Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

How to disable a website such as Facebook


  • Please log in to reply

#1
Mobi

Mobi

    Member

  • Member
  • PipPip
  • 52 posts
Hi guyz,

Hope you are fine and doing well. I wanted to know how we can disable a particular web site for a particular user. Especially website like face book that may have more then one IP addresses.

One possible solution might be to use a proxy server but in my situation we cannot use a proxy server, we have a ASA-5510 Firewall installed. I was looking any cost effective software which can be configured with this firewall or we can simply deploy any other network software that can do this job?

Unfortunately I do not have experience on firewall and its configuration so I am looking for some other good solution.
  • 0

Advertisements


#2
dsenette

dsenette

    Je suis Napoléon!

  • Administrator
  • 26,019 posts
  • MVP
why exactly can't you use a proxy server?

a good free option would be to check out OpenDNS it's free and works along the same lines as the MPV5 hosts file modification...you tell openDNS what to block on your network and it will redirect you to an openDNS block page
  • 0

#3
Neil Jones

Neil Jones

    Member 5k

  • Member
  • PipPipPipPipPipPipPipPip
  • 8,476 posts
OpenDNS requires you install a piece of software on all the computers in question, which in itself is relatively simple to disable anyway.
I should be interested to know why the original poster says " in my situation we cannot use a proxy server". What situation would that be? Is this a works machine? are you trying to bypass your company's IT policies?

The ASA-5510 is a Cisco hardware firewall. Looking at price tags and what not, somebody would have more money than sense to have this at home therefore I can only assume this is a works environment.
  • 0

#4
dsenette

dsenette

    Je suis Napoléon!

  • Administrator
  • 26,019 posts
  • MVP
actually neal....opendns has no such requirement....IF you've got a unified "entrance" to the internet with a static ip all you have to do is set your DNS settings to look to the openDNS dns structure for resolution and it does teh blocking seamlessly.. i use it at work (on top of other filters) with no issues and no need for software installs

also...this seems like a request for ways that IT can BLOCK pages not get around a filter already put in place by IT
  • 0

#5
Mobi

Mobi

    Member

  • Topic Starter
  • Member
  • PipPip
  • 52 posts
Thanks dsenette for your help. You always provide good and to the point solutions.

"I should be interested to know why the original poster says " in my situation we cannot use a proxy server". What situation would that be? Is this a works machine? are you trying to bypass your company's IT policies?"

Well actually the IT is reluctant in implemeting a proxy soltuion they think it will be an overhead and also will add a hop as well as another single point of failure so bootom line is that neither they can implement the proxy server nor they are going to configure the firewall. I have to find out any other soution to implement this control.
  • 0

#6
dsenette

dsenette

    Je suis Napoléon!

  • Administrator
  • 26,019 posts
  • MVP
you could run one or two squid proxy servers in a VM on two separate machines...if one goes down...just start another

i've actually got 3 separate filters in place right now...one barracuda networks webfilter, a squid/dans guardian filter/proxy (running in VM) and openDNS....my users don't notice a thing (unless something is blocked) and i'm only on a 1.5mbps T1....not sure what you guys do at work...but if they want blazing fast internet...they need to get it at home

This is the virtual appliance with squid and dans that i run off of VMWare server on an old pc sitting on the corner of my desk
  • 0

#7
Neil Jones

Neil Jones

    Member 5k

  • Member
  • PipPipPipPipPipPipPipPip
  • 8,476 posts

actually neal....opendns has no such requirement....IF you've got a unified "entrance" to the internet with a static ip all you have to do is set your DNS settings to look to the openDNS dns structure for resolution and it does teh blocking seamlessly.. i use it at work (on top of other filters) with no issues and no need for software installs


But this is no good for the majority of people on dynamic IPs. Static is fine, dynamic no, and the whole point of the software from OpenDNS is to update your profile on their site with your current IP. That was the point I'm getting at.
  • 0

#8
dsenette

dsenette

    Je suis Napoléon!

  • Administrator
  • 26,019 posts
  • MVP
that assumes that the OP has a public ip on their internet connection...

i SERIOUSLY doubt anyone would have an ASA 5510 on a dynamic connection...plus...mobi's been here before...and to the best of my recollection they've got a static connection
  • 0

#9
Mobi

Mobi

    Member

  • Topic Starter
  • Member
  • PipPip
  • 52 posts
Hi dsenette,

Can you please help me out about the risk of using the OpenDNS. As i have gone through this, in OpenDNS we are using or forwroding the DNS request to OpenDNS where they will perfrom the filtering- I was just thinking what will be issue if their DNS gets compromised or become unavilable due to some other reason?
  • 0

#10
dsenette

dsenette

    Je suis Napoléon!

  • Administrator
  • 26,019 posts
  • MVP
well...you should have the OpenDNS server only set at your local dns server...that way IF they develop an issue....you can just revert back to your ISP dns and all will be fine....
  • 0

#11
Mobi

Mobi

    Member

  • Topic Starter
  • Member
  • PipPip
  • 52 posts
Ok. So the local DNS will be forwarding the DNS request to the OpenDNS.

Two more thing I want to ask is
1. Is there any good tool even for trial version for vlunerability scanning for CISCO firewall. What are the basic consideration while assessing the risk for firewall and how can one check/determine even without logging into the firewall to determine these risks

2. What are the good solutions for encrypting the data especially considering the for Labtop. I have already gone through the EFS but it requries other things like certificates and recovery agent.
  • 0

#12
dsenette

dsenette

    Je suis Napoléon!

  • Administrator
  • 26,019 posts
  • MVP
i'll ask my wan guy about the cisco part...i don't know the answer

for the encryption.....are you wanting free or for money? also...what kind of data?
  • 0

#13
Mobi

Mobi

    Member

  • Topic Starter
  • Member
  • PipPip
  • 52 posts
well you can suggest both the soutions, I will provide the details and cost/benefit analysis and then we can decide which option to select.

The data on these notebooks will be official i.e. company's data
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP