There is a laptop which is to be secured and only certain websites should be accessible.
Reason is possible data theft by user or malware, from vpn-only-accessible websites which this laptop will be accessing daily.
Laptop is physically secured with lock and in a surveilled environment, USB ports are disabled.
For whitelisting particular sites, approach taken was to:
- Set IP to DHCP but DNS is manually entered, given a bogus server IP, which is inaccessible. So DNS look-up doesn't work.
- Add hosts records to c:\Windows\System32\drivers\etc\hosts . So DNS look-up for allowed websites works.
- By checking Chrome console errors, add other required asset hosting domains to file above (i.e jquery of particular website is sourced from cloudflare CDN and such.)
- User has limited privileges and can't make changes to above.
This method is cumbersome and I was wondering what other ways might be more suitable and easier to implement.
Hosts file sample:
X.X.X.X allowed-website.com
Y.Y.Y.Y cdn.asset-domain.com