?
Solved

How to filter out internet access for users?

Posted on 2011-02-28
6
Medium Priority
?
933 Views
Last Modified: 2012-05-11
Hi people!

I have the usual problem - adequate data lines, but too much users stream video and update their Facebook profiles.

Can anyone point me to some simple and cost effective solution that would cut the slack down?

We have three servers available as proxies, and there is some budget for external device, if needed.

Any help appreciated, from software to hardware!
0
Comment
Question by:mrmut
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
6 Comments
 
LVL 3

Accepted Solution

by:
Rick_at_ptscinti earned 668 total points
ID: 34997345
How many users?

What do you have as a gateway router now?

If you are just wanting to control the traffic you can go with something like a Sonicwall (model depends on the number of users but the functionality is the same) which will allow you to manage bandwidth based on rules.   They also have pre-built classification like "social networking" that is dynamically updated that way you aren't constantly having to update your list of restricted or throttled sites.

If you want to track and log "who went where" then Websense is the industry standard for controlling at the user level as well as managing different levels of authority by user.  If you have a Cisco router (or many other popular routers) they have a built in integration option that will work with websense.  Websense obviously runs on a server....
0
 
LVL 33

Assisted Solution

by:MikeKane
MikeKane earned 668 total points
ID: 34997357
If you have proxies available, you can usually setup a proxy to block out web requests from end users.   The exact method depends on what proxy solution you go with.    However it usually involves a block list or a local hosts file to stop traffic to certain sites.  

For example, using squid proxy to block http sites:
http://www.labtestproject.com/linnet/squid_block_address.html
0
 
LVL 22

Expert Comment

by:robocat
ID: 34997899

The Barracuda web filter is also a good commercial solution that allows to filter the web traffic according to categories. Much cheaper than any Websense based solution.
0
Get real performance insights from real users

Key features:
- Total Pages Views and Load times
- Top Pages Viewed and Load Times
- Real Time Site Page Build Performance
- Users’ Browser and Platform Performance
- Geographic User Breakdown
- And more

 
LVL 3

Expert Comment

by:Rick_at_ptscinti
ID: 34998295
Barracuda is good, but I wouldn't call it cheap.  Websense really took advantage of being the only game early on, but they've come way down on price.

I only like it because if you've got a distributed network you can have your existing routers integrate to a single accounting server.  There is no doubt an appliance is the easiest and quickest way to go for small offices.

Again, scale really matters on something like this.  If it's a small office and you are only looking to block or restrict and not have usage reports then a small Sonicwall will do the job.
0
 
LVL 5

Expert Comment

by:delmc
ID: 34998361
Draytek 2820 ADSL router's or 2950 firewall's have both URL + Web Content filter's built in, may be a bit limited but is very effective when it comes to blocking websites, the other way I would utilise which is cost effective is to use the proxy servers to limit user access based on group privaleges. For example within ISA server you can create a restricted web rule and assign all users to the block group and then create an additional group if you have specific users who need to access some of these sites.
0
 
LVL 1

Assisted Solution

by:rzup
rzup earned 664 total points
ID: 34998993
Depends on what you consider cost-effective, but there is no inexpensive way to do this comprehensively and securely without going to a bit of expense.  You need:

an application level firewall such as Palo Alto
an URL filtering subscription

With this you can proxy ssl on the firewall, only proxying non-financial and non-medical URLs (use the URL subscription to determine this) so you don't violate privacy or incur liability. The firewall will understand everything at the app level (e.g. there will literally be a Facebook app to allow/block because it works on app signatures) , and there will be no possibility of ssl tunneling or tunneling in general to defeat the filtering.
0

Featured Post

WatchGuard's M Series Appliances - Miecom Approved

WatchGuard's newest M series appliances were put to the test by Miercom.  We had great results and outperformed all of our competitors in both stateless and stateful traffic throghput scenarios! Ready to see how your UTM appliance stacked up? Download the Miercom Report!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

When it comes to security, there are always trade-offs between security and convenience/ease of administration. This article examines some of the main pros and cons of using key authentication vs password authentication for hosting an SFTP server.
This article will inform Clients about common and important expectations from the freelancers (Experts) who are looking at your Gig.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
If you're a developer or IT admin, you’re probably tasked with managing multiple websites, servers, applications, and levels of security on a daily basis. While this can be extremely time consuming, it can also be frustrating when systems aren't wor…
Suggested Courses

752 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question