Any suggestions for web filtering?

optitech-uk said:
Alright then :) bigup to you.
Click to expand...

All I'm saying is that it's not difficult to implement, and even though the filtering we have (ISA) isn't great, you can't get around it due to the physical config of the LAN itself.

You'd have to be on the server subnet if you want to break out onto the internet without hitting ISA, and you'd have to be in the comms room to be on that subnet. I guess you "could" bypass it, if you could commandeer one of the ports in the IT dept, telnet to a switch and configure yourself a trunk back to the server vlan.
 
Same at my place, you could try bypassing everything... :)

Just logged on to my folks router (draytek 2800) and it has some content filtering stuff you can pay for built in.

Think they just want the odd site blocked so the girls who work there don't spend all day on facebook, I personally wouldn't bother.
 
paradigm said:
All I'm saying is that it's not difficult to implement, and even though the filtering we have (ISA) isn't great, you can't get around it due to the physical config of the LAN itself.

You'd have to be on the server subnet if you want to break out onto the internet without hitting ISA, and you'd have to be in the comms room to be on that subnet. I guess you "could" bypass it, if you could commandeer one of the ports in the IT dept, telnet to a switch and configure yourself a trunk back to the server vlan.
Click to expand...

Yup, thats your your network where you work. All I am saying is for someone who asks the question "Any suggestions for web filtering?" won't be able to configure the systems that is mentioned in here therefore it won't be a cheap solution or it may even be a half cooked one like open DNS, which yes can be bypassed but on the same note even a complex implimented system can be bypassed so why pay for a solution that if it's not configured correctly won't do it's job properly. There for I said open dns.

I am not saying theres no experts in this thread but why pay for something that won't be configured fully and can be bypassed just as easy. Just wasting money even paying for the hardware itself. Why pay for a solution in the first place unless fully configured like your super duper nobody can get past my network filtering system that probably cost loads of money/time and configurations.
 
I wouldn’t have though that what I want to implement would be particularly difficult to configure.

One group of users will have full unlimited access. This group basically just includes the partners that own the company.

The other group (everyone else) will be blocked from everything except for HTTP and HTTPS traffic to a predefined whitelist.

This approach as currently implemented on ISA server has worked well enough to date. It also has the advantage that it’s basically self maintaining as there are no blacklists or similar rule sets that need regular updating.

If ISA still came as part of SBS then I would just keep on using it. As it doesn’t I’m looking around for solutions that don’t cost any more than the purchase of a machine running ISA.

Decisions about who would actually implement the system will be made further down the line.
 
optitech-uk said:
Why pay for a solution in the first place unless fully configured like your super duper nobody can get past my network filtering system that probably cost loads of money/time and configurations.
Click to expand...

Maybe because it might be considered a good idea to have a solution which isn't a based on a blatant breach of the DNS specification for nakedly commercial reasons. But hey...
 
bremen1874 said:
If ISA still came as part of SBS then I would just keep on using it. As it doesn’t I’m looking around for solutions that don’t cost any more than the purchase of a machine running ISA.
Click to expand...

ISA has been replaced with Forefront TMG (threat management gateway), which now comes part of EBS2008 (essential business server), which is a small enterprise style package which caters for those business who need more flexibility than SBS.

I've got nothing against TMG (when I said we use ISA further up in the thread, I actually mean Forefront TMG), it does what we want, but we don't rely on it for security, just for filtering and locking down users.
 
Paradigm, how are you finding TMG? I'm just in the process of starting a business case to move from ISA2004 to ISA2010 (hardware is 5ys+ and i get a good deal through enterprise agreements on the upgrade to TMG) and was looking for some feedback from someone who has used it. We currently use Optenet for filtering and i have to say it is a dire product if you actually want to report on anything. ISA is currently used as pretty straight forward proxy server that forwards requests through the optenet filter.
 
You must log in or register to reply here.
Back
Top Bottom