Web Filtering Question on 2000 network

  • Thread starter Thread starter office newbie
  • Start date Start date
O

office newbie

We have 10 clients on a small peer to peer network. I need to limit how
8 of the 10 computers access the Internet.

I have tried using content advisor to block all but one external website
in Internet Explorer but the site I need to access uses javascript
pop-ups and they do not seem to be compliant.

Any ideas?
 
The most direct answer is "no, you can't".

To do this with any amount of control and detail requires web filtering
software ($$$). NAT -based firewalls and Proxy servers can also do this but
with varying degrees of flexability.

--
Phillip Windell [MCP, MVP, CCNA]
www.wandtv.com
-----------------------------------------------------
Understanding the ISA 2004 Access Rule Processing
http://www.isaserver.org/articles/ISA2004_AccessRules.html

Microsoft Internet Security & Acceleration Server: Guidance
http://www.microsoft.com/isaserver/techinfo/Guidance/2004.asp
http://www.microsoft.com/isaserver/techinfo/Guidance/2000.asp

Microsoft Internet Security & Acceleration Server: Partners
http://www.microsoft.com/isaserver/partners/default.asp

Deployment Guidelines for ISA Server 2004 Enterprise Edition
http://www.microsoft.com/technet/prodtechnol/isa/2004/deploy/dgisaserver.mspx
 
I am only familiar with MS ISA Server. It may be too much to "chew on" for a
small system with only 10 machines.

--
Phillip Windell [MCP, MVP, CCNA]
www.wandtv.com
-----------------------------------------------------
Understanding the ISA 2004 Access Rule Processing
http://www.isaserver.org/articles/ISA2004_AccessRules.html

Microsoft Internet Security & Acceleration Server: Guidance
http://www.microsoft.com/isaserver/techinfo/Guidance/2004.asp
http://www.microsoft.com/isaserver/techinfo/Guidance/2000.asp

Microsoft Internet Security & Acceleration Server: Partners
http://www.microsoft.com/isaserver/partners/default.asp

Deployment Guidelines for ISA Server 2004 Enterprise Edition
http://www.microsoft.com/technet/prodtechnol/isa/2004/deploy/dgisaserver.mspx
 
There are a bunch of hardware DNS proxies that also allow you to limit
traffic according to both source and destination address or DNS name. SOme
allow you to create groups of users that must log in to access the Internet,
and different groups may have different priveleges. I favor the ones that
block everything by default and allow you to specify exceptions rather than
attempting to block sites by URL, keyword, etc. They're not proxy servers,
but few users will know how to circumnavigate a restricted DNS lookup. Plus
with the ability to specify who can go where, they work pretty well. Take a
look at products from WatchGuard (very $pricey$ for all the goodies) and
Cyberguard (much more reasonable as far as pricing and licensing). The
Watchguard line is abit more refined, but the Cyberguard products do the job
just as well for a lot less. Be careful of the watchguard SOHO 6 or
whtatever it is now, it does URL filtering only, not true ACLs.

....kurt
 
Thanks Kurt
There are a bunch of hardware DNS proxies that also allow you to limit
traffic according to both source and destination address or DNS name. SOme
allow you to create groups of users that must log in to access the Internet,
and different groups may have different priveleges. I favor the ones that
block everything by default and allow you to specify exceptions rather than
attempting to block sites by URL, keyword, etc. They're not proxy servers,
but few users will know how to circumnavigate a restricted DNS lookup. Plus
with the ability to specify who can go where, they work pretty well. Take a
look at products from WatchGuard (very $pricey$ for all the goodies) and
Cyberguard (much more reasonable as far as pricing and licensing). The
Watchguard line is abit more refined, but the Cyberguard products do the job
just as well for a lot less. Be careful of the watchguard SOHO 6 or
whtatever it is now, it does URL filtering only, not true ACLs.

...kurt
Click to expand...
 
Back
Top