OT- Internet Filters, need recommendations for a client.... Options

[JB 914]

Anyone have a recommendation for an Internet filter for a 35 PC workgroup? They need to limit access to specific sites and block everything else on specific PC's.

Anyone have a recommendation?

[Qarl]

A good router or firewall can do that for you.

[JB 914]

Well, they already have a VPN setup with Netopia routers. The netopia will filter IP's only. not exactly the setup i'm looking for....

[Verruckt]

How about Squid?

[Qarl]

I don't understand what you are looking for...

Sites are all resolved to IPs... If you know the specific sites they want access to, you can determine the IPs you want to give access to. You should be able to set the router or firewall to say... these PCs (with these TCP/IP settings can only go inbound/outbound to X.X.X.X IP addresses outside of the network)

Or all internal machines can access all external IPs... etc.

Or are you looking for "software" to install on a PC that you can limit what they access? Might I suggest NetNanny? Just kidding.

(IMG:http://www.914world.com/bbs2/html/emoticons/confused24.gif)

[serge914]

Qarl is right.

If you only want to let some PC to access only a few specific sites, you can do that in any good firewall, maybe not the Netopia, but you will need to enter all the specific address of the sites that they can access in a filter rule.

Some Firewall like the Fortinet classify all the internet sites in category and you can specifiy wich category you let them access. You have to buy a license every year so that that list get updated all the time with the new sites.

[JB 914]

not all PC's are going to be blocked. So, i was looking for software to install on the ones that need to be blocked from all but a few sites.

I may just try and use the Windows filter. That will be fun (IMG:http://www.914world.com/bbs2/html/emoticons/headbang.gif)

[fiid]

You could set up a proxy server (apache) on a linux box. That should allow you full control over what any machine on your network is connecting to. You will also need to enforce that everyone is using the proxy, which means you should tell your netopia jobby that ONLY the proxy machine is allowed to use the web.

I think the apache proxy will allow you to do configs like "don't allow any urls with the work fuck in them" or similar matching on pages.

You might also want to look into the squid proxy.

Note that an educated user will be able to point their machine to a proxy outside your network - so you might need to block all internet access to every machine except the proxy, which will disable more than just http access.

You should also note that just about any effort you make here will be subvertable in some way or another. Just depends on how educated your users are.

[Qarl]

I have e Netscreen firewall.

I can generate specific policies for individual machines, ranges of machines (i.e., Range of TCP/IP addresses), or the entire network.

I can then generate restrictive, liberal, or unrestricted policies to individual IP addresses outside the network, ranges of IPs, or unlimited.

I can do the same with just about any other port type function. FOr example, I can limit Telnet, FTP, HTTP, etc. for one, groups, or all machines in our network.

[JB 914]

QUOTE (fiid @ Jun 22 2005, 10:23 AM)

You should also note that just about any effort you make here will be subvertable in some way or another. Just depends on how educated your users are.

They cannot add or change software without admin rights, which they don't have. Considering they have a hard time rembering password, i'm not really concerned with them changing stuff. The ones that might be able to do it are the managers and they will not be restricted. (IMG:http://www.914world.com/bbs2/html/emoticons/biggrin.gif)

The Netopia is not very user friendly and is more 'black and white' i need to be able to easily modify it and give them permission to only certain sites. It is bullet proof for the VPN, which was it's original purpose.

i'm leaning towards a SonicWall. i think that will give me all the flexibilty without taking hours of ongoing configuration with "Oh, Joe by the way can you add, subtract blah blah......"

[brer]

Internet filering in Iran

apparently they use Smartfilter