We make exceptions for "power users". It also helps because such users have to make themselves known in order to get user name and password for the unrestricted outbound policy. The user and pass can't work from more than one IP is the biggest complaint ( think laptop + tablet or smart phone) and after 10 mins of inactivity it automatically closes the connection.
On Saturday, October 13, 2012, [email protected] wrote: > That'll work, as long as HTTP traffic is the only thing needed. On most > sites I've been to it isn't, but it of course depends on the nature of your > business. Over here there'd probably be a riot if you weren't allowed to > SSH home once in a while :) > > sanga collins <[email protected]> wrote: > > We use our own DNS server and squid + dans guardian. In our firewall I > block all outbound from the entire LAN except for the squid server. I then > make a Facebook.com entry in the DNS server that points to the ip of our > web server that hosts the terms of usage page for the company. > > On Saturday, October 13, 2012, [email protected] wrote: > > If the issue is bandwidth, then surely there are heavier sites than > Facebook to fear. And then the same would hold true for every heavy site on > the Internet, and you can't block them all. Unless you use a whitelist > instead, where you block *everything* except the sites in the list. But > such a solution is not feasible in many lines of work, for obvious reasons. > Nevertheless, my proposal to treat employees as co-workers and not like > adversaries in a digital skirmish should address bandwidth issues as well. > > If I may digress: One should consider a caching proxy server if one has > bandwidth problems at work. That way, each resource will be fetched only > once over the Internet connection, with any subsequent requests being > served from a cache on the local network. If two people on two computers > are browsing the same web page, why waste time and money on downloading > everything twice? > > Kyle Spencer <[email protected]> wrote: > > Sometimes the issue is bandwidth. > On Oct 13, 2012 5:09 PM, "Kizito Thomas" <[email protected]> wrote: > > Thank you Benjamin, > I remember a similar thread on Linux Admin(some mailing list). All > technical solutions didn't pass the test but this (Benjamin's Proposal) > did. > May be it is better to involve the staff into the advantages of working > and not spending time on facebook. otherwise even when you block > facebook they will come up with other social sites or activities to > waste time. > I think monitoring workers on how much time they spend at work is wrong, > but how much they have accomplished will make a difference! > -- > Kind regards; > KTM > +256752602550||+256782062708 > "Mother of God-Pray for us sinners" > > > On Sat, 2012-10-13 at 13:05 +0200, [email protected] wrote: > > Since all attempts at blocking are ultimately possible to circumvent, > > it might be worthwhile to approach the problem from another angle by > > asking oneself why the blocking is even needed. If it's a work > > environment and Facebook threatens productivity, then stricter > > policies could be put in place. If you are caught using Facebook at > > prohibited hours, you're fired. Or, use Facebook how much you want, > > but if you haven't completed your tasks at the end of the day/week, > > you're fired. > > > > Ultimately, you don't want people working for you whom you have to > > shepherd into action. You're running a business, not a daycare. > > > > Edmonds Namasenda <[email protected]> wrote: > > Godfrey & Justus, > > The LinkSys might offer you a solution but with time (as you > > have seen Godfrey) users always find ways to beat the system. > > > > Atop what the rest have suggested, the long haul would be a > > proxy. I have used SafeSquid (commercial) and now tinker with > > Squid (free) for much of my time when such need arises. > > > > Depending on your needs (present and future), the hardware > > requirements are often ordinary. > > > > # Edz > > > > On Sat, Oct 13, 2012 at 1:37 PM, justus byamukama > > <[email protected]> wrote: > > Hi all, i too have the same challenge, any assistance > > will be great! > > > > > > On Sat, Oct 13, 2012 at 11:36 AM, > > [email protected] > > <[email protected]> wrote: > > Yes. DNSmasq plus blocking of port 53 outbound > > should do the trick. > > > > It won't catch tunn > > -- Sanga M. Collins Network Engineering ~~~~~~~~~~~~~~~~~~~~~~~ Google Voice: (954) 324-1365 E- fax: (435) 578 7411
_______________________________________________ The Uganda Linux User Group: http://linux.or.ug Send messages to this mailing list by addressing e-mails to: [email protected] Mailing list archives: http://www.mail-archive.com/[email protected]/ Mailing list settings: http://kym.net/mailman/listinfo/lug To unsubscribe: http://kym.net/mailman/options/lug The Uganda LUG mailing list is generously hosted by INFOCOM: http://www.infocom.co.ug/ The above comments and data are owned by whoever posted them (including attachments if any). The mailing list host is not responsible for them in any way.
