Need FIREWALLL taht will block specific websites on a particuar computer within a network

I work a a school district connected with 2000+ computers.  Most "bad" websites are filtered.  But is there a firewall program that allows you to specify further sites that should be blocked?   The issue, of course, is that this has to work within a network as opposed to an individual home pc.
ralphwalkerdjAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

batry_boyCommented:
There are a couple of ways to do this.  The first way is free and involves identifying all the "bad" sites that you want to block by their IP addresses.  Then, you would configure your firewall to block outbound access to those IP addresses.  The pro to this method is the cost...free!  The con to this method is that it is administratively intensive.  The network administrator has to constantly check for bad sites, figure out the IP addresses associated with those sites and then modify the outbound ACL to block them.

The second way to do this is with content filtering software such as Websense or SurfControl.  I have personally used Websense and it is one of the best content filters on the market.  You have to pay for the software plus an annual subscription that entitles you to download the category database which is the brains behind the software.  A team of people at Websense constantly surf the Internet with the purpose of categorizing web sites such that Websense customers can filter based on category.  For instance, you can block all sites that are categorized as adult sites, shopping sites, violence/racist sites, and allow sports sites, IT related sites or anything else.  It can integrate with Active Directory as well such that you can filter based on user ID rather than a global policy that blocks the same stuff for everyone.  For instance, the CEO of a company can be allowed unrestricted Internet access, while the Engineering department only has access to business related websites.  The beauty of this type of filtering in a large environement is that the filtering policy follows the user and is not hard coded to an IP address or specific subnet.  You can check them out at http://www.websense.com.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Web Servers

From novice to tech pro — start learning today.