In my office there are approaximately 25 systems are connected through network and all having internet accessibility.but some people are missusing this facilities like downloading films from torrent websites and accessing facebook during the work time. so iwant to block the websites like facebook,twitter and torrent websites in client systems....in our server also we are usin windows 7 ultimate 64 bit
would you please tell me a solution for this and tell me how block websites
Don't waste time with complex technical measures: make clear to the employees what your policy is, then simply fire the next person who torrents a film.
This is a bandage for a much larger issue...
When I setup networks for small offices (50 clients or less) I'll use a business-class (entry-level) wired router such as a Fortinet Fortigate 40C or a Cisco RV042. You can block traffic based on:
You can also do load balancing and you can even restrict bandwidth so employees can't take up all of your resources.
Also the Fortinets have a subscription service you can use to get AntiVirus updates and Antispam filtering as well (although be careful with these as they do have false positives).
From a managerial point of view
Blocking things like Facebook, Twitter, LinkedIn, and other social media may have their benefits from an IT standpoint, but it's much more of a managerial problem. If there is an issue with employees not working, they should be reprimanded. Since SEO on the internet is largely social, preventing your team from promoting your site through these channels sounds like a bad idea.
With many of the routers you can set aside a time-frame where the employees can do things like check their personal email and go onto their social networks. In my experience when you block these things on the network to try and get back the lost employee time, you're still going to have employees that text all day and use their cell phones for the social media. If you address the performance issue (or disregard for corporate policy) directly with the employees, they'll be much more understanding in terms of the needs of the company. If you set aside a time where they can access things they find interesting they will schedule their breaks around those times and you can see performance both in the employees and on the network itself increase.
The first thing I would take a look at is your firewall.
Why is the common port used by torrents open for instance? Probably because your firewall has an implicit allow. You need to change this to an implicit deny and white list what you would like your users to do.
For example you could say only this proxy server may connect out to the internet over port 80 and 443. Then you would set up your clients to use that proxy server and set policies on that proxy for your users (blocking this or that website). If they tried to set their proxies settings to something else they wouldn't be able to access the internet. Why? The implicit deny.
I would suggest that you use a free UTM such as the one from SOPHOS. it will sit at the place of your firewall and has all in one features for a small office and is free. It will give you the ability to block and monitor the website categories you want. Also, it can protect against malicious downloads.
I think that you can make use of one of these possible solutions:
You can use a third party software other than Ms, like ISA server or kerio firewall prog, which is a good option depending on your needs you will have to create a set of rules for blocking ports, mostly all p2p programs use a determined bunch of port numbers.
You can use the service of sies like noip.com or similar to block ports and determined sites or domains like fb or twtr. No cost, no need to install any program (search for more info on the web related on this topic).
There are plenty of linux distributions that will offer you a miriad of tools to control internet access and bandwidth usage, like karoshi, very easy to install and deploy, as i said there are plenty of distros. People think that linux have to be scary and difficult to use but is not. groups of developers had thought of changing this way of thinking. Linux servers are much more secure and solid then windows based servers. No virus threads or blue screens of death. but if you dont want to deal with linux based progs, well there is still one good valid option, mac OSX server edition software. It runs flawlessly in a macmini. all set up is guided and easy to manage. No virus threads or blue screen of death.
If say Microsoft, that means virus threads alerts, constant and endless updates, blue screen of death, and antivirus updates to prevent any possibly attack.
Apart from using GPO, you could use deep packet inspection appliances to automatically block this type of internet traffic. There are numerous products which can do this for you. One product which seems to be deployed quite often is http://www.bluecoat.com/.
A low cost solution would be to implement a Blackhole DNS server. Only allow clients to use internal DNS by blocking all outgoing TCP53 and UDP53 (except for your internal DNS server). Then update your DNS server to not resolve the domains you wish to block. There are lots of tutorials available by searching "blackhole dns".
If you don't have an internal DNS server, OpenDNS could be used with the same approach. Block all DNS traffic at the perimeter except to the OpenDNS servers.
As everyone has suggested, layer-7 inspection is the ideal solution. My example of leveraging DNS could be easily bypassed via online proxies. However, some small businesses don't have the technical or monetary means reach layer-7 inspection thus DNS could be a great alternative.
