kwlol
asked on
Host based Firewall
Any host based firewall or agent can restrict users to connect to a whitelisted websites (by domain names, not by IP)?
My company is using McAfee host based DLP, but can only restrict by IP. We do not want to make any changes to the network firewall as well.
Besides, the agent should be controlled by a centralized management console for any update of the whitelist and related policies.
Pls advise. Thanks.
My company is using McAfee host based DLP, but can only restrict by IP. We do not want to make any changes to the network firewall as well.
Besides, the agent should be controlled by a centralized management console for any update of the whitelist and related policies.
Pls advise. Thanks.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
You could also use web filtering solutions such as Untangle, WebSense, etc. you could also subscribe to OpenDNS or other providers who gives you the ability to blacklist/whitelist sits, use categories and keywords providing you use their DNS servers.
^^^what they have said..
get a physical web filter, configure it as transparent.
plug it directly in the middle of your router and firewall. bish bash bosh a little configuring job done.
get a physical web filter, configure it as transparent.
plug it directly in the middle of your router and firewall. bish bash bosh a little configuring job done.
ASKER
Thanks all.
dkotte, it seems that Sophos host-based UTM could be a choice, maybe i will try it later. How about ZoneAlarm Pro Firewall? does it support whitelisting websites (by domain names)?
Would the agent conflict with the existing AV or DLP?
dkotte, it seems that Sophos host-based UTM could be a choice, maybe i will try it later. How about ZoneAlarm Pro Firewall? does it support whitelisting websites (by domain names)?
Would the agent conflict with the existing AV or DLP?
on the free side, there are plenty of proxies around that do this job perfectly
you may want to look at squidguard or dansguardian (both have a gui), or possibly tinyproxy ( simple text-based configuration )
you may want to look at squidguard or dansguardian (both have a gui), or possibly tinyproxy ( simple text-based configuration )