Can't block https sites with Asus router

[explrsport]

Hi, I am trying to block Facebook access for a very small business workgroup. However, the firewall software built into the Asus RT-N56U doesn't seem to allow blocking any https site, which of course Facebook uses. I am already blocking www.facebook.com, but they are still using the https version to play throughout the day.

Any ideas? Trying to avoid installing another piece of equipment.



thanks!

 

[Mushkins]

Hmm... Are they on a domain? If so you could set the DNS settings on your server to redirect https facebook to something nonexistant and configure their desktops to use the server for their primary DNS.

Or you could edit their hosts files since its a small group of PCs to redirect facebook to the loopback address.

Could always take a software approach too by using filtering software such as Bess.

 

[explrsport]

no domain. More of a workgroup, just sharing internet and printers.

I can easily go on the their computers and edit a file....which one would it be??

 

[Mushkins]

http://www.howtogeek.com/howto/27350/beginner-geek-how-to-edit-your-hosts-file/

 

[thecoolnessrune]

If you want to control your employees in a synchronous fashion, invest in AD now, or regret it later when you are spaghetti stringing a bunch of edits together to get the functionality you want.

That being said, I find the whole blocking thing, especially in small groups, the likes of which doesn't even have a proper domain system set up, to be entirely odd. It will do only one thing, make the coworkers hate you.

In such a small setting, it's easy to see who is performing and who isn't. If they are performing up to the standards the boss sets for them, what is the problem? And if they aren't, why hasn't he found someone else who can?

Blocking websites seems like a terrible bandaid to addressing the real problem. My company (much larger) tried something similar, but once they realised productivity went down, and we had some real talent leave the company in part due to these rules (straw that broke the camels back so to speak), they reversed their decision and just blocked things that could get them in real trouble (porn and file sharing).

 

[John Connor]

Set the DNS in the router to OpenDNS's servers, create an account with OpenDNS and block Facebook. If you can flash that router to DD-WRT you could block port 53 and use DNSmasq that way no one can change the DNS server on the computer and get by. The only other way to get by is a VPN, but you can prevent VPN pass through.

www.opendns.com

http://www.dd-wrt.com/site/index

 

[Mushkins]

If you want to control your employees in a synchronous fashion, invest in AD now, or regret it later when you are spaghetti stringing a bunch of edits together to get the functionality you want.

That being said, I find the whole blocking thing, especially in small groups, the likes of which doesn't even have a proper domain system set up, to be entirely odd. It will do only one thing, make the coworkers hate you.

In such a small setting, it's easy to see who is performing and who isn't. If they are performing up to the standards the boss sets for them, what is the problem? And if they aren't, why hasn't he found someone else who can?

Blocking websites seems like a terrible bandaid to addressing the real problem. My company (much larger) tried something similar, but once they realised productivity went down, and we had some real talent leave the company in part due to these rules (straw that broke the camels back so to speak), they reversed their decision and just blocked things that could get them in real trouble (porn and file sharing).

I have to disagree. Excessive blocking is one thing, but blocking things like personal email and facebook are pretty much expected these days unless part of your job requires business use of those tools. Sites like facebook are a huge security and integrity nightmare, I dont need users bogging down their workstations downloading their whole facebook photo album to play with their desktop background or clicking sketchy links from spammers and spreading viruses across my network. You wanna browse Amazon for a new purse on your lunch break? Go ahead. Social networking on company time not so much, your friends will still be there sending you cute dog pix and chain letter spam when you clock out, I promise. You wanna hide your phone under your desk and dick around on unblocked facebook over your 4G? That's an HR problem and not my ballgame, enjoy.