A Myspace Lockdown - Is It Possible? 180
Raxxon asks: "We (my business partner and I) were asked by a local company to help 'tighten up' their security. After looking at a few things we ran some options by the owner and he asked that we attempt to block access to MySpace. He cited reasons of wasted work time as well as some of the nightmare stories about spyware/viruses/etc. Work began and the more I dig into the subject the worse things look. You can block the 19 or 20 Class C Address Blocks that MySpace has, but then you get into problems of sites like "MySpace Bypass" and other such sites that allow you to bypass most of the filtering that's done. Other than becoming rather invasive (like installing Squid with customized screening setups) is there a way to effectively block MySpace from being accessed at a business? What about at home for those who would like to keep their kids off of it? If a dedicated web cache/proxy system is needed how do you prevent things like SSL enabled Proxy sites (denying MySpace but allowing any potentially 'legal' aspects)? In the end is it worth it compared to just adopting an Acceptable Use Policy that states that going to MySpace can lead to eventual dismissal from your job?"
Re:Porn filters (Score:2, Informative)
Until somebody there goofs and flags the map image server for mapquest as porn (we are fighting that one now)
Luckilly they do have a user submission system to reclassify those goofs.
Websense (Score:2, Informative)
One way (Score:5, Informative)
I had to do this for a school. Basically, set up Squid to act transparently. Set up an acl like:
acl myspace dstdomain
acl work_hours MTWHF 09:00-12:00
acl work_hours MTWHF 13:00-17:00
http_access allow myspace !work_hours
http_access deny myspace
That would allow access during lunch and before and after work.
If you want to block against proxies, use SquidGuard plus some blacklists. The ones at urlblacklist [urlblacklist.org] are good, as is the isakurldb [gplindustries.com] list (it's based on dmoz). Another one is the one from shalla.de [shalla.de]. All have social networking categories as well as proxy sites, though shalla's proxy and spyware lists tend to overblock.
I'd recommend merging urlblacklist's lists with isakurldb, and also shalla (but remove yimg.com from the redirector list manually) for both proxy and social networking. Then use SquidGuard to restrict the access.
Block the Class C (Score:4, Informative)
Re:Definition of Draconian (Score:4, Informative)
draconian (dr-k'n-n, dr-) Pronunciation Key
adj. Exceedingly harsh; very severe: a draconian legal code; draconian budget cuts.
Words evolve. Deal with it.
Quick & dirty (Score:3, Informative)
I will point out that this was for a smallish company (25 people), not a school or anywhere else where the end-user can basically be assumed to be at least somewhat malicious. But, it does get the job done if you're in a hurry.
Re:Internet on an "as needed" basis... (Score:2, Informative)
One day she was called into her manager's office and fired due to her web usage. No warning, no verbal/written reprimand, just fired. Her last review said her performance was excellent, and there had never been a blemish on her record.
Now there's a company to avoid working for.
-AC
(It's not libel if it's true, but I'm not risking a lawsuit by putting my name on this!)
Re:It's just a like a fence. (Score:2, Informative)
(Althogh most restricitions are lifted outside of normal working hours, and at lunchtime.)
Here's a crazy Idea: (Score:3, Informative)