Blocking Websites

[Exclusive]

Hi There,

We have about 15 computers that are Peer to Peer Networked that all access the internet via a BT Business Hub.

BT Have recently stopped their content filtering feature therefore there is no way via the router to filter porn, gambling websites etc.

I need an Ideally Free way to block lists/types of websites for all the computers on the network.

IS there a proxy program I could install, point all the computers to use that as their DNS and add blocked lists into that?

I'm not sure what to do.

Regards

 

[Paul_Rosser]

There are lots of proxy programs (some free) out there, but these don't really control DNS you just set their browser to use them and all traffic is sent out via the Proxy, however all they would need to do is un-tick the "use a proxy" box and then would get un-restricted internet access.

Do all the PC's use the router as their DNS server ?

If so you could setup your own DNS server for free, point the router at that and then set it to upstream to BT's DNS servers.


Then you would need to add the IP address of any websites you didn't want people going to onto your DNS server and point it at maybe a "you shouldn't be visiting this site" webpage.


Will be a bit of a nightmare to admin though so would suggest you either purchase a server to filter internet access or use a proper service such as scansafe.

The other way is to have a good policy in place regarding internet access and if people ignore this then they get a warning, or even sacked.

 

[Harry Perks]

...

however all they would need to do is un-tick the "use a proxy" box and then would get un-restricted internet access.

Do all the PC's use the router as their DNS server ?

If so you could setup your own DNS server for free, point the router at that and then set it to upstream to BT's DNS servers.

...

This is probably the most important factor. If all the computers are connected to the same router, take a look at OpenDNS for web filtering at the router level. They have category based filters and various other buttons and levers that are all useful. Though if I am perfectly honest, I'm not sure how the pricing would work for your scenario.

 

[Paul_Rosser]

OpenDNS is very good, but if you are looking for paid solutions then most of the web based scanning systems come with an agent you install on each PC and then all traffic is routed to them and you choose the policy which applies to where they can visit etc

 

[10032012]

The default gateway DNS on your router can be bypassed.

Its difficult to find a free effective filter... I am not sure they truly exist. If someone had the fore-thought of banning porn from all website domain extensions except .xxx or .adult from the start it would be easy to filter 98% of the filth!!

Do you have any internet restrictions (i.e. prevent history being deleted etc)? If so, enforce your internet use policy... and instant dismissal for anyone caught looking at such material (where applicable, you might need to issue written warning first or suspend employee hoping they will walk)

Any extreme content viewed should be reported to police.

 

[Paul_Rosser]

The default gateway DNS on your router can be bypassed. .

The default gateway and DNS are two different things, but you should be able to change the DNS to point at somewhere else from the router.

However using this method is not 100% effective as anyone who knows what they are doing can simply lookup the IP address for websites and access using this method and bypassing DNS.

 

[Exclusive]

Hi,

Thanks for the replies so far,would anybody be able to help me, suggest, show me how to set something up? openDNS is a paid solution and at the moment I can't really go down that route.

The reason I feel I must do this is that we have a particular staff member that is looking at porn, other employees have seen on a particular day when he thinks due to the limited number of staff on site nobody can see him.

I haven't thought of telling all the staff members that if History is deleted it is a company offence.

I have already disable inPrivate browsing on Internet Explorer but some of the manufacturers websites we use don't work in IE properly, so we have Chrome too which I can't seem to disable Incognito?

How hard would it be to set up a proxy?

Regards

 

[Paul_Rosser]

If you don't have a server and the computers aren't part of a domain, then a proxy won't help you much as even if you log the computer name these are easy enough for users to change.

Are the machines locked down in any way ? As without that you are fighting a loosing battle.

Personally unless you want to spend some cash I would go with gathering evidence against the person looking at porn and get H R to deal with it.

In case you don't already know index.dat holds the IE history, even if the users deletes their history and a free tool called indexspy let's you read these files.

 

[Exclusive]

Thanks Paul,

Is there such a file for Chrome?

Regards

 

[Paul_Rosser]

Chrome stores all it's stuff here [Username]\Local Settings\Application Data\Google\Chrome\User Data

 

[Exclusive]

Thanks Paul

If a user has used Incognito in Chrome.

How would I track that data?

Regards

 

[Paul_Rosser]

Looking at some forums index.dat may also store that info.

Sorry we block Chrome for our users so never had that problem

 

[Centuri-Host]

Have a look into Smoothwall... with Advanced Proxy addon...

You can use it as a middle man and point your systems to use it as a gateway/dns.

Then you have complete control over all in and out access.

I use it on a network of about 200 users in a building.

Never failed me yet!

Ben

 

[Paul_Rosser]

I've used smoothwall, is very good.

Think the OP is trying to do it without any spending though which is going to be tricky without a server in place.

 

[Centuri-Host]

Good thing about SW is the basic is free... only need an old PC with couple of network cards in it.. can pick one up for 20 quid at bootsales!

Can't beat a linux OS!

 

[Paul_Rosser]

Linux rocks, but unless you have experience can be tricky to setup.

A vmware stack may be a better option.

 

[Centuri-Host]

vmw is ok... but the price can place people off.

With SW its all GUI interface/web so should be a piece of cake

 

[Paul_Rosser]

Vmware player is free. The stack is just a preconfigured smoothwall setup so the user doesn't have to install Linux, configure it etc

 

[Centuri-Host]

Hmm I would still be dubious about placing another layer in there, linux always prefers direct access to the HAL, virtual drivers can cause issues sometimes.

And it would need a little more more than a garage sale PC? lol

Each to their own mind!

B

 

[Paul_Rosser]

Hmm I would still be dubious about placing another layer in there, linux always prefers direct access to the HAL, virtual drivers can cause issues sometimes.

And it would need a little more more than a garage sale PC? lol

Each to their own mind!

B

I would never use a garage sale PC for business use and personally have installed Linux enough times, however for someone who hasn't a pre-configured setup can be a quick way to get it up and running.

 

[Centuri-Host]

I would never use a garage sale PC for business use and personally have installed Linux enough times, however for someone who hasn't a pre-configured setup can be a quick way to get it up and running.

I agree.. but it was really stating it because of the "no cost involved" option for the OP.

B