Firewalls: Re: Blocking web access

Firewalls
(October 1995)

Indexed By Thread: [Previous] [Next]

Subject:	Re: Blocking web access
From:	"Joe J. Pennell" <pennell @ image . Kodak . COM>
Date:	Thu, 26 Oct 1995 09:14:00 -0400
To:	aramanuj @ ens . com
Cc:	firewalls-digest @ GreatCircle . COM
In-reply-to:	<199510252008 . NAA02731 @ miles . greatcircle . com> (firewalls-digest-owner @ GreatCircle . COM)

> From: "aramanuj" <aramanuj @
 ens .
 com>
> Date: Mon, 23 Oct 95 09:31:39 PST
> Subject: Limiting a Web Browser - Reverse firewall !
> 
>      
>      HI FOLKS,
>      
>         OUR MANAGEMENT IS CONCERNED THAT THE USERS ARE SPENDING TOO MUCH 
>      TIME  WEB BROWSING. IS THERE ANY WAY OF LIMITING THE SITES THAT ONE 
>      CAN ACCESS WITH A WEB BROWSER (I CAN'T THINK OF ANY WAY!). IS THERE 
>      ANY SOFTWARE THAT CAN TRACK THE SITES VISITED FROM A NETWORK ADMIN 
>      POINT OF VIEW ?
>      


One really good way to restrict sites, would be to restrict outbound packets on
the browser port.  This assumes that you control at least one router between
you and the service provider.  Mosaic and NetScape both create history files,
which may be browsed for excessive access to non-business sights, such as
www.playboy.com ( Sorry Hef ).  One word of caution to that philosophy...
make sure to get management approval for this activity, and to have management
express this as company policy.  This might avoid a messy situation in the
future.  So, once you have a list of these prospective sights, connect to each
to find the IP ( assuming that you don't have a list, although there must be
one out there ).  You can then go ahead and restrict to your heart's content.

Another philosophy on this is to provide unrestricted access, but hold users
accountable if they start slipping in their responsibilities.  Usually, one
"discussion" is sufficient to remind an individual that browsing is an 
activity to be performed when other work is up to date.  Sure it puts a little
burden on management at first, but most people are responsible enough to
handle this without the "discussion".

-- 

*******************************************************************************
*  *****          *****                                                       *
* *****        *********     Joe Pennell, UNIX Systems Administrator          *
* ****      ************     The Eastman Kodak Company                        *
* ***    ***************     Rochester, New York                              *
* **  ******************                                                      *
* * ********************     pennell @
 image .
 kodak .
 com                          *
* **  ******************     (716) 477-5935                                   *
* ***    ***************                                                      *
* ****      ************                                                      *
* *****        *********                                                      *
*  *****          *****                                                       *
*******************************************************************************

Follow-Ups:

Re: Blocking web access
From: "Frank K. Senter" <fsenter @ mail . state . mo . us>

Indexed By Date	Previous:	re: Internet Security, DMZs, etc. From: "A. Padgett Peterson, P.E. Information Security" <PADGETT @ hobbes . orl . mmc . com>
Indexed By Date	Next:	Re: Raptor Compromise? From: frankw @ in . net (Frank Willoughby)
Indexed By Thread	Previous:	Blocking web access From: rachelr @ ejv . com (Rachel Rosencrantz)
Indexed By Thread	Next:	Re: Blocking web access From: "Frank K. Senter" <fsenter @ mail . state . mo . us>