Internet Browsing Blocking software

Discussion in 'Computer Support' started by Meat Plow, Apr 2, 2007.

  1. Meat Plow

    Meat Plow Guest

    Just disable DNS on those workstations and enter the web sites allowed in
    the hosts file as needed.


    --
    #1 Offishul Ruiner of Usenet, March 2007
    #1 Usenet Asshole, March 2007
    #1 Bartlo Pset, March 13-24 2007
    #10 Most hated Usenetizen of all time
    Pierre Salinger Memorial Hook, Line & Sinker, June 2004
    COOSN-266-06-25794
     
    Meat Plow, Apr 2, 2007
    #1
    1. Advertisements

  2. Meat Plow

    Victor Guest

    I am trying to do some research on what software would best fit my needs to
    block users from going to web sites other than ones the specified. I was
    looking for some recommendations and what key things should be considered
    when comparing different applications.

    Here is my situation.
    In an Office environment the boss want to limit a couple of the
    workstations (but not all of them) to only go to a few selected websites.
    In a Domain environment with a Windows 2003 Server and workstations that
    are running Win98, Win2K and WinXP.

    Solution I am looking for.

    Install software on the workstation that would restrict users from
    just browsing the entire Internet to just a few selected sites (say under 20
    different domains) Password protect the software so users could not change
    the list.

    Side Effect: Require a password to be able to make system settings
    changes.. like background.. start menu and such.

    Typical use: In the lobby that is open to the general public.


    Any thoughts?
     
    Victor, Apr 2, 2007
    #2
    1. Advertisements

  3. Meat Plow

    Coco Guest

    My $40 DI-604 router does exactly that. I have the options to allow access
    to all domains except the ones blocked, or, deny access to all domains minus
    the ones allowed (manually entered).
     
    Coco, Apr 2, 2007
    #3
  4. Meat Plow

    John Holmes Guest

    Victor "contributed" in 24hoursupport.helpdesk:
    If there's a need to ask, you should be fired. Right now. Tell your boss
    to hire a competent person who knows how to install and configure MS ISA
    server in a domain environment.
     
    John Holmes, Apr 2, 2007
    #4
  5. Meat Plow

    Evan Platt Guest

    How about running your own DNS server?

    Only allow DNS to resolve yahoo.com, google.com, etc.

    Of course, if someone knows that www.pornsite.com resolves to 1.2.3.4,
    they can get to it via IP...
     
    Evan Platt, Apr 2, 2007
    #5
  6. Meat Plow

    Vanguard Guest


    Go into the router and configure by MAC address to just what IP
    addresses those particular hosts can connect.
     
    Vanguard, Apr 3, 2007
    #6
  7. Meat Plow

    Meat Plow Guest

    Then learn how to let your PDC delegate policy regarding internet access.
    And make sure your company has a terms of service agreement with all
    employees. I've worked with your situation for a decade.

    --
    #1 Offishul Ruiner of Usenet, March 2007
    #1 Usenet Asshole, March 2007
    #1 Bartlo Pset, March 13-24 2007
    #10 Most hated Usenetizen of all time
    Pierre Salinger Memorial Hook, Line & Sinker, June 2004
    COOSN-266-06-25794
     
    Meat Plow, Apr 3, 2007
    #7
  8. Meat Plow

    Vic Guest

    This was such a helpful post.

    I followed your advise to the letter and I hope you get my job instead...
    since your so polite and great people skills and obviously competent.

    I apologize to the rest of the group for abusing sarcasm.

    Victor
     
    Vic, Apr 3, 2007
    #8
  9. Meat Plow

    Vic Guest

    I thought about that but I also wanted to restrict the user from the ability
    from just entering the IP address in directly.

    Thanks

    Victor
     
    Vic, Apr 3, 2007
    #9
  10. Meat Plow

    Vic Guest

    At this time the setup just uses the Internet providers DNS service I was
    more looking for Security software to also lock down the system from
    allowing changes to it at all. I was also looking for maybe even a way to
    monitor the system to see if somebody is trying to bypass the security and
    go to the web sites anyway. Changing the configuration of the router or
    reconfiguring DNS will not accomplish any of this.

    I appreciate all of the suggestions but any other thoughts?

    Victor
     
    Vic, Apr 3, 2007
    #10
  11. Meat Plow

    JANA Guest

    We did some work for a company that wanted to restrict the internet for
    employees. It was found to be counter-productive rather than an advantage.
    There were many surveys done in this retrospect.

    They set a policy of no porno, or downloading of software without
    permission. The employees are in full cooperation with this policy, and it
    works well.

    Whey not let the employees have some enjoyment with the net when they are no
    their breaks?

    When the employees have a little freedom to use the computers for some
    recreation, this allows for a more interesting working environment.


    --

    JANA
    _____


    Then learn how to let your PDC delegate policy regarding internet access.
    And make sure your company has a terms of service agreement with all
    employees. I've worked with your situation for a decade.

    --
    #1 Offishul Ruiner of Usenet, March 2007
    #1 Usenet Asshole, March 2007
    #1 Bartlo Pset, March 13-24 2007
    #10 Most hated Usenetizen of all time
    Pierre Salinger Memorial Hook, Line & Sinker, June 2004
    COOSN-266-06-25794
     
    JANA, Apr 3, 2007
    #11
  12. Meat Plow

    Desk Rabbit Guest

    Good thought but that would severely f**k up the Windows domain operations.
     
    Desk Rabbit, Apr 3, 2007
    #12
  13. Meat Plow

    Desk Rabbit Guest

    Research Group policy.
    A suitable firewall or web proxy with logging will do that for you.
    Yes, stop top posting.
     
    Desk Rabbit, Apr 3, 2007
    #13
  14. Meat Plow

    Evan Platt Guest

    Do you not read?

    "Typical use: In the lobby that is open to the general public."
     
    Evan Platt, Apr 3, 2007
    #14
  15. Meat Plow

    why? Guest

    A simple proxy server, with an allow list and a black list. We have a
    page for unauthorised sites that says blocked by policy.

    Win 2003 server, see
    http://www.microsoft.com/isaserver/default.mspx
    Messy, put in on a server, manage from 1 place.
    Messy, put in on a server, manage from 1 place.
    That what policies are for - login, machine, group. It's all there on
    2003 Srv you just have to configure it.

    You can also set the workstations/user policy to set the IE settings
    i.e. force proxy setting, don't allow user change or even hide the
    option tab all together.
    A dedicated hardware proxy
    http://www.networkworld.com/news/tech/2004/0510techupdate.html?page=2
    how it works, and
    vendor sites,
    http://www.appliansys.com/cachebox.shtml?gclid=CMKY7sSDp4sCFRKhQAods2dUeg
    http://www.bluecoat.com/products/index.html

    If you already have a FW/router sometimes these work with proxy
    software, for example Cisco PIX/ASA and WebSense / N2H2.

    Or a simple any oldish spare PC running Squid proxy.,
    http://www.squid-cache.org/
    You wouldn't even need to change the PC settings, it sits on the
    outgoing link and filters by the policy you set.

    Me
     
    why?, Apr 3, 2007
    #15
  16. Meat Plow

    why? Guest

    It was, true and unambiguous.
    Me
     
    why?, Apr 3, 2007
    #16
  17. Meat Plow

    John Holmes Guest

    Vic "contributed" in 24hoursupport.helpdesk:

    I corrected your toppoasting. Then, my previous reply was good advice.
    Tell your boss to invest in ISA server, and a competent person who knows
    how to install and configure it within a domain. You yourself should go
    back to install printers and such and serve coffee, because a competent
    admin should never have to ask what you're asking.

    Just my 2C...
     
    John Holmes, Apr 3, 2007
    #17
  18. Meat Plow

    John Holmes Guest

    why? "contributed" in 24hoursupport.helpdesk:
    I agree with your poast. But then again, if the OP has to ask this, his
    admin skills are not good enough to do the job. If I were the boss, I'd
    hire another one.
     
    John Holmes, Apr 3, 2007
    #18
  19. Meat Plow

    why? Guest

    I did like your 1st reply.

    Well not finding something out is 1 thing, being unable to set any of it
    up is where it all fall over.

    Me
     
    why?, Apr 3, 2007
    #19
  20. Meat Plow

    Keme Guest

    why? skrev:
    You're obviously right, in your own little way, both of you. Probably
    feel good about yourselves and each other, right? You're obviously not
    getting the message from Vic's previous sarcasm (even though he actually
    took the time to spell it out)? I'll elaborate, and with a few examples:

    People skills are often as important as computing skills when it comes
    to sysadmin work. (...which may be why you have so much time to spend
    posting derogatory comments about others. Currently unemployed, are you?)

    Reality is, there are quite a number of system administrators who do
    that administration task in addition to the tasks originally assigned to
    their position. So they might do their "proper" job well, but it may not
    fill a 100% position. That may be a reason why the boss want to keep
    Vic, regardless of his current competence as a sysadmin.

    In most cases the network administration is invisible and not directly
    productive, so in small scale companies it's sometimes left to those
    slightly interested but not thoroughly educated. (Somewhat like coffee
    making works in some environments. You could hire an educated cook...) I
    know that parable makes little sense, but it's reality for many people.

    Some of those "lesser educated" system administrators actually try to
    learn something, to try to do a better job. Posting here is one way to
    learn. Some of us try to help them...
     
    Keme, Apr 4, 2007
    #20
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.