Meet me! Eric The Epic Elephant

It will be about the development of our Russian company A-Real Consulting LLC, namely, the Internet access control system - Internet Control Server (IKS) , with the funny name “Eric the epic elephant”.
IKS is a universal Internet gateway with tools for protecting the corporate network, traffic accounting, access control, mail, proxies, file server, Web, jabber and even IP telephony organization.
The kernel in this system is FreeBSD 8.4 with the ZFS file system.

Let's see what functions are used.

• Universal gateway. Support for various connections: Internet, Wi-fi, 3G, PPTP, PPPoE, L2TP, works with VLAN and DMZ, as well as the ability to organize VPN tunnels (cPSEC PSK encryption and OpenVPN).
• Access control. User authorization by IP address, MAC, name / password, AD and many others
• Network protection. Firewall, built-in antiviruses from Dr.Web, Kaspersky, ClamAV. DLP module - to protect against confidential information leakage.
• And much more, who will be interested can see on the company's website .

Implementation Experience

In 2010, while working at the institute, there was a need to collect statistics on student visits to sites, differentiation of access rights, and many more different tasks.
I want to note that the company has certain discounts for educational institutions, which played a key role in deciding on the purchase. They could not really judge the system itself, because there was a trial version and only our small IT department worked through it. Spitting on the risks (anyway, we were not going to destroy the old servochka on the windows with the traffic inspector). They convinced the rector of the need for procurement, and proceeded to implementation.
At first I thought that I was provided with a couple of days and an overnight stay at work to prepare and configure everything, but as it turned out, the system was so flexible and easy to install and configure that it didn’t take any difficulties at all.

Installation, passes, very quickly, I only had time to smoke to leave, and when I returned I had to press the OK button.



Everything, we can rejoice, the system is ready for the first launch. After clicking “OK”, services and modules will start loading, and after that our ICS will inform you of the readiness to work by issuing a melody as a speaker from the movie “Star Wars” (by the way, when you turn off, the imperial march from the same movie is played).

All interaction with the server goes through the Web interface. Initially, we are offered to connect to the Internet using the setup wizard. For those who first see the system and have not previously watched a video from the developer's site, it is best to use the connection wizard. He will immediately configure both the provider and the local network.
This is what the working interface looks like.








As you can see on the screen, in addition to all the functions that I listed at the beginning, naturally there are such as DHCP, DNS and other delights of our lives.
In short, this system made it possible to create two local networks for students so that the administration had access to student servers, but students could not get anywhere except for those allowed. Also, which is noteworthy, there is a ready-made database with filters for the proxy server.
Now in the new company I work for, with the help of ICS a VPN tunnel was organized with regional representatives, a common file storage, and now it is possible to control visits to sites by employees of remote offices, with the formation of statistics for department heads.

And so, what are the advantages of working with ICS?

• Reduce IT costs. All you need is a machine with Core i5 (i7 is possible),> 4Gb of RAM, and a 500Gb HDD if you have a file server located on a separate machine.
• Easy to manage and configure. Even if you do not own FreeBSD, you will not have problems in setting up and managing.
• Collection of visit statistics. You can always see which user eats up how much traffic and what resources it visits.
• The DLP module is designed to protect against confidential information leaks very well established. When, while working at the institute, one employee wanted to transfer the base of our students to someone by mail, she did not succeed.

I can continue to list the pluses, but it’s better to see live as they say. The company recently launched IKS-online (login: root, password: 00000), which allows you to visually climb through the settings and understand whether this system suits you or not.

The company holds many promotions at which you can get either a good discount, or several users for a license.
A license, by the way, is acquired once and for life. Then users just buy.
This system has fully established itself over 4 years of work at the institute, with one single failure and solely due to the fault that there was no electricity, and the UPS did not work for a long time.