How to block websites

I work for a midsize company and would like to know how to block XXX websites, so users cannot go to them from inside the company LAN?
JFrusciAsked:
Who is Participating?
 
Roachy1979Connect With a Mentor Commented:
OpenDNS will do this, and it's simple to set up.

Just sign up and point forwarders (if using an internal DNS server) to the OpenDNS servers  (http://www.opendns.com/start/), or point the forwarder in your router if not using a server.

0
 
BawerCommented:
I suggest that you use MS TMG 2010 for such purposes, however if you are looking for the open source software, then you can go for IPCOP and CYBEROM.

TMG is great because MS is specifically looking on the requirements of its customers.
0
 
JFrusciAuthor Commented:
What would be the simplest way to do this?
0
Identify and Prevent Potential Cyber-threats

Become the white hat who helps safeguard our interconnected world. Transform your career future by earning your MS in Cybersecurity. WGU’s MSCSIA degree program was designed in collaboration with national intelligence organizations and IT industry leaders.

 
dmf415Commented:
If your looking for simple you may want to purchase a hardware appliance that goes between the outside world and your LAN.  http://www.bluecoat.com/products/webfilter
0
 
Pierre FrançoisSenior consultantCommented:
Every company has some unused older PC. Put a second network interface in it, install some "ready to go filtering firewall", and plug it between your router and your LAN.

There are plenty of open source "ready to go filtering firewalls":

IPCop (see above): http://www.ipcop.org/
Smoothwall (very similar to IPCop): http://www.smoothwall.org/
Untangle (heavier hardware needed): http://www.smoothwall.org/
etc.

No need for proprietary software for blocking websites.

If you choose OpenDNS it will require additional settings of the router, otherwise, it is VERY easy to bypass.
0
 
dmf415Commented:
fyi: no offense intended.  an old pc may not be what you want to use for a corporate network. Just my 2 cents. =D
0
 
Pierre FrançoisSenior consultantCommented:
@dmf415: no problem for putting the firewall software on new hardware. The old PC can help to implement a prototype and to estimate the CPU power and disk capacity needed, which is absolutely minimalistic: you have to see it for believing it.
0
 
xylogCommented:
If you are looking for a commercial solution websense, ironport and blue coat the three market leaders in Secure Web Gateway solutions - basically filtering proxy aapliances. If you want to roll your own you can use squid with open source categories.
0
 
Pierre FrançoisSenior consultantCommented:
IPCop includes squid.
0
 
Pierre FrançoisSenior consultantCommented:
Just selecting OpenDNS as DNS server is VERY easy to bypass. You need to configure your router for blocking the access to any DNS server different from these of OpenDNS.
0
 
Roachy1979Commented:
With a sane network security policy though it's a sane solution. Personally I use a combination of transparent squid & a linux firewall with acl's - for an extra layer of control I'd also consider port based security.

The question though was to provide a simple solution - and as long as users don't have local administrator rights a simple dns enforcement would do the job; -)
0
 
Pierre FrançoisSenior consultantCommented:
@Roachy1979: I understand your statement and I use to give OpenDNS as a solution for basic MS-Windows users.

I only hope JFrusci doesn't give administrator rights to his Windows users, but in a lot of companies, they have, and mainly if they plug their own laptop into the LAN. I hope also they have a "sane network security policy", but I fear they even don't know what this does mean.
0
All Courses

From novice to tech pro — start learning today.