Suggestions please!!! Need a device to block internet access to specific URLs and IM programs in office

You can find used/refurbished FW appliances not routers for a fraction of the cost with full support and warrantee for 90 days, from reputable dealers for a given product line. You call the manufacture or go to their Web sites to find a list of dealers.

Do you suggest a specific brand or model?

Thanks

Watchguard, Cisco, Sonicwall, Snapgear are a some that you can investigate or any of the major vendors of FW appliances.

The link below may help you in your selection process and toss the Linksys wireless router or convert it into a wire/WAP switch and plug it into a LAN port on the FW appliance.

While I would rather see you get a full firewall, that's about $2K, but a DFL-700 permits blocking of sites by names and ip addresses - so you could block *.myspace.com/* and even *.yahoo.com/* so that they can't reach the yahoo servers or the myspace servers with ANY program.

One of the things i just can't understand is why does Linksys router has an option to block URL... if it does not work. How can they add a feature that broken across the board. *frustrated

Thanks for your suggestions. If you guys know of a specific model please recommend that since at of this stuff is very new to me.

Thank you.

mK,

What you need, and it would appear lack, is an agreed-to acceptable use policy. If you have no policy, you have no security.

If you have an acceptable use policy that prohibits use of such web sites, installing of software, etc, then any such computer misuse can be dealt with by management.

As it appears that you have no policy, even the act of investigating their usage could be a breach of privacy laws and even against their human rights.

In short, without an agreed policy - and backing at board level, you have _NO_ security. WITH an agreed policy your reliance on technical countermeasures can be reduced thus saving on purchasing and maintaining hardware and software notto mention administrative overheads.

Having said all that, one effective solution could be an old workstation with a vaiant of BSD/ Linux running squid and IP Tables may be the technical solution you are searching for.

HTH,

Bogwitch.

I think there are confidental data on the PCs.

This is not dangerous, only unwanted during their hours of work

You do not respect you

Everyone has adminrights and the responsible person (you ?) has lost the control of the PCs and the data. You are only allowed to pay for the electricity.

- $0: switch the WRT54G immediately off.

- rebuild your PCs and laptops with proper software, userpermissions etc.

- establish a use and security policy for the use of the PCs and the use of the internet.

- write letters of warning and signalise instant dismissals.

- then you can define the firewall requirements. The firewall must have a slight part in the use and security policy and your promblems can't be solved technical by a firewall. UTM, CFD etc. are buzzwords, but in your case only snakeoil for security. In a company with 9 PCs is this absurd. I will not give you a recommendation for a firewall, search for experienced experts in your surrounding area. The costs of the hardware are the smallest part, more expensive is the proper implementation and maintenance.

bye Christoph

I'd strongly recommend getting a clue about IT security. I'd think that there are patient data on your computers. The things that happen in your network make me fear that these data are spread over the whole internet.

Get a seriuos security solution that covers those risks. That will include strict user and access rights, no free internet acces from any of the computers in your network and much more. And it will cost a little bit more than a few hundred dollars but it will be far less than the compensation you'll have to pay in case of patient data leaking out.

Wolfgang

Thank you guys. You all have suggested a few very good ground rules. I think i am gonna sort out the acceptable use policy this week and then look for a security solution.

Thank you again!

Yikes! I missed the first paragraph! Think HIPAA (if the OP is in the USA). Time for the OP to get a professional in. They are way out of their depth.

I would have to disagree. MySpace has had several XSS vulnerabilities recently.

And I missed that, too.

As I am unsure of the OPs country of residence, it is difficult to say wether taking an image of the HDDs for a subsequent investigation would be necessary before re-installation. I would. Otherwise it could be seen as a deliberate attempt to destroy evidence. There could very easily be a loss of confidential patient data from this system.

Absolutely. This is beyond the scope of an amateur. There are very serious consequences of a security incident with this setup and I would be very suprised if there has not been one already.

If the OP is in the UK, I'd be happy to offer my servies. :-)

Bogwitch.

Sorry, but I'm shocked. Seriously: The setup you run/ran in your office implements nothing of the standards of security and privacy protection required for a doctor. You risk(ed) your business.

Wolfgang