l have to block a site for my network, it seems to be only this site causing a problem, and l doubt there is a single computer savvy user on this network who would dissagree with me blocking this site. l've heard of a way to make it so that when you type in the adress, it will look at the ip address and send it to the ip address and site that l choose. How can l do this?
PS:l'm not trying to "HACK" anything, l have full permissions to do this and will have administrator privledges. l'm sure there is a way to do this, but it is most likely to be called "HACKING", this is alright, not trying to rule out any good methods, this side note is just to say l'm not doing anything illegal in any way.
To block a site at INTERNET GATEWAY (SERVER), you will need to provide more details about your Operating System, Any proxy server you are using/Any Router/How you are sharing connection etc
Howver if you have access to those pcs, You can do it manually in all pcs by
- Adding the site in your host file (located in C:\WINDOWS\system32\drivers\etc folder for xp). Open it with notepad and add this sitename.com 127.0.0.1 at the bottom of file and save.
- Use IE, Content advisor..Go to internet properties>>Content>>Enable>>Approved Site>>type the site name and click Never.
If you have several computers networked together and are planning to block (inbound and/or outbound) access to a specific website or even a network, you could do so by using a firewall in your gateway (computer). You could also put Access Control Lists (ACLs) in your proxy server config to block access to specific sites or networks. If you use a router, you could also do so by configuring the router's ACLs.
You could also hand-configure each and every computer in your network but that would be a very tedious task. I recommend that you follow one of those ways I listed above. The best way that I could think of is by using a firewall to specify/configure who accesses what.
Note: When I say firewall, I mean a hardware firewall (specialized for firewalling task), or a software firewall (installed in your gateway PC), or a router (with firewalling capabilities by configuring ACLs). I think all routers could be configured with ACLs. At least those routers that are advanced (like advanced Cisco ones)
I hope that helps.
I'm not sure how machines you are managing.
If just a few, as the poster above has mentioned, modifying the hosts file in the folder %system%\system32\drivers\etc (%system% is generally C;\windows with XP) will work.
causes the computer to look for www.badsite.com on the local computer and will cause a browser to return a site not found error.
With this method you have to modify each computer individually by editing the hosts file on the machine or copying an edited hosts file to it , however.
For a larger number of computers, a hardware firewall running smoothwall http://www.smoothwall.org/ or IPCop http://www.ipcop.org/ with Dansguardian http://dansguardian.org/ (which requires squid) is a readily available solution that will give you the ability to control and monitor internet usage on your network remotely.
IPCop offers easy to use addon packages:.e.g. http://firewalladdons.sourceforge.net that simplifies the setup, however, since you are filtering all devices on your network I recommend thoroughly studying the install and its implications beforehand. The home sites have an extensive knowledge base available on their respective community forums pages.
Part of my job is to monitor and control internet traffic for over 200 people. I use a smoothwall, dansguardian/squid solution to handle this in my situation. I am quite pleased with the results.
If the gateway to the net is through a router access this and there you can list sites to block.
This is the best way because, as has allready been said, it provides a hardware firewall right at the "sharp end".
OK, l am using XP Pro for them, and each user has their own account (and this is a school, so there are ALOT of users) there are only so many computers that students are allowed access to, and our network has some...well... awhile ago there was a serious power surge, our network was new then, but...well this kinda trashed it most of the security fetures don't work, but l think going in and just adding this one site w/ ip adress into the system 32 folder will work the best.
But will this work for all of the users on each system l do this to?
|But will this work for all of the users on each system l do this to? |
If what you are asking is will it work for all the different accounts on the machine, yes. You only need to to put the sites you want to block in the one hosts file that exists in c:\windows\system32\drivers\etc.
Even if a machine has 20 students accounts on it, you only need to change the one host file on that machine in the windows directory, not 20 different ones in the users directories.
The downside is that 1) a computer savvy kid can erase the host file entry, and 2) it's impossible to write a host entry for every site that could potentially embarass the school.
The principle of what we're discussing is to have one machine with the host file that only you manage, then have all the school traffic pass through that machine to get to the internet.
For a school, I think it's really worth it to look at a Dansguardian solution. It will run on older hardware and uses both block lists and content filtering (it searches for words in the requested web page and blocks the page if it finds unacceptable ones) to block unwanted traffic.
I have to keep plugging Smoothwall or IPCop because they offer a solution that will allow you to measurably strengthen your defenses for very little, if any resources.
In IE there is a Privacy tab.in that there is SITES button .Click that it can block a list of sites which you provide.Hope it works for you.mention your OS
ok, and one more question, for the host file thing, do l put 127.0.0.1 or do l put the adress of the site? There is only one for now, and this should work fine, l tested it on my computer though, and it did nothing. Do l have to be on a network for it to work?? And l would rather not have everything going through one computer, because rather than having shared files throughout the network so that a single computer w/ viruses can infect everything, we have network drives created. If there is a computer savvy user there, they could get access to all of the teachers network drives, and that would be a bad thing as they store tests, grade books , etc. in there. So the host file thing would probably be the best bet.
and also, for http://dansguardian.org/?page=download l don't see Windows XP in there, is it supported??
Host file entries look like:
(note: there can be a tab or spaces between the number and the sitename, it just isn't working in this message box)
It should work on the local machine if the name and site are written properly.
A common occurence is that the site you want to block is still stored in the local drive's internet cache, so when you try to test the block and the page loads from the cache, you think the block isn't working. So, either clear the browser cache before you test the block or refresh the page a few times when testing.
You may be confusing the purpose of a dedicated machine to serve as a hardware firewall with a machine that has users working at them, or one that serves and stores files. User machines and file servers are more likely to be cracked than the firewall. You do, of course, have to have strong passwords and a limited number of administrators who access the firewall.
At some single point, the internet leaves your building. That is where the firewall goes. The firewall is usually Linux / Unix ( no virus issues) and are controlled at times by a secure web interface from another computer and at times by SSH, a remote command line tool that runs from another machine. The addresses they use for access are not completely standard, so that they are safer from casual scanners. All they do is control what traffic is allowed in and out of your building.
The Smoothwall or IPCop firewall machines may also supply your network with IP addresses, if you choose to, and block web traffic if you choose to. In any case, They sit in a closet somewhere and chug along peacefully.
Dansguardian runs on Linux, Unix or Mac OS X, not Windows. Linux or Unix will run on PCs that can run Windows, though. I run my Dansguardians on FreeBSD machines that are not the firewall machines, but that's not an install I would reccomend for Linux / Unix beginners.
The reason I mentioned Dansguardian and IPCop together is that IPCop has the addonz or addons (two different packages) programs that will install Dansguardian and the Squid proxy server with a couple of clicks. It also installs the web interface so that you can maintain it remotely.
Smoothwall requires a little more command line knowledge than IPCOP to install Dansguardian, but once it's installed it offers the same ease of control.
If you can, try to fix up what you need for now with the hosts solution and aim for Dansguardian as a summer project.
It may appear daunting now, but there is a wealth of cookbook type, step-by-step information about the installs online. All you need is a surplus machine ( I use old P II Dells and Compaqs we were given from the USDA), at least two network cards and the IPCOp or Smoothie CD. You only need a monitor for the first 10 minutes, and the CD can be removed after the install as well.
I wanted to use a hosts file solution as a temporary measure when I first started my job here, but our machines are mostly Macs, which are hard to get to work with hosts files. Dansguardian has been a good way to go.
If you have any more questions, just ask.
Alright thank you, currently we have only donation computers, but thank the Lord we are upgrading sometime during the summer to something worth having (Most of our computers are Pent.III Dells, Gateways and Compaqs ) So l'll do the Host thing for now, and once we upgrade l'll make sure and snatch one of the old computers before they send them off, and make it into the firewall. Thank you for the help, l will now change the subject to resolved.