• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 195
  • Last Modified:

Block everything, but Only allow 2 web sites and emails, How?

Hi All,

One of my clients is a travel agency. The owner has been bugged by employees' surfing on net during work hours.

He wants to block EVERYTHING, EXCEPT 2 web sites (oag.com & sabre.com) and emails (Outlook & Outlook Express)

How can i accomplish this? Anyone had the same situation as me? Any h/w or s/w solutions???


Thanks a lot

jack

(I doubt that i can use Dlink/Netgear/Linksys to do this, I guess I need a professional class firewall? What's the cheapest one that does the job???)
0
Y Y
Asked:
Y Y
  • 4
1 Solution
 
Pete LongTechnical ConsultantCommented:
Filtering Internet access

*****Method one******
Pro's EASY TO DO.    CON's NOT GOOD FOR LOTS OF CLIENTS.

How you approach this depends on how many users you are talking about, if its just a few users, the simplest way is to modify the host file on each PC and put an entry in it for each domain you DONT want the users to access and point them to 127.0.0.1 (you can edit the hostile with notepad or this, http://members.shaw.ca/techcd/VB_Projects/HostsFileReader.exe
For example to block www.hotmail.com add this line to the end of the host file.

127.0.0.1     www.hotmail.com

NB in win 95/98/ME the host file is at C:\windows\hosts.sam (save it WITHOUT the. Sam extension and reboot)
In windows 2000 the host file is at C:\winnt\system32\drivers\etc\hosts (you can edit directly and NO reboot is required)
In Windows XP the host file is at C:\windows\system32\drivers\etc\hosts (you can edit directly and NO reboot is required)

*****Method Two*****
Pro's Easy to administer. CON's Expensive & NOT PRACTICAL FOR HOME USERS.

Give all your clients access to the Internet via a Proxy Server than can filter and block websites.
ISA Server http://www.microsoft.com/isaserver/
WinProxy http://www.winproxy.com/index.asp

*****Method Three*****
Pro's Very scalable from home user to businesses.  CON's Can Be Expensive

Use some third party software to do it for you.

Home Users see
Net Nanny http://store.netnanny.com/dr/v2/ec_dynamic.main?sp=1&pn=12&sid=53
Cyber Sitter http://www.cybersitter.com/
Home users/Small business's See
CyberPatrol http://www.cyberpatrol.com/
Business's See
WebSense http://www.websense.com/
WebMarshal http://www.nwtechusa.com/webmarshal.php?iorb=4764&sc=106

*****Other options*****
How do I use IPSec IP filter lists?
http://www.jsifaq.com/subj/tip4500/rh4554.htm

How can I block a Windows 2000/XP/2003 computer from surfing on the Internet?
http://www.petri.co.il/block_web_browsing_with_ipsec.htm

Internet Explorer Administration Kit (IEAK) 6 SP1 enables the most cost-effective and efficient way to deploy and manage Web-based solutions.
http://www.microsoft.com/windows/ieak/default.mspx
0
 
Pete LongTechnical ConsultantCommented:
if your serious about going down the firewall route..

Hardware Firewalls

Cisco PIX
http://www.cisco.com/go/pix
The world-leading Cisco PIX® Security Appliance Series provides robust, enterprise-class, integrated network security services including stateful inspection firewalling, protocol and application inspection, virtual private networking (VPN), in-line intrusion protection, and rich multimedia and voice security-in cost-effective, easy-to-deploy solutions.

SonicWall
http://www.sonicwall.com/
SonicWALL Internet firewall/VPN security appliances support an array of security applications and deliver powerful firewall and VPN performance. SonicWALL appliances are built on stateful inspection firewall technology, and a dedicated security ASIC designed to ensure maximum performance for VPN enabled applications.

3Com
http://www.3com.com/prod/en_EU_EMEA/prodlist.jsp?tab=cat&cat=134482&subcat=134490
3Com perimeter firewalls and website filters cost-efficiently secure Internet access and give IT managers a critical first line of defence against network attacks and unauthorized access. For protecting the perimeter of your network, choose the 3Com® SuperStack® 3 Firewall for enterprise

NetGear
http://www.netgear.com/products/routers/firewallvpn.asp


set your firewall to allow TCP (Port 80) traffic to the two URL's you require and BLOCK port 80 to all other IP's

allow
Name:    oag.com
Address:  198.80.15.75

and

Name:    sabre.com
Address:  151.193.182.43

then block trafic outbound to everyone else
0
 
Pete LongTechnical ConsultantCommented:
just noticed the EMail bit

for EMail access you need to find out weather your EMail runs over SMTP (TCP port 25) or POP (TCP Port 110) then allow those ports outbound to the EMail server you use
0
Improved Protection from Phishing Attacks

WatchGuard DNSWatch reduces malware infections by detecting and blocking malicious DNS requests, improving your ability to protect employees from phishing attacks. Learn more about our newest service included in Total Security Suite today!

 
Y YconsultantAuthor Commented:
Thanks a lot for the prompt reply Petelong
Your posts are very knowledgeble. I will spend some time studying them and comment back later

Thanks again

Jack
0
 
Pete LongTechnical ConsultantCommented:
:)
0
 
ahoffmannCommented:
does the user has admin rights on the laptop?
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Managing Security Policy in a Changing Environment

The enterprise network environment is evolving rapidly as companies extend their physical data centers to embrace cloud computing and software-defined networking. This new reality means that the challenge of managing the security policy is much more dynamic and complex.

  • 4
Tackle projects and never again get stuck behind a technical roadblock.
Join Now