Hi Guys,

We have setup of 25 clients pc's and a server. The server isn't
connected as we are yet to decide on the operating system as we have a
problem. Anyhow, our network presently has 5-6 XP clients, 10 Windows
98 clients & 8 Red hat linux clients. We have a broadband connection
with a netgear router connected to it for our internet needs.

Now, my question is two parts:

1. We use the router as dhcp for assigning ip addresses and thereby
our network is under a "Work Group". But, the problem is all pc's
connected in the work group are able to browse the internet which we
dont want. We want only 4-5 pc's to have full internet access while
the rest be able to access mails only (this includes for windows and
linux systems). So, i need to know how to configure my network /
clients for restricting them to access only our pop3 server to
download their specific emails.

2. Second part,we use a PC's monitoring software called "SPY PC" for
keeping track as to what our staff do in all windows PC, but we are
unable to get any software to do the same in linux. The new software
we need should be in a position to record record keystrokes, programs
they open, chat and website they visit and later it should generate a
mail to be sent as report to a specific email id. We want any freeware
that will work both on windows and linux.

Please let us know.

Cheers!
Arun.

Part 1.
You probably want a firewall (proxy type ?) with some rules in
defining what IP addresses are allowed what - and then used fixed IP
addresses not varible DHCP.
www.squid-cache.org has a straightforward caching proxy.  If you want
something a bit more stringent to protect web browsers from harm I
haven't got a recommendation.

You might also want some user authentication at the firewall rather
than trusting theIP addresses on your network.

If you have an internal mail server that could do the POP3 collections
and then you wouldn't have to allow desktops to speak POP3 past the
firewall.


Part 2.
I doubt you'll find one scheme to cover all OS versions you mention, and I don't
know anything (printable!) about Windows.

For linux you could use some parts (not all) of the toolset available
at http://project.honeynet.org for program logging.  This assumes root
is not deliberately trying to subvert your logs and that if you take
s/w updates
(as you probably should) you are prepared to re-apply the honeynet mods to
keep those linux desktops monitored.

Automated log summaries by email are easy and don't require any
software to speak of.

Hi Bozo99,

Thanks for your comments, i will work on them on monday and let you if
all your suggessions work. Thanks again.

Arun.

Hi Bozo99,

Sorry for the late revert. No it didn't work.. Pls let me know some
other alternative..

Arun

if the netgear router is used to only access the internet, then you
can restrict access to outside internet to specific mac addresses.

if the router is used for routing traffic within the LAN, then you
need to set firewall rules and use static ip addresses as per the
previous comment. netgear should be giving a web access to the router
or shell access to configure the firewall. you can get the ip address
of the pop3 server and set a rule allowing all ip addresses to that
server on the specific ports which the pop3 clients use.  for the rest
of the pcs, you can give access to all servers on all ports or
restrict ports to HTTP and FTP, depending on your requirements.