CensorNet

Detailed Features & Screenshots

CensorNet is a Debian-based Linux distribution in its own right and must be installed on a dedicated machine with a minimum of two Ethernet adapters.

CensorNet is divided into two distinct sections, the Console Configuration Tool which is used to configure system settings and perform system maintenance, and the Web Administration Tool designed for day to day control of users, workstations and filtering rules. These two sections are described in detail below.

Console Configuration Tool

Interface Console based GUI based on newt.

Locale Settings Set keymap and timezone for your CensorNet server.

Network Configuration Auto probe network card drivers, set IP address, DNS, gateway, hostname for public and private interfaces.

Router Mode • IP Router Mode - CensorNet acts like a Layer-3 IP packet forwarding router, and operates a secure firewall on the public interface.
• Ethernet Bridge Mode - CensorNet acts like a Layer-2 Ethernet frame bridge, and forwards all network traffic without the security of a firewall.

DHCP Service Enable/disable DHCP service.

User Authentication • Windows NT - CensorNet will authenticate users against a Windows NT domain (or SAMBA server)
• Active Directory - CensorNet will authenticate users against an Active Directory server
• Internal - CensorNet will maintain a list of username and passwords internally, manageable through the Web Interface.

Web Cache Configuration • Upstream Proxy - configure a parent proxy for CensorNet, supports authentication.
• Parent Proxy Exceptions - add or remove domains that will bypass the parent proxy
• Authentication Exceptions - add or remove domains that can be requested without authentication or filtering
• Source IP Filter Exceptions - allow unfiltered requests based on workstation IP address
• Cache Size - specify the size of the cache (in Mb)
• Proxy Port - specify the port that CensorNet will listen on, default: 8080

Probe LAN Automatically scan the network for workstations and add them to CensorNet.

Import Users Attempt to import users automatically from Windows NT or Active Directory domain.

Flush Cache Empty the web cache held on disk.

BLUD Configuration Enable/disable Blacklist Update (BLUD) subscription.

APC UPS Configure APC UPS to work with CensorNet.

Firewall Configuration • Remote Access - Enable/disable remote access (SSH) on the public interface
Router Mode Only:
• Port Forwarding Configuration - map external connections to the public interface through to machines on the private network
• Port Pinholing Configuration - pass through external connections (from the Internet) through to machines on the Internal network
• NAT - enable/disable NAT (IP masquerading) from the private interface to the public interface

Web Administration Interface

Maintenance Backup, Restore and Upgrade

Diagnostics Services Monitor, System Information, ping, traceroute etc.

User & Workstation Control

User Access Profiles • Unfiltered - user has unfiltered access to the Web
• Filtered - user is filtered according to the rules configured
• Denied - user cannot access the Web
• Whitelist - user is restricted to pre-approved sites (walled-garden)
• Moderator - user can pre-approve sites and add them to the whitelist (walled garden)

User Access Control Set user access profile by user, group, suspend user, bandwidth limit per user.

User Access Scheduling Schedule User Access Profiles by user or by group (minimum 5 minute increment)

User Management Add, remove, update users and groups. Import users from CSV.

Workstation Access Profiles • Allow Web & Other - allow workstation full access to the Internet
• Allow Web & Deny Other - restrict workstation to Web ports only (HTTP, SSL)
• Allow Other & Deny Web - block Web ports but allow other ports
• Deny All - block access to the Internet from the workstation

Workstation Access Control Set Workstation Access Profile by machine, group, suspend workstation, limit bandwidth, VNC (remote access)

Workstation Access Scheduling Schedule Workstation Access Profiles by machine or by group (minimum 5 minute increment) e.g. all machines in the Library have no Internet access between 12:00 and 13:00.

Workstation Management Add, remove, update workstations and groups. Import workstations from CSV or DHCP leases file (Linux).

Bandwidth Limiting Set bandwidth limit mode (by user or by machine), set network limit.

Web Interface Security Set password for Web Interface, restrict access to specific workstations.

Content Filtering

Keyword Exceptions Add, remove, update a list of allowed keywords in web pages.

Blocked Keywords & Combinations Add, remove, update a list of blocked keywords or keyphrase combinations.

PICS Filtering Enable or disable Platform Independent Content Selection (PICS) rating of web pages.

Site Blacklist Add, remove, update, activate/deacivate a list of blocked URL's.

Site Whitelist Add, remove, update, activate/deacivate a list of allowed URL's. These URL's are never blocked by CensorNet.

Blacklist Groups Add, remove, update a list of blacklist groups.

Whitelist Groups Add, remove, update a list of whitelist groups.

Site Block Approvals Approve or decline requests from users to block a particular site.

Site Unblock Approval Approve or decline requests from users to unblock a site that is being stopped by CensorNet.

Site Approval Digest Configure a digest of block/unblock requests to be e-mailed daily or weekly to the administrator.

Banned File Extensions Add, remove, update a list of file extensions to be blocked.

Banned MIME Types Add, remove, update a list of MIME types to be blocked.

Image Filter Configure the behaviour of the optional Image Filter module.

Reports & Monitoring

Banned Access Snapshot View a list of users who have violated filtering rules in the last 1-48 hours.

Access Reports Search for:
• Web sites visited by a particular user during a specific timespan
• Users who have visited a particular web site during a specific timespan

Web Usage Trends Internet usage trends by day, week, month, user, Top30 sites etc. For an example click here.

Who's Browsing Report Displays a list of users currently browsing through CensorNet, and the workstation they are using (Windows clients only).

Bandwidth Usage Summary Daily, weekly, yearly LAN and WAN bandwidth usage graphs courtesy of MRTG.

Web Cache Statistics A comprehensive report of the effectiveness of the web cache.

Screenshots (v3.2r3):

Home Page

Console Config. Tool

User Control Page

Access Denied Page

Site Filters Page

Scheduling

Report Generator

Image Filter Config.

Console Configuration Tool
Interface	Console based GUI based on newt.
Locale Settings	Set keymap and timezone for your CensorNet server.
Network Configuration	Auto probe network card drivers, set IP address, DNS, gateway, hostname for public and private interfaces.
Router Mode	• IP Router Mode - CensorNet acts like a Layer-3 IP packet forwarding router, and operates a secure firewall on the public interface. • Ethernet Bridge Mode - CensorNet acts like a Layer-2 Ethernet frame bridge, and forwards all network traffic without the security of a firewall.
DHCP Service	Enable/disable DHCP service.
User Authentication	• Windows NT - CensorNet will authenticate users against a Windows NT domain (or SAMBA server) • Active Directory - CensorNet will authenticate users against an Active Directory server • Internal - CensorNet will maintain a list of username and passwords internally, manageable through the Web Interface.
Web Cache Configuration	• Upstream Proxy - configure a parent proxy for CensorNet, supports authentication. • Parent Proxy Exceptions - add or remove domains that will bypass the parent proxy • Authentication Exceptions - add or remove domains that can be requested without authentication or filtering • Source IP Filter Exceptions - allow unfiltered requests based on workstation IP address • Cache Size - specify the size of the cache (in Mb) • Proxy Port - specify the port that CensorNet will listen on, default: 8080
Probe LAN	Automatically scan the network for workstations and add them to CensorNet.
Import Users	Attempt to import users automatically from Windows NT or Active Directory domain.
Flush Cache	Empty the web cache held on disk.
BLUD Configuration	Enable/disable Blacklist Update (BLUD) subscription.
APC UPS	Configure APC UPS to work with CensorNet.
Firewall Configuration	• Remote Access - Enable/disable remote access (SSH) on the public interface Router Mode Only: • Port Forwarding Configuration - map external connections to the public interface through to machines on the private network • Port Pinholing Configuration - pass through external connections (from the Internet) through to machines on the Internal network • NAT - enable/disable NAT (IP masquerading) from the private interface to the public interface
Web Administration Interface
Maintenance	Backup, Restore and Upgrade
Diagnostics	Services Monitor, System Information, ping, traceroute etc.
User & Workstation Control
User Access Profiles	• Unfiltered - user has unfiltered access to the Web • Filtered - user is filtered according to the rules configured • Denied - user cannot access the Web • Whitelist - user is restricted to pre-approved sites (walled-garden) • Moderator - user can pre-approve sites and add them to the whitelist (walled garden)
User Access Control	Set user access profile by user, group, suspend user, bandwidth limit per user.
User Access Scheduling	Schedule User Access Profiles by user or by group (minimum 5 minute increment)
User Management	Add, remove, update users and groups. Import users from CSV.
Workstation Access Profiles	• Allow Web & Other - allow workstation full access to the Internet • Allow Web & Deny Other - restrict workstation to Web ports only (HTTP, SSL) • Allow Other & Deny Web - block Web ports but allow other ports • Deny All - block access to the Internet from the workstation
Workstation Access Control	Set Workstation Access Profile by machine, group, suspend workstation, limit bandwidth, VNC (remote access)
Workstation Access Scheduling	Schedule Workstation Access Profiles by machine or by group (minimum 5 minute increment) e.g. all machines in the Library have no Internet access between 12:00 and 13:00.
Workstation Management	Add, remove, update workstations and groups. Import workstations from CSV or DHCP leases file (Linux).
Bandwidth Limiting	Set bandwidth limit mode (by user or by machine), set network limit.
Web Interface Security	Set password for Web Interface, restrict access to specific workstations.
Content Filtering
Keyword Exceptions	Add, remove, update a list of allowed keywords in web pages.
Blocked Keywords & Combinations	Add, remove, update a list of blocked keywords or keyphrase combinations.
PICS Filtering	Enable or disable Platform Independent Content Selection (PICS) rating of web pages.
Site Blacklist	Add, remove, update, activate/deacivate a list of blocked URL's.
Site Whitelist	Add, remove, update, activate/deacivate a list of allowed URL's. These URL's are never blocked by CensorNet.
Blacklist Groups	Add, remove, update a list of blacklist groups.
Whitelist Groups	Add, remove, update a list of whitelist groups.
Site Block Approvals	Approve or decline requests from users to block a particular site.
Site Unblock Approval	Approve or decline requests from users to unblock a site that is being stopped by CensorNet.
Site Approval Digest	Configure a digest of block/unblock requests to be e-mailed daily or weekly to the administrator.
Banned File Extensions	Add, remove, update a list of file extensions to be blocked.
Banned MIME Types	Add, remove, update a list of MIME types to be blocked.
Image Filter	Configure the behaviour of the optional Image Filter module.
Reports & Monitoring
Banned Access Snapshot	View a list of users who have violated filtering rules in the last 1-48 hours.
Access Reports	Search for: • Web sites visited by a particular user during a specific timespan • Users who have visited a particular web site during a specific timespan
Web Usage Trends	Internet usage trends by day, week, month, user, Top30 sites etc. For an example click here.
Who's Browsing Report	Displays a list of users currently browsing through CensorNet, and the workstation they are using (Windows clients only).
Bandwidth Usage Summary	Daily, weekly, yearly LAN and WAN bandwidth usage graphs courtesy of MRTG.
Web Cache Statistics	A comprehensive report of the effectiveness of the web cache.