chad said:
I run a network of about 50 users. Ten of these users need access to
the Internet for specific sites they have to go to for work. What
program does everyone suggest for this? I don't want to completely
block their access. I was thinking of using Websense. Any suggestions?
The central way to manage it is with a router that supports Access
Control Lists (ACLs). Some routers even support ACLs using URLs. The
trick is to look for a router that lets you specify "block all except
those listed". You can't filter by exclusion, there are just too many to
exclude. Some routers provide content filtering as a $ub$sciption, but
it doesn't work well, and still doesn't let you directly specify allowed
sites. With a Cisco (or similar) router you can just specify ACLs as
access-list 101 permit ip any 72.14.253.0 255.255.255.0
access-list 101 permit ip 72.14.253.0 255.255.255.0 any
This allows any IP address to connect to Google. Once you add a
"permit", everything else is implicitly denied. So if you had only this
ACL applied, the only website you could get to would be Google.
Another way, if you are running you own DNS, is to set up a root zone
"." and do not specify forwarders. Then add the urls for allowed
websites manually in your own DNS. Although this doesn't technically
block anything, few users know the IP addresses of websites they may try
to visit. If you don't currently do your own DNS, you can set up a DNS
server on minimal hardware, install your favorite flavor of Linux
(free), and run a BIND DNS server.
Then there are proxy servers with various levels of control. Google and
look for one that suits your needs.
On an individual PC basis, there are a few choices, but of course you
have to set up and maintain each PC one at a time.
