'RE: banned sites lists!'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       security-basics
Subject:    RE: banned sites lists!
From:       Amram =?iso-8859-1?Q?Pe=F1a?= <admin () gotoentertainment ! com>
Date:       2002-05-30 18:46:54
[Download RAW message or body]



Hi; if there's a big need to block web access to internal 
users,  definitely do it at the proxy..  blocking dns resolution even for 
stand-alone boxes is a bad idea.. tons of additional administration on the 
network.. totally unnecesary.. If you use Ms Proxy server that's a good 
start point to block those undesired websites.. there are other web traffic 
filtering applications available such as Websense   (www.websense.com) that 
provide full integration with different environments such as MS Proxy, 
Cisco Firewalls, CheckPoint Firewalls, etc.. you always have the eXtreme 
measures available such as blocking those unwanted ip addresses on the 
routers' access-list.

         Amram Peña
         Microsoft Certified Professional
         Email:  admin@gotoentertainment.com
         Cell:   506-395-8103
         Office: 506-281-1259 ext 4306


At 12:43 PM 5/30/2002 +1000, BRAD GRIFFIN wrote: I agree too Chisolm

Originally the requestor wanted a list of 'bad' addresses, which is why I 
provided the link. The concept of using the hosts file as an ad blocker was 
originally developed for stand-alone boxes, not networks. As you say, it 
would be pointless to use this method when a proxy server can be used to 
block the sites in the list for an entire network.

 > -----Original Message----- > From: Chisholm Wildermuth 
[mailto:cwildermuth@dbwebnet.net] > Sent: Thursday, May 30, 2002 10:58 AM > 
To: BRAD GRIFFIN > Cc: security-basics@securityfocus.com > Subject: RE: 
banned sites lists! > > > That's probably true, I'm only familiar with the 
usage in > Win2k...and even > then very little.  All of our installs use 
DNS, except for > very very special > instances. > > I still have to stand 
firm on thinking that it's a bad idea > though...  I > don't know how many 
machines you admin, but I really really > really would hate > having to 
mess with hosts files on all the machines.  I had heard of > something at 
one point that MS created/beta/demo'd a > "distributed" hosts file > or 
something of the like where you could keep a single copy > on a server 
and > they would all reference that??  I don't really recall... I > just 
know I don't > think it's a very good solution to a problem.  I see too 
many > work arounds, > too much admin time, and still not simplistic enough 
to make > it practical. > > "The only problem with this method is that it 
can be tricky > to set up in > conjunction with a proxy server."  --- Why 
would you do both ? > > IMHO Content filtering should still be done at a 
proxy and not with an > archaic file whose life ended with that of the 
original ARPANet. > > Chisholm Wildermuth > Systems Engineer > dbWebNet, 
Inc. > >

[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic