Solved

How can I block all computers on our network from accessing Facebook?

Posted on 2012-12-28
15
806 Views
Last Modified: 2013-01-09
My boss wants me to block all users from accessing Facebook.  I am running a Windows 2008-R2 Standard Server which also is running DNS Server.

I want to block Facebook regardless of which browser is used to get to that site.  

The client computers are a combination of Windows XP, Windows Vista, Windows 7 and Windows 8.

I have read various articles on experts-exchange on how Facebook can be blocked, but the one option (that is the cheapest) suggests using a DNS Server entry of "127.0.0.1 www.facebook.com".  This seems to be the easiest solution, but I don't know how to implement it.

Your help is greatly appreciated.
0
Comment
Question by:LessonsLearned
  • 7
  • 4
  • 2
  • +2
15 Comments
 
LVL 44

Expert Comment

by:Darr247
ID: 38728418
That method can easily be bypassed by specifying their own DNS server, such as one of google's (e.g. 8.8.8.8). It would be better to block it at your firewall appliance.

What do you have... PIX?  SonicWall? SMB?
0
 
LVL 13

Expert Comment

by:upalakshitha
ID: 38728435
if you are in a smal enviornment you can do this at router level. Most of routers have this option & works great
0
 

Author Comment

by:LessonsLearned
ID: 38728437
I have a Motorola 3347-02 (Netopia 3000) wireless router.
0
Three Reasons Why Backup is Strategic

Backup is strategic to your business because your data is strategic to your business. Without backup, your business will fail. This white paper explains why it is vital for you to design and immediately execute a backup strategy to protect 100 percent of your data.

 
LVL 13

Assisted Solution

by:upalakshitha
upalakshitha earned 250 total points
ID: 38728648
you can do this with this router model. it has capability of adding up to 255 rules.
add a deny rule with *.facebook
0
 
LVL 44

Accepted Solution

by:
Darr247 earned 250 total points
ID: 38728885
It has the capability, but it also depends on the firmware installed by the ISP that issued the modem/router. Some of the versions of the 3347-02 I've found manuals for allow blocking only by IP address, not by domain name.
0
 
LVL 5

Expert Comment

by:OOsorio
ID: 38729112
Usually you would have the ISP's modem/router then your firewall and then the office network. In this scenario the block would be placed at the firewall level, very easy and fast procedure. If the scenario does not include the firewall then the block would be placed at the ISP's modem/router level.
0
 
LVL 8

Expert Comment

by:amatson78
ID: 38729310
Install a free proxy/content filter like dans guardian with squid or an all in one opensource firewall like ipfire which has a built in proxy and content filter which if no cost.

Cheers, Alan
0
 
LVL 44

Expert Comment

by:Darr247
ID: 38729445
Dan's Guardian is not free for commercial use
http://dansguardian.org/?page=pricing

Squid does not have binaries for Server 2008.
http://squid.acmeconsulting.it/

I'm still downloading IPFire, but it appears to require a dedicated computer with all traffic ran through it in both direction, not unlike a firewall appliance. And during the install it formats the hard drive to install itself as the operating system.
0
 

Author Comment

by:LessonsLearned
ID: 38732881
The software/firmware of the modem is 7.8.1R2
0
 

Assisted Solution

by:LessonsLearned
LessonsLearned earned 0 total points
ID: 38732917
to: upalakshitha

you can do this with this router model. it has capability of adding up to 255 rules.
add a deny rule with *.facebook

I looked in all the router settings and I do not see where I add the "deny" rule.
0
 

Author Comment

by:LessonsLearned
ID: 38732925
Router manual is attached.
Netopia-3347W-Router-Manual.pdf
0
 

Author Comment

by:LessonsLearned
ID: 38733091
Here is a more detailed manual.  See pages 146 thru 165.  Especiall take a look at page 155 (blocking an IP address).
Netopia-3347-Router---Software-V.pdf
0
 
LVL 44

Expert Comment

by:Darr247
ID: 38733456
That appears to be an ATT-issued router, by the firmware version.
(see http://www.experts-exchange.com/Hardware/Misc/Q_27598531.html - the manual linked in that thread is for version 7.5 firmware, the same as the one you uploaded here, which is good since that motorola link is dead now.)

Did you try calling their customer support and asking how to setup the Filter Sets in System Configuration? Possibly they would do it for you via remote.

Otherwise, some facebook IP addresses I came up with from DNS are
173.252.100.16
and
31.13.66.23

Block those in and out, and if you see anyone still manage to connect to facebook, note the full URL and check the DNS of the full URL and add it as another rule in the filter. e.g. www.facebook.com might DNS to a different IP address than the en-gb.facebook.com 3rd level domain name.
0
 

Author Comment

by:LessonsLearned
ID: 38744793
I will replace this "old" Motorola Netopia 3347W router with a new D-Link ADSL2+ router which will enable me to block facebook by ip address or domain name.

Thanks for showing me where to look (in filter sets).
0
 

Author Closing Comment

by:LessonsLearned
ID: 38758240
I could not find "filter sets" in my "old" Motorola router, so I will replace the router with a new D-Link ADSL2+ router.
0

Featured Post

What is SQL Server and how does it work?

The purpose of this paper is to provide you background on SQL Server. It’s your self-study guide for learning fundamentals. It includes both the history of SQL and its technical basics. Concepts and definitions will form the solid foundation of your future DBA expertise.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Examines three attack vectors, specifically, the different types of malware used in malicious attacks, web application attacks, and finally, network based attacks.  Concludes by examining the means of securing and protecting critical systems and inf…
An article on effective troubleshooting
This Micro Tutorial will teach you how to censor certain areas of your screen. The example in this video will show a little boy's face being blurred. This will be demonstrated using Adobe Premiere Pro CS6.
In this video I am going to show you how to back up and restore Office 365 mailboxes using CodeTwo Backup for Office 365. Learn more about the tool used in this video here: http://www.codetwo.com/backup-for-office-365/ (http://www.codetwo.com/ba…

816 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

13 Experts available now in Live!

Get 1:1 Help Now