Grex Oldcoop Conference

Item 299: Policy issues regarding blocking outgoing network access

Entered by nharmon on Sat Dec 3 02:10:39 2005:

I've created this item for the discussion of some of the ramifications
of using squid to filter outgoing web traffic from Grex. The last BoD
meeting minutes talk about using a seperate system as a sort of bastion
host for grex...and then running squid on that system. Theoretically,
all outgoing connections would have to be through that system's squid
program.
14 responses total.
#1 of 14 by nharmon on Sat Dec 3 02:13:31 2005:

My first thought is this: Who will decide what gets filtered? I would be
concerned if there was not at least a written policy regarding only
filtering malicious attacks, and not say, "inappropriate" websites.

#2 of 14 by naftee on Sat Dec 3 04:42:51 2005:

I'm sure your second thought is how your brain is still reeling from that
thought #1.

#3 of 14 by remmers on Sat Dec 3 14:52:18 2005:

When Grex was in its previous location, we ran squid.  I wasn't involved
in either the setup or maintenance of it, so I can't speak from
first-hand knowledge, but I believe that it was used to prevent HTTP
exploits.  That's a reasonable and responsible thing for Grex to do. 
I'd oppose using it for content filtering.

#4 of 14 by cross on Sat Dec 3 15:58:48 2005:

I wonder why it has to be run on a separate machine.

#5 of 14 by nharmon on Sat Dec 3 18:38:26 2005:

Steve wants a seperate machine that can act like a firewall. Which would
put Grex into its own DMZ. And then if we also ran squid to prevent HTTP
exploits, I suppose it would not HAVE TO run on Grex, but could be run
on the other machine to free up resources on Grex.

#6 of 14 by cross on Sat Dec 3 18:54:44 2005:

It's not clear to me that grex is resource constrained anymore; at least
not as far as things like squid go.  What's more, we've already got pf;
any firewall configuration *could* be done on a single machine.  Whether
that's the *best* way to go is debatable, but it is possible.

#7 of 14 by tsty on Sun Dec 4 07:22:22 2005:

fwiw - i favor separate b0xen .. always have; always will. live with it.

#8 of 14 by nharmon on Sun Dec 4 13:38:55 2005:

Boxen? Is that plural for box? Kinda like oxen is plural for Ox?


Boss! :)

#9 of 14 by kingjon on Sun Dec 4 13:49:16 2005:

:)

Actually, Boxen is the imaginary country created by C.S. Lewis and his brother
as children, combining Animal-Land and India.

#10 of 14 by sabre on Sat Dec 10 16:20:58 2005:

re#8 No....it's an english dialect called scripkidiot.

#11 of 14 by nharmon on Sat Dec 10 16:41:35 2005:

HAHAHAH

#12 of 14 by tsty on Wed Dec 14 16:36:29 2005:

re #8 ...yes, plural ... re #10 ... you appear as such a t{xtd0|t .../sigh

#13 of 14 by naftee on Wed Dec 14 23:22:01 2005:

/unlucky

#14 of 14 by jesuit on Wed May 17 02:16:01 2006:

TROGG IS DAVID BLAINE

There are no more items selected.

You have several choices: