[gptalk] Re: Website

• From: Craig Meyer <craigmeyer8@xxxxxxxxxxx>
• To: <gptalk@xxxxxxxxxxxxx>
• Date: Thu, 13 Sep 2007 07:28:34 +0200

Thanks for the comments guys. Firstly funding for ISA 2006 is out of the 
question now so i'm looking for something else. Not expensive but that will 
work optimally. I will look at the workarounds you gave me. thank you very much
 
PS: With my SAV Enterprise edition i got Symantec Web Security 3.0 also which 
is a proxy server according to the booklet. Have any of you experience in 
working with this product and is it gud to implement it as a proxy?

Craig Meyer 
"He had no servants - yet they called Him Master, no degrees - yet they called 
Him Teacher, no medicine - yet they called Him Healer, no army yet the Kings 
feared Him. He won no military battles yet He conquered the world. he commited 
no crime yet they crucified Him. He was burried in a tomb yet He lives 2day....”


Subject: [gptalk] Re: WebsiteDate: Wed, 12 Sep 2007 11:16:17 -0700From: 
omar@xxxxxxxxxxxxxxxxxxxxxxx: gptalk@xxxxxxxxxxxxx






In order to get their product sold and deployed in networks such as yours- many 
proxy vendors can completely disable monitoring- and would require the 
reinstallation of the product enable that functionality. So with that said- you 
can restrict the traffic without compromising security or having people feel 
that big brother is watching. Food for thought.
 
Talk to you later,
 
omar
 


From: gptalk-bounce@xxxxxxxxxxxxx [mailto:gptalk-bounce@xxxxxxxxxxxxx] On 
Behalf Of Michael PietrzakSent: Wednesday, September 12, 2007 11:06 AMTo: 
gptalk@xxxxxxxxxxxxxxxxxxxx: RE: [gptalk] Re: Website
 
Omar,
 
I completely agree with you. A web proxy (ISA 2006) would be an optimal 
solution. In my case, I work for a public university in CA and believe it or 
not, we cannot implement any kind of web monitoring due to UNION rules. It's 
quite frustrating. I was all set to bring in WebSense last year when our union 
rep gave it the stop order and sent it up the political chain for review. 
 
Sometimes it's not just budgetary restrictions but policitcal as well. Oh well, 
I said, I just block the traffic instead. Crazy as it sounds, that was 
acceptable.
 
Michael
 
All of these suggestions are good ones but- as the IT administrator you should 
present to your manager, and he or she should present to the execs that to 
effectively manage web access including restrictions, monitoring and reporting, 
a web proxy server should be deployed and all outgoing web requests should be 
forwarded through the proxy via network routing or browser proxy settings with 
tight outgoing port restrictions controlled at the network gateway.
 
Using the IE restricted sites, HOSTS files or creating a IPsec policy or a 
placeholder bogus DNS zone to solve this political issue is a workaround and 
not really a good one. 
 
Restricting web traffic is a political issue and as the IT admin or IT manager- 
hand off the responsibility of creating the policy or owning the approved site 
list if you can and make the company pay.
 
Now of course if you are administering public institution or school that is 
limited in funding and administrative staff- and you can’t get an educational 
discount of a functional feature rich proxy solution- any of the suggested 
work-arounds will work.
 
I have to go and get off my soap box now..
 
Omar
 


From: gptalk-bounce@xxxxxxxxxxxxx [mailto:gptalk-bounce@xxxxxxxxxxxxx] On 
Behalf Of Michael PietrzakSent: Wednesday, September 12, 2007 9:21 AMTo: 
gptalk@xxxxxxxxxxxxxxxxxxxx: RE: [gptalk] Website
 
Craig,
 
You can use the IPSec techniques outlined in this walkthrough...
 
http://www.petri.co.il/block_internet_but_allow_intranet_with_ipsec.htm
 
to enable you to block certain websites via a group policy. It's VERY easy to 
do. We had a problem with users visiting naughty sites and with this technique, 
I can effectively block all web access, allow local intranet browsing, allow 
only specific sites to be allowed, or finally, what you are looking for, block 
individual sites.
 
Read through it. Again, it's very easy to alter the IPSec rules to block a 
single web site.
 
Alternately, in your DNS servers, I use MS DNS so I can't say this could apply 
to you, but you could create a new domain, say myspace.com, and make a bogus 
DNS entry for it. That way, when any machine tries to go to myspace.com, it 
will not resolve.
 
Either of those techniques should work great for you.
 
Michael
SDSU
 
 
Hi guys Can i block a website through a GPO?

Craig Meyer "He had no servants - yet they called Him Master, no degrees - yet 
they called Him Teacher, no medicine - yet they called Him Healer, no army yet 
the Kings feared Him. He won no military battles yet He conquered the world. he 
commited no crime yet they crucified Him. He was burried in a tomb yet He lives 
2day....”
 



Download the latest version of Windows Live Messenger NOW! Click here!
_________________________________________________________________
Download the latest version of Windows Live Messenger NOW!
http://get.live.com/en-za/messenger/overview

• Follow-Ups:
  • [gptalk] Re: Website
    • From: Steve Rochford

• References:
  • [gptalk] Website
    • From: Craig Meyer
  • [gptalk] Re: Website
    • From: Michael Pietrzak
  • [gptalk] Re: Website
    • From: Omar Droubi
  • [gptalk] Re: Website
    • From: Michael Pietrzak
  • [gptalk] Re: Website
    • From: Omar Droubi

Other related posts:

• » [gptalk] Website
• » [gptalk] Re: Website
• » [gptalk] Re: Website
• » [gptalk] Re: Website
• » [gptalk] Re: Website
• » [gptalk] Re: Website
• » [gptalk] Re: Website
• » [gptalk] Re: Website
• » [gptalk] Re: Website
• » [gptalk] Re: Website
• » [gptalk] Re: Website
• » [gptalk] Re: Website
• » [gptalk] Re: Website

1. Home
2. gptalk
3. Archive
4. 09-2007

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---