Blocking all HTTP activity except for certain web sites
-
I have a customer who runs a retail business in several locations. Recently, I was called in to remove a trojan that had infected their POS systems. I didn't set up their network; it was done by the POS vendor. The only security device they have in place is a linksys wireless router. Now that one of their employees has crippled one store for several hours by getting on a malicious web site, they want something installed that will block out ALL web access except for the vendor's site, windows updates and a few other sites yet to be determined. I was thinking that pfSense would be a good solution. I've got a pfSense box here in my home office so I can test with it. I'm betting that they'll want to deploy a firewall at all their locations. Right now each location has their own internet connection with whatever isp serves the location and they do all their site-to-site communication via the internet and the POS software, which runs MSSQL as the database back end. Whether or not the comm. is on a secure pipe, I don't know since I don't have access to the POS app. Bottom line is, the POS vendor is pretty lame in their support and getting anything out of them is like pulling teeth.
Can someone here help me set up a config that will help them out? I'm running the latest build of 2.0-RC3 on an i386 platform and have country block, havp, squid and squid guard up and running…snort will also be added as soon as the package is availavle.
Thank You,
Jon
