Finally I have got my webserver to the correct configuration which I have been planning on doing for a while now...but it is now complete...the web server now runs Microsoft Windows 2003 R2 SP1 Enterprise Edition and has Apache as the HTTPD server utilsing PHP5 and MySQL 5.02.
I also used to use FreeProxy 4.0 which was very buggy and slow so as part of the rebuild I have upgraded to Microsoft ISA2006 Standard with SP1 which has impressed me greatly.....I also have the GFI WebMonitor 4 plugin installed monitor and block websites internally.
This server also operates as a SSH server amoung other roles like DNS server (which is crap in Windows Server 2008 by the way!)
Do not be scared of ISA2006 as a product it is very good and easy to setup and secure so on that note here the the main dashboard view...
This is a very clean and easy to understand interface showing you at-a-glance what is not working, then come the firewall policys...you need to get this correct or you legitimate traffic will be blocked....
NOTE : The fields missing have been removed intentially as I do not want "Joe Public" seeing all my firewall....you can see the name, condition and applies to from the view
A6N_WWW Rule : This rule has been left in as it poses no security threat as this is common sense....without this role you would not be looking at this website!
If you install ISA2006 SP1 then you get the Troubleshooting tab as shown below:
The configuration section of ISA2006 is where you can loose you head with options and ultimately "mess" ISA up with incorrect settings so tread carefully or leave it to a professional!
Now for GFI Web Monitor....version 4 that is, on first impressions it seems very simple but it is actually a lot better than SurfControl and WebSense as a filtering product...let take a look at the main GUI.....
This proves to be a very clean and easy to use interface for administrators......but what are the policys like to assign....in one word "easy" see below:
NOTE : GFI WebMonitor does have a override a category rule this is called a Whitelist in WebMonitor 4 but if you block "Hacking" then why would you want to unblock one hacking site....unblock the category not individual sites!
GFI Secure Download Manager....this is an excellent idea the theory is that when you download a executable for your servers that you get a dialogue box appear (only in Internet Explorer) that downloads it securely and then prforms a virus scan using 2/3 anti-virus solutions as shown below:
When this has completed you can either download from the cache or download a non-cached copy from the Internet:
Finally the block page...this is a very clean and easy to read block page and it looks like this....
Summary : If you want the ultimate solution for a proxy, firewall and filtering solution then get Microsoft ISA 2006 and GFI WebMonitor 4.
I also used to use FreeProxy 4.0 which was very buggy and slow so as part of the rebuild I have upgraded to Microsoft ISA2006 Standard with SP1 which has impressed me greatly.....I also have the GFI WebMonitor 4 plugin installed monitor and block websites internally.
This server also operates as a SSH server amoung other roles like DNS server (which is crap in Windows Server 2008 by the way!)
Do not be scared of ISA2006 as a product it is very good and easy to setup and secure so on that note here the the main dashboard view...
This is a very clean and easy to understand interface showing you at-a-glance what is not working, then come the firewall policys...you need to get this correct or you legitimate traffic will be blocked....
NOTE : The fields missing have been removed intentially as I do not want "Joe Public" seeing all my firewall....you can see the name, condition and applies to from the view
A6N_WWW Rule : This rule has been left in as it poses no security threat as this is common sense....without this role you would not be looking at this website!
If you install ISA2006 SP1 then you get the Troubleshooting tab as shown below:
The configuration section of ISA2006 is where you can loose you head with options and ultimately "mess" ISA up with incorrect settings so tread carefully or leave it to a professional!
Now for GFI Web Monitor....version 4 that is, on first impressions it seems very simple but it is actually a lot better than SurfControl and WebSense as a filtering product...let take a look at the main GUI.....
This proves to be a very clean and easy to use interface for administrators......but what are the policys like to assign....in one word "easy" see below:
NOTE : GFI WebMonitor does have a override a category rule this is called a Whitelist in WebMonitor 4 but if you block "Hacking" then why would you want to unblock one hacking site....unblock the category not individual sites!
GFI Secure Download Manager....this is an excellent idea the theory is that when you download a executable for your servers that you get a dialogue box appear (only in Internet Explorer) that downloads it securely and then prforms a virus scan using 2/3 anti-virus solutions as shown below:
When this has completed you can either download from the cache or download a non-cached copy from the Internet:
Finally the block page...this is a very clean and easy to read block page and it looks like this....
Summary : If you want the ultimate solution for a proxy, firewall and filtering solution then get Microsoft ISA 2006 and GFI WebMonitor 4.