Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 38
  • Last Modified:

block website terminal server hosted

hey guys,

we have an offsite terminal server that users connect to. I'd like to block youtube, facebook, etc for the majority of users.

What's the most cost effective way to do this?
0
Cobra25
Asked:
Cobra25
  • 4
  • 4
  • 3
  • +1
1 Solution
 
Cliff GaliherCommented:
The best way to block content has been and still is at the network edge. A simple UTM can do this, and even the basic models can do this easily. Perfect to drop in front of an offsite server as they can often be centrally managed.
0
 
Cobra25Author Commented:
Cliff, this is hosted outside of our environment. We dont control the network edge.
0
 
Cliff GaliherCommented:
Ahh. That wasn't mentioned in your question. "Offsite" could be a colo facility or other circumstance as well. But it doesn't change my advice much. Most good hosting environments still provide you a sandboxes network environment where all your host machines can communicate. In that situation, I'd run a UTM as a hosted service. Barracuda, Sophos, and many other UTM vendors can run as software, not just as an appliance. I have this set up for several clients in azure and AWS. But the principle is the same with other hosters as well.
0
Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
Cobra25Author Commented:
a UTM device is NOT an option here.
0
 
Cliff GaliherCommented:
Well, you've painted yourself in a corner then. There are very few agent-based web filtering products that can run on a server OS. They tend to version-check and run on client OSes only. And the few that do often don't run on RDS (the proper name for terminal services.) So you are looking for that 1% of 1%. And they are not inexpensive, as you asked for.
0
 
upalakshithaCommented:
Add record to host file 127.0.0.1 facebook.com
Do same for other sites.but this will affect for whole server.all users will be blocked.
Thank you
0
 
upalakshithaCommented:
Also if server is not a member of any domain, if you can point server dns to opendns you can have perfect filtering for free. This also applies to whole server.
Thank you
0
 
Cobra25Author Commented:
Upalak, yes it is on domain
0
 
Cliff GaliherCommented:
DNS does not block web traffic *at all.* While it can make finding Facebook 'slightly' harder, it is easy to circumvent.
0
 
Dirk KotteSECommented:
would suggest to use a content filtering proxy in one arm installation beside the terminalservers and configure the proxy settings via GPO.
These "proxy" can be a UTM (like sophos UTM) also.
0
 
Cobra25Author Commented:
would openDNS work?
0
 
Dirk KotteSECommented:
i think that`s possible.
but if someone use the IP instead the dns-name the dns-filtering has no effect.
there are ip-reacheble anonymizing  proxys which bypass your dns-filter.
0
 
upalakshithaCommented:
No.if you have blocked with host or domain name, it does not allow browsing from ip too.
Add facebook & youtube domain to opendns block list. Then block proxy sites catagory it is enough . Now no way to browse fb.
0

Featured Post

Windows Server 2016: All you need to know

Learn about Hyper-V features that increase functionality and usability of Microsoft Windows Server 2016. Also, throughout this eBook, you’ll find some basic PowerShell examples that will help you leverage the scripts in your environments!

  • 4
  • 4
  • 3
  • +1
Tackle projects and never again get stuck behind a technical roadblock.
Join Now