Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations SkipVought on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

websense / websense-like applications, opinions? 1

Status
Not open for further replies.
ame540

ame540

Technical User
Sep 14, 2004
229
0
0
US
browsing is getting out of control here at work, people surfing to porn sites, basically screwing around on the internet and before it wasnt really a problem, but now its getting out of hand. We need to lockdown users, preventing them from going to pr0n sites, myspace, running P2P programs, IM programs, etc.

websense was my initial thought, but since its designed for enterprise corporate networks i think its going to be too expensive for us ( we have a small network of about 40 workstations and 5 servers). Is there a cheaper / still effective alternative to websense?
 
Sort by date Sort by votes
Websense probably has something that may be for more your size. download an eval,try it out. You'll get Sales rep on the line. I believe I've seen websense incorporated in various hardware Firewalls ie Netscreen, VPNedge, etc. Also check into what Symantec has. We use Websense for our Proxy server, it runs pretty nice on an W2003 server with ISA loaded on it. Very flexible.
 
Upvote 0 Downvote
i have heard quite a few things about MS ISA since i started investigating my options related to content filtering and security. I will be looking into this a bit more.

The thing that is attractive to websense, surfcontrol, and other applications that are similar is that they alreay have databases of websites that have work-inappropriate content, plus detailed logging of user activity (what sites they visit, etc.)
 
Upvote 0 Downvote
Or you can find the most egregious offender, and very visibly fire them.

The others will quickly get the message that surfing pr0n at work won't be tolerated.

Chip H.


____________________________________________________________________
If you want to get the best response to a question, please read FAQ222-2244 first
 
Upvote 0 Downvote
Just make sure that you have an acceptable use policy. You don't want someone coming back with a statement like 'was that wrong? nobody ever told me that I wasn't allow to look at Porn during company hours.'.
 
Upvote 0 Downvote
no, all these people have signed our company computer and internet use policy when they were hired. they know theyre not supposed to.

I got a quote from SurfControl (a websense system for medium to large businesses) and i think were going to use it.
 
Upvote 0 Downvote
I also am in the same boat as you. Don't have much a budget for Internt filtering. We don't have any porn surfing issues (That still floors me people would be brave enough to do that) but we like to know what's going on. I currently researching a proxy server myself but we have been using a product called systrack by Lakeside Software.

It is basically managed by a server and puts clients out on each workstation and it logs every website they visit through IE. You can also set it to close the iexplore.exe process which kills ie when the view a site you've blocked. Overall it's worked well but has some limitations to the amount of sites you can block. I tried importing a list of blacklisted sites and it locked up the program. We're talking serveral thousand sites but for someone just wanted to track and have proof as well as proactivly block site it works well and it wasn't very expensive at all for just the web tracking module.

is their site.
 
Upvote 0 Downvote
Sysadmin123

i would strongly urge you to check out SurfControl's WebFiltering product. It does everything that you have described (because that is too what we need... logging, blocking, etc) and the licensing fees weren't unfair in my opinion. Basically it broke down to under $100 a month over 3 years... where as websense was MUCH higher.

There are alternatives too though (Microsoft ISA, proxy servers) but SurfControl has a really intuitive interface and will take a little bit of work to get it all installed and running but it sounds like a great program. Check this flash demo for more info.


-Aaron
 
Upvote 0 Downvote
I watched the demo. Surfcontrol looks like it would do exactly what I'm looking for. Do you use it?
 
Upvote 0 Downvote
We are currently looking to implement it, i have just been diagraming how its going to fit into our network (placement is key) next i just need to setup our switch and ill be loading the demo onto our server.

we already got a quote from their sales department, they were very friendly and helpful. I would suggest giving them a call if you are interested in their products.
 
Upvote 0 Downvote
How many users do you have and how are you planning to install it? I looked over some of the white papers and while I might be able to convince my boss to go for this I don't know about the suggest additional server:)

I wonder if this could be ran on a our domain controller which is the only server we have?
 
Upvote 0 Downvote
YES! you can run this from an exisiting server if i understand correctly. This is what we are planning on doing too. Once everything is in place i am going to monitor the performance of this box ( DELL PE2650 ). If its getting spanked by all the overhead of monitoring web traffic then we will probably buy a dedicated machine for webfiltering.

Read the whitepapers closely to make sure you know what youre getting into first!
 
Upvote 0 Downvote
You can also implement a free Linux firewall with a free content filter, like Smoothwall Express with Dansguardian. Very good and easy configuring. Don't need a fast server to do the job.


 
Upvote 0 Downvote
UPDATE:

Surfcontrol is in place and is actively filtering traffic. Its working exceptionally well. It has a very intuitive interface so we have been able to crackdown on foolish users on our LAN. (now i finally have some ammo when going to management to complain about users browsing habits destroying their harddrives with viruses, spyware, etc).

Overall i give it a big thumbs up. It was fairly simple to setup, the only intimidating part was setting up the port mirror on our cisco switch, but that ended up being a breeze if youre even a novice with cisco CLI. For thousands less than websense, i think this is going to be perfect for our organization.
 
Upvote 0 Downvote
Surf Control looks great...
SmoothWall is a beauty too

good discussion
 
Upvote 0 Downvote
Before you go off firing people and spending buckets of money, I have 3 words for you...

"Acceptable Use Policy"!!! It's free to use and covers your arse if an employee comes back at you... Search the web, there's many free templates out there...

Have someone get a group discussion going with ALL employees, explain what dangers to the corporate network there are to surfing porn sites and the dangers to their job if it doesn't cease and desist. Make sure the employees read it and sign it. Make sure the employees understand that this is the "Company" network, and from now on you're going to do what you're told. I've found that the majority of users don't understand what they're doing is dangerous to the network, then there's others that are hooked on pron sites...

Get some monitoring in place, a firewall that can dump debug to a syslog works great. What kind of firewall do you have?

I've done this many times and it works. If you visibly fire the worse offender and show the proof you have, it's perfect to curb everyone else.

~ K.I.S.S - Don't make it any more complex than it has to be ~
 
Upvote 0 Downvote
I agree the AUP is very important from a legal standpoint, and all our employees signed one when they were hired. However i think people (especially ones that have been around for a long time) forget what it really means. An annual meeting or something might be a good refresher to remind people of the dangers (not only to their computers... but to their jobs as well) of off-topic web browsing to questionable websites.

Turns out we didn't fire anyone over the results / monitoring we did with our new tools. (BTW we have a Cisco Pix 500 series) What really irks me is that I am the one that always has to fix the PC's / reimage when foolish endusers break them due to spyware, viruses, etc. Surfcontrol is well worth the money (about $3000USD for a 3 year license). The results were instant as well. I have had to call their support a couple of times for some advanced configuration assistance, and their techsupport is very good.
 
Upvote 0 Downvote
whoops, I didn't see the date... my bad...

Nice to see an update a few months later tho...

~ K.I.S.S - Don't make it any more complex than it has to be ~
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

negley97
  • Locked
  • Question
XTM505 - would like to block all smtp traffic out except for Exchange server
Replies
2
Views
53
negley97
negley97
bmwallparts
  • Locked
  • Question
TOR network - linking applications
Replies
0
Views
22
bmwallparts
bmwallparts
Mstr1mir
  • Locked
  • Question
Software applications deployment under win server 2003
Replies
0
Views
13
Mstr1mir
Mstr1mir
kjv1611
  • Locked
  • Question
Easy to Use Software Firewall for Home Use? - Opinions, Please 1
Replies
5
Views
14
kjv1611
kjv1611
mgp77
  • Locked
  • Question
Websense and CGI proxy
Replies
0
Views
13
mgp77
mgp77

Part and Inventory Search

Sponsor

Back
Top