How do we block bad sites?

[cgwillard]

We are using a Raptor Firewall (version 6.something), and we don't know how to block our users from accessing bad sites. Has anyone set up a rating like this? Do you have any advice for us? Any help would be appreciated.

cgwillard
Only 25 years until retirement!

 

[rlee1]

got this from the Symantec Knowledge base- It's a pain to implement. You can also do it in reverse and set up an Network Entity for the IP of site you want to block and then set up a rule to deny all services.



How to block some computers from accessing the Internet

Situation:
You want to block internal computers or workstations from accessing the Internet (for example, network monitoring consoles). You want to configure the firewall to prevent users at these computers or other computers inside the firewall from accessing the Internet.

Solution:
To prevent a computer from accessing the Internet, create a Host for the computer, add it to a Group that blocks Internet access, and then create a Rule for that group.

To block internet access:

1. Open the Raptor Management Console.
2. Create a new Host for each computer that you want to block:
a. Right-click Network Entities, click New, and then click Host under Base Components.
b. Enter the following information:
Name: workstation#1. Type this as a Host.
Address: IP address for workstation#1
c. Repeat steps a and b for each computer that you want to block. Use a different Name for each computer.
3. Add a new Group:
a. Right-click Network Entities, click New, and then click Group.
b. Enter the following information:
Name: HTTP-block-group. Type this as a Group.
In Members, add each computer to Included Members.
4. Add a new rule:
a. Right-click Rules, click New, and then click Rule under Access Control.
b. Enter the following information:
For connections coming via: Inside NIC
From source: HTTP-block-group
Destined for: Universe*
Coming out via: Outside NIC
Services: Included services: http*
5. Save and reconfigure the firewall by clicking the floppy disk icon in the icon bar.

 

[Guest_imported]

If you are using raptor 6.5 or above. don't use the"*all" service in you deny rule because the firewall will open all ports 1-65535 UDP and TCP and all IP protocols for listening, in order to deny issue the deny. Sounds crazy, but it's true.

 

[rlee1]

WOW!! that's interesting!!

 

[cgwillard]

We have been able to set up a rule to prevent using any websites, but that's a little too restrictive for us. We're looking for a way to block just the most "naughty" sites. We selected a couple of characteristics from Raptor's list (nudity and occult, I think), but it wouldn't allow any Internet access.

How can we block the strictly pornographic sites and still allow access to regular websites? cgwillard
Only 25 years until retirement!

 

[zman89]

We used that featured in Raptor to block the bad sites but all it did was slow the traffic down to a crawl as Raptor checked every HTTP transaction, we have ELRON which does all the stoppage we need and use the Firewall strictly for boundary protection.

 

[pawlowskijp]

You need to get some sort of URL filtering software. WebNot is the easiest one to implement since you just enable the fetcher daemon and create a ratings profile(s) and use the ratings* service also in your outbound HTTP rule. You can also create URL addresses that may not be in the url database. The cost is that bad either, compared to a WebSense or Symantec's WebSecurity, but you get what you pay for. Also, the only way you can use the Ratings* service is if you have an active subscription to WebNot. If you try to use Ratings* without a subscription, url filtering doesn't work and in earlier versions of Raptor, browsing comes to a screeching halt.

Jeff