Content filtering with a Cisco PIX 501??

[scs-04]

Let me start by saying I am not real educated in any of Cisco's products. I have just picked up a client that has a PIX 501 that they are using as their router/firewall. They have a couple employees that are 'abusing' the internet access and visiting sites they shouldn't be on at work. Can we do any content filering with the PIX 501 or will we need another device.

Thanks for any advice

 

[-Fabez-]

Edit the users host file, that will stop them

 

[zx10guy]

Looking through the ASA configuration, the only thing I can see which will do this is filtering using a Websense or Secure Computing SmartFilter server. If the ASAs don't have the ability to do this internally, I doubt the 501 will be able to do this. Not even sure if the 501 can leverage an external URL filtering server.

One alternative for you is to do an nslookup on the domain to resolve the IP of the offending website. Then create an access rule tied to that IP and just set a generic deny on protocol IP. This will just do a sweeping block of the site on that IP. You have to set the rule to be applied from the inside going out with the source IP being any because you just want a generic block across your internal network to a destination of the offending IP.

Lastly, if it's not already in the company's policy, there should be a code of conduct and appropriate use policy in an employee handbook. If there isn't one already in place, I would strongly suggest your clients put one in place. They should also have a general briefing of the policies and have every employee acknowledge the receipt of the policies and the thorough understanding of the policies along with consequences if they violate the rules. If they continue to violate policies which have been put in place and they are well aware of, then the company should just fire them.

 

[scs-04]

Thanks for the responses. They do have a conduct policy in place but it doesn't look like they enforce it too well. Well it is not just one site or certain sites they are abusing it is a bunch of the same type of sites so I was looking for something that could block a broader range. Any suggestions with out replacing the PIX?

Thanks

 

[zx10guy]

If they are not enforcing their own policies, trying to solve this problem via an IT solution is just chasing your tail....in my opinion. There's really on so much you can do before someone figures out another way around your countermeasures.

 

[-Fabez-]

Like I said before edit thier hosts file. http://en.wikipedia.org/wiki/Hosts_file#Blocking This link contains information on blocking sites, so that would be worth a try. Also you could moniter all of a workers connections using netstat from the command prompt.

 

[scs-04]

Thanks.

What link are you referring to??

 

[-Fabez-]

The link I forgot to add, but it is there now, sorry for any confusion

 

[zx10guy]

This is assuming the users don't have local administrator rights to their respective PCs.