

Dallas

0 Kudos
de8o
Enthusiast
Enthusiast

Ok,

maybe to be compliant you might remove ....View info on who went where....

Does anybody else have any ideas that they would like to see somebody incorporate?

If like me you are not planning on entering, why not give some tips and pointers to improve this.

If you are working on this, best of luck.

0 Kudos
tysonkey
Enthusiast
Enthusiast

You should be able to add/remove protocol/URL filters on the fly, ideally using a HTML interface, or if you're so inclined, after the VM is offered, allow people to add their own black/whitelists after recieving the VM, but if you were to intercept and filter in this manner, your entry would probably be denied.

Just a thought...

0 Kudos
trevlix
Contributor
Contributor

but if you were to intercept and filter in this manner, your entry would probably be denied.

Why? The rules state that the appliance cannot be "invasive of another’s privacy" or "surreptitiously intercept or expropriate any system, data or personal information". By allowing the user to filter URL's on the fly, you are not intercepting and filtering surrpertitiously - you are doing it explicitely. The user is making the decision to block that URL.

I'm just guessing here, but I think the purpose of those statements in the rules is to prevent people from adding virus/spyware-type programs into the appliciances which would grab the user's personal info without their knowledge and use or post it somewhere without the user's knowledge. By creating a filtering proxy server appliance, and allowing the user to specify what should or shouldn't be filtered, the rules are not violated. The user knows that they are being blocked and they are deciding what to or not to block - nothing is being done without the user's knowledge.

Just my opinion. Any thoughts? (esp from the VMWare people)

0 Kudos
bac
Expert
Expert

I'm just guessing here, but I think the purpose of

those statements in the rules is to prevent people

from adding virus/spyware-type programs into the

appliciances which would grab the user's personal

info without their knowledge and use or post it

somewhere without the user's knowledge. By creating

a filtering proxy server appliance, and allowing the

user to specify what should or shouldn't be filtered,

the rules are not violated. The user knows that they

are being blocked and they are deciding what to or

not to block - nothing is being done without the

user's knowledge.

Just my opinion. Any thoughts? (esp from the VMWare

people)

That's my take on this as well. As far as I can tell, the point is that the VM should not be doing anything sketchy that the user of the VM[/i] doesn't know about. Filtering traffic seems perfectly legitimate and if the VM does what it advertises to do then I see no problem.

I'm not the one running the contest so I can't speak officially on this, but that's my interpretation of it.

0 Kudos
jconroy
Contributor
Contributor

Curiously enough I am already doing this.

I have used SmoothWall with DansGuardian for some time as a standalone firewall.

In order to make T&D easier I ended up running Smoothwall in a VM environment.

Since then it has been a perfectly usable environment. However for lots of reasons I still prefer to keep the separate physical box.

JConroy

0 Kudos
lmikesell
Contributor
Contributor

I'm not sure how the k12ltsp appliance is set up, but squidguard and dansguardian are easily installable with yum if they aren't already there.

0 Kudos