Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 449
  • Last Modified:

Can I block some computers from certian websites (facebook) and not all

I've got a client with a lot of users who wants me to block facebook and some other sites from their network but that have a corporate facebook page for business so they want some users to be allowed to access it. What I tried was createing a false DNS entry on the DNS server so when users went to facebook they got redirected to the companies Website. My plan was to then edit the hosts file on the specific users that they want allowed with the correct IP. But on those PC's the main site sort of appears but you don't see the pictures and every link they click on inside the site gets blocked. I don't have the time to add the URL to every specific form in faceboom to the hosts file.

Is there another way of accomplishing what they want me to do?
0
Axis52401
Asked:
Axis52401
  • 3
  • 3
  • 2
  • +2
1 Solution
 
Andy_23Commented:
That depends. What kind of firewall do You use? On specific firewalls You can set a policy that allow certain group of users to have access to certain group of sites and other havent.

0
 
CAGdorfCommented:
Also you can do that with some Antivirus products. We have that feature with Trend Micro Worry Free Business. Another trick I use, if I can't do that. I manage the local policy on the computer and add facebook.com to the restricted sites. They can still visit it, but it looks like *hit so they won't have much fun there.
0
 
Axis52401Security AnalystAuthor Commented:
They have a watchguard firewall that has some sort of Web blocking feature but I don't know what options it has since you have to buy a subscription for it to even see the options. We do use Trend Worry fre Antivirus. Is there a way of using the restricted sites option on some computers and not all?
0
Get expert help—faster!

Need expert help—fast? Use the Help Bell for personalized assistance getting answers to your important questions.

 
mccrackyCommented:
This is more of a networking question than anything else.  Facebook (and a lot of other services) is harder to block these days as they have so many variations and other sites, so you can't do just one IP or DNS entry.  It is possible, but it depends what your infrastructure is like.  What I'd do:

1. Set up OpenDNS (www.opendns.com) and set that to block facebook (and other social networking sites) and whatever else falls outside the bounds of company policy.
2. Put the opendns servers in the DHCP server so all clients get that as their DNS.
3. Set up an authenticating proxy server (Squid is what I'd use) that authenticates either by user or by computer IP (IP would be easier, but either is possible).
4. Set up Squid to use other DNS servers that don't block Facebook.
5. Set up those that need to access Facebook to use the Squid proxy server.

There are other ways, and depending on how strict the rules need to be enforced or the technical savvy of the users there can be variations on the above.
0
 
CAGdorfCommented:
With the Trend Micro you can create a group of computers, say "Restricted" and set the properties of that restricted group to not be able to go to whatever sites you deem inappropriate.
0
 
CAGdorfCommented:
I guess I can't find where you type in custom ones, but they do offer a lot of categories. I thought I saw somewhere where you can type in custom ones:  Trend Micro
0
 
LBACISCommented:
This is all built into the watchguard firewall already;

Create separate "http proxy" policies for the filtering use webblocker. I usually create 3 or 4 levels of browsing rights with separate webblocker policies; full, medium, low. Then use the windows authentication that is built into the watchguard and create groups in Active directory that match your browsing policies that you just created. Now add the groups as the from and any as the to for each policy except for the "default" policy because any unauthenticated user will get shoved into that policy anyway. Post if you need further direction but I use this and have it in place anywhere that I have installed a firebox.
0
 
Axis52401Security AnalystAuthor Commented:
They don't want to pay for the Watch guard web filtering service. I'm looking for a solution that will work with their existing equipment.
0
 
LBACISCommented:
Do you only have two groups?
0
 
mccrackyCommented:
Do they have more than one external IP?  If so you can set up OpenDNS filtering differently according to what IP they use.  You can use different gateways for the two classes of users.  

"I'm looking for a solution that will work with their existing equipment."

You need to let us know what they have to be able to advise you if this is a requirement.  Like I said, it's better managed as a network issue rather than a per computer issue as it allows better administration.  What is the infrastructure like?

0
 
LBACISCommented:
McCracky you beat me to it. That is exactly why I asked if he has two groups. You place two IP addresses as the gateways for the clients and use separate external IP addressees, then you will change the dynamic NAT rule in the watchguard.
0

Featured Post

Free Tool: Path Explorer

An intuitive utility to help find the CSS path to UI elements on a webpage. These paths are used frequently in a variety of front-end development and QA automation tasks.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

  • 3
  • 3
  • 2
  • +2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now