[prev in list] [next in list] [prev in thread] [next in thread]
List: security-basics
Subject: RE: banned sites lists!
From: Amram =?iso-8859-1?Q?Pe=F1a?= <admin () gotoentertainment ! com>
Date: 2002-05-30 18:46:54
[Download RAW message or body]
Hi; if there's a big need to block web access to internal
users, definitely do it at the proxy.. blocking dns resolution even for
stand-alone boxes is a bad idea.. tons of additional administration on the
network.. totally unnecesary.. If you use Ms Proxy server that's a good
start point to block those undesired websites.. there are other web traffic
filtering applications available such as Websense (www.websense.com) that
provide full integration with different environments such as MS Proxy,
Cisco Firewalls, CheckPoint Firewalls, etc.. you always have the eXtreme
measures available such as blocking those unwanted ip addresses on the
routers' access-list.
Amram Peņa
Microsoft Certified Professional
Email: admin@gotoentertainment.com
Cell: 506-395-8103
Office: 506-281-1259 ext 4306
At 12:43 PM 5/30/2002 +1000, BRAD GRIFFIN wrote: I agree too Chisolm
Originally the requestor wanted a list of 'bad' addresses, which is why I
provided the link. The concept of using the hosts file as an ad blocker was
originally developed for stand-alone boxes, not networks. As you say, it
would be pointless to use this method when a proxy server can be used to
block the sites in the list for an entire network.
> -----Original Message----- > From: Chisholm Wildermuth
[mailto:cwildermuth@dbwebnet.net] > Sent: Thursday, May 30, 2002 10:58 AM >
To: BRAD GRIFFIN > Cc: security-basics@securityfocus.com > Subject: RE:
banned sites lists! > > > That's probably true, I'm only familiar with the
usage in > Win2k...and even > then very little. All of our installs use
DNS, except for > very very special > instances. > > I still have to stand
firm on thinking that it's a bad idea > though... I > don't know how many
machines you admin, but I really really > really would hate > having to
mess with hosts files on all the machines. I had heard of > something at
one point that MS created/beta/demo'd a > "distributed" hosts file > or
something of the like where you could keep a single copy > on a server
and > they would all reference that?? I don't really recall... I > just
know I don't > think it's a very good solution to a problem. I see too
many > work arounds, > too much admin time, and still not simplistic enough
to make > it practical. > > "The only problem with this method is that it
can be tricky > to set up in > conjunction with a proxy server." --- Why
would you do both ? > > IMHO Content filtering should still be done at a
proxy and not with an > archaic file whose life ended with that of the
original ARPANet. > > Chisholm Wildermuth > Systems Engineer > dbWebNet,
Inc. > >
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic