Tek-Tips is the largest IT community on the Internet today!
Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!
-
Congratulations Mike Lewis on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!
How to block facebook on corporate network
- Thread starter amanua
- Start date
You can configure your router to prohibit access to specific IPs.
The IPs for Facebook are
69.63.181.11
69.63.181.12
69.63.189.11
69.63.189.16
Block these and you should be fine.
[navy]"We had to turn off that service to comply with the CDA Bill."[/navy]
- The Bastard Operator From Hell
The IPs for Facebook are
69.63.181.11
69.63.181.12
69.63.189.11
69.63.189.16
Block these and you should be fine.
[navy]"We had to turn off that service to comply with the CDA Bill."[/navy]
- The Bastard Operator From Hell
![[tongue]](/data/assets/smilies/tongue.gif "[tongue] [tongue]")
The company I work for uses a program called Bluecoat Proxy. It blocks damned near everything, including Facebook.
One thing to keep in mind is that there are no fool proof methods. As long as they can get a plain old, port 80 http connection out, it is almost a assured that they can bypass any blocking algorithm, program, or filter than you throw in their path if they want to bad enough. Sometimes it is as simple as entering the page as an IP address encoded in hexadecimal. At the other end, they can proxy through a http tunnel using programs like Corkscrew.
One thing to keep in mind is that there are no fool proof methods. As long as they can get a plain old, port 80 http connection out, it is almost a assured that they can bypass any blocking algorithm, program, or filter than you throw in their path if they want to bad enough. Sometimes it is as simple as entering the page as an IP address encoded in hexadecimal. At the other end, they can proxy through a http tunnel using programs like Corkscrew.
BlueCoat also makes a (FREE) product for home use, in case anyone reading this wants to look at such options for children at home... but it only works on a per computer basis... so everyone who uses that computer will get the same results...
fisheromacse
IS-IT--Management
free, reliable, free.
kvj: I'm not the OP, I was just pointing out a way to bypass the first solution so the OP can take it into account.
I was talking about being an user trying to avoid FB restrictions. Actually, I think social networks should be allowed in corporate environments.
There is an interesting recent thread about this.
Cheers,
Dian
I was talking about being an user trying to avoid FB restrictions. Actually, I think social networks should be allowed in corporate environments.
There is an interesting recent thread about this.
Cheers,
Dian
I definitely disagree with allowing social networks on company computers. That's based on security moreso than anything else. The reason is that social networks have proven excellent breeding grounds for viruses, b/c people seem to be less careful in those environments than even basic email. I've seen this first hand, besides the various news articles about such.
And OpenDNS won't work for the end user if the network proxy is setup right. It won't allow the end user to use external proxies... and if the PC security is done right, the end user won't be able to force using a different DNS or proxy, b/c they wont' be able to change those settings anyway. I know this, b/c I'm a "user" where I work. And believe you me, if I really wanted to change those things, I'd have to do some purty nefarious actions to get there, if it would even work then. Once the employer has the right things in place, it's a piece of cake for the to find out when someone DOES find a way around the restrictions.
Besides the data security issues, there's also MAJOR privacy issues at stake... well depending to some extent upon what the business is, and what the employee's position in that business is. Social networks provide a VERY easy way for an employee to share company secrets in just a split second, really.. basically as fast as they can type. If that employee "had it in" for the company, then they might very well be tempted to use the network for that very purpose - whether or not there are consequences... when someone gets very angry or emotional, they quickly lose site of reality... consequences.. and so forth.
I've just read an article the reported on a company that uses an excuse to continue using IE 6. The company says that social networks don't render well in IE 6 so people won't use the company's computers to get on the social networks during work hours. Of course, the article also pointed out how dangerous it was for the company to use such an insecure browser as IE 6 but any excuse for a company to not upgrade . . . ;-)
James P. Cottingham
[sup]I'm number 1,229!
I'm number 1,229![/sup]
James P. Cottingham
[sup]I'm number 1,229!
I'm number 1,229![/sup]
I had a really good laugh yesterday. One of my co-workers recanted the story where someone wanted to plug a Fluke meter into the network to monitor it remotely. Corporate IT asked if it was "secure". The real laugh was over, "define secure" for a meter. In terms of does it have viruses, spyware, or other malware, the chances are somewhere between slim and none. Their big objection was that they couldn't run their Novell virus, er networking applications on it or the Mc-Virus scanner.
Companies can go to all sorts of extremes and create impediments for workers. What ususally happens is that the impediments create more hassel and delay to gettng legitimate work done than anything else. Of course this is all done under the guise of "security".
kjv1611, would you please define what you mean by nefarious actions to get around the proxies? Personally, I have found a socks proxy through an SSH tunnel with remote DNS query to be quite effective. Another easy solution is to simply plug my Blackberry into the PC and use it as a PPP modem which bypass the LAN connection altogether.
Companies can go to all sorts of extremes and create impediments for workers. What ususally happens is that the impediments create more hassel and delay to gettng legitimate work done than anything else. Of course this is all done under the guise of "security".
kjv1611, would you please define what you mean by nefarious actions to get around the proxies? Personally, I have found a socks proxy through an SSH tunnel with remote DNS query to be quite effective. Another easy solution is to simply plug my Blackberry into the PC and use it as a PPP modem which bypass the LAN connection altogether.
nefarious, as in bad/wrong.
If you work at a company, and they have policies in place for "security", whether you agree or not, averting those policies is technically wrong. Does that make the person the same as a murderer or something? No, but it doesn't make it right.
That's what I meant by nefarious.
;p
If you work at a company, and they have policies in place for "security", whether you agree or not, averting those policies is technically wrong. Does that make the person the same as a murderer or something? No, but it doesn't make it right.
That's what I meant by nefarious.
;p
fisheromacse
IS-IT--Management
What ususally happens is that the impediments create more hassel and delay to gettng legitimate work done than anything else."
While it may seem to get in the way, properly managed security should be transparent until the user runs into a blocked site/etc.
Which is more of a delay to getting legitimate work done?
1. allowing staff to access whatever sites they desire and then spending a day, possibly more, to restore the computer to the pre-infection state?
or
2. blocking staff from accessing known risky sites (via Group Policy restrictions, ISA server rules, a 3rd party DNS server, etc)
As the only full time IT staff for over 300 employees, to me the 1st is by far more destructive to productivity, both mine and the staffs'.
While it may seem to get in the way, properly managed security should be transparent until the user runs into a blocked site/etc.
Which is more of a delay to getting legitimate work done?
1. allowing staff to access whatever sites they desire and then spending a day, possibly more, to restore the computer to the pre-infection state?
or
2. blocking staff from accessing known risky sites (via Group Policy restrictions, ISA server rules, a 3rd party DNS server, etc)
As the only full time IT staff for over 300 employees, to me the 1st is by far more destructive to productivity, both mine and the staffs'.
I agree and would argue that where I presently work, the system is anything but properly managed. Mostly this stems from blanket directives and policies issued by corporate headquarters. I am also well aware of the nothing less than heroic efforts on the part of our local IT support who bear the brunt of much of this.
At the same time, I think what gets lost in the one size fits all "security" policy is that there are different groups and classes of users. For example, I am in new product development and colelctively we represent a very small percentage of the support base. As part of our job, though, we are required to use heavy duty applications and work with hardware that is networkable (including our own products) on a very low level. These applications are typically not compatible with all the "junk" applications that are installed to keep us from bringing mal-ware into the works. We are also typically much more knowledgeable and "security" concencious than the typical office or factory work. I don't want to make any statements that will curse myself, but I think it is obvious what I mean by this.
What seems to happen though, is that attempts to shoe horn our work, tools, and equipment under a generalized "security" policy is that it greatly impedes our ability to do our job. For example, if you make it impossible for us to maintain a version control system with our contract engineering firm you bring software development to a grinding halt. Since this can't be tollerated and attempts to get these issued resolved through appropriate channels are met with extreme resistance, ways around it are usually found.
As I mentioned, though, we are a small group with knowledge, skills, and responsibilities that are far in excess of the typical user whose responsibility is to push paper through a database application. We also tend to be quite security focused ourselves as it is part of our job and often times part of our personal hobbies being computer oriented individuals.
fisheromacse
IS-IT--Management
I would agree that way to many 'management' level individuals will get an idea into their head (usually from some other management individual at another organization who heard about it from someone else) that might sound good, but has no real business case for implementation, and that if users are treated as one large mass there will be problems.
One such example from my recent history involved a supervisor with a laptop who wanted to use an online backup service in case of a worst case scenario hard drive crash...when i pointed out that we run our own backup server and that with just a little effort the data on the local computer (that should have been saved on the file server anyway) would be backed up the first time the laptop connected to the network each day, the response i received was, but it works so well for XYXYXX i think we should do it too. I had to make a presentation showing how much we have spent on the backup server and how much we would spend backing up the laptop harddrive locally vs an online service. It took about 3 days of convincing, but we are now backing up locally and no more talk of a subscription service, at the moment.
When i have been faced with policy vs ability to get work done, i always make it a priority to help the end-user provide the supervisory chain a solid business case for their exception to the broad rules.
IT security should NOT EVER prevent a person from doing the job they have been hired to get done. If it does, then changes need to be made, either to the IT policy/procedures or to the expectations of the employee and supervisor for that job position.
Your small group with knowledge, is by far the exception. i wish it were not so!
One such example from my recent history involved a supervisor with a laptop who wanted to use an online backup service in case of a worst case scenario hard drive crash...when i pointed out that we run our own backup server and that with just a little effort the data on the local computer (that should have been saved on the file server anyway) would be backed up the first time the laptop connected to the network each day, the response i received was, but it works so well for XYXYXX i think we should do it too. I had to make a presentation showing how much we have spent on the backup server and how much we would spend backing up the laptop harddrive locally vs an online service. It took about 3 days of convincing, but we are now backing up locally and no more talk of a subscription service, at the moment.
When i have been faced with policy vs ability to get work done, i always make it a priority to help the end-user provide the supervisory chain a solid business case for their exception to the broad rules.
IT security should NOT EVER prevent a person from doing the job they have been hired to get done. If it does, then changes need to be made, either to the IT policy/procedures or to the expectations of the employee and supervisor for that job position.
Your small group with knowledge, is by far the exception. i wish it were not so!
goombawaho
MIS
Because this discussion/post is in the "virus/spyware" area, does that mean that Facebook is some form of malware??? Food for thought.
fisheromacse
IS-IT--Management
maybe not malware in and of itself, but without a doubt (in my mind) complicit in the spread of 'legitimatized' spyware.
goombawaho
MIS
I was joking in the sense that network administrators and HR people probably consider it MALWARE in the sense that it steals company time away from actual work time.
In the sense that it ACTUALLY causes some malware, it's not quite at the same level as your "Free porn" or "free gambling" site status yet.
In the sense that it ACTUALLY causes some malware, it's not quite at the same level as your "Free porn" or "free gambling" site status yet.
For an interesting take on this subject, here is another current thread on Facebook in a different forum:
On one hand, companies want to ban sites like this, but at the same time they really want to access them to try and dig up dirt on the employees, both current and prospective.
On one hand, companies want to ban sites like this, but at the same time they really want to access them to try and dig up dirt on the employees, both current and prospective.
- Status
Similar threads
- Locked
- Question