windows DNS and site blocking
Author
Message
my boss wants me to block all sites but a small handful.
I tried turning off DNS and just adding those sites to the HOSTS file, but it didnt work, and what if those sites change their IP anyway.
any ideas on a good way to do this?
I tried turning off DNS and just adding those sites to the HOSTS file, but it didnt work, and what if those sites change their IP anyway.
any ideas on a good way to do this?
AOL FREE 5000 HOURS
You could write firewall rules that block every address on port 80 by default, then open holes for certain sites.
That'd be the easiest way to go about it i'd think.
It'd also be easy to bypass though, and wouldn't block secure web browsing.
That'd be the easiest way to go about it i'd think.
It'd also be easy to bypass though, and wouldn't block secure web browsing.
hrmmm. good thinking. any recomendations on which firewall should I use?
depends on operating system I guess.
with ipfw it would look like this.
ipfw add pass tcp from www.yahoo.com 80 to any
ipfw add deny tcp from any 80 to any
As long as that last line stays last, it should work fine.
I'm sure there are better ways to do it though.
with ipfw it would look like this.
ipfw add pass tcp from www.yahoo.com 80 to any
ipfw add deny tcp from any 80 to any
As long as that last line stays last, it should work fine.
I'm sure there are better ways to do it though.
install squid and then you can monitor everyone's surfing habits!
btw, nazi internet policies in the workplace suck.
btw, nazi internet policies in the workplace suck.
well, people are checking out http://www.trumpps.net and shit.
if I set up some sort of DNS server on my linux box. Only have entries for the few sites I want and somehow exclude all other sites. And point to that would that for the DNS server on the windows boxes, would that work? is it hard to set up a DNS server on Linux
if I set up some sort of DNS server on my linux box. Only have entries for the few sites I want and somehow exclude all other sites. And point to that would that for the DNS server on the windows boxes, would that work? is it hard to set up a DNS server on Linux
| kireol wrote: |
well, people are checking out http://www.trumpps.net and shit. if I set up some sort of DNS server on my linux box. Only have entries for the few sites I want and somehow exclude all other sites. And point to that would that for the DNS server on the windows boxes, would that work? is it hard to set up a DNS server on Linux |
No its not hard but you can't block via DNS, setup firewall rules as was suggested to block anything inbound on port 80 except the sites you are allowed to browse to.
You could also setup Windows security policies on each box btw... that'd be even easier...
well, i tried adding /. to restricted sites and it still worked. so i just figured as hung over as I am, that that wasnt working.
I'm not good with Windows security policy so I checked my boss that I do consulting work for on the side (Linux shat) and here's what he said...
(10:16:37) wtfiml33t: how can I set a security policy to restrict certain sites from being browsed to via internet explorer?
(10:21:38) The conversation has become inactive and timed out.
(10:38:34) This is Chris: yo
(10:38:40) wtfiml33t: yo
(10:38:45) This is Chris: whats your prob?
(10:39:12) wtfiml33t: lol I don't have a problem, friend of mine is looking for a good way to block access to LAN users except to specific certain websites..
(10:39:19) wtfiml33t: they've been caught browsing porn and stuff at work =\
(10:42:03) This is Chris: just use the basis IE parental controls
(10:42:08) This is Chris: basic
(10:42:09) wtfiml33t: heh
(10:42:13) This is Chris: it sets a password
(10:42:23) wtfiml33t: k
(10:43:06) This is Chris: the you set "approved sites"
(10:43:17) This is Chris: or set it based on the ratings system
(10:43:29) wtfiml33t: k
(10:43:31) This is Chris: which filters based on contect
(10:16:37) wtfiml33t: how can I set a security policy to restrict certain sites from being browsed to via internet explorer?
(10:21:38) The conversation has become inactive and timed out.
(10:38:34) This is Chris: yo
(10:38:40) wtfiml33t: yo
(10:38:45) This is Chris: whats your prob?
(10:39:12) wtfiml33t: lol I don't have a problem, friend of mine is looking for a good way to block access to LAN users except to specific certain websites..
(10:39:19) wtfiml33t: they've been caught browsing porn and stuff at work =\
(10:42:03) This is Chris: just use the basis IE parental controls
(10:42:08) This is Chris: basic
(10:42:09) wtfiml33t: heh
(10:42:13) This is Chris: it sets a password
(10:42:23) wtfiml33t: k
(10:43:06) This is Chris: the you set "approved sites"
(10:43:17) This is Chris: or set it based on the ratings system
(10:43:29) wtfiml33t: k
(10:43:31) This is Chris: which filters based on contect
nice. after this chicken parm gets demolished, i'm so all over that
| kireol wrote: |
nice. after this chicken parm gets demolished, i'm so all over that |
I almost always get chicken parm, it's my favorite.
| gotissues68 wrote: |
I'm not good with Windows security policy so I checked my boss that I do consulting work for on the side (Linux shat) and here's what he said... (10:16:37) wtfiml33t: how can I set a security policy to restrict certain sites from being browsed to via internet explorer? (10:21:38) The conversation has become inactive and timed out. (10:38:34) This is Chris: yo (10:38:40) wtfiml33t: yo (10:38:45) This is Chris: whats your prob? (10:39:12) wtfiml33t: lol I don't have a problem, friend of mine is looking for a good way to block access to LAN users except to specific certain websites.. (10:39:19) wtfiml33t: they've been caught browsing porn and stuff at work =\ (10:42:03) This is Chris: just use the basis IE parental controls (10:42:08) This is Chris: basic (10:42:09) wtfiml33t: heh (10:42:13) This is Chris: it sets a password (10:42:23) wtfiml33t: k (10:43:06) This is Chris: the you set "approved sites" (10:43:17) This is Chris: or set it based on the ratings system (10:43:29) wtfiml33t: k (10:43:31) This is Chris: which filters based on contect |
that so worked. I owe you and yer boss lunch
I hope nobody is bright enough to d/l opera, firefox, or the 5 bazillion other ways around this. Good for keeping the mindless minions from browsing wasting time at work tho.
| kemble wrote: |
I hope nobody is bright enough to d/l opera, firefox, or the 5 bazillion other ways around this. Good for keeping the mindless minions from browsing wasting time at work tho. |
Yea that occured to me too after the fact. Thats why my inital idea was to use security policies that limit network access and software installation. Require anything thats not a direct executable or needs to write the registry to require administrator access.
only way they could DL is if they shell to command prompt, and use FTP. Or bring in a CD or thumbdrive. Doing that fix also prevents them from easily using IE to grab Firefox/AOL/etc.
And I'm not guarding fort knox here.
And I'm not guarding fort knox here.
| kireol wrote: |
only way they could DL is if they shell to command prompt, and use FTP. Or bring in a CD or thumbdrive. Doing that fix also prevents them from easily using IE to grab Firefox/AOL/etc. And I'm not guarding fort knox here. |
Yea but you don't want them browsing to Fort c***s either..
my company used to do that till they realised how futile it was
my users are mostly people without cars or valid drivers licenses and a record
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
Disscusion boards licensed 