Solved

Block everything, but Only allow 2 web sites and emails, How?

Posted on 2004-08-15
8
170 Views
Last Modified: 2013-11-16
Hi All,

One of my clients is a travel agency. The owner has been bugged by employees' surfing on net during work hours.

He wants to block EVERYTHING, EXCEPT 2 web sites (oag.com & sabre.com) and emails (Outlook & Outlook Express)

How can i accomplish this? Anyone had the same situation as me? Any h/w or s/w solutions???


Thanks a lot

jack

(I doubt that i can use Dlink/Netgear/Linksys to do this, I guess I need a professional class firewall? What's the cheapest one that does the job???)
0
Comment
Question by:techcity
  • 4
8 Comments
 
LVL 57

Accepted Solution

by:
Pete Long earned 125 total points
ID: 11803867
Filtering Internet access

*****Method one******
Pro's EASY TO DO.    CON's NOT GOOD FOR LOTS OF CLIENTS.

How you approach this depends on how many users you are talking about, if its just a few users, the simplest way is to modify the host file on each PC and put an entry in it for each domain you DONT want the users to access and point them to 127.0.0.1 (you can edit the hostile with notepad or this, http://members.shaw.ca/techcd/VB_Projects/HostsFileReader.exe
For example to block www.hotmail.com add this line to the end of the host file.

127.0.0.1     www.hotmail.com

NB in win 95/98/ME the host file is at C:\windows\hosts.sam (save it WITHOUT the. Sam extension and reboot)
In windows 2000 the host file is at C:\winnt\system32\drivers\etc\hosts (you can edit directly and NO reboot is required)
In Windows XP the host file is at C:\windows\system32\drivers\etc\hosts (you can edit directly and NO reboot is required)

*****Method Two*****
Pro's Easy to administer. CON's Expensive & NOT PRACTICAL FOR HOME USERS.

Give all your clients access to the Internet via a Proxy Server than can filter and block websites.
ISA Server http://www.microsoft.com/isaserver/
WinProxy http://www.winproxy.com/index.asp

*****Method Three*****
Pro's Very scalable from home user to businesses.  CON's Can Be Expensive

Use some third party software to do it for you.

Home Users see
Net Nanny http://store.netnanny.com/dr/v2/ec_dynamic.main?sp=1&pn=12&sid=53
Cyber Sitter http://www.cybersitter.com/
Home users/Small business's See
CyberPatrol http://www.cyberpatrol.com/
Business's See
WebSense http://www.websense.com/
WebMarshal http://www.nwtechusa.com/webmarshal.php?iorb=4764&sc=106

*****Other options*****
How do I use IPSec IP filter lists?
http://www.jsifaq.com/subj/tip4500/rh4554.htm

How can I block a Windows 2000/XP/2003 computer from surfing on the Internet?
http://www.petri.co.il/block_web_browsing_with_ipsec.htm

Internet Explorer Administration Kit (IEAK) 6 SP1 enables the most cost-effective and efficient way to deploy and manage Web-based solutions.
http://www.microsoft.com/windows/ieak/default.mspx
0
 
LVL 57

Expert Comment

by:Pete Long
ID: 11803874
if your serious about going down the firewall route..

Hardware Firewalls

Cisco PIX
http://www.cisco.com/go/pix
The world-leading Cisco PIX® Security Appliance Series provides robust, enterprise-class, integrated network security services including stateful inspection firewalling, protocol and application inspection, virtual private networking (VPN), in-line intrusion protection, and rich multimedia and voice security-in cost-effective, easy-to-deploy solutions.

SonicWall
http://www.sonicwall.com/
SonicWALL Internet firewall/VPN security appliances support an array of security applications and deliver powerful firewall and VPN performance. SonicWALL appliances are built on stateful inspection firewall technology, and a dedicated security ASIC designed to ensure maximum performance for VPN enabled applications.

3Com
http://www.3com.com/prod/en_EU_EMEA/prodlist.jsp?tab=cat&cat=134482&subcat=134490
3Com perimeter firewalls and website filters cost-efficiently secure Internet access and give IT managers a critical first line of defence against network attacks and unauthorized access. For protecting the perimeter of your network, choose the 3Com® SuperStack® 3 Firewall for enterprise

NetGear
http://www.netgear.com/products/routers/firewallvpn.asp


set your firewall to allow TCP (Port 80) traffic to the two URL's you require and BLOCK port 80 to all other IP's

allow
Name:    oag.com
Address:  198.80.15.75

and

Name:    sabre.com
Address:  151.193.182.43

then block trafic outbound to everyone else
0
 
LVL 57

Expert Comment

by:Pete Long
ID: 11803883
just noticed the EMail bit

for EMail access you need to find out weather your EMail runs over SMTP (TCP port 25) or POP (TCP Port 110) then allow those ports outbound to the EMail server you use
0
6 Surprising Benefits of Threat Intelligence

All sorts of threat intelligence is available on the web. Intelligence you can learn from, and use to anticipate and prepare for future attacks.

 
LVL 1

Author Comment

by:techcity
ID: 11804334
Thanks a lot for the prompt reply Petelong
Your posts are very knowledgeble. I will spend some time studying them and comment back later

Thanks again

Jack
0
 
LVL 57

Expert Comment

by:Pete Long
ID: 11804459
:)
0
 
LVL 51

Expert Comment

by:ahoffmann
ID: 11807771
does the user has admin rights on the laptop?
0

Featured Post

What Security Threats Are You Missing?

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

Join & Write a Comment

Wikipedia defines 'Script Kiddies' in this informal way: "In hacker culture, a script kiddie, occasionally script bunny, skiddie, script kitty, script-running juvenile (SRJ), or similar, is a derogatory term used to describe those who use scripts or…
If you are like regular user of computer nowadays, a good bet that your home computer is on right now, all exposed to world of Internet to be exploited by somebody you do not know and you never will. Internet security issues has been getting worse d…
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
This video shows how to remove a single email address from the Outlook 2010 Auto Suggestion memory. NOTE: For Outlook 2016 and 2013 perform the exact same steps. Open a new email: Click the New email button in Outlook. Start typing the address: …

747 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

15 Experts available now in Live!

Get 1:1 Help Now