Re: How can this be done

From: Steven L Umbach (n9rou_at_nospam-comcast.net)
Date: 09/29/05


Date: Thu, 29 Sep 2005 12:36:48 -0500

You can block access to port 80 TCP outbound at your firewall for specific
source IP addresses or IP ranges which would only work well if clients had
static IP addresses, or you want to block a whole subnet/DHCP scope and
they can not modify their IP address. Using ipsec filtering Group Policy
can also disable the users ability to access http websites on the internet
if that is acceptable. You can also block access via ipsec filtering policy
or firewall to specific website IP addresses which can be difficult
depending on the number of IP address the mail service they use has which
could be substantial. A firewall solution like ISA 2004 has advanced http
application filtering which may be able to stop access with the proper rules
though I would post first in an ISA 2004 newsgroup to ask about that subject
before buying ISA 2004 and you can get a free Evaluation Edition of ISA 2004
if you want to try it. Such a solution would help if the users need to have
internet access but you want to block internet based email.

http://www.securityfocus.com/infocus/1559 --- example of ipsec filtering.

A non technical solution would be to have a user policy which prohibits the
use of internet based email. You would want a written policy that the users
sign with spelled out specific disciplinary action and a warning that their
traffic is being monitored. You would need the buy in on management and
personnel and a commitment to enforce or such policies do not work. ---
Steve

"Chris" <Chris@discussions.microsoft.com> wrote in message
news:E4034C90-BBFF-4600-8765-9132F3FB07EC@microsoft.com...
> Hi,
> How can I block http email access on on my network? Is it possible to
> block
> http access to specific XP machines via grup policy? I am running windows
> 2003 server with XP clients. The problem I have is users adding their
> personal email accounts to outlook.
>
> Thanks



Relevant Pages

  • RE: SBS Premium, Secure Banking site, certificate = no joy
    ... firewall client installed cannot access a specific banking web site. ... settings and create the ISA rules. ... 825763 How to configure Internet access in Windows Small Business Server ... On the ISA Server computer, stop the Microsoft Firewall service. ...
    (microsoft.public.windows.server.sbs)
  • Re: Moving from ISA 2000 to ISA 2004...
    ... firewall in your organization, which will have one internal IP from the ... some inherent delay that DNS caching introduces on the Internet). ... As far as internal clients go, ... I'm looking to move from ISA 2K to ISA 2K4. ...
    (microsoft.public.isaserver)
  • Re: Moving from ISA 2000 to ISA 2004...
    ... firewall in your organization, which will have one internal IP from the ... inherent delay that DNS caching introduces on the Internet). ... As far as internal clients go, ... I'm looking to move from ISA 2K to ISA 2K4. ...
    (microsoft.public.isaserver)
  • Re: Moving from ISA 2000 to ISA 2004...
    ... firewall in your organization, which will have one internal IP from the ... that DNS caching introduces on the Internet). ... As far as internal clients go, ... I'm looking to move from ISA 2K to ISA 2K4. ...
    (microsoft.public.isaserver)
  • Re: ISA2K Firewalldienst
    ... dass die InternetConnection Firewall ... > Nr.1 Der Firewalldienst des ISA startet nicht. ... > deaktivieren Sie bitte den Dienst mit dem Namen "Internet Connection ...
    (microsoft.public.de.german.isaserver)