Solved

How to filter out internet access for users?

Posted on 2011-02-28
6
932 Views
Last Modified: 2012-05-11
Hi people!

I have the usual problem - adequate data lines, but too much users stream video and update their Facebook profiles.

Can anyone point me to some simple and cost effective solution that would cut the slack down?

We have three servers available as proxies, and there is some budget for external device, if needed.

Any help appreciated, from software to hardware!
0
Comment
Question by:mrmut
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
6 Comments
 
LVL 3

Accepted Solution

by:
Rick_at_ptscinti earned 167 total points
ID: 34997345
How many users?

What do you have as a gateway router now?

If you are just wanting to control the traffic you can go with something like a Sonicwall (model depends on the number of users but the functionality is the same) which will allow you to manage bandwidth based on rules.   They also have pre-built classification like "social networking" that is dynamically updated that way you aren't constantly having to update your list of restricted or throttled sites.

If you want to track and log "who went where" then Websense is the industry standard for controlling at the user level as well as managing different levels of authority by user.  If you have a Cisco router (or many other popular routers) they have a built in integration option that will work with websense.  Websense obviously runs on a server....
0
 
LVL 33

Assisted Solution

by:MikeKane
MikeKane earned 167 total points
ID: 34997357
If you have proxies available, you can usually setup a proxy to block out web requests from end users.   The exact method depends on what proxy solution you go with.    However it usually involves a block list or a local hosts file to stop traffic to certain sites.  

For example, using squid proxy to block http sites:
http://www.labtestproject.com/linnet/squid_block_address.html
0
 
LVL 22

Expert Comment

by:robocat
ID: 34997899

The Barracuda web filter is also a good commercial solution that allows to filter the web traffic according to categories. Much cheaper than any Websense based solution.
0
Instantly Create Instructional Tutorials

Contextual Guidance at the moment of need helps your employees adopt to new software or processes instantly. Boost knowledge retention and employee engagement step-by-step with one easy solution.

 
LVL 3

Expert Comment

by:Rick_at_ptscinti
ID: 34998295
Barracuda is good, but I wouldn't call it cheap.  Websense really took advantage of being the only game early on, but they've come way down on price.

I only like it because if you've got a distributed network you can have your existing routers integrate to a single accounting server.  There is no doubt an appliance is the easiest and quickest way to go for small offices.

Again, scale really matters on something like this.  If it's a small office and you are only looking to block or restrict and not have usage reports then a small Sonicwall will do the job.
0
 
LVL 5

Expert Comment

by:delmc
ID: 34998361
Draytek 2820 ADSL router's or 2950 firewall's have both URL + Web Content filter's built in, may be a bit limited but is very effective when it comes to blocking websites, the other way I would utilise which is cost effective is to use the proxy servers to limit user access based on group privaleges. For example within ISA server you can create a restricted web rule and assign all users to the block group and then create an additional group if you have specific users who need to access some of these sites.
0
 
LVL 1

Assisted Solution

by:rzup
rzup earned 166 total points
ID: 34998993
Depends on what you consider cost-effective, but there is no inexpensive way to do this comprehensively and securely without going to a bit of expense.  You need:

an application level firewall such as Palo Alto
an URL filtering subscription

With this you can proxy ssl on the firewall, only proxying non-financial and non-medical URLs (use the URL subscription to determine this) so you don't violate privacy or incur liability. The firewall will understand everything at the app level (e.g. there will literally be a Facebook app to allow/block because it works on app signatures) , and there will be no possibility of ssl tunneling or tunneling in general to defeat the filtering.
0

Featured Post

2017 Webroot Threat Report

MSPs: Get the facts you need to protect your clients.
The 2017 Webroot Threat Report provides a uniquely insightful global view into the analysis and discoveries made by the Webroot® Threat Intelligence Platform to provide insights on key trends and risks as seen by our users.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Meet the world's only “Transparent Cloud™” from Superb Internet Corporation. Now, you can experience firsthand a cloud platform that consistently outperforms Amazon Web Services (AWS), IBM’s Softlayer, and Microsoft’s Azure when it comes to CPU and …
If you're not part of the solution, you're part of the problem.   Tips on how to secure IoT devices, even the dumbest ones, so they can't be used as part of a DDoS botnet.  Use PRTG Network Monitor as one of the building blocks, to detect unusual…
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…
Michael from AdRem Software outlines event notifications and Automatic Corrective Actions in network monitoring. Automatic Corrective Actions are scripts, which can automatically run upon discovery of a certain undesirable condition in your network.…

717 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question