?
Solved

Website content filtering at different level

Posted on 2016-08-11
5
Medium Priority
?
112 Views
Last Modified: 2016-09-02
I need to block a few websites, and I assume I can do this by different ways:
1. Firewall
I have a sonicwall, but no subscription for the content filtering. Other people seem to be successful without subscription, but I am missing something. I cannot add this to a Zone.

2. DNS
Is this possible when you only have a windows internal DNS, and all the request for website access are transferred to a ISP DNS?

3. Proxy Server
No experience here. Do I designate a machine for this? I have a windows 7 machine that only works as quickbooks server.
Maybe setup squid on linux? Can I take a old PC to do this, or do I need a good machine?
0
Comment
Question by:Member_2_7970390
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
5 Comments
 
LVL 5

Assisted Solution

by:Laroy Shtotland
Laroy Shtotland earned 1000 total points
ID: 41752430
0
 
LVL 10

Accepted Solution

by:
pfrancois earned 1000 total points
ID: 41756591
The three approaches will work.

1. Firewall:

a) If you know the IP addresses fo the few websites you want to block, you can just block the traffic according to these rules on the sonicwall, and if you have access to these features:
source IP: any
source port: any
destination IP: IP address you want to block
destination port: 80 (for http) or 443 (for https)

b) if you don't have access to these settings of the firewall, but still have access to the modem, try to block the traffic on the modem.

There is a problem with this method: if the IP address of the website is changing, you have to modify manually the IP address to block. Controling this is a hassle. I do not encourage you to follow this methos.

2. You can rely upon an external DNS server for banning some websites. The feature you need is customized blacklist, i.e. a list of all the websites you want to exclude.

Your Windows internal DNS server will have to be configured to use the DNS servers of securedns.dnsbycomodo.com (8.26.56.26 and 8.20.247.20) or those of dyn.com (216.146.35.35 and 216.146.36.36) as external DNS server, not the the DNS settings provided by your ISP. With a webinterface, you can customize your blacklist on one of these DNS providers. They give a free account. I hope they will not oblige you within some time to get a payed account. OpenDNS (http://www.opendns.com) offers also free services to implement blacklists.

3. The proxy server was the classical solution some years ago. Setting up a Linux machine with squid was a very strong solution and was working very good on old computers. For speeding up the installation process, you can even choose some Linux distribution having squid installed by default, like IPCop.The problem of an older computer is that the network interface cards (you need at least two NIC for IPCop) are sometimes too slow (10 Mbps, 100 Mbps) for the current modems going much faster (1Gbps and more). This solution risks to slow down the speed of the Internet. However, not always because if case your NICs are fast enough, you can configure IPCop to work as an Internet Accelerator because of its proxy caching features.

My advice: choose solution #2. OpenDNS has my preference, but you can try with dyn.com or dnsbycomodo.com.
0
 
LVL 25

Expert Comment

by:Blue Street Tech
ID: 41759143
Hi Member_2_7970390,

I'd recommend doing this on the Firewall but here are my comments on your questions.

At the Firewall: I definitely wouldn't block via Access Rules but rather via CFS policy - its more intuitive, comprehensive and can be applied in a more granular fashion such as by user, group, IP/IP range, etc.

At DNS: IMO opendns is the best option but this can be circumvented, DNS spoofing & poisoning tactics.

At the Proxy: Proxy are still valid in certain scenarios but again as a security standard and trend filtering this at the Firewall is where the industry is at.

Let me know if you have any other questions!
0
 

Author Comment

by:Member_2_7970390
ID: 41759615
Hi, all,
Thank you very much for all your comments!!

1. I was able to do it in Sonic Wall with Access Rules. I don't have a subscription so I cannot use CFS policy - too bad.

2. I think what I need to do is to select these dyn/docomo dns as the "forwarded" in my internal DNS server. Not sure how they work internally to personalize the blacklist, but I am totally ignorant on this.

3. Interesting that people are not doing this any more, Probably the internet connection is fast enough, and not much benefit from "caching." Linux distribution with built-in Squid sounds good.
0
 
LVL 25

Expert Comment

by:Blue Street Tech
ID: 41761791
I would highly recommend purchasing CGSS (Comprehensive Gateway Security Suite) for anyone who remotely cares about security and protecting your network. In fact we don't buy a SonicWALL without it...its a default IMO. CGSS includes 24/7 support, gateway: Antivirus, Antispyware, CFS (Premium Content Filtering Service), Geo-IP Filtering, Botnet Filtering, Application Control, SSL Control, and SSL-DPI services (I may be forgetting a few - its well worth it though). The threat landscape of today is ever-changing and ever-evolving. Just a running DPI (Deep Packet Inspection) is not enough.

Additionally, by implementing this in Access Rules is not content filtering - there is not intuitive or intelligent about it...but rather just a whitelist/blacklist that can easily be circumvented by spoofing, DNS poisoning and so on.

Depending on the DNS service you select they will guide you on how to setup their product. My only reservation about filtering from the DNS side is that it is easily circumvented by changing or writing a hack to change the machine's DNS either directly or by proxy.

Let me know if you have any other questions!
0

Featured Post

Get 15 Days FREE Full-Featured Trial

Benefit from a mission critical IT monitoring with Monitis Premium or get it FREE for your entry level monitoring needs.
-Over 200,000 users
-More than 300,000 websites monitored
-Used in 197 countries
-Recommended by 98% of users

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I found an issue or “bug” in the SonicOS platform (the firmware controlling SonicWALL security appliances) that has to do with renaming Default Service Objects, which then causes a portion of the system to become uncontrollable and unstable. BACK…
An article on effective troubleshooting
If you're a developer or IT admin, you’re probably tasked with managing multiple websites, servers, applications, and levels of security on a daily basis. While this can be extremely time consuming, it can also be frustrating when systems aren't wor…
Michael from AdRem Software explains how to view the most utilized and worst performing nodes in your network, by accessing the Top Charts view in NetCrunch network monitor (https://www.adremsoft.com/). Top Charts is a view in which you can set seve…
Suggested Courses

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question