Advertisement
If you have a new account but are having problems posting or verifying your account, please email us on hello@boards.ie for help. Thanks :)
Hello all! Please ensure that you are posting a new thread or question in the appropriate forum. The Feedback forum is overwhelmed with questions that are having to be moved elsewhere. If you need help to verify your account contact hello@boards.ie

ISA [or other] Web Proxy - Restrictions Suggestions

Options
  • 04-09-2012 4:15pm
    #1
    RangeR
    Registered Users Posts: 7,265 ✭✭✭


    Hi,

    We have ISA Web Proxy. We also only have a 2Mb Leased Line so throughput is at a premium.

    I don't like blocking sites but we don't have much of a choice.

    What do you guys block on your proxies. Really just interested in media heavy sites [Radio / Music / Video]. I don't mind personal browsing once it doesn't effect the business.


    Our current deny list is
    Any other rich bandwidth hogs that may be considered?


Comments

  • Options
    #2
    Static M.e.
    Registered Users Posts: 3,088 ✭✭✭Static M.e.


    What about Gambling, Adult, Racist or file sharing sites?

    You (Your company) can be held liable if questionable material is found.

    If you don't care then just run a report which shows what the Top 10 downloaders (of Bandwidth) are using every week and then Ban those sites every week.

    On a side note if you use something simple such as Webmarshal then you should be able to purchase filter lists which fill the Site lists for you and also remove malware.


  • Options
    #3
    RangeR
    Registered Users Posts: 7,265 ✭✭✭RangeR


    Thanks for the reply.

    We just have ISA Proxy sitting behind a Cisco. ISA is the sole filter.

    I'm not too bothered about the site types you suggest. Generally, our AUP document dictates what the company will and will not tolerate.
    I can look at adding them at some stage [I don't want to be too draconian to non dodgy sites] but I'm more interested in forceably preventing media heavy browsing. It's not a case of not caring, per say.

    I'll add the top 5 filesharing sites but trying to keep up with the other ones would be a pain.
    I came from a very nice Linux Firewall/Proxy URL="http://www.endian.com/en/community/"]Endian[/URL. It allowed what are talking about. ISA seems paltry in comparison but I have to work with what I have. ISA doesn't seen to provide too many [any] reports on usage. For that, I'd have to do something like PowerShell through the IIS logs.

    I might actually look to get rid of ISA at some stage , over the next few months, but hardware resource is at a premium until we go VM, which won't be soon.


  • Options
    #4
    BaconZombie
    Registered Users Posts: 8,813 ✭✭✭BaconZombie


    I know in work legal has said not to blocking stuff.
    This is because even if we block 99.9999% of the stuff if somebody find something that is not blocked they could use the defence that since it not blocked it much be approved.

    Best best is to setup a SPAN port off your main egress and run NTOP or netflow on it and question the heavy bandwidth users, on the amount of traffic they are using not what they are looking at.

    Either way get sign off from Legal & HR before giving any logs/reports/etc to ANYBODY including Line Manager, CEO, Jebus, etc.


  • Options
    #5
    LoGiE
    Moderators, Computer Games Moderators Posts: 2,968 Mod ✭✭✭✭LoGiE


    Take a look at Untangle it has a free version thats very functional and blocks apps, ports and uses block lists for websites etc.


Advertisement