Solved

How to filter out internet access for users?

Posted on 2011-02-28
6
927 Views
Last Modified: 2012-05-11
Hi people!

I have the usual problem - adequate data lines, but too much users stream video and update their Facebook profiles.

Can anyone point me to some simple and cost effective solution that would cut the slack down?

We have three servers available as proxies, and there is some budget for external device, if needed.

Any help appreciated, from software to hardware!
0
Comment
Question by:mrmut
6 Comments
 
LVL 3

Accepted Solution

by:
Rick_at_ptscinti earned 167 total points
ID: 34997345
How many users?

What do you have as a gateway router now?

If you are just wanting to control the traffic you can go with something like a Sonicwall (model depends on the number of users but the functionality is the same) which will allow you to manage bandwidth based on rules.   They also have pre-built classification like "social networking" that is dynamically updated that way you aren't constantly having to update your list of restricted or throttled sites.

If you want to track and log "who went where" then Websense is the industry standard for controlling at the user level as well as managing different levels of authority by user.  If you have a Cisco router (or many other popular routers) they have a built in integration option that will work with websense.  Websense obviously runs on a server....
0
 
LVL 33

Assisted Solution

by:MikeKane
MikeKane earned 167 total points
ID: 34997357
If you have proxies available, you can usually setup a proxy to block out web requests from end users.   The exact method depends on what proxy solution you go with.    However it usually involves a block list or a local hosts file to stop traffic to certain sites.  

For example, using squid proxy to block http sites:
http://www.labtestproject.com/linnet/squid_block_address.html
0
 
LVL 21

Expert Comment

by:robocat
ID: 34997899

The Barracuda web filter is also a good commercial solution that allows to filter the web traffic according to categories. Much cheaper than any Websense based solution.
0
What Security Threats Are You Missing?

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

 
LVL 3

Expert Comment

by:Rick_at_ptscinti
ID: 34998295
Barracuda is good, but I wouldn't call it cheap.  Websense really took advantage of being the only game early on, but they've come way down on price.

I only like it because if you've got a distributed network you can have your existing routers integrate to a single accounting server.  There is no doubt an appliance is the easiest and quickest way to go for small offices.

Again, scale really matters on something like this.  If it's a small office and you are only looking to block or restrict and not have usage reports then a small Sonicwall will do the job.
0
 
LVL 5

Expert Comment

by:delmc
ID: 34998361
Draytek 2820 ADSL router's or 2950 firewall's have both URL + Web Content filter's built in, may be a bit limited but is very effective when it comes to blocking websites, the other way I would utilise which is cost effective is to use the proxy servers to limit user access based on group privaleges. For example within ISA server you can create a restricted web rule and assign all users to the block group and then create an additional group if you have specific users who need to access some of these sites.
0
 
LVL 1

Assisted Solution

by:rzup
rzup earned 166 total points
ID: 34998993
Depends on what you consider cost-effective, but there is no inexpensive way to do this comprehensively and securely without going to a bit of expense.  You need:

an application level firewall such as Palo Alto
an URL filtering subscription

With this you can proxy ssl on the firewall, only proxying non-financial and non-medical URLs (use the URL subscription to determine this) so you don't violate privacy or incur liability. The firewall will understand everything at the app level (e.g. there will literally be a Facebook app to allow/block because it works on app signatures) , and there will be no possibility of ssl tunneling or tunneling in general to defeat the filtering.
0

Featured Post

IT, Stop Being Called Into Every Meeting

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

Join & Write a Comment

Suggested Solutions

Hi All,  Recently I have installed and configured a Sonicwall NS220 in the network as a firewall and Internet access gateway. All was working fine until users started reporting that they cannot use the Cisco VPN client to connect to the customer'…
Short answer to this question: there is no effective WiFi manager in iOS devices as seen in Windows WiFi or Macbook OSx WiFi management, but this article will try and provide some amicable solutions to better suite your needs.
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…

758 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

20 Experts available now in Live!

Get 1:1 Help Now