Solved

How to filter out internet access for users?

Posted on 2011-02-28
6
928 Views
Last Modified: 2012-05-11
Hi people!

I have the usual problem - adequate data lines, but too much users stream video and update their Facebook profiles.

Can anyone point me to some simple and cost effective solution that would cut the slack down?

We have three servers available as proxies, and there is some budget for external device, if needed.

Any help appreciated, from software to hardware!
0
Comment
Question by:mrmut
6 Comments
 
LVL 3

Accepted Solution

by:
Rick_at_ptscinti earned 167 total points
ID: 34997345
How many users?

What do you have as a gateway router now?

If you are just wanting to control the traffic you can go with something like a Sonicwall (model depends on the number of users but the functionality is the same) which will allow you to manage bandwidth based on rules.   They also have pre-built classification like "social networking" that is dynamically updated that way you aren't constantly having to update your list of restricted or throttled sites.

If you want to track and log "who went where" then Websense is the industry standard for controlling at the user level as well as managing different levels of authority by user.  If you have a Cisco router (or many other popular routers) they have a built in integration option that will work with websense.  Websense obviously runs on a server....
0
 
LVL 33

Assisted Solution

by:MikeKane
MikeKane earned 167 total points
ID: 34997357
If you have proxies available, you can usually setup a proxy to block out web requests from end users.   The exact method depends on what proxy solution you go with.    However it usually involves a block list or a local hosts file to stop traffic to certain sites.  

For example, using squid proxy to block http sites:
http://www.labtestproject.com/linnet/squid_block_address.html
0
 
LVL 21

Expert Comment

by:robocat
ID: 34997899

The Barracuda web filter is also a good commercial solution that allows to filter the web traffic according to categories. Much cheaper than any Websense based solution.
0
PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

 
LVL 3

Expert Comment

by:Rick_at_ptscinti
ID: 34998295
Barracuda is good, but I wouldn't call it cheap.  Websense really took advantage of being the only game early on, but they've come way down on price.

I only like it because if you've got a distributed network you can have your existing routers integrate to a single accounting server.  There is no doubt an appliance is the easiest and quickest way to go for small offices.

Again, scale really matters on something like this.  If it's a small office and you are only looking to block or restrict and not have usage reports then a small Sonicwall will do the job.
0
 
LVL 5

Expert Comment

by:delmc
ID: 34998361
Draytek 2820 ADSL router's or 2950 firewall's have both URL + Web Content filter's built in, may be a bit limited but is very effective when it comes to blocking websites, the other way I would utilise which is cost effective is to use the proxy servers to limit user access based on group privaleges. For example within ISA server you can create a restricted web rule and assign all users to the block group and then create an additional group if you have specific users who need to access some of these sites.
0
 
LVL 1

Assisted Solution

by:rzup
rzup earned 166 total points
ID: 34998993
Depends on what you consider cost-effective, but there is no inexpensive way to do this comprehensively and securely without going to a bit of expense.  You need:

an application level firewall such as Palo Alto
an URL filtering subscription

With this you can proxy ssl on the firewall, only proxying non-financial and non-medical URLs (use the URL subscription to determine this) so you don't violate privacy or incur liability. The firewall will understand everything at the app level (e.g. there will literally be a Facebook app to allow/block because it works on app signatures) , and there will be no possibility of ssl tunneling or tunneling in general to defeat the filtering.
0

Featured Post

Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Forwarding web requests to different web servers 15 80
Radius Debug Error 16 54
HSRP not working on N7K-c7018 3 43
Failing ALG SIP test for new VoIP phone system 4 49
Even if you have implemented a Mobile Device Management solution company wide, it is a good idea to make sure you are taking into account all of the major risks to your electronic protected health information (ePHI).
Most of the applications these days are on Cloud. Cloud is ubiquitous with many service providers in the market. Since it has many benefits such as cost reduction, software updates, remote access, disaster recovery and much more.
Internet Business Fax to Email Made Easy - With  eFax Corporate (http://www.enterprise.efax.com), you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, f…
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…

920 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now