Network Blocking/ Content filtering / routing/ proxy

[Vegito]

Well, I guess the main reason for company to block out site is to use a proxy server or some kind of content filtering at the firewall..
Being that I dont have a extra machine to block out content filtering and stuff or run proxy to block certain website any suggestions ?

I mean all i have to do is block out sites like saks, neman marcus?, all the shoe stores, etc..

can I just get the ip and use the cisco router and

block all port 80 traffic going to those ip address ?

I guess thats why people buy those content filter/proxy server so their employee can do work instead of surfing and shopping online and crap like that... oh well...

 

[Tallgeese]

Ummm...not sure what the question is here, but I'll take a stab.

You can block any ip address using an access-rule on your router. If a site has multiple hosts, you may have to block all of them. If an address ever change, your rule will have to be updated.

Most people deploy content control engines alongside their dedicated filewall devices to make the filtering process manageable.

 

[Vegito]

Yeah, thats kinda my question.. lots of work now.. now i gotta find the ip of all the shopping sites...

 

[spidey07]

with internet worms and viruses getting sneakier and your requirements for content filtering. then yeah, get a content server with some virus protection.

 

[Garion]

There's one thing about networking - You get what you pay for. If you try to block out certain sites at your router, best of luck - Things change SO fast and the Internet is so massive you'll find it absolutely impossible to stop 10% of the traffic you don't want.

Take, for example, Yahoo. They have very vaulable information but also house hundreds of shops. Can't allow one without the other.

If your company wants to block certain sites, then you need to buy the right hardware and software. Something like Cyberpatrol on a proxy works quite nicely. Other alternatives are to buy a firewall (like SonicWall) that will do both firewalling, VPNs and content filtering.

The other option is to create a solid acceptable use policy. No porn, period. Use the Internet only for casual use, and then only when it doesn't interfere with normal business. Be tough enforcing it - When they screw up, take away their Internet access for a week. Second time for a month. Third time, fire 'em.

Last possibility for a small company - Download some of the personal content filters like they use at public libraries and install them on your PC's.

- G

 

[Vegito]

Actually we only have 1 lady in the office.. and she shops from 9-5... and chats online.. which is okay but than she dumps her work on me... i mean why should I clean up the office..

 

[Garion]

In that case, print out a copy of her history while she's off in the bathroom or something. Take it to your manager and get him to approve you blocking EVERYTHING to the Internet except exactly what she needs to get to - Mail, etc. Easier to deny all and permit a few things than the other way around.

- G

 

[Tallgeese]

<< Actually we only have 1 lady in the office.. and she shops from 9-5... and chats online.. which is okay but than she dumps her work on me... i mean why should I clean up the office.. >>

Garion touched on this, but I will make it completely clear...

The task of filtering Internet access does not begin with hardware and software. It starts with a comprehensive Internet Access & Usage policy drafted and approved by your company's owners/management, which is then distributed, explained, and ENFORCED.

In fact, trying to filter Internet access without a policy in place makes it nigh impossible to assure that the solution being implemented will cover all circumstances and provide adequate protection for situations that could range from "hostile work environment" complaints (likely to happen if pornography is being accessed) to "termination without cause" claims (common if worker fired for goofing off without hard evidence to back it up). Also, your company may be open to a harassment suit if you filter just one person without giving proper notice or outlining both the access policy and/or consequences for violating the policy. They may try to claim they are being singled out for something other people are guilty of.

BTW: I always find it amusing how willing people called on "the carpet" about their Web-surfing-downloading-streaming-what-have-you habits are to "sqeal" on their co-workers. Never fails.

 

[Tallgeese]

<< Actually we only have 1 lady in the office.. and she shops from 9-5... and chats online.. which is okay >>

Also wanted to point out that the phrase "which is okay" is the ENTIRE problem. If this is the general feeling she is getting around the office about her behavior, then someone with authority (her manager, NOT you) needs to clarify this issue, and give her the opportunity to correct her behavior.

As a tech, you never want to get in the middle of an HR dispute. Let the managers and HR folks do their job. If there's no policy in place, then you guys are not ready for any kind of "enforcement," because you don't actually have anything to enforce.

 

[MichaelD]

Bump for an intelligent thread.

 

[Vegito]

oh i'm HR also.. small company.. and one of the options trader

 

[Garion]

Then go out and get something like CyberSnoop and restrict what she does. Just make sure you warn her at least once, just to be decent.

- G