restricting access to specific websites and chat engines

[chow choppe]

Hi everyone

 

please tell me how i can restrict my employees from visiting specific time wastage sites during office hours like orkut, facebook, etc and also dont want them to be on yahoo messenger or GTALk all day with friends

talking doesnt help in ur absence

i just want to restrict the internet usage for specific websites

 

Thanks

[kippu]

phew i had to dig through all your questions and finally voila

 

http://www.cgarchitect.com/vb/28244-how-stop-internet-lan-but-not-folder-sharing.html

 

tried all the suggestions in that?

[chow choppe]

the two posts are different

i dont want compleet internet block

just a few websites and chat engines.

i dont want to block gmail etc which is used for official purposes

[kippu]

try searching for a freeware firewall software and see if you can configure it to your needs

[Nic H]

sounds unfair to me

no internet would make me cry

[shaneis]

As far as IM goes (messenger/ GTalk), uninstall them from your employee's PC's. Assuming that you're on all XP Pro machines, you can then remove the user permissions to stop them installing/ running executables. There may be problems with the permissions approach though as it may limit apps that you want them using. It also means that you have to set this up on all of those PCs...more work for you.

 

The best way will be to set up a ICS host (Internet Connection Sharing Host). It doesn't have to be a fast PC, just and old Pentium IV will do. On this machine you can run a tight firewall and block the IP addresses and domain names of any sites you want filtered. It is important to set this PC up yourself, or have a trusted person do it for you. You also want to have it password protected - make sure you are the only person who knows that password.

 

I would recommend that you find an old PC and install an extra ethernet card, one will be used for incoming (connected to a modem) and the other used for outgoing/ throughput (connected to a router). All of your workstations will connect to the router. Your router will also have security features, eg. NAT and port blocking. Enable these and password protect it.

 

I would also recommend downloading Kubuntu 8.04 http://www.kubuntu.org/getkubuntu/download as it is free, it's GUI is similar to Windows and there is large amounts of help available online via the Ubuntu/ Kubuntu forums. It has an inbuilt firewal called IPTables. You would then download a GUI for IPTables called "Guarddog" (also free). This will allow you to configure the firewall quickly and easily. Once this is done, you can block the prots used for I.M. (Gtalk etc) and the domain names (eg facebook.com).

 

Your employees will have an extremely hard time trying to circumvent a Linux-based firewall from their Windows machines. There are quite a few positive side effects from using a Linux firewall too - additional security for your Windows network, your workstations will effectively be invisible to port scanning, superior firewall control, packet sniffing and logging, and as I mentioned before...IT'S ALL FREE!!!

 

With a Linux based ICS/ Firewall and the inbuilt security in your modem and router, you will have a very secure little network, and you will control what goes in and out.

[shaneis]

3dsmaxed,

 

I also read the link that Kippu posted - it seems you are going about it the wrong way. Blocking access from the local machine will never work - ever! You must block it from the server.

 

You need to look at port ranges, IP/ DNS blocking and also, changing the user levels/ permissions on your workstations so that the offending employees cannot access or alter local network settings.

 

I have to agree with some of the other comments in the above mentioned thread too. While there are technical solutions, this is a problem with your employees more than it is with your network. A firm warning may be just as effective.

[3dway]

Have you asked you employees if they're happy, challenged, motivated, and what their career goals are? Have you offered them career counciling or access to personal development literature/media?

 

I don't run a company, but I am an employee. I know when I felt underappreciated and overpassed, I wasn't motivated to work. When I got to a firm that compensated me fairly and offered me the opportunity for advancement I looked back and said to myself "man I can't believe the amount of time I wasted at my last job."

 

Someone who is busy chasing a carrot doesn't have time for a nap.

 

Are they meeting productivity standards? If so, then maybe distraction is not a problem.

 

I can see it's probably vexing, as an employer, to think that the meter is running but you're sitting at a stoplight.

[chow choppe]

thanks guys

 

will keep u guys posted

we have machines connected via an 8 port hub and the interent cable is also plugged into that hub

andits a dial up broadband connection so i dial it on my PC and others are connected on lan via that hub so they have access to the interent when i share it

 

Shane i hopw ur method will work in this situation. althought i will have to go thru ur method 3 - 4 times because i am not very well versed with these terms

 

will try it out

 

Thanks again all of u

[Horhe]

I agree that the issue lies with your employees. Seems youve got to play good cop, bad cop here... and seems the bad cop is just around the corner...

[shaneis]

...we have machines connected via an 8 port hub and the internet cable is also plugged into that hub and its a dial up broadband connection so i dial it on my PC and others are connected on lan via that hub so they have access to the internet when i share it...

 

 

If that's the case, then you should be able to set up some blocking/ filtering directly in the gateway (your modem/router/hub thingy).

 

Log into the gateway and look for some security settings allowing you to set up filters. If the gateway doesn't have those features, go and buy a new one that does. They aren't expensive nowadays. This approach will be easier than the other methods and just as effective, although not as secure.

 

If you're having a lot of trouble with the set up, just hire a local I.T. guy to set it up for you - it won't take him long, so it shouldn't cost much.

Edited November 15, 2008 by shaneis