Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Blocking social media sites for Office staff?


  • Please log in to reply
8 replies to this topic

#1 jerrymck

jerrymck

  • Members
  • 66 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:27 PM

Posted 05 June 2015 - 04:34 PM

Sorry if this is the wrong location to be posting this subject. I couldn't decide whether it should have been this or a networking subcategory. 

*please feel free to move if need be*

So, I have a new client. They want me to set up some kind of blocking tool or parental controls that block access to certain sites.

Facebook, twitter, youtube, and instagram basically.

I have done about 10 minutes of research because I'm very busy today but I haven't found really what I am looking for.

All the users log into the Domain on Win 7 Pro.

Please, any advice, as always is greatly appreciated!

-Jerry


Craigslist PC Technicians be like "Oh you have a virus? Let me defrag your hard drive and delete unused desktop icons for you. And if you're lucky, I'll even empty your recycling bin! :smash:


BC AdBot (Login to Remove)

 


#2 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,670 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:27 PM

Posted 05 June 2015 - 04:36 PM

Hi jerrymck :)

This could be easily done via the hosts file (implying the users don't have Admin Rights to edit it back), but the easiest way would be to obviously block these websites at a router level. Do they have a firewall, proxy, etc.?

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#3 jerrymck

jerrymck
  • Topic Starter

  • Members
  • 66 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:27 PM

Posted 05 June 2015 - 04:50 PM

Yes, they are using a Sonicwall which I believe is a router and firewall combo.


Craigslist PC Technicians be like "Oh you have a virus? Let me defrag your hard drive and delete unused desktop icons for you. And if you're lucky, I'll even empty your recycling bin! :smash:


#4 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,670 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:27 PM

Posted 05 June 2015 - 04:53 PM

Block these websites using the Sonicwall then. Create a category like "Social Networking", and add the domains of all the websites you want to block: facebook, twitter, instagram, youtube, etc. and if they have affiliated websites.

That's the general idea. I never used a Sonicwall so I cannot go in more details than that. I would have to go in it to see.

Edited by Aura., 05 June 2015 - 04:54 PM.

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#5 jerrymck

jerrymck
  • Topic Starter

  • Members
  • 66 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:27 PM

Posted 05 June 2015 - 04:56 PM

Ok, thanks

I will see what I can do. Would I need to enter the domain names or the IP? 

Also, I am afraid this might not work since some users need to have access to these sites. (owner, managers) and they are all on the same network.

the REALLY weird thing is I don't think they have AD installed on their server 2008. I have looked all over for it but I cannot find it!


Craigslist PC Technicians be like "Oh you have a virus? Let me defrag your hard drive and delete unused desktop icons for you. And if you're lucky, I'll even empty your recycling bin! :smash:


#6 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,590 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:08:27 PM

Posted 05 June 2015 - 04:57 PM

Here are a couple how to articles...

How to Block Websites By Editing the HOSTS File in Windows
Block unwanted sites using the Windows hosts file

However, you may want to read and share with your client...
The Debate about Blocking Social Media in the Workplace
Five Reasons Companies Should Not Block Access to Social Networks
10 reasons NOT to block social networking at work
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#7 Didier Stevens

Didier Stevens

  • BC Advisor
  • 2,705 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:27 AM

Posted 07 June 2015 - 07:50 AM

Do the exceptions (managers, ...) have a fixed IP address for their computer? Then you can make rules on the Sonicwall network device to allow them access to the social media sites.


Didier Stevens
http://blog.DidierStevens.com
http://DidierStevensLabs.com

SANS ISC Senior Handler
Microsoft MVP 2011-2016 Consumer Security, Windows Insider MVP 2016-2019
MVP_Horizontal_BlueOnly.png

 

If you send me messages, per Bleeping Computer's Forum policy, I will not engage in a conversation, but try to answer your question in the relevant forum post. If you don't want this, don't send me messages.

 

Stevens' law: "As an online security discussion grows longer, the probability of a reference to BadUSB approaches 1.0"


#8 jerrymck

jerrymck
  • Topic Starter

  • Members
  • 66 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:27 PM

Posted 07 June 2015 - 03:41 PM

I found the hosts file was the best way to go but i am having trouble obtaining permissions to modify the hosts file for user logged into the domain

Craigslist PC Technicians be like "Oh you have a virus? Let me defrag your hard drive and delete unused desktop icons for you. And if you're lucky, I'll even empty your recycling bin! :smash:


#9 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,670 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:27 PM

Posted 07 June 2015 - 05:51 PM

Do you have a user account on the domain with Admin Rights over computers part of that same domain? This is what I have. Every computers have the Tier 2 group as part of the local Admin groups, and since my user is part of that Tier 2 group in the AD, I have Admin rights on all the computers.

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users