Re: Blocking Access to web-based email
From: Charles Newman (charlesnewman1_at_comcast.do.not.spam.me.net)
Date: 08/17/05
- Next message: Charles Newman: "Re: Blocking Access to web-based email"
- Previous message: testgames_at_gmail.com: "Partnership with firewalls"
- In reply to:(deleted message) Leythos: "Re: Blocking Access to web-based email"
- Next in thread: Leythos: "Re: Blocking Access to web-based email"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Wed, 17 Aug 2005 00:57:37 -0700
X-No-Archive: Yes
"Leythos" <void@nowhere.lan> wrote in message
news:MPG.1d6c71fb5b2b2cba989c14@news-server.columbus.rr.com...
> In article <Hs-dnTsmHr_uOZ_eRVn-sg@comcast.com>, charlesnewman1
> @comcast.do.not.spam.me.net says...
> > "Leythos" <void@nowhere.lan> wrote in message
> > news:MPG.1d65761f7bcfb447989b6c@news-server.columbus.rr.com...
> >
> > sites (their
> > > business partners). They also setup two sets of rules, one for generic
> > > users - no access, and then one for managers - full access.
> >
> > They only way you could do that would be with
> > two different proxy servers, one filtered, and one
> > non-filtered. That is how my network is set up.
>
> Funny, the way I do it is with one Firewall appliance and different HTTP
> rules. Seems to me that it works well and without a problem for me. I
> don't have ANY proxy servers in our network, but, if you must know, the
> firewall has many proxy type services for use - and HTTP is one of them.
>
> I can also setup users without the proxy and limit what they can access
> based on their IP, Subnet, authentication, all the same without the
> proxy service of the firewall - the proxy service allows me to use a Web
> Blocker tool and content filters that remove malicious content from the
> http sessions.
I dont see how you can authenticate users
authorized for full access, without using a
program like ProxyPro. To me, it would
seem easier to use ProxyPro, add the
users authorized for full access, and be
done with it.
Since AllegroSurf and ICS both
assign dynamic internal addresses to
PCs on the network, doing it by IP
does not work, and a lot of business
networks assign IP addresses
dynamically. That is the way that
HTTP works. If you are using
static IPs in your network, then yes
you can block by IP. But for those networks
that are using dynamically assigned IPs
within the network, like mine, then my
solution is the only way you can do this.
If you are using DHCP, or any NAT
device that assigned IPs dynamically, then
you need a program like ProxyPro, that
supports authentication, if you want to
allow some users unfiltered internet access.
Virtually any NAT device, hardware or
software, is going to use DHCP and assign
addresses dynamically. The solution I refer
to is for the majority of networks that do this.
If you really serious about controlling
content, especially porn, you need a
software-based solution, as it can download
updates daily. CyBlock, CyberSitter, and
SurfControl are all good at this. They
can all be programmed to download updates
automatically. All you have to do in the
morning is just re-boot the machine the
software is running on for the changes to
take effect. ProxyPro will even support
authentication through an NT domain,
if any of your servers are running
server versions of NT, 2000, XP,
or Vista, so they dont have to run
the gkaccess authentication program
that would otherwise be used to
access the system.
- Next message: Charles Newman: "Re: Blocking Access to web-based email"
- Previous message: testgames_at_gmail.com: "Partnership with firewalls"
- In reply to:(deleted message) Leythos: "Re: Blocking Access to web-based email"
- Next in thread: Leythos: "Re: Blocking Access to web-based email"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
