?
Solved

How to filter out internet access for users?

Posted on 2011-02-28
6
Medium Priority
?
935 Views
Last Modified: 2012-05-11
Hi people!

I have the usual problem - adequate data lines, but too much users stream video and update their Facebook profiles.

Can anyone point me to some simple and cost effective solution that would cut the slack down?

We have three servers available as proxies, and there is some budget for external device, if needed.

Any help appreciated, from software to hardware!
0
Comment
Question by:mrmut
6 Comments
 
LVL 3

Accepted Solution

by:
Rick_at_ptscinti earned 668 total points
ID: 34997345
How many users?

What do you have as a gateway router now?

If you are just wanting to control the traffic you can go with something like a Sonicwall (model depends on the number of users but the functionality is the same) which will allow you to manage bandwidth based on rules.   They also have pre-built classification like "social networking" that is dynamically updated that way you aren't constantly having to update your list of restricted or throttled sites.

If you want to track and log "who went where" then Websense is the industry standard for controlling at the user level as well as managing different levels of authority by user.  If you have a Cisco router (or many other popular routers) they have a built in integration option that will work with websense.  Websense obviously runs on a server....
0
 
LVL 33

Assisted Solution

by:MikeKane
MikeKane earned 668 total points
ID: 34997357
If you have proxies available, you can usually setup a proxy to block out web requests from end users.   The exact method depends on what proxy solution you go with.    However it usually involves a block list or a local hosts file to stop traffic to certain sites.  

For example, using squid proxy to block http sites:
http://www.labtestproject.com/linnet/squid_block_address.html
0
 
LVL 22

Expert Comment

by:robocat
ID: 34997899

The Barracuda web filter is also a good commercial solution that allows to filter the web traffic according to categories. Much cheaper than any Websense based solution.
0
Managing Security Policy in a Changing Environment

The enterprise network environment is evolving rapidly as companies extend their physical data centers to embrace cloud computing and software-defined networking. This new reality means that the challenge of managing the security policy is much more dynamic and complex.

 
LVL 3

Expert Comment

by:Rick_at_ptscinti
ID: 34998295
Barracuda is good, but I wouldn't call it cheap.  Websense really took advantage of being the only game early on, but they've come way down on price.

I only like it because if you've got a distributed network you can have your existing routers integrate to a single accounting server.  There is no doubt an appliance is the easiest and quickest way to go for small offices.

Again, scale really matters on something like this.  If it's a small office and you are only looking to block or restrict and not have usage reports then a small Sonicwall will do the job.
0
 
LVL 5

Expert Comment

by:delmc
ID: 34998361
Draytek 2820 ADSL router's or 2950 firewall's have both URL + Web Content filter's built in, may be a bit limited but is very effective when it comes to blocking websites, the other way I would utilise which is cost effective is to use the proxy servers to limit user access based on group privaleges. For example within ISA server you can create a restricted web rule and assign all users to the block group and then create an additional group if you have specific users who need to access some of these sites.
0
 
LVL 1

Assisted Solution

by:rzup
rzup earned 664 total points
ID: 34998993
Depends on what you consider cost-effective, but there is no inexpensive way to do this comprehensively and securely without going to a bit of expense.  You need:

an application level firewall such as Palo Alto
an URL filtering subscription

With this you can proxy ssl on the firewall, only proxying non-financial and non-medical URLs (use the URL subscription to determine this) so you don't violate privacy or incur liability. The firewall will understand everything at the app level (e.g. there will literally be a Facebook app to allow/block because it works on app signatures) , and there will be no possibility of ssl tunneling or tunneling in general to defeat the filtering.
0

Featured Post

The Lifecycle Approach to Managing Security Policy

Managing application connectivity and security policies can be achieved more effectively when following a framework that automates repeatable processes and ensures that the right activities are performed in the right order.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

WARNING:   If you follow the instructions here, you will wipe out your VTP and VLAN configurations.  Make sure you have backed up your switch!!! I recently had some issues with a few low-end Cisco routers (RV325) and I opened a case with Cisco TA…
This article will show how Aten was able to supply easy management and control for Artear's video walls and wide range display configurations of their newsroom.
Internet Business Fax to Email Made Easy - With  eFax Corporate (http://www.enterprise.efax.com), you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, f…
In this brief tutorial Pawel from AdRem Software explains how you can quickly find out which services are running on your network, or what are the IP addresses of servers responsible for each service. Software used is freeware NetCrunch Tools (https…

580 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question