How restrictive is your office internet access?

DrJohnZoidberg

DrJohnZoidberg

Honorary Master
Joined
Jul 24, 2006
Messages
28,072
Reaction score
7,545
Location
Table View
I recently had to block all non work related websites for some staff at our office, was just wondering how much your workplace allows you to access.

Also, if you're the admin what tools are you using for this, what kind of restrictions are you implementing and what are the tricks your users try to bypass the filters?

My setup is:

PfSense firewall
Squid + Squidguard
Using LDAP as Proxy auth
Blocking everything and whitelisting necessary sites.
Also using the Shallalist blacklist to whitelist certain groups (e.g. search engines, banking, etc).
 
Completely unrestricted and unmonitored at our office.

At clients we use a mix of different proxy servers TMG, Smoothwall, IPCop, Squid, Websense etc.

Make sure that you only allow DNS out for your internal DNS servers and also only allow HTTP and HTTPS from your proxy server so that the users are forced to use your internal DNS servers and can't access websites directly. SMTP outbound should only be open for the mail server.

All other outbound ports should be blocked, if anything requires other outbound ports it should only be opened for that specific server and only to a specific destination.

If the users require VPN only open it to the specific destinations they require as it's a common trick users try to get around proxy servers at work.
 
Microsoft TMG

Mostly everything is open except smtp. I have blocked radio streaming sites in the past( Built in filters)
facebook and youtube might be comming soon (built in filters)
 
I had to get heavy recently with some users.
I use a linux box with squid and all my own custom configs.
Users that dont abuse it still get normal access and the ones that do only get access before and after work and during lunch.
Banks and search engines are still open.
 
nicbst said:
No restrictions but management gets monthly reports on all employee internet activity.
Click to expand...

I played it that way for a while, was more of "here have some rope let's see if you hang yourself"
Unfortunately lots of people were trying to hang themselves(we have a strict policy) so the directors decided things should be blocked for abusers.
 
Rocket-Boy said:
I played it that way for a while, was more of "here have some rope let's see if you hang yourself"
Unfortunately lots of people were trying to hang themselves(we have a strict policy) so the directors decided things should be blocked for abusers.
Click to expand...

I'm assuming everyone that works there are adults, they should know better than to break company policy/abuse it. If you can't control yourself by all means have some rope
 
How does a Tor Browser show up on internet monitoring? Does it show up at all?
 
Tor would either not work due to it not being able to reach outside world or if you tunnel it through the proxy you'd have traffic but they wont be able to say what necessarily
 
Fairly restricted, some users have unfiltered access
We have a hosted MWEB solution (Astaro firewall) which I am not using to it's full potential - unable to get it to auth to our domain credentials, so basically filtering per IP at the moment
 
I just use my own laptop and 3G connection if I want to do personal stuff. I don't even read the news on my PC at work. In the end you are just going to shoot yourself in the foot if you use your company's resources for personal use.
 
MeroD said:
I just use my own laptop and 3G connection if I want to do personal stuff. I don't even read the news on my PC at work. In the end you are just going to shoot yourself in the foot if you use your company's resources for personal use.
Click to expand...

Pervious company I worked for I had sole access to fortigate, had 3x 10 Neotel fibre links so never battled with links being maxed. Did web filtering based on categories, all social media sites and youtube was allowed, only blocked p2p downloads, radio streaming, melicious websites and phishing. If something was blocked I unblocked for myself only:D

New company also using fortigate but not allowed to make changes without approval :(
 
staunchy20 said:
Pervious company I worked for I had sole access to fortigate, had 3x 10 Neotel fibre links so never battled with links being maxed. Did web filtering based on categories, all social media sites and youtube was allowed, only blocked p2p downloads, radio streaming, melicious websites and phishing. If something was blocked I unblocked for myself only:D

New company also using fortigate but not allowed to make changes without approval :(
Click to expand...

Lol, you allow Youtube but block radio streaming? Seems a bit weird. Radio streaming is actually one of things that I opened up here, so the people can get their grooveshark fix.
 
This from Microsoft Forefront is the bane of my existence:

Network Access Message: Access Denied

Explanation: Access to this site was blocked by system administrator
The page you are trying to browse to is categorized as "Online Communities"

If you are still not able to view the requested page, try contacting your administrator or Helpdesk.
Click to expand...

MyBB is almost the only forum I can access.
 
DrJohnZoidberg said:
Lol, you allow Youtube but block radio streaming? Seems a bit weird. Radio streaming is actually one of things that I opened up here, so the people can get their grooveshark fix.
Click to expand...

Hahahah yeah I know, I just did as I was told by the "big boys". I asked them why as youtube is a lot heavier on bandwidth.

At the new work everything is allowed before 8am, between 12 and 1 and than again after 5....
 
You must log in or register to reply here.
Back
Top
Sign up to the MyBroadband newsletter
X