Blocking websites either by IP or Domain with Group Policy / IPSEC (not host file)

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

fanny pack 2.0

Thread Starter
Joined
Sep 18, 2007
Messages
41
Ok, so I have been searching google for an easy walk through on how to block sites such as MySpace, Youtube, Facebook and other related sites where my father's employees like to waste company time on. **HOWEVER** After reading, blocking sites through IE's block list and adding domains with IP's seem to have easy work arounds compared to IPSEC/Group Policy.

This route allows for all of xxxxx.myspace.com's (subnets) from being accessed as apposed to finding them all out and entering the domain/subnet combos individually in the host file. So if ANYONE has seen a very easy walkthrough (cause the ones i have seen are win 2000 and/or are vague and more complicated than required, I would greatly appreciate it.

I am going to continue to search the web, and if I find something i'll post just in case this topic benefits others. I'm determined to solve this issue!!!

Take Care!
FP2
 
Joined
Aug 25, 2004
Messages
893
Hi!!

How big is the company? If the company is big enough, you may want to have a look at getting a device such as Barracuda Networks Web Filter. Allows for reporting on sites visited, attempted visits and so forth along with controlling what sites can be accessed and even “allow” certain IP’s to access restricted sites too.

Here is a link!

http://www.barracudanetworks.com/ns/products/web-filter-overview.php

Thanks!

Shane
 
Joined
Dec 1, 2007
Messages
978
You can also simply use a router. Most of routers will allow you to block/allow certain addresses, block/allow IPs, or range of IPs.
 

fanny pack 2.0

Thread Starter
Joined
Sep 18, 2007
Messages
41
Well it's not for our larger company, it's for a salon that my father just purchased. Right now everything is running off of a dinky Dell router coming off a DSL connect so that can't really be programmed. There will be 4 computer in the salon, the only 2 that I want restrictions on are the ones running the scheduling and client database (the 2 receptionists computers basically) So programming a block on Myspace and all that other good stuff for the 2 public computers is not disirable.

I want to strictly use what comes with XP, i'm not looking to invest into a software. I might settle for a freeware if the link you had is such. But I would definately prefer the inhouse abilities that Win XP provides. I've went ahead and did the host adjustments and through myspace with all it's subnets into the the block list. Now I am making it harder for them to download things.

Anyways, IPSec seems to be pretty difficult being that I know most basics but am not a network tech. Any other suggestions?
 

fanny pack 2.0

Thread Starter
Joined
Sep 18, 2007
Messages
41
Nice find Shane! I just watched the video of it, I think i'll download and take a look at the features. I'll let you know if I can figure anything out. Take care!

FP2
 

fanny pack 2.0

Thread Starter
Joined
Sep 18, 2007
Messages
41
It turned to be just a user friendly version of the Group Policy and didn't really incorporate IPSec. I keep running into walk throughs but there always seems to be a step on how to do one small thing missing or unclear making the final result useless.

It's getting aggrevating, i've moved on to other tasks to keep the receptionists from screwing this computer up when we set it up on Monday. I was thinking about disabling any kind of download through IE. Is there someway I can do that as well? And would that effect recieving files through outlook?
 
Joined
Aug 25, 2004
Messages
893
I’m not really sure how you were intending to use IPSEC to “prohibit” site visits.

IPSec is designed to provide authentication (verification of the identity of the sender), integrity (assurance that the data was not changed in transit) and confidentiality (encryption of the data so that it can’t be read by anyone who doesn’t have the correct key).

Because it operates at the network layer of the OSI model (Layer 3), IPSec has an advantage over SSL and other methods that operate at higher layers. Applications must be written to be aware of and use SSL, while applications can be used with IPSec without being written to be aware of it. Thus encryption occurs transparently to the upper layers.

IPSec protects only IP-based traffic; it is of no use to other network layer protocols such as IPX. There are also some types of IP traffic (such as Kerberos) that are not protected by Microsoft’s implementation of IPSec by default. Microsoft calls these exemptions.

Group policy would be your BEST place to start if you are not looking for a PROXY, ISA, or a device to filter traffic with. You’ll need Group Policy to keep them from modifying their internet and NIC settings, amongst a zillion other things.

Care to point me to the references for using IPSEC to block users from visiting websites?

Thanks!

Shane
 

fanny pack 2.0

Thread Starter
Joined
Sep 18, 2007
Messages
41
Here's the forum I saw this on

http://www.softwaretipsandtricks.com/forum/internet/30191-how-block-websites.html

Go down to psharkauburn's post where he talks about using whois.org to identify sites's IP's. But I had also experimented with IPSec and was able to see all the IP's that myspace's domain used. However, it found all of this but did not give you the option of making that permission an allow or deny like GP would.

Microsoft's explaination seemed to skip that step out as well. We put in that computer today and I have myspace blocked off with the host file and IE's site block list. I'm just going to keep an eye on what everyone is visiting and if I see activity i'll just explain to the staff that their myspace behaviors cause our computers hell (i've seen it, friggin trojans straight off myspace messages through links)

If you want to keep working with me on this I got all the time in the world. I can't seem to find Microsoft's walkthrough for it. The link was on that computer but I can't get to it until later in the week.

But all said, I appreciate the feedback and help. Thanks alot!
FP2
 
Joined
Aug 25, 2004
Messages
893
Thanks! Very interesting and I don't blame you for being lost since it doesn't really provide instructions, but just general information. I'll have to look into it and see how many YEARS it would take to implement.
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Staff online

Top