• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 227
  • Last Modified:

network blocking

at work, the network people have things setup so that to access the internet through IE or Firefox, you have to be authenticated to the network by joining your computer to the domain, and logging in with an authenticated user's account.
we need to have a computer that is a message board and need it to run the messages all the time.  I can see our OU's with a description of policies like log off time, and lock times, and none of the OU's have what we need.
In a different environment, I would just create an OU and set the policies to meet our needs. However, In my environment, it's a huge chore to have something like this done, and I can't create OU's and don't have access to make policies.
So I thought I could setup a win7 pc, and not join the domain, so that we don't have to contend with a bunch of policies, this works, however, the message board has a feature to stream things like stocks, or show the current temperature - which should be blocked. however i noticed that i can ping www.yahoo.com, but can't go there through IE for example.
So I thought this would mean that internet traffic is blocked at the upper end of the network layer but not at a lower layer. if that is correct, would there be a way to have the RSS feed of the stocks still work?
0
JeffBeall
Asked:
JeffBeall
3 Solutions
 
bigeven2002Commented:
Hello,
This may be a shot in the dark, but if you join the win7 PC to domain, you can still log into it as local user which should skip group policy.  Then run IE as a domain admin by right clicking the icon and choose run as different user, then enter the domain user credentials.
0
 
tmoore1962Commented:
If it uses IE explorer you could try installing ad block plus from ad block plus.org
0
 
bigeven2002Commented:
Sorry I meant domain user, not domain admin.
0
The IT Degree for Career Advancement

Earn your B.S. in Network Operations and Security and become a network and IT security expert. This WGU degree program curriculum was designed with tech-savvy, self-motivated students in mind – allowing you to use your technical expertise, to address real-world business problems.

 
bigeven2002Commented:
Also, in regard to your RSS feed, I believe most go through port 80 which is standard but some communicate through port 7780 as well.  So on your Cisco firewall, outbound communication should be allowed for both ports, which it sounds like it already is given that domain users can access.
0
 
Rich RumbleSecurity SamuraiCommented:
You are able to have non-domain joined PC's access the web, but only domain joined PC's get blocked? Do you have to provide credentials to get through the proxies when not domain joined?

If they use WCCP then RSS and html/xml in general (no matter what port) can be captured and processed by the proxy. WCCP works by looking at the traffic itself, and NOT based solely on port#
http://www.cisco.com/c/en/us/td/docs/ios/12_2/configfun/configuration/guide/ffun_c/fcf018.html#wp1000955

No matter what you need to work within your companies policies and chain of command. We cannot help you setup rogue and potentially unauthorized services. You need to escalate your requests and get proper approvals.
We all have the same kinds of head-aches, they exist in all companies I've been to.
-rich
0
 
JeffBeallAuthor Commented:
I wasn't trying to get around security for malicious reasons. I just need a pc that will run an employee information power point.
Anyhow, thank you for the help.
0

Featured Post

Free Tool: IP Lookup

Get more info about an IP address or domain name, such as organization, abuse contacts and geolocation.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now