Docstoc

PPT presentation (PowerPoint download)

Document Sample
PPT presentation (PowerPoint download) Powered By Docstoc
					GSN Content Filtering Service




        Panagiotis Astithas
          NTUA/NMC
                    Contents

●   Introduction
●   Proxy configuration
●   Filtering sex.com
●   Software components
●   Filtered Categories
●   Filtering targets
●   Administrative application
●   Server distribution
●   Statistics
                     Introduction

●   Automatic transparent content filtering
    –   No user configuration
    –   No way to avoid policy enforcement
●   Abides to certain policy specifications
●   Applied on HTTP transfers only
●   Requirements:
    –   Low latency increase
    –   Low overhead on servers
●   Open-source solution
    –   Facilitates development of management tools
    –   Zero licensing/royalty cost
Proxy configuration
Filtering sex.com
             Software components

●   Squid web proxy cache
    –   Internet de-facto standard
●   SquidGuard filtering software
    –   Ultrafast filter, redirector & access controller
●   Blacklists combined from:
    –   Official SquidGuard blacklist
    –   Université Toulouse 1 Sciences Sociales blacklist
    –   Bürgernetz Pfaffenhofen blacklist
●   FreeBSD OS
    –   Robust, fast, reliable, UNIX OS
●   All open source components
               Filtered Categories

●   Porn (98.43% of total rules)
●   Gambling (0.55%)
●   Drugs (0.46%)
●   GSN custom lists (0.34%)
    –   Requests from users to include/exclude sites
●   Aggressive (0.14%)
●   Proxy/Anonymizers (0.06%)
●   Violence (0.02%)
                   Filtering targets

●   DNS domains
    –   e.g. sex.com
●   Specific site URLs
    –   e.g. acme.com/sex
●   Pattern-matching expressions
    –   e.g. (adultsonly|softcore|striptease)
Administrative application
                Server distribution

●   7 major Points of Presence (POP)
    –   Closely follows GSN network topology
●   Redundant servers in most POPs
    –   Static client allocation to each server via ACLs
    –   Spare servers on some POPs
●   Transparent filtering
    –   Using IOS ip policy for load balancing
    –   WCCP in the future for failover
●   Blacklist changes are pushed to every server
                        Statistics

●   Average transfer rate: 75 GB
    –   Cache: 16 GB
    –   Network: 59 GB
●   Average number of requests: 8765 req/min
●   Average number of hits: 4049 hits/min
●   Total cache size: 140 GB
●   Available cache size: 980 GB
●   Percentage of filtered requests: 1-3%
    –   The percentage is diminishing with time
    –   Probable causes: user awareness, logging artifacts
        (one hit per censored page, many hits per allowed
        page)

				
DOCUMENT INFO
Shared By:
Categories:
Tags:
Stats:
views:13
posted:8/27/2011
language:English
pages:11