Anything you can do to go the free route might be a prudent choice. I don't know your environment but a revolt from the masses and management caving in to their demands could be a possibility. Also the list of 'allowed' sites could grow really fast....so a roll your own DNS or hostsfile solution doen't scale in my mind.
From: Eric Brouwer [mailto:[email protected]] Sent: Monday, January 24, 2011 1:33 PM To: NT System Admin Issues Subject: Re: Web filter? Thanks to all for the recommendations! It's not "critical" that they can't get out to other sites, but we want to discourage the most basic users. We were originally thinking of going the HOSTS route, but were worried about websites changing IP addresses and blocking our access. It's a solid backup option. I'm looking at the free OpenDNS account right now. it might suit our needs. Thanks again! On Mon, Jan 24, 2011 at 12:54 PM, Jonathan Link <[email protected]<mailto:[email protected]>> wrote: Very true. However, it is cheap, as in free, and it is simple to do. On Mon, Jan 24, 2011 at 11:49 AM, Kramer, Jack <[email protected]<mailto:[email protected]>> wrote: Doesn't stop someone from entering an ip address manually... ---- Jack Kramer Computer Systems Specialist University Relations, Michigan State University w: 517-884-1231 / c: 248-635-4955 From: Erik Goldoff <[email protected]<mailto:[email protected]>> Reply-To: NT System Admin Issues <[email protected]<mailto:[email protected]>> Date: Mon, 24 Jan 2011 11:43:20 -0500 To: NT System Admin Issues <[email protected]<mailto:[email protected]>> Subject: RE: Web filter? +1 Erik Goldoff IT Consultant Systems, Networks, & Security ' Security is an ongoing process, not a one time event ! ' From: Jonathan Link [mailto:[email protected]] Sent: Monday, January 24, 2011 11:33 AM To: NT System Admin Issues Subject: Re: Web filter? Simplest? Don't enter DNS Server information, or if it gets it via DHCP, enter an invalid one manually. Then enter the validhosts into the hostfile. I'm presuming that the users of this won't have admin access to the machine. On Mon, Jan 24, 2011 at 11:28 AM, Joseph L. Casale <[email protected]<mailto:[email protected]>> wrote: Sure, and it depends on strict the blocking must be enforced. I use squid proxy, and if it was ultimately required that the rules not be circumventable, you could place these machines on a subnet without externalaccess and allow internet access via a proxy or simply some acls on a router as your requirements don't look large and hard to maintain... From: Eric Brouwer [mailto:[email protected]<mailto:[email protected]>] Sent: Monday, January 24, 2011 9:24 AM To: NT System Admin Issues Subject: Web filter? Greetings, We're looking to deploy PCs at several locations that are to be used strictly foraccess to a couple of our websites. We're looking for a simple, cheapsolution to block internet access to all websites, and then add in the handful of sites we'd like them to access. Any one doing ahtyhing like this? A recommendations? Thank you! Eric ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected]<mailto:[email protected]> with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected]<mailto:[email protected]> with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected]<mailto:[email protected]> with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected]<mailto:[email protected]> with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected]<mailto:[email protected]> with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected]<mailto:[email protected]> with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected]<mailto:[email protected]> with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin
