• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 4522
  • Last Modified:

PIX 501 block websites

Hi guys,

I have Cisco PIX 501. I want to block AOL instant messenger completely. My access-list takes care of the client but someone can still go to AIM.com and use the web-based client to connect. Is there a way I can block access to specific websites?
0
msabodacha
Asked:
msabodacha
  • 5
  • 2
1 Solution
 
lrmooreCommented:
Not with PIX 501, except by specific IP addresses. You'd have to manually nslookup each web site, then add that IP to the blocked acl.
PIX does not have any cability by itself to do any web content filtering. You must use some 3rd party products.
I prefer iPrism from http://www.stbernard.com/iprism
0
 
rsivanandanCommented:
There are other products and one of the famous one is WebSense. Also there is another one N2H2 which should work directly with PIX.

Basically these products have a 'blacklist' (Inbuilt and daily updated) and also you can add your own URL rules into it with a cool UI.

I had worked with Websense and it is really cool but costs you money though.

If it is only aim you are concerned with, then you could block access to those ip addresses completely.

Cheers,
Rajesh
0
 
rsivanandanCommented:
Another option would be to set an Alias on your DNS Server to point to some internal machine which doesn't run any webserver. This way when the client asks for DNS resolution, the website wouldn't be pointed at all.

Cheers,
Rajesh
0
Rewarding opportunities for women in IT

Across the nation, technology jobs are vacant because there aren’t enough qualified professionals to fill them. With a degree from WGU, you can get the credentials it takes to become an in-demand IT professional. Plus, WGU’s IT programs include industry certifications.

 
msabodachaAuthor Commented:
Hi Rajesh,
That sounds good. Don't exactly know how to configure the alias though. Can you advise?
A hardware solution won't work for me as this is for personal use. But thanks guys.
0
 
rsivanandanCommented:
If it is for personal use (I mean a small number of users) then it can be easily achieved by modifying the hosts file. On each machine C:\windows\system32\drivers\etc, there is a file named 'hosts'. Open it and add it like this;

aim.com  127.0.0.1

save 'em. Then from that machine when the client initiates the traffic to aim.com, the first thing it looks is this file and will get aim.com resolved to the machine itself which makes sure that the traffic never leaves out of the machine.

Cheers,
Rajesh
0
 
rsivanandanCommented:
Or if you want to do it by the DNS Server then you have to add a new zone and create the alias like mentioned in the article;

http://www.iis-resources.com/modules/AMS/print.php?storyid=16

From there onwards you will never be able to launch aim.com if you use this server as your DNS server.

Cheers,
Rajesh
0
 
msabodachaAuthor Commented:
I set it up on my DNS server. Works like a charm. Thanks!
0
 
rsivanandanCommented:
:-) Happy blocking AIM.

Thnx for the points.

Cheers,
Rajesh
0

Featured Post

Identify and Prevent Potential Cyber-threats

Become the white hat who helps safeguard our interconnected world. Transform your career future by earning your MS in Cybersecurity. WGU’s MSCSIA degree program was designed in collaboration with national intelligence organizations and IT industry leaders.

  • 5
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now