bestmadedesigns
asked on
Blocking Myspace
I have been charged with the task to eliminate myspace from my organization. I have 1 limitation in that I am not able to spend any money on a solution.
Currently we have a sonicwall pro 1260 with the enhanced OS. I do not have the content filtering service, and there is no budget to activate this feature, so I am limited to using rules, and have absolutely no clue how to do this.
I can also block them via active directory if possible. I have read that this will not work, and have read that it will work, but again I have no clue how to go about doing this either.
Thanks,
Tim
Currently we have a sonicwall pro 1260 with the enhanced OS. I do not have the content filtering service, and there is no budget to activate this feature, so I am limited to using rules, and have absolutely no clue how to do this.
I can also block them via active directory if possible. I have read that this will not work, and have read that it will work, but again I have no clue how to go about doing this either.
Thanks,
Tim
sirbounty
Credit Ryan_R with this tool...https://www.experts-exchange.com/questions/22123794/Please-help-me-protect-my-12-yr-old-daughter-from-MY-SPACE.html#18321605
ASKER
the only problem with this approach is i need to deploy this to 50 computers without people asking me what I am doing. Myspace is turning into a huge bandwidth hog, and is a favorite among the employees here. I dont want people killing me while I neuter their computer...is there something I can do in group policy?
In a login script - you should be able to just copy the hosts file down...
Otherwise, if you have local admin priveledges, and a list of the computers, this approach should work:
From a command line (double up on the %'s if in a batch file)
for /f %a in (c:\pclist.txt) do copy C:\hosts \\%a\admin$\system32\drive
Otherwise, if you have local admin priveledges, and a list of the computers, this approach should work:
From a command line (double up on the %'s if in a batch file)
for /f %a in (c:\pclist.txt) do copy C:\hosts \\%a\admin$\system32\drive
>>the only problem with this approach is i need to deploy this to 50 computers without people asking me what I am doing.
just do it via the admin share ( \\computername\C$\ ) and then you will have access to their C drive. (you'd never have to leave your desk)
or you could just do it after hours.
there is no need to physically touch a PC for 99.9% of issues.
>>I dont want people killing me while I neuter their computer
It's not their computer, it's the company's. Do you have any computer use policy? if not, you NEED one and playing on PCs should NOT be allowed.
just do it via the admin share ( \\computername\C$\ ) and then you will have access to their C drive. (you'd never have to leave your desk)
or you could just do it after hours.
there is no need to physically touch a PC for 99.9% of issues.
>>I dont want people killing me while I neuter their computer
It's not their computer, it's the company's. Do you have any computer use policy? if not, you NEED one and playing on PCs should NOT be allowed.
2 solutions other than the hosts file would be;
1. Create access-rules for ip address of myspace.com to block it in sonicwall (need to find out if there are multiple servers by pinging them)
2. Create another forward lookup zone in your dns server for myspace.com and assign a bogus ip address for www.myspace.com, it will block everybody's access in the company.
Cheers,
Rajesh
1. Create access-rules for ip address of myspace.com to block it in sonicwall (need to find out if there are multiple servers by pinging them)
2. Create another forward lookup zone in your dns server for myspace.com and assign a bogus ip address for www.myspace.com, it will block everybody's access in the company.
Cheers,
Rajesh
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
bbao,
I presume that is exactly what I have above ? :-)
Cheers,
Rajesh
I presume that is exactly what I have above ? :-)
Cheers,
Rajesh
Host's files are easy to get around, as are "custom" DNS entries in your dns servers.
your best bet is at the firewall or router, but again, it is also worked around if they want it bad enough... and for some reason they do. We made sure our employees got a "refresher" from HR about our acceptable use policies, hours after the refresher, we made examples of two persons still visiting myspace and other sites we banned, they were sent home without pay for the day so they could do their myspace'ing from home, they've never violated the AUP since.
Myspace is on a /20 as far as I could tell:
dig @NS2.MYSPACE.COM myspace.com
; <<>> DiG 9.3.3rc2 <<>> @NS2.MYSPACE.COM myspace.com
; (1 server found)
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 25303
;; flags: qr aa rd; QUERY: 1, ANSWER: 6, AUTHORITY: 2, ADDITIONAL: 2
;; QUESTION SECTION:
;myspace.com. IN A
;; ANSWER SECTION:
myspace.com. 86400 IN A 216.178.32.52
myspace.com. 86400 IN A 216.178.32.137
myspace.com. 86400 IN A 216.178.32.48
myspace.com. 86400 IN A 216.178.32.51
myspace.com. 86400 IN A 216.178.32.50
myspace.com. 86400 IN A 216.178.32.49
whois 216.178.32.52
NetRange: 216.178.32.0 - 216.178.47.255
CIDR: 216.178.32.0/20
You should block 216.178.32.0 with a mask of 255.255.240.0
Here are some policies you can easily tailor to your org/company: http://www.sans.org/resources/policies/
-rich
your best bet is at the firewall or router, but again, it is also worked around if they want it bad enough... and for some reason they do. We made sure our employees got a "refresher" from HR about our acceptable use policies, hours after the refresher, we made examples of two persons still visiting myspace and other sites we banned, they were sent home without pay for the day so they could do their myspace'ing from home, they've never violated the AUP since.
Myspace is on a /20 as far as I could tell:
dig @NS2.MYSPACE.COM myspace.com
; <<>> DiG 9.3.3rc2 <<>> @NS2.MYSPACE.COM myspace.com
; (1 server found)
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 25303
;; flags: qr aa rd; QUERY: 1, ANSWER: 6, AUTHORITY: 2, ADDITIONAL: 2
;; QUESTION SECTION:
;myspace.com. IN A
;; ANSWER SECTION:
myspace.com. 86400 IN A 216.178.32.52
myspace.com. 86400 IN A 216.178.32.137
myspace.com. 86400 IN A 216.178.32.48
myspace.com. 86400 IN A 216.178.32.51
myspace.com. 86400 IN A 216.178.32.50
myspace.com. 86400 IN A 216.178.32.49
whois 216.178.32.52
NetRange: 216.178.32.0 - 216.178.47.255
CIDR: 216.178.32.0/20
You should block 216.178.32.0 with a mask of 255.255.240.0
Here are some policies you can easily tailor to your org/company: http://www.sans.org/resources/policies/
-rich
Btw, we caught our violators with snort, at that time, our users were administrators of their machines and could set proxy settings in IE, as well as install alternate browsers and anonymizing software. We could still catch the users with a snort rule that looked for the myspace header/content field in the packets.
We then blocked all out bound ports for users machines, so they cannot even ping the outside, let alone www, ftp or https to the internet, we only allow our proxy server to access the internet, and the server runs websense. So if a user needs to access the internet, they are going through our proxy only, and it knows about Tor, bit torrent, anonymizer services, listed and unlisted proxies, it's really quite good. This also eliminated users who were terminal servicing/remote desktop'ing, vnc/go2myPc'ing to their home machines and viewing restricted content that way. Matter of fact I answered a users question here on EE that gave them all the idea, bypassed the snort filter because it is RDP/Encrypted traffic and snort can't read it.... me and my big mouth :)
We took away admin rights, locked down their subnet's so they were forced to use our proxy or nothing else. It's really the only way to be done with all the "kludging" we tried before. The host, the dns, and also the firewall ACL's were just small band-aids on our users bad habits. Those that knew how to get past the firewall, host, dns, taught or "fixed" coworkers pc's just like theirs.
Until we sent two people home, and instituted the lock down. We had 3000+ violating the AUP, so we had to be more drastic I guess, but once they know your watching, they are a little more cautious, then all of a sudden they forget or think your not watching, and BAMB, they go right back to the old habits...
-rich
We then blocked all out bound ports for users machines, so they cannot even ping the outside, let alone www, ftp or https to the internet, we only allow our proxy server to access the internet, and the server runs websense. So if a user needs to access the internet, they are going through our proxy only, and it knows about Tor, bit torrent, anonymizer services, listed and unlisted proxies, it's really quite good. This also eliminated users who were terminal servicing/remote desktop'ing, vnc/go2myPc'ing to their home machines and viewing restricted content that way. Matter of fact I answered a users question here on EE that gave them all the idea, bypassed the snort filter because it is RDP/Encrypted traffic and snort can't read it.... me and my big mouth :)
We took away admin rights, locked down their subnet's so they were forced to use our proxy or nothing else. It's really the only way to be done with all the "kludging" we tried before. The host, the dns, and also the firewall ACL's were just small band-aids on our users bad habits. Those that knew how to get past the firewall, host, dns, taught or "fixed" coworkers pc's just like theirs.
Until we sent two people home, and instituted the lock down. We had 3000+ violating the AUP, so we had to be more drastic I guess, but once they know your watching, they are a little more cautious, then all of a sudden they forget or think your not watching, and BAMB, they go right back to the old habits...
-rich
hi rsivanandan,
hehe, really? ;-)) you didn't mention point 3, hehe.
however, it seems that i better refresh the page to be commented before submitting. thanks for reminding. :-)
cheers,
bbao
hehe, really? ;-)) you didn't mention point 3, hehe.
however, it seems that i better refresh the page to be commented before submitting. thanks for reminding. :-)
cheers,
bbao
ASKER
Accepted the DNS solution because that is what worked for us. Thank you for the help, and wanted to apologize for the length of time it took to accept. the day i was about to work on the DNS solution we had an exchange crash. Just got the DNS done this weekend. Thanks to all for the suggestions!
The DNS block might not work if they go directly to the IP address... http://216.178.32.52/
Also the range given in the accepted answer is for:
[Querying whois.arin.net]
[whois.arin.net]
Internet Media Network IMN (NET-204-74-64-0-1)
204.74.64.0 - 204.74.127.255
SAUNET IMN-SAUNET-204 (NET-204-74-64-0-2)
204.74.64.0 - 204.74.64.255
I'm not sure who they are... The DNS entries I provided are what I see for myspace.com
-rich
Also the range given in the accepted answer is for:
[Querying whois.arin.net]
[whois.arin.net]
Internet Media Network IMN (NET-204-74-64-0-1)
204.74.64.0 - 204.74.127.255
SAUNET IMN-SAUNET-204 (NET-204-74-64-0-2)
204.74.64.0 - 204.74.64.255
I'm not sure who they are... The DNS entries I provided are what I see for myspace.com
-rich