VanguardLH
Guest
Posts: n/a
 
Re: Good content blocker/site blocker for Vista workstation?
Posted: 02-08-2009, 06:30 AM
FromTheRafters wrote:
> Leythos wrote ...
>>
>>I have a client with a stand alone vista workstation that would like to
>> block almost all websites from anyone using the laptop. I don't use
>> workstation level products and this is a case outside my normal scope -
>> can anyone recommend a product that allows an Admin to setup permitted
>> sites for "user" level accounts on a vista workstation?
>
> Can you control the laptop's DNS lookups? Not the hosts file,
> but the primary and secondary servers? Just thinking out loud
> here, but a proxy DNS could function as a whitelist couldn't it?
That's how OpenDNS works (if you open a [free] account with them).
Rather than have the router configured to use the ISP's DNS server (via
DHCP), configure it by entering the IP addresses for OpenDNS' DNS
servers.

However, it is likely that the user gets a dynamic IP address for their
host (or their router) from their ISP. The OpenDNS account has to know
which IP address is yours to know the settings for which account to
apply to traffic from that IP address. They have their own reporter
client (or you can modify the one from DynDNS if you happen to also use
them to provide an IP name for external access to your router or host so
you don't need, for example, an IP address to use Remote Desktop or
VNC). You run their reporter client on one of your hosts in your
intranet (i.e., on the LAN side of your router). It will report the
router's WAN-side IP address to OpenDNS to update your account with
them. Then when your router connects to them, it sees that IP address
and knows to apply your account's settings to its traffic. Settings
include blacklisting of domains and blacklisted categories.

Alas, OpenDNS lets you filter out domains or categories of them but does
not let you filter in a particular whitelist of okay domains. You can
filter by:

Always block (a domain)
Never block (a domain)
Block by category

I have not tried using wildcards to specify a domain, so I don't know if
you could "Always block *" and then whitelist by "Never block <domain>".
If that works, you would end up blocking all domains except those you
whitelisted using the "Never block" rule. Of course, you could open a
support ticket to ask them if the above method works to provide a
filter-in only scheme, plus they have forums where you can ask.

A caveat is that this is blocking at the DNS server. That means there
actually has to be a DNS lookup. If the user enters an IP address, as
in http://96.6.126.19 (for www.intel.com), then there is no DNS lookup
required. This is how a user can bypass this DNS filtering. However,
often that only lets them get to the home page of a site and often there
is content missing in that home page and they may not be able to use any
links of that home page to navigate to other pages in the site. That's
because many of the links or linked content will still have IP names in
them that require a DNS lookup. Also, the user must somehow already
know the IP address of the target host.
Leythos
Guest
Posts: n/a
 
Re: Good content blocker/site blocker for Vista workstation?
Posted: 02-08-2009, 01:49 PM
In article <O0wk7tXiJHA.996@TK2MSFTNGP02.phx.gbl>,
erratic@nomail.afraid.org says...
> Can you control the laptop's DNS lookups? Not the hosts file,
> but the primary and secondary servers? Just thinking out loud
> here, but a proxy DNS could function as a whitelist couldn't it?
At this time the laptop is uncontrolled, not part of a domain, and the
laptop is used at homes as well as their construction trailer where
there is just a ATT wireless DSL setup. While they remote into the
Terminal Server they have found many times when people are surfing the
net and doing questionable things online - there is no real firewall
appliance and it's just an off-the-shelf (cheap) Vista laptop with no
important files stored on it.

At this time the DSL assigns 192.168 addresses and we have no real
option to install a firewall or other hardware at this location.

--
- Igitur qui desiderat pacem, praeparet bellum.
- Calling an illegal alien an "undocumented worker" is like calling a
drug dealer an "unlicensed pharmacist"
spam999free@rrohio.com (remove 999 for proper email address)
Leythos
Guest
Posts: n/a
 
Re: Good content blocker/site blocker for Vista workstation?
Posted: 02-08-2009, 01:51 PM
In article <gmlu71$c25$1@news.motzarella.org>, V@nguard.LH says...
> That's how OpenDNS works (if you open a [free] account with them).
> Rather than have the router configured to use the ISP's DNS server (via
> DHCP), configure it by entering the IP addresses for OpenDNS' DNS
> servers.
>
I was considering OpenDNS, and I think they have a client tool that you
can install on the laptop/computer, but I've not had time to look today.

If we had a nice firewall this would be done, already resolved, but,
since the laptop can be in multiple locations I was looking for some
simple software that might work - not having ever used those types of
products I was wondering what others have used.

--
- Igitur qui desiderat pacem, praeparet bellum.
- Calling an illegal alien an "undocumented worker" is like calling a
drug dealer an "unlicensed pharmacist"
spam999free@rrohio.com (remove 999 for proper email address)
Dan
Guest
Posts: n/a
 
Re: Good content blocker/site blocker for Vista workstation?
Posted: 02-08-2009, 05:56 PM
on 2/8/09 7:51 AM Leythos said the following:
> In article <gmlu71$c25$1@news.motzarella.org>, V@nguard.LH says...
>> That's how OpenDNS works (if you open a [free] account with them).
>> Rather than have the router configured to use the ISP's DNS server (via
>> DHCP), configure it by entering the IP addresses for OpenDNS' DNS
>> servers.
>>
>
> I was considering OpenDNS, and I think they have a client tool that you
> can install on the laptop/computer, but I've not had time to look today.
>
> If we had a nice firewall this would be done, already resolved, but,
> since the laptop can be in multiple locations I was looking for some
> simple software that might work - not having ever used those types of
> products I was wondering what others have used.
>
You need to provide more details.
Dan
Guest
Posts: n/a
 
Re: Good content blocker/site blocker for Vista workstation?
Posted: 02-08-2009, 05:57 PM
on 2/8/09 7:49 AM Leythos said the following:
> In article <O0wk7tXiJHA.996@TK2MSFTNGP02.phx.gbl>,
> erratic@nomail.afraid.org says...
>> Can you control the laptop's DNS lookups? Not the hosts file,
>> but the primary and secondary servers? Just thinking out loud
>> here, but a proxy DNS could function as a whitelist couldn't it?
>
> At this time the laptop is uncontrolled, not part of a domain, and the
> laptop is used at homes as well as their construction trailer where
> there is just a ATT wireless DSL setup. While they remote into the
> Terminal Server they have found many times when people are surfing the
> net and doing questionable things online - there is no real firewall
> appliance and it's just an off-the-shelf (cheap) Vista laptop with no
> important files stored on it.
>
> At this time the DSL assigns 192.168 addresses and we have no real
> option to install a firewall or other hardware at this location.
>
So you have a WiFi router and the laptop connects to it via WiFi? Or
you have a 3G card for the laptop?
Leythos
Guest
Posts: n/a
 
Re: Good content blocker/site blocker for Vista workstation?
Posted: 02-08-2009, 06:32 PM
In article <6v8kliFinp8oU2@mid.individual.net>, dan@nospam.net says...
> on 2/8/09 7:51 AM Leythos said the following:
> > In article <gmlu71$c25$1@news.motzarella.org>, V@nguard.LH says...
> >> That's how OpenDNS works (if you open a [free] account with them).
> >> Rather than have the router configured to use the ISP's DNS server (via
> >> DHCP), configure it by entering the IP addresses for OpenDNS' DNS
> >> servers.
> >>
> >
> > I was considering OpenDNS, and I think they have a client tool that you
> > can install on the laptop/computer, but I've not had time to look today.
> >
> > If we had a nice firewall this would be done, already resolved, but,
> > since the laptop can be in multiple locations I was looking for some
> > simple software that might work - not having ever used those types of
> > products I was wondering what others have used.
> >
>
> You need to provide more details.
Laptop, Vista, could be used anywhere, need to limit what sites and
content any user of the laptop can get to. All users would be "limited"
users, none would be local admins.

No domain, no network, just laptop connected into any network they
happen to have handy.

--
- Igitur qui desiderat pacem, praeparet bellum.
- Calling an illegal alien an "undocumented worker" is like calling a
drug dealer an "unlicensed pharmacist"
spam999free@rrohio.com (remove 999 for proper email address)
Leythos
Guest
Posts: n/a
 
Re: Good content blocker/site blocker for Vista workstation?
Posted: 02-08-2009, 06:33 PM
In article <6v8ko8Finp8oU3@mid.individual.net>, dan@nospam.net says...
> on 2/8/09 7:49 AM Leythos said the following:
> > In article <O0wk7tXiJHA.996@TK2MSFTNGP02.phx.gbl>,
> > erratic@nomail.afraid.org says...
> >> Can you control the laptop's DNS lookups? Not the hosts file,
> >> but the primary and secondary servers? Just thinking out loud
> >> here, but a proxy DNS could function as a whitelist couldn't it?
> >
> > At this time the laptop is uncontrolled, not part of a domain, and the
> > laptop is used at homes as well as their construction trailer where
> > there is just a ATT wireless DSL setup. While they remote into the
> > Terminal Server they have found many times when people are surfing the
> > net and doing questionable things online - there is no real firewall
> > appliance and it's just an off-the-shelf (cheap) Vista laptop with no
> > important files stored on it.
> >
> > At this time the DSL assigns 192.168 addresses and we have no real
> > option to install a firewall or other hardware at this location.
> >
>
> So you have a WiFi router and the laptop connects to it via WiFi? Or
> you have a 3G card for the laptop?
Could be both, as the user can move from network to any other network,
depending on if they are at home or at the office or at a WiFi spot,
etc...

This has to be a solution that works at the laptop, no hardware
permitted.

--
- Igitur qui desiderat pacem, praeparet bellum.
- Calling an illegal alien an "undocumented worker" is like calling a
drug dealer an "unlicensed pharmacist"
spam999free@rrohio.com (remove 999 for proper email address)
 
LinkBack Thread Tools Display Modes
 


Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On
Forum Jump


Similar Threads
Thread Thread Starter Forum Replies Last Post
pop up blocker maggie Windows XP New Users 12 01-29-2009 03:27 AM
good popup blocker software?? PetuniaBlossom Windows XP New Users 11 05-29-2004 01:21 AM
Audlt Site Blocker Suggestions David Windows XP Basics 1 04-23-2004 11:58 AM
pop-up ad blocker M. Crowder Windows XP Security & Administration 2 09-13-2003 12:25 AM
Pop Up Blocker Art G Windows XP Hardware 6 08-11-2003 09:51 PM