MSPs: Endpoint security isn’t enough to prevent ransomware.
As the impact and severity of crypto ransomware attacks has grown, Webroot has fought back, not just by building a next-gen endpoint solution capable of preventing ransomware attacks but also by being a thought leader.
COURSE of the MONTH
15 days, 3 hours left to enrollBecome a Premium Member and unlock a new, free course in leading technologies each month.
Solved
How can I block all computers on our network from accessing Facebook?
Posted on 2012-12-28
My boss wants me to block all users from accessing Facebook. I am running a Windows 2008-R2 Standard Server which also is running DNS Server.
I want to block Facebook regardless of which browser is used to get to that site.
The client computers are a combination of Windows XP, Windows Vista, Windows 7 and Windows 8.
I have read various articles on experts-exchange on how Facebook can be blocked, but the one option (that is the cheapest) suggests using a DNS Server entry of "127.0.0.1 www.facebook.com". This seems to be the easiest solution, but I don't know how to implement it.
Your help is greatly appreciated.
I want to block Facebook regardless of which browser is used to get to that site.
The client computers are a combination of Windows XP, Windows Vista, Windows 7 and Windows 8.
I have read various articles on experts-exchange on how Facebook can be blocked, but the one option (that is the cheapest) suggests using a DNS Server entry of "127.0.0.1 www.facebook.com". This seems to be the easiest solution, but I don't know how to implement it.
Your help is greatly appreciated.
[X]
Welcome to Experts Exchange
Add your voice to the tech community where 5M+ people just like you are talking about what matters.
- Help others & share knowledge
- Earn cash & points
- Learn & ask questions
-
7
4-
2
- +2
15 Comments
Active 3 days ago
That method can easily be bypassed by specifying their own DNS server, such as one of google's (e.g. 8.8.8.8). It would be better to block it at your firewall appliance.
What do you have... PIX? SonicWall? SMB?
What do you have... PIX? SonicWall? SMB?
Active today
if you are in a smal enviornment you can do this at router level. Most of routers have this option & works great
Active today
you can do this with this router model. it has capability of adding up to 255 rules.
add a deny rule with *.facebook
add a deny rule with *.facebook
Active 3 days ago
It has the capability, but it also depends on the firmware installed by the ISP that issued the modem/router. Some of the versions of the 3347-02 I've found manuals for allow blocking only by IP address, not by domain name.
Usually you would have the ISP's modem/router then your firewall and then the office network. In this scenario the block would be placed at the firewall level, very easy and fast procedure. If the scenario does not include the firewall then the block would be placed at the ISP's modem/router level.
Install a free proxy/content filter like dans guardian with squid or an all in one opensource firewall like ipfire which has a built in proxy and content filter which if no cost.
Cheers, Alan
Cheers, Alan
Active 3 days ago
Dan's Guardian is not free for commercial use
http://dansguardian.org/?page=pricing
Squid does not have binaries for Server 2008.
http://squid.acmeconsulting.it/
I'm still downloading IPFire, but it appears to require a dedicated computer with all traffic ran through it in both direction, not unlike a firewall appliance. And during the install it formats the hard drive to install itself as the operating system.
http://dansguardian.org/?page=pricing
Squid does not have binaries for Server 2008.
http://squid.acmeconsulting.it/
I'm still downloading IPFire, but it appears to require a dedicated computer with all traffic ran through it in both direction, not unlike a firewall appliance. And during the install it formats the hard drive to install itself as the operating system.
to: upalakshitha
you can do this with this router model. it has capability of adding up to 255 rules.
add a deny rule with *.facebook
I looked in all the router settings and I do not see where I add the "deny" rule.
you can do this with this router model. it has capability of adding up to 255 rules.
add a deny rule with *.facebook
I looked in all the router settings and I do not see where I add the "deny" rule.
Router manual is attached.
Netopia-3347W-Router-Manual.pdf
Netopia-3347W-Router-Manual.pdf
Here is a more detailed manual. See pages 146 thru 165. Especiall take a look at page 155 (blocking an IP address).
Netopia-3347-Router---Software-V.pdf
Netopia-3347-Router---Software-V.pdf
Active 3 days ago
That appears to be an ATT-issued router, by the firmware version.
(see http://www.experts-exchange.com/Hardware/Misc/Q_27598531.html - the manual linked in that thread is for version 7.5 firmware, the same as the one you uploaded here, which is good since that motorola link is dead now.)
Did you try calling their customer support and asking how to setup the Filter Sets in System Configuration? Possibly they would do it for you via remote.
Otherwise, some facebook IP addresses I came up with from DNS are
173.252.100.16
and
31.13.66.23
Block those in and out, and if you see anyone still manage to connect to facebook, note the full URL and check the DNS of the full URL and add it as another rule in the filter. e.g. www.facebook.com might DNS to a different IP address than the en-gb.facebook.com 3rd level domain name.
(see http://www.experts-exchange.com/Hardware/Misc/Q_27598531.html - the manual linked in that thread is for version 7.5 firmware, the same as the one you uploaded here, which is good since that motorola link is dead now.)
Did you try calling their customer support and asking how to setup the Filter Sets in System Configuration? Possibly they would do it for you via remote.
Otherwise, some facebook IP addresses I came up with from DNS are
173.252.100.16
and
31.13.66.23
Block those in and out, and if you see anyone still manage to connect to facebook, note the full URL and check the DNS of the full URL and add it as another rule in the filter. e.g. www.facebook.com might DNS to a different IP address than the en-gb.facebook.com 3rd level domain name.
Featured Post
Before moving to the cloud, it is important to carefully define your db needs, plan for the migration & understand prod. environment. This wp explains how to define what you need from a cloud provider, plan for the migration & what putting a cloud solution into practice entails.
Question has a verified solution.
If you are experiencing a similar issue, please ask a related question
Phishing is at the top of most security top 10 efforts you should be pursuing in 2016 and beyond. If you don't have phishing incorporated into your Security Awareness Program yet, now is the time. Phishers, and the scams they use, are only going to …
Transferring data across the virtual world became simpler but protecting it is becoming a real security challenge. How to approach cyber security in today's business world!
If you're a developer or IT admin, you’re probably tasked with managing multiple websites, servers, applications, and levels of security on a daily basis. While this can be extremely time consuming, it can also be frustrating when systems aren't wor…
Michael from AdRem Software explains how to view the most utilized and worst performing nodes in your network, by accessing the Top Charts view in NetCrunch network monitor (https://www.adremsoft.com/). Top Charts is a view in which you can set seve…
Suggested Courses
Course of the Month15 days, 3 hours left to enroll
771 members asked questions and received personalized solutions in the past 7 days.
Join the community of 500,000 technology professionals and ask your questions.