Let’s take a step back and look at the environment we have created so far. We have both network and host-based firewalls to control traffic flowing between different networks, especially traffic coming in from untrusted zones. We even added a DMZ to isolate publicly exposed services (such as web servers) from the rest of the environment. But what if one of our users goes to a malicious website and downloads malware that then spreads throughout your internal network? What if your CFO gets tricked into clicking on a phishing link and gives away his or her credentials to an attacker?
Users spend the majority of their time on the open web, visiting websites or accessing online services such as Google or Office 365. Though unrestricted internet access gives users the ability to be productive, it also exposes your network to an increasing number of threats such as phishing sites, ransomware, or crypto-currency miners to name a few.
Companies have implemented URL filtering for several years with the goal of protecting users from visiting unproductive or harmful sites. One way of implementing this security control is to use fine-grained firewall rules. Some people prefer to use a DNS service with filtering capabilities such as OpenDNS. In this post however, we will install and configure an open-source web proxy, called Squid, to filter HTTP traffic originating from our network.