Any suggestions for web filtering?

bremen1874 said:
I can't see how I could achieve what I want with OpenDNS.

There is a white list only option but this would presumably have to apply to all users. I need to have at least two different levels of access, full access for the management and white list only for everyone else.
Click to expand...

You can add an internal address to bypass filtering not sure where the option is but it can be done.
 
Filtering by DNS isn't brilliant anyway, you'd have to make sure that it's firewalled so that the only DNS server the user can reach is the OpenDNS one and you still wouldn't be blocking accessing site's by IP.
 
So? He's looking for a technical solution, not a management solution - otherwise they could just make accessing the banned sites a disciplicary offence.

Plenty of good, cheap or open source solutions and I've got plenty of good things to say about OpenDNS, but it's not the answer here - mostly because he wants access based on user accounts/groups.
 
iaind said:
So? He's looking for a technical solution, not a management solution - otherwise they could just make accessing the banned sites a disciplicary offence.

Plenty of good, cheap or open source solutions and I've got plenty of good things to say about OpenDNS, but it's not the answer here - mostly because he wants access based on user accounts/groups.
Click to expand...

You can't always use technology for something that should result in company policy disciplinary procedures. I wish people would stop looking for technology excuses for this sort of incidents.
 
optitech-uk said:
You can't always use technology for something that should result in company policy disciplinary procedures. I wish people would stop looking for technology excuses for this sort of incidents.
Click to expand...

Don't be stupid.

Any half clued up user could get around a basic web filtering implementation and likely NEVER get caught. That's why you need technical solutions. The added benefit of anti-virus and spyware protection at the gateway is also attractive.

You come across like you do not really know what you are talking about, 3 PCs or 12 - it's a business decision what they use and just because you think you can bodge it with OpenDNS does not mean the filtering software is a waste of time or money.

He wants suggestions that will do what he wants, he is getting them. OpenDNS is not a solution that caters to his needs.
 
optitech-uk said:
You can't always use technology for something that should result in company policy disciplinary procedures. I wish people would stop looking for technology excuses for this sort of incidents.
Click to expand...

I think if management ask you to prevent something and you propose something that may or may not work, is easy to get around and doesnt even do what they want; for you to tell them it doesnt matter because they should be doing a better job.....I think you'd be the one on a disciplinary if you were working for me!

Management and procedures play an important part in these things, but they have to sit alongside effective technology to protect the business
 
the_chicco said:
Why pay for it when you can do open source?

Dansguardian running on top of Squid is an excellent way to do it for free. Heck they even have a virtual appliance ready to go to save building and configuring. I've used it for 2 years now and I cannot speak more highly of it.

Dansguardian
Click to expand...

Why pay for a solution? Simple, support. If this is a business product that if it went **** up and you can't fix it yourself you need to be able to get someone who can. Save a few hundred pounds now - but when it goes wrong the business could loose far more. Open source stuff is great, but IMO not ideal for business, we use plenty of open source stuff in work but for nothing mission critical like firewalls etc... However I do love smoothwall - it is very good.
 
If you want a firewall it's a toss up between Juniper and Fortigate, Juniper are better devices but Fortigate's web filtering and such is more intuitive to use and both up front and subscription costs are favorable.
 
Use combination of things here, Bloxx is the main one, fortigate is used in some places as well. Scansafe also sticks it's oar in some places.

Just looked at that free opendns stuff and looks alright actually for a small business, might get my folks on it as currently there's no filtering and only about 4 pcs. They asked me today if I could put a block on Facebook so might go down that route...
 
Last edited:
Sin_Chase said:
Don't be stupid.

Any half clued up user could get around a basic web filtering implementation and likely NEVER get caught. That's why you need technical solutions. The added benefit of anti-virus and spyware protection at the gateway is also attractive.

You come across like you do not really know what you are talking about, 3 PCs or 12 - it's a business decision what they use and just because you think you can bodge it with OpenDNS does not mean the filtering software is a waste of time or money.
Click to expand...

Anyone looking after a network should no how to log successfully, it should be an offence if people wanna mess about during work. This should be a company policy that you should be disciplined for! Even a complex web filtering system it can be bypassed by a half clued up user so whats the difference!

iaind said:
I think if management ask you to prevent something and you propose something that may or may not work, is easy to get around and doesnt even do what they want; for you to tell them it doesnt matter because they should be doing a better job.....I think you'd be the one on a disciplinary if you were working for me!

Management and procedures play an important part in these things, but they have to sit alongside effective technology to protect the business
Click to expand...

If you were my manager not doing their job properly I wouldn't wanna work for some dumb manager who can't discipline their staff for breaking company policies! People always think technology is a solution that costs an arm and a leg. For a 12 workstation network it's silly to spend any money at all! What a waste! If they were sensible users they wouldn't break rules. end of.
 
Last edited:
optitech-uk said:
Anyone looking after a network should no how to log successfully, it should be an offence if people wanna mess about during work. This should be a company policy that you should be disciplined for! Even a complex web filtering system it can be bypassed by a half clued up user so whats the difference!
Click to expand...

You're wrong on just about every count there IMO, a complex filtering system will be exceptionally hard to bypass even by a technically savvy user. And filtering is in general pointless, it's oppressive and untrusting of staff and in this day and age they'll likely just use Facebook on their phone instead. If people want to slack off then they will at the end of the day, stopping everyone else spending 10 minutes checking facebook is the worst possible reaction to that.

I do agree that open DNS is among the worst solutions going as well, not only is it fairly trivial to bypass but it's also a horrible concept and I have no time for any company which breaks the rules of how DNS is meant to work for profit. NX domain hijacking is really dumb.
 
bigredshark said:
You're wrong on just about every count there IMO, a complex filtering system will be exceptionally hard to bypass even by a technically savvy user. And filtering is in general pointless, it's oppressive and untrusting of staff and in this day and age they'll likely just use Facebook on their phone instead. If people want to slack off then they will at the end of the day, stopping everyone else spending 10 minutes checking facebook is the worst possible reaction to that.

I do agree that open DNS is among the worst solutions going as well, not only is it fairly trivial to bypass but it's also a horrible concept and I have no time for any company which breaks the rules of how DNS is meant to work for profit. NX domain hijacking is really dumb.
Click to expand...

A complex web filtering system can't just be configured by any technician it requires someone who has abit of knowledge. You should no yourself they arn't easy to configure! Will require a wage to someone in this instant to get running properly. Something that the OP won't be able to configure properly if they have to ask the question what filtering system to get.

paradigm said:
You won't get past mine, given that you won't be on a subnet that can directly access the interwebs.
Click to expand...

Alright then :) bigup to you.
 
You must log in or register to reply here.
Back
Top Bottom