Solved

How can I block URLs with SBS 2003 if I do not have ISA installed?

Posted on 2011-02-24
13
544 Views
Last Modified: 2012-05-11
I would like to block some of these social websites from the users.
How can I block it on the network with SBS 2003 without using ISA.
I used to have ISA but it was unstable, so I can to re-install SBS because when I uninstalled ISA I ran into many problems.  Anyways.
Also, can I allow only certain users to access those sites or just restrict certain users?
0
Comment
Question by:j_rameses
  • 6
  • 3
  • 2
  • +1
13 Comments
 
LVL 70

Expert Comment

by:KCTS
ID: 34972847
ISA should not be unstable and would be the answer to your problems - you need some form of proxy server to acomplish what you want and as you already have ISA, that would seem to obvious solution
0
 

Author Comment

by:j_rameses
ID: 34972869
Is there any other way to at least just block the sites entirely?
0
 

Author Comment

by:j_rameses
ID: 34972876
Without ISA.
I read somewhere it can be dones in DNS but they don't say how.
0
 
LVL 70

Expert Comment

by:KCTS
ID: 34972907
you can enter 'dummy records' in DNS - ie a name that points ot an invalid IP - but is not selective - it will apply to all users
0
 
LVL 51

Expert Comment

by:Keith Alabaster
ID: 34972917
It would be hard to call ISA unstable but it is not for everyone. You either know how to configure and use it or you don't.
As you say... Anyways.....

Without ISA to do the job for you through gui's and applications, you will need to do it manually. It becomes much more admin-intensive if you want to do it by user.
To do it centrally you could have a hosts file on the server but to do it by user you would need to have a hosts file on each user's workstation.

The alternative is to:

a) Buy an alternative to ISA that you might find easier to administrate or even use Squid on a small Linux box.
b) Use a hosted or Cloud-based service to host the service and you can admin it locally.
c) Put ISA back in and use the products you have already paid for but with a good administration book.

Keith
0
 
LVL 56

Expert Comment

by:Cliff Galiher
ID: 34973567
The only way to *EFFECTIVELY* block sites is to do so at the edge. Attempting to use DNS is a work-around (a bad one) and easily circumvented. Whether your edge is ISA, a 3rd party such as untangle, or a feature built into your edge device (a UTM router such as a sonicwall, watchguard, etc) is up to you, but if you don't have a good edge device already, you should. I consider this a *neceesary* business tool.

-Cliff
0
New My Cloud Pro Series - organize everything!

With space to keep virtually everything, the My Cloud Pro Series offers your team the network storage to edit, save and share production files from anywhere with an internet connection. Compatible with both Mac and PC, you're able to protect your content regardless of OS.

 

Author Comment

by:j_rameses
ID: 34973615
Sorry for the late response had to pick up some lunch.

The users here do not know anything about computers, so if I use a DNS method I do not have to worry about them trying to make changes or getting around it. We are upgrading our hardware/software in a couple of months but some of our users are spending too much time on those sites.
How do I do it in DNS?
Please provide details.
0
 

Author Comment

by:j_rameses
ID: 34973630
keith_alabaster, how do I do it for user and server for hosts files?
Please explain.
0
 
LVL 56

Accepted Solution

by:
Cliff Galiher earned 500 total points
ID: 34973667
Honestly, it isn't about users trying to get around it. It is trying to implement security by obscurity. It'd be a business buying Macs to avoid the cost of antivirus software. Its like using dial-up modems to avoid an always-on connection. IT just isn't the right way to address the problem.

More importantly, if you don't have an edge device capable fo doing this already then you have bigger security concerns. Your network *needs* to be protected at the edge, and *every* edge device capable of providing network protection is also capable of performing URL filtering. I haven't seen one in 8 years that can't. If you can't do URL filtering then it usually means your network is behind whatever router your cable/DSL/ISP gave you and is wide open to any hacker that decides to start probing for open ports. This is far worse than users inside your network going to youtube without permission.

I realize it isn't a direct answer to your new question about fixing this via DNS, but DNS isn't a fix to your larger issue...it just hides it. Bad news.

-Cliff
0
 

Author Comment

by:j_rameses
ID: 34973734
We have a Cisco firewall installed.  But the GUI for it got glitchy.  We are getting new firewalls in a couple of months.  When you refer to an "edge" are you referring to a firewall?  I am wondering if my router acts as an "edge".  You mentioned that some routers act as an "edge".
What exactly is an "edge", this is the first time I heard of it.
0
 
LVL 56

Expert Comment

by:Cliff Galiher
ID: 34973824
IT is a common network terminology term. Any connection between your LAN(s) and another network, whether that other network is a private one, a public one, or the internet, is considered the edge of your network. To properly communicate with another network, you need sometihng at the edge, hence an "edge device."

That can be a router, a so-called firewall, or any number of hybrid devices, "unified threat management" (UTM) devices, or similar. IT is one of those things that people get picky about and argue whether it is a firewall or a UTM, so I (and many others) have started using the generic "edge device" as a catch-all to avoid any confusion.

But yes, your internet connectoin should be protected by some sort of advanced security device (firewall, UTM, etc) and as I said, all of the ones I've seen in the market that I'd trust to protect any business are also capable of URL filtering.

-Cliff
0
 
LVL 51

Expert Comment

by:Keith Alabaster
ID: 34973927
Not much point - now I have been corrected by 'a true expert' with obviously more skills and knowledge than someone such as myself who cannot possibly know anything in the areas of networking, DNS and firewalls. Would hate to carry on with a 'bad idea'.
0
 

Author Comment

by:j_rameses
ID: 34974033
cqaliher,

I guess I should just wait till we upgrade to our new system so I can start blocking URLs.
Unless, I go through the manuals to see on how to do it from the "edge device".  New term to my vocabulary.  Maybe I should start using it.

Others,  thank you for your responses.
0

Featured Post

New! My Passport Wireless Pro Wi-Fi Mobile Storage

Portable wireless storage to offload, edit, and stream anywhere.

High-capacity, wireless mobile storage designed to accompany professional photographers and videographers in the field to easily offload, edit and stream captured photos and high-definition videos.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In the event you manage a Small Business Server 2003, and you are audited for PCI compliance, there are several changes you must make in order to pass the audit. I can take no credit for discovering any of these fixes or workarounds, but there is no…
I've often see, or have been asked, the question about the difference between the Exchange 2010 SP1 version, available as part of Small Business Server (SBS) 2011, and the “normal” Exchange 2010 SP1 Standard. The answer to the question is relativ…
This video shows how to remove a single email address from the Outlook 2010 Auto Suggestion memory. NOTE: For Outlook 2016 and 2013 perform the exact same steps. Open a new email: Click the New email button in Outlook. Start typing the address: …
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…

947 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

19 Experts available now in Live!

Get 1:1 Help Now