Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

How to block websites

Posted on 2011-03-10
12
Medium Priority
?
523 Views
Last Modified: 2012-05-11
I work for a midsize company and would like to know how to block XXX websites, so users cannot go to them from inside the company LAN?
0
Comment
Question by:JFrusci
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 2
  • 2
  • +3
12 Comments
 
LVL 10

Expert Comment

by:Bawer
ID: 35098284
I suggest that you use MS TMG 2010 for such purposes, however if you are looking for the open source software, then you can go for IPCOP and CYBEROM.

TMG is great because MS is specifically looking on the requirements of its customers.
0
 

Author Comment

by:JFrusci
ID: 35098299
What would be the simplest way to do this?
0
 
LVL 14

Accepted Solution

by:
Roachy1979 earned 2000 total points
ID: 35098476
OpenDNS will do this, and it's simple to set up.

Just sign up and point forwarders (if using an internal DNS server) to the OpenDNS servers  (http://www.opendns.com/start/), or point the forwarder in your router if not using a server.

0
Q2 2017 - Latest Malware & Internet Attacks

WatchGuard’s Threat Lab is a group of dedicated threat researchers committed to helping you stay ahead of the bad guys by providing in-depth analysis of the top security threats to your network.  Check out our latest Quarterly Internet Security Report!

 
LVL 3

Expert Comment

by:dmf415
ID: 35098508
If your looking for simple you may want to purchase a hardware appliance that goes between the outside world and your LAN.  http://www.bluecoat.com/products/webfilter
0
 
LVL 10

Expert Comment

by:pfrancois
ID: 35112143
Every company has some unused older PC. Put a second network interface in it, install some "ready to go filtering firewall", and plug it between your router and your LAN.

There are plenty of open source "ready to go filtering firewalls":

IPCop (see above): http://www.ipcop.org/
Smoothwall (very similar to IPCop): http://www.smoothwall.org/
Untangle (heavier hardware needed): http://www.smoothwall.org/
etc.

No need for proprietary software for blocking websites.

If you choose OpenDNS it will require additional settings of the router, otherwise, it is VERY easy to bypass.
0
 
LVL 3

Expert Comment

by:dmf415
ID: 35113078
fyi: no offense intended.  an old pc may not be what you want to use for a corporate network. Just my 2 cents. =D
0
 
LVL 10

Expert Comment

by:pfrancois
ID: 35115573
@dmf415: no problem for putting the firewall software on new hardware. The old PC can help to implement a prototype and to estimate the CPU power and disk capacity needed, which is absolutely minimalistic: you have to see it for believing it.
0
 
LVL 5

Expert Comment

by:xylog
ID: 35192382
If you are looking for a commercial solution websense, ironport and blue coat the three market leaders in Secure Web Gateway solutions - basically filtering proxy aapliances. If you want to roll your own you can use squid with open source categories.
0
 
LVL 10

Expert Comment

by:pfrancois
ID: 35194485
IPCop includes squid.
0
 
LVL 10

Expert Comment

by:pfrancois
ID: 35214127
Just selecting OpenDNS as DNS server is VERY easy to bypass. You need to configure your router for blocking the access to any DNS server different from these of OpenDNS.
0
 
LVL 14

Expert Comment

by:Roachy1979
ID: 35221670
With a sane network security policy though it's a sane solution. Personally I use a combination of transparent squid & a linux firewall with acl's - for an extra layer of control I'd also consider port based security.

The question though was to provide a simple solution - and as long as users don't have local administrator rights a simple dns enforcement would do the job; -)
0
 
LVL 10

Expert Comment

by:pfrancois
ID: 35230471
@Roachy1979: I understand your statement and I use to give OpenDNS as a solution for basic MS-Windows users.

I only hope JFrusci doesn't give administrator rights to his Windows users, but in a lot of companies, they have, and mainly if they plug their own laptop into the LAN. I hope also they have a "sane network security policy", but I fear they even don't know what this does mean.
0

Featured Post

Cyber Threats to Small Businesses (Part 1)

This past May, Webroot surveyed more than 600 IT decision-makers at medium-sized companies to see how these small businesses perceived new threats facing their organizations.  Read what Webroot CISO, Gary Hayslip, has to say about the survey in part 1 of this 2-part blog series.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This paper addresses the security of Sennheiser DECT Contact Center and Office (CC&O) headsets. It describes the DECT security chain comprised of “Pairing”, “Per Call Authentication” and “Encryption”, which are all part of the standard DECT protocol.
Examines three attack vectors, specifically, the different types of malware used in malicious attacks, web application attacks, and finally, network based attacks.  Concludes by examining the means of securing and protecting critical systems and inf…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Michael from AdRem Software explains how to view the most utilized and worst performing nodes in your network, by accessing the Top Charts view in NetCrunch network monitor (https://www.adremsoft.com/). Top Charts is a view in which you can set seve…
Suggested Courses

618 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question