Web content filtering -- work laptops at home ?

Posted on 2012-09-07
Last Modified: 2013-11-22
What "content filtering” software do you recommend when users take their laptops home and use their OWN home internet connections so they still get work's "content filtering” rules ?
Question by:finance_teacher
    LVL 1

    Assisted Solution

    We force the VPN to connect at startup, therefore the user receives the policy.  So they may not be able to access "fun" stuff at home, but remember, it is still a WORK laptop.

    I believe that some corporate web filtering software allows you to install on the work laptops.. (download from the companys website) this way the policy updates when the laptop is connected to the work network, but any changes that you make while the laptop is at home will not get applied until either

    A.  user connects to the VPN
    B.  the laptop is brought back into the office and connects to the network

    But remember..  if you go to the Barracuda website, their "slogan" is:

    "Complete protection of your DESKTOP network!"

    Good Luck
    LVL 5

    Assisted Solution

    We have some laptops that have air cards in them which allow the user to connect through Verizon's cellular service. Which means they are just out in the wild until they connect to the VPN. We could auto launch the vpn but unfortunately the user can just disconnect and use the Verizon card. So I've started looking at using the content advisor built into IE. I basically setup all my settings on a test laptop and exported the reg entries which i plan to deploy as part of the image though SCCM. (our laptops are about to be upgraded from XP to 7).

    Just figured i put another idea out there -
    LVL 1

    Assisted Solution

    just a thought..

    Set their DNS to your internal DNS (e.g. 10.x.x.x) and give them user privledges only. When they are on the VPN they will be able to access my internal DNS to resolve HTTP request. With user priv, they cannot reset the DNS IP.
    LVL 6

    Assisted Solution

    just like the above,  our users have our proxy coded in via group policy which cannot be changed.

    so only way to surf the net is by loggin on to the vpn first.
    LVL 5

    Assisted Solution

    One of the problems we have is some of our users need to be able to use public wi-fi and places that require them to login won't work because they can't get to the login page. However if this isn't a concern a proxy or DNS definitely seems like the way to go.

    Author Comment

    Would doing via VPN to get the policy use by my corporate bandwidth ?

     1. user goes to
     2. download a 2GB file
     3. my corporate bandwidth & the user's home bandwidth is used to download this entire file
    LVL 17

    Accepted Solution

    If they don't have admin rights on their laptops and couldn't change DNS/IP settings you could use OpenDNS and force a proxy or force them to use OpenDNS servers based off a policy inherited from your internal server when they were on the network.  

    A much easier way is to do the $12 per user per year option of Barracuda's which allows you to install an agent, that is very lightweight, on any computer and all Internet traffic is routed and checked by Barracuda's filters.  You set what they can and can't access down to the exact file extension and never worry about it again.  I would highly encourage you to think about it:  It's called Web Security Flex

    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    Maximize Your Threat Intelligence Reporting

    Reporting is one of the most important and least talked about aspects of a world-class threat intelligence program. Here’s how to do it right.

    When the confidentiality and security of your data is a must, trust the highly encrypted cloud fax portfolio used by 12 million businesses worldwide, including nearly half of the Fortune 500.
    If you're not part of the solution, you're part of the problem.   Tips on how to secure IoT devices, even the dumbest ones, so they can't be used as part of a DDoS botnet.  Use PRTG Network Monitor as one of the building blocks, to detect unusual…
    Sending a Secure fax is easy with eFax Corporate ( First, Just open a new email message.  In the To field, type your recipient's fax number You can even send a secure international fax — just include t…
    This video discusses moving either the default database or any database to a new volume.

    759 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    7 Experts available now in Live!

    Get 1:1 Help Now