Hi AT
I have a work problem that I am hoping you fine folks can help me solve.
Background:
I work at an electronics retailer, at one of the smaller branches. The company I work for does not take data security or network infrastructure at all seriously. I am not an IT pro, I am a stock guy who is just trying to solve an issue nobody else really cares about...so bear with me.
Essentially, at my store, everything is lumped together on one big ad-hoc network of supreme shitty configuration-ness. We have staff "workstations", a server in the back room, and a couple of other miscellaneous purpose PCs for other tasks. On this same network, we have our service centre and all the computers that we service on the same network (including ones we do virus removal on...sigh. Only reason I bring my ultrabook in and use it on this network is because it is the only Linux based machine, so I figure I have a reasonable chance of avoiding the computer STDs)
I can't really do anything about the above mentioned clusterfrak as I am not really empowered to make my employer give a damn about security or ethical handling of customers' valuable hardware and data...but I have a potentially fixable problem with our display model computers. We have a bunch of laptops and a few desktops out that customers can use, and those are connected to our network so that they have internet access. The problem is that the purpose for that is so that they can browse our website - in practice, we get treated like an internet cafe. People come in and download stuff, access social networks, even try to use P2P. I'd like to put a stop to that, since it is introducing a very random factor into the data that travels over our network.
It gets better though: if I were setting this up from the get go, I'd just use an activedirectory domain and set up group policy restrictions for this stuff - but our setup is nowhere near that sophisticated. Since we still need access to outside websites on our workstations, I can't just block everything but our commercial website. I can't edit host files on the display models because we sell them and our sales guys can easily forget to undo such a modification.
I THINK I have a solution:
1) Set up static IPs on the workstations that I don't want filtered
2) set up white list for all computers on the lan that don't fall inside the IP range used for step 1
3) Profit?
Assuming for a minute that none of you know an easier way - our router is a Linksys WRT54g - poking around in the settings, I figured out how to blacklist specific sites, but there is no function to block everything and then add exceptions. There is, however, shell access. Is this possible to do?
Thanks in advance for your help!
I have a work problem that I am hoping you fine folks can help me solve.
Background:
I work at an electronics retailer, at one of the smaller branches. The company I work for does not take data security or network infrastructure at all seriously. I am not an IT pro, I am a stock guy who is just trying to solve an issue nobody else really cares about...so bear with me.
Essentially, at my store, everything is lumped together on one big ad-hoc network of supreme shitty configuration-ness. We have staff "workstations", a server in the back room, and a couple of other miscellaneous purpose PCs for other tasks. On this same network, we have our service centre and all the computers that we service on the same network (including ones we do virus removal on...sigh. Only reason I bring my ultrabook in and use it on this network is because it is the only Linux based machine, so I figure I have a reasonable chance of avoiding the computer STDs)
I can't really do anything about the above mentioned clusterfrak as I am not really empowered to make my employer give a damn about security or ethical handling of customers' valuable hardware and data...but I have a potentially fixable problem with our display model computers. We have a bunch of laptops and a few desktops out that customers can use, and those are connected to our network so that they have internet access. The problem is that the purpose for that is so that they can browse our website - in practice, we get treated like an internet cafe. People come in and download stuff, access social networks, even try to use P2P. I'd like to put a stop to that, since it is introducing a very random factor into the data that travels over our network.
It gets better though: if I were setting this up from the get go, I'd just use an activedirectory domain and set up group policy restrictions for this stuff - but our setup is nowhere near that sophisticated. Since we still need access to outside websites on our workstations, I can't just block everything but our commercial website. I can't edit host files on the display models because we sell them and our sales guys can easily forget to undo such a modification.
I THINK I have a solution:
1) Set up static IPs on the workstations that I don't want filtered
2) set up white list for all computers on the lan that don't fall inside the IP range used for step 1
3) Profit?
Assuming for a minute that none of you know an easier way - our router is a Linksys WRT54g - poking around in the settings, I figured out how to blacklist specific sites, but there is no function to block everything and then add exceptions. There is, however, shell access. Is this possible to do?
Thanks in advance for your help!
Facebook
Twitter