Solved

How can I block URLs with SBS 2003 if I do not have ISA installed?

Posted on 2011-02-24
13
549 Views
Last Modified: 2012-05-11
I would like to block some of these social websites from the users.
How can I block it on the network with SBS 2003 without using ISA.
I used to have ISA but it was unstable, so I can to re-install SBS because when I uninstalled ISA I ran into many problems.  Anyways.
Also, can I allow only certain users to access those sites or just restrict certain users?
0
Comment
Question by:j_rameses
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 6
  • 3
  • 2
  • +1
13 Comments
 
LVL 70

Expert Comment

by:KCTS
ID: 34972847
ISA should not be unstable and would be the answer to your problems - you need some form of proxy server to acomplish what you want and as you already have ISA, that would seem to obvious solution
0
 

Author Comment

by:j_rameses
ID: 34972869
Is there any other way to at least just block the sites entirely?
0
 

Author Comment

by:j_rameses
ID: 34972876
Without ISA.
I read somewhere it can be dones in DNS but they don't say how.
0
Resolve Critical IT Incidents Fast

If your data, services or processes become compromised, your organization can suffer damage in just minutes and how fast you communicate during a major IT incident is everything. Learn how to immediately identify incidents & best practices to resolve them quickly and effectively.

 
LVL 70

Expert Comment

by:KCTS
ID: 34972907
you can enter 'dummy records' in DNS - ie a name that points ot an invalid IP - but is not selective - it will apply to all users
0
 
LVL 51

Expert Comment

by:Keith Alabaster
ID: 34972917
It would be hard to call ISA unstable but it is not for everyone. You either know how to configure and use it or you don't.
As you say... Anyways.....

Without ISA to do the job for you through gui's and applications, you will need to do it manually. It becomes much more admin-intensive if you want to do it by user.
To do it centrally you could have a hosts file on the server but to do it by user you would need to have a hosts file on each user's workstation.

The alternative is to:

a) Buy an alternative to ISA that you might find easier to administrate or even use Squid on a small Linux box.
b) Use a hosted or Cloud-based service to host the service and you can admin it locally.
c) Put ISA back in and use the products you have already paid for but with a good administration book.

Keith
0
 
LVL 58

Expert Comment

by:Cliff Galiher
ID: 34973567
The only way to *EFFECTIVELY* block sites is to do so at the edge. Attempting to use DNS is a work-around (a bad one) and easily circumvented. Whether your edge is ISA, a 3rd party such as untangle, or a feature built into your edge device (a UTM router such as a sonicwall, watchguard, etc) is up to you, but if you don't have a good edge device already, you should. I consider this a *neceesary* business tool.

-Cliff
0
 

Author Comment

by:j_rameses
ID: 34973615
Sorry for the late response had to pick up some lunch.

The users here do not know anything about computers, so if I use a DNS method I do not have to worry about them trying to make changes or getting around it. We are upgrading our hardware/software in a couple of months but some of our users are spending too much time on those sites.
How do I do it in DNS?
Please provide details.
0
 

Author Comment

by:j_rameses
ID: 34973630
keith_alabaster, how do I do it for user and server for hosts files?
Please explain.
0
 
LVL 58

Accepted Solution

by:
Cliff Galiher earned 500 total points
ID: 34973667
Honestly, it isn't about users trying to get around it. It is trying to implement security by obscurity. It'd be a business buying Macs to avoid the cost of antivirus software. Its like using dial-up modems to avoid an always-on connection. IT just isn't the right way to address the problem.

More importantly, if you don't have an edge device capable fo doing this already then you have bigger security concerns. Your network *needs* to be protected at the edge, and *every* edge device capable of providing network protection is also capable of performing URL filtering. I haven't seen one in 8 years that can't. If you can't do URL filtering then it usually means your network is behind whatever router your cable/DSL/ISP gave you and is wide open to any hacker that decides to start probing for open ports. This is far worse than users inside your network going to youtube without permission.

I realize it isn't a direct answer to your new question about fixing this via DNS, but DNS isn't a fix to your larger issue...it just hides it. Bad news.

-Cliff
0
 

Author Comment

by:j_rameses
ID: 34973734
We have a Cisco firewall installed.  But the GUI for it got glitchy.  We are getting new firewalls in a couple of months.  When you refer to an "edge" are you referring to a firewall?  I am wondering if my router acts as an "edge".  You mentioned that some routers act as an "edge".
What exactly is an "edge", this is the first time I heard of it.
0
 
LVL 58

Expert Comment

by:Cliff Galiher
ID: 34973824
IT is a common network terminology term. Any connection between your LAN(s) and another network, whether that other network is a private one, a public one, or the internet, is considered the edge of your network. To properly communicate with another network, you need sometihng at the edge, hence an "edge device."

That can be a router, a so-called firewall, or any number of hybrid devices, "unified threat management" (UTM) devices, or similar. IT is one of those things that people get picky about and argue whether it is a firewall or a UTM, so I (and many others) have started using the generic "edge device" as a catch-all to avoid any confusion.

But yes, your internet connectoin should be protected by some sort of advanced security device (firewall, UTM, etc) and as I said, all of the ones I've seen in the market that I'd trust to protect any business are also capable of URL filtering.

-Cliff
0
 
LVL 51

Expert Comment

by:Keith Alabaster
ID: 34973927
Not much point - now I have been corrected by 'a true expert' with obviously more skills and knowledge than someone such as myself who cannot possibly know anything in the areas of networking, DNS and firewalls. Would hate to carry on with a 'bad idea'.
0
 

Author Comment

by:j_rameses
ID: 34974033
cqaliher,

I guess I should just wait till we upgrade to our new system so I can start blocking URLs.
Unless, I go through the manuals to see on how to do it from the "edge device".  New term to my vocabulary.  Maybe I should start using it.

Others,  thank you for your responses.
0

Featured Post

Forrester Webinar: xMatters Delivers 261% ROI

Guest speaker Dean Davison, Forrester Principal Consultant, explains how a Fortune 500 communication company using xMatters found these results: Achieved a 261% ROI, Experienced $753,280 in net present value benefits over 3 years and Reduced MTTR by 91% for tier 1 incidents.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Introduction At 19:33 (UST) on Tuesday 21st September the long awaited email arrived with the subject title of “ANNOUNCING THE AVAILABILITY OF WINDOWS SBS 7 PREVIEW”.  It was time to drop whatever I was doing and dedicate as much bandwidth as possi…
A quick step-by-step overview of installing and configuring Carbonite Server Backup.
If you're a developer or IT admin, you’re probably tasked with managing multiple websites, servers, applications, and levels of security on a daily basis. While this can be extremely time consuming, it can also be frustrating when systems aren't wor…
Do you want to know how to make a graph with Microsoft Access? First, create a query with the data for the chart. Then make a blank form and add a chart control. This video also shows how to change what data is displayed on the graph as well as form…

688 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question