Any suggestions for web filtering?

bremen1874 · 12 Feb 2010 at 18:32

I have a site running SBS 2000 with 12 Windows 2000 PCs.

Sometime before the end of the year everything is going to be replaced. The plan at the moment is to use SBS 2008 on the server and Windows 7 on the PCs.

There are very strict controls on web access in place. Management has full access, but everyone else only has access to a limited number of preapproved sites. This situation is supposed to continue after the upgrade.

The web access is currently controlled using ISA Server which is no longer bundled with SBS.

Does anyone have any recommendations as to how the same access control can be achieved?

There should be a reasonable budget for this, but given the number of users I’d prefer not to be spending thousands of £s.

bremen1874 · 12 Feb 2010 at 20:06

Thanks for the suggestions.

I'd prefer to keep things simple and not bother with any filtering. Unfortunately it isn't my decision to make.

bremen1874 · 12 Feb 2010 at 23:01

I think I'm getting spoilt for choice here!

It has just struck me that not having ISA Server probably means I should be looking at getting a better network firewall. It would be nice to kill two birds with one stone.

bremen1874 · 12 Feb 2010 at 23:52

There's currently a 2wire adsl modem/router/firewall, it was supplied by BT when the connection went in. This has the necessary ports open and forwarded to the SBS 2000 box.

The SBS 2000 box is running ISA Server with two NICs. One NIC connects to the router and the other connects to the internal network.

There are some additional rule sets on ISA Server that allow either full or very limited web access depending on the client PCs IP address.

bremen1874 · 13 Feb 2010 at 00:04

Eurgh, sonicwall.

I'd rather use a shoebox filled with my own vomit and a small home-grade router.

Not a fan?

bremen1874 · 13 Feb 2010 at 13:28

It's 12 pc's. Why spend even more money for a filtering system you get for free with open dns.

I can't see how I could achieve what I want with OpenDNS.

There is a white list only option but this would presumably have to apply to all users. I need to have at least two different levels of access, full access for the management and white list only for everyone else.

bremen1874 · 15 Feb 2010 at 23:15

I wouldn’t have though that what I want to implement would be particularly difficult to configure.

One group of users will have full unlimited access. This group basically just includes the partners that own the company.

The other group (everyone else) will be blocked from everything except for HTTP and HTTPS traffic to a predefined whitelist.

This approach as currently implemented on ISA server has worked well enough to date. It also has the advantage that it’s basically self maintaining as there are no blacklists or similar rule sets that need regular updating.

If ISA still came as part of SBS then I would just keep on using it. As it doesn’t I’m looking around for solutions that don’t cost any more than the purchase of a machine running ISA.

Decisions about who would actually implement the system will be made further down the line.