Results 1 to 2 of 2

Thread: limiting net access

  1. #1

    limiting net access

    Ok new office am working in is a shambles - plus to add to it the normal (& only) tech guy has gone on holidays so I'm the only tech(ish) guy they have.....

    are switching all users from their normal logins over to generic logins (agent1, agent2, agent3 etc) but the tech guy forgot to set the security profiles for the users before leaving

    I dont have access to the main router etc so am looking for a quick work around to stop users accessing net

    need to restrict it to only certain domains - it does not need to be air tight as is only a quick work around for a week

    was thinking something through the hosts file
    can you use wildcards in it?

    am taking that the browser checks the host file in order of each record

    so if you had

    127.0.0.1 www.antionline.com
    63.146.109.212 www.antionline.com

    it would read the first entry and show nothing rather than load the site.....so if you could use wildcards it could be something like

    63.146.109.212 www.antionline.com
    127.0.0.1 *.*.*

    so agents would only be able to load antionline and nothing else

    is that kind of thing possible??? I dont want to add any new software etc as like i said before is only a quick work around - once tech guy returns will be able to access router etc and set it up properly but for now i need something quick

    any ideas?

    v_Ln

  2. #2
    Senior Member
    Join Date
    Jan 2003
    Posts
    3,915
    Hey Hey v_Ln,

    I don't believe that you can use wildcards in the hosts file, that's why they came up with software like the PICSrule Project for blocking ads and pop-ups based on wildcards.

    How much access do you have, are the machines stand-alone or on a domain?

    How about a few simple IPSec policies that say Allow access to these few sites, and then deny everything else. It isn't complex and if it's a domain that you have/can (legally) get admin access to then it'll only take you a few clicks. If they are stand-alones it may take you a little longer, but it's still feasible.

    Anways just a suggestion,

    [Edit]
    Thought I'd add a website on the topic, it's the best resource I've seen for this topic.

    http://www.petri.co.il/block_web_bro...with_ipsec.htm
    [/Edit]

    Peace,
    HT


Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •