Solved

Webfiltering for multiple sites

Posted on 2013-01-09
5
175 Views
Last Modified: 2013-02-06
I have a main head office site that uses several servers to filter web requests. The users are restricted by their AD credentials. A number of groups in the filtering software are created and the AD users are applied to those groups. I have a number of mobile clients they run an application that connects back to the same webfiltering solution except to a seperate server in the DMZ. They get a standard web filtering policy applied, if I want to be specific I have to join the mobile user to the domain so I can apply the policy to their AD username.

I have multiple remote sites that now want to benefit from different policies for webfiltering as oppose to a blanket policy, all of these sites are on their own domain. I thought about creating a VPN and a trust between domains and applying them to the webfiltering policies but I'm thinking there has to be a more efficient way of doing this. I briefly looked at opendns but am unsure if this would work. I am interested to see what other people are using for similar scenarios.
0
Comment
Question by:Sid_F
  • 3
  • 2
5 Comments
 
LVL 27

Expert Comment

by:Steve
ID: 38767202
we need to know what webfiltering software/solution you use to be able to offer any good advice, but are you are basically advising you want multiple sites to share a single webfiltering facility?

If the webfilter is directly accessible by all the sites (an internet based webfilter) it should be fine, but doing it across VPNS to an internal webfilter would be really slow.

OpenDNS can provide some basic filtering but its DNS based and is really easy to bypass.
0
 
LVL 5

Author Comment

by:Sid_F
ID: 38767475
Curent solution is websense. Policy gets pushed from head office to the firewall's on each site but again problem is not all sites logon to the head office AD. Some sites have their own AD others are on a peer to peer. I could create a vpn and a trust to the remote sites but I'm exploring all options
0
 
LVL 27

Expert Comment

by:Steve
ID: 38774605
yes, sounds about right.
I'd recommend against trying to get all sites using the central websense due to problems and also due to traffic levels across VPNs.

If its basic control you need you could consider openDNS etc, or a basic webfilter proxy for each site, but you may end up going for a proper hosted filter.
0
 
LVL 5

Author Comment

by:Sid_F
ID: 38792182
Open dns is probably too basic. I was hoping to really get detail on what other companies with more than 1000 users and multiple sites are using for this type of thing.
0
 
LVL 27

Accepted Solution

by:
Steve earned 500 total points
ID: 38804983
The Websense & GFI offerings are well used and regarded,but arent cheap.
0

Featured Post

Top 6 Sources for Identifying Threat Actor TTPs

Understanding your enemy is essential. These six sources will help you identify the most popular threat actor tactics, techniques, and procedures (TTPs).

Join & Write a Comment

I annotated my article on ransomware somewhat extensively, but I keep adding new references and wanted to put a link to the reference library.  Despite all the reference tools I have on hand, it was not easy to find a way to do this easily. I finall…
#Citrix #Internet Explorer #Enterprise Mode #IE 11 #IE 8
Google currently has a new report that is in beta and coming soon to Webmaster Tool accounts. This Micro Tutorial will highlight new features for Google Webmaster Tools.
This Micro Tutorial will demonstrate how to add subdomains to your content reports. This can be very importing in having a site with multiple subdomains.

747 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now