[Server-devel] Filtering and authentication

Anna aschoolf at gmail.com
Sun Apr 26 12:47:44 EDT 2009


On Sun, Apr 26, 2009 at 10:51 AM, Reuben K. Caron <reuben at laptop.org> wrote:

>
>  A free and simple solution, while not bullet proof (no content filter is
> that I am aware), is Open DNS. They are even CIPA compliant in the US:
> http://www.opendns.com/solutions/k12/
>

That's what I set up for our pilot school, which was very easy as the XS's
DSL connection has a static IP.  OpenDNS provides different filtering
options, which you can customize as necessary.  Being in the US, CIPA
compliance is absolutely vital to retain certain federal funding, and
OpenDNS was the quickest and easiest way to accomplish that.  Dansguardian
can be CIPA compliant, but there are other steps involved and I was wary of
unintentionally running afoul of the rules.
http://dansguardian.org/?page=faq#15  Not to mention Dansguardian consumes
server resources.  OpenDNS doesn't use any server resources and you can
easily configure the filtering to be CIPA compliant.
http://www.opendns.com/solutions/k12/cipa/

As far as limiting the internet connection to authorized XOs, that's an
issue we're probably going to run into at some point once we broaden the XS
deployment.  So far at the pilot school, the staff members connect to the
internet with their personal laptops and iPhones, but I haven't really heard
any complaints of abuse yet.

If your deployment is relatively small, it should be easy enough to add the
hardware addresses of the trusted XOs to dhcpd.conf and disallow unknown
machines (or play pranks on them as suggested at
http://www.ex-parrot.com/~pete/upside-down-ternet.html).

Anna Schoolfield
Birmingham
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.laptop.org/pipermail/server-devel/attachments/20090426/b3455b53/attachment.htm 


More information about the Server-devel mailing list