Windows Server

AR · Guest

Hi,
This is an easy Question. I just want to know how can i block sites by
configuring the Hosts/lmhosts files in the DNS server. Also i want to keep a
log of sites visited . is it possible by configuring something in the DNS
machine. I am very new to Win2000 networking. Kindly send me the answers in
detail. Also send me some tools, which can be used for this purpose

Thanking in advance

Aneesh

Miha Pihler · Guest

Hi,

using host file or DNS to is not very eficient way to block user's access to
the internet or certain sites. First you have to update the file and
distribute it to all clients (e.g. use script to copy the file to all
clients).
You could e.g. create DNS entries in your own DNS for e.g. www.cnn.com and
point it to 127.0.0.1. If you chose this option don't forget to block DNS
queries to the internet or your users could reconfigure their DNS to point
to e.g. your ISP or some other public DNS server. With this they could
bypass your DNS entries.
You must also prevent use of external proxy servers. If your users are
resourceful enough they could look up free proxy servers on the internet and
use them to bypass your restrictions.

None of these options will allow you to log visited sites.

If you need a good solution I suggest you ISA server 2004 from Microsoft. It
will allow you to enter prohibited sites, you could create user groups that
have permission to browse the internet (and you can even go further and only
allow users to browse the internet at certain times). All other users would
not have access to the internet. You can also setup a good logging (what
users are browsing and how much time they spend browsing).

Mike

"AR" <aneesh.r@eostek.com> wrote in message
news:udrZ3y03EHA.4028@TK2MSFTNGP15.phx.gbl...

Steven L Umbach · Guest

You can configure hosts files on each computer to resolve a site name to a
bogus address but users usually find they can get around such by entering
the IP address of the site in the address bar of their browser. The best
solution is at the gateway to the internet and a lot depends on the size of
your network and budget. Even a lot of the inexpensive NAT routers can do
some url filtering however the best strategy is to allow only certain urls
and block the rest though that may not be acceptable to your environment.
There are also services that integrate with many firewalls to keep your
device up do date with url/IP of what can be considered objectionable
websites. If you go to the websites of manufactures such as Linksys, D-link,
Netgear, etc you can download the manuals for their devices to see what
their capabilities are. Also they can all log to some degree but many have
marginal logging. If you need a more sophisticated device that can be
configured for many rules and extensive logging you will need to look up a
bit at the devices from companies like Sonicwall where you will be spending
probably at least $600, but that can be an excellent investment considering
how much a lawsuit can cost if an employee claims they saw objectionable
material on another user's computer. As Mike mentioned, ISA would be an
excellent solution also. With your current setup you still can get an idea
where users are going by looking in the dns cache for the dns server. For
W2K/W2003 I believe you need to select view/advanced in the dns Management
Console to see the dns server cache. --- Steve

http://www.sonicwall.com/products/tz170.html -- example of Sonicwall device

"AR" <aneesh.r@eostek.com> wrote in message
news:udrZ3y03EHA.4028@TK2MSFTNGP15.phx.gbl...

	Windows Server Forum Index -> Security	All times are GMT
Page 1 of 1