Solved

Restricted Internet via Web Browser?

Posted on 2010-08-29
21
734 Views
Last Modified: 2013-12-08
hi experts

My friend is a network administrator and on behalf of him, i would like to know that:

Is it possible to restrict websites such as facebook, twitter just via Internet Explorer (or any other browser) and not using any other third party software for doing the same? if yes, how could that be done and if how could that be avioded/break?

What he (my friend) has seen in one small organization was that no third party tools were installed that could log the internet traffic for the employees, yet they were not able to access social networking websites, online documents websites etc

P.S.: My intention is not encourage any kind of suspcious activity/piracy or violation of EE rules and regulations

thanks
0
Comment
Question by:meispisces
  • 5
  • 4
  • 4
  • +6
21 Comments
 
LVL 10

Expert Comment

by:Jini Jose
Comment Utility
if a system administrator wants to block any website, he can do simply.
in an office all the internet connection is going through a server. so if they installed any software in that server, you can not identify that. and you cannot break that.
they can simply watch the browser activity of any computer connected to that server.
0
 
LVL 5

Expert Comment

by:TimAllan
Comment Utility
Yes, you can restrict certain sites by adding entries to the local "hosts" file located under : C:\Windows\System32\drivers\etc

Put in an entry similar to this :
127.0.0.1  www.facebook.com

The user will just get a 404 Error... :)
0
 
LVL 7

Author Comment

by:meispisces
Comment Utility
@gmailjini: Thanks for the comment,
The software that they be installing in server say XYZ, then XYZ client version is not needed on client computers to be installed?
0
 
LVL 4

Accepted Solution

by:
goyal_251 earned 100 total points
Comment Utility
Yes can add the entry in host file.
go to c:\windows\system32\drivers\etc
open hosts file in note pad
127.0.0.1       facebook.com
127.0.0.1       twitter.com
and so on you can add any number of site..it will redirect the request to local machine.hence page would not open
0
 
LVL 10

Expert Comment

by:Jini Jose
Comment Utility
meispisces

there is no need for a client software.

if the server is Linux, then there is a software available is Squid.
if it is windows then there are lots of software available for doing that.

can u please tell what is the error message comes when u accessing the blocked sites ?
0
 
LVL 7

Author Comment

by:meispisces
Comment Utility
@gmailjini: Error message that was coming was a standard error message: "Internet Explorer cannot display the webpage" (when accessing in IE)
When accessing in MF, the error message is "Unable to connect. Firefox can't establish a connection to the server at 127.0.0.1:2372"
0
 
LVL 5

Expert Comment

by:TimAllan
Comment Utility
You will get that error when you change the 'hosts' file.  The users will just think the web page is down....for a very long time and get the hint :)
0
 
LVL 7

Author Comment

by:meispisces
Comment Utility
@TimAllan: So what needs to be done in that case?\
0
 
LVL 10

Expert Comment

by:Jini Jose
Comment Utility
@meispisces

TimAllan is correct. i think it is not blocked through the server.

what is your intention ? to break the block ?
0
 
LVL 39

Expert Comment

by:Krzysztof Pytko
Comment Utility
I would suggest to use PROXY server. Then you can simply control patterns, attachments, content, white lists, black lists aso. The most simple and free solution is SQUID (it works in bunch of Linux editions, FreeBSD, openBSD). YOu can manage whole Internet traffic in central store (SQUID) not in hosts file (which is painful :/) Alternative solution could be ISA or ForeFront Security (but it is paid solution).
0
What Is Threat Intelligence?

Threat intelligence is often discussed, but rarely understood. Starting with a precise definition, along with clear business goals, is essential.

 
LVL 7

Author Comment

by:meispisces
Comment Utility
@gmailjini:No my intention is only to know how to block the websites without using 3rd party tools as i was unaware about the same.
 
 
0
 
LVL 39

Expert Comment

by:Krzysztof Pytko
Comment Utility
Without 3rd party solutin it is a nightmare!
0
 
LVL 6

Expert Comment

by:syedyounus
Comment Utility
without 3rd party solutions it will not work in a foolproof manner, since some advance users will check the host file & they will edit it.

0
 
LVL 5

Assisted Solution

by:TimAllan
TimAllan earned 100 total points
Comment Utility
@meispisces
If the users are not administrators to the machine, then they shouldn't be able to edit the file.  All you need to do is edit that "hosts" file in the directory mentioned above with the sites you wish to block.  We do a similar thing here at work to block facebook/myspace.  Once your friend has all the sites listed in the hosts file that he/she wants to block, copy that file (either by Group Policy or a batch file) to all the computers on the workgroup/domain.  Easy!
0
 
LVL 10

Expert Comment

by:Jini Jose
Comment Utility
@TimAllan

this will work if the network has only a few computers. but if the LAN is large, it is not applicable to edit all the computers host file.
0
 
LVL 39

Assisted Solution

by:Krzysztof Pytko
Krzysztof Pytko earned 100 total points
Comment Utility
and it is no best practices. PROXY server were developed for that action.
0
 
LVL 5

Expert Comment

by:TimAllan
Comment Utility
How many computers are they looking after meispisces?
0
 
LVL 3

Assisted Solution

by:frogmanalien
frogmanalien earned 100 total points
Comment Utility
If you're looking for a very simple system, and are using Internet Explorer only, you can setup Content Advisor very easily to setup restrictions - http://support.microsoft.com/kb/310401 without any third party software or similar - just make sure you prevent them from using other browsers (block the download pages definitely- remove local admin rights ideally!).

Hope that helps
0
 
LVL 25

Expert Comment

by:madunix
Comment Utility
These sites have lots of addresses so you will need to block every single one of them.... or alias
facebook.com    127.0.0.1 in the hosts file
0
 
LVL 47

Assisted Solution

by:dstewartjr
dstewartjr earned 100 total points
Comment Utility
Good article here


Restricting Specific Web Sites in Internet Explorer Using Group Policy


http://www.windowsecurity.com/articles/Restricting-Specific-Web-Sites-Internet-Explorer-Using-Group-Policy.html
0
 
LVL 7

Author Closing Comment

by:meispisces
Comment Utility
thanks
0

Featured Post

How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

Join & Write a Comment

Being able to change email signatures is made really simple with email signature software and services.
Today, still in the boom of Apple, PC's and products, nearly 50% of the computer users use Windows as graphical operating systems. If you are among those users who love windows, but are grappling to keep the system's hard drive optimized, then you s…
Google currently has a new report that is in beta and coming soon to Webmaster Tool accounts. This Micro Tutorial will highlight new features for Google Webmaster Tools.
Shows how to create a shortcut to site-search Experts Exchange using Google in the Chrome browser. This eliminates the need to type out site:experts-exchange.com whenever you want to search the site. Launch the Search Engine Menu: In chrome, via you…

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

7 Experts available now in Live!

Get 1:1 Help Now