Trying to build a secure network
Thank you for reading this.
Currently I am building a network, with about 350 users.
P4 processor, 1GB ram, LSI SATA raid controller, 160GB storage (raid1)
Xeon 3Ghz, 1GB ram, LSI SCSI raid controller, 37GB storage (raid1)
And some Cisco routers + pix firewall.
Users boot their pc's, get an ip, and have no clue what happens behind the scenes, apart from the fact that they have to input a username and password to gain access to internet (Http, Ftp, SSL, Smtp, Pop3, dns).
DHCP is performed by a router.
Dns has to be masked so that the user sees only a gateway ip, not the actual DNS server's ip. Can squid do this when I route all DNS requests to that server?
I figure HTTP and SSL can be cached by Squid and protected by username and password.
For FTP, SMTP and Pop3, I have no clue, uses mustn't be able to directly reach a server without first entering a username and password (before the server's own verification).
Fujitsu RX100 = Backup server, running Ghost for entire network, not important in this question.
Fujitsu RX200 = Linux box, currently running Debian, but any other distro should run fine. This is the box that has to do all the user authentication and caching.
Could someone please tell me what daemons to run in order to get the desired output. As in, what and how to configure to make sure all users have to authenticate (perhaps that info can go in a SQL database, easier since reachable by all) for the services I described.
I am currently running squid, but I noticed it's fairly hard to set up, and it doesn;t support ftp authentication (I think).
Can anyone help me with this?
My cisco and windows knowledge isn't the problem, I am just hitting a wall concerning my Linux knowledge.
P.S. Managing it all with webmin would be even better.