I would like to block websites like Facebook, YouTube and other social sites as part of my job and would need your advice on how to manage that. There are about 120 PCs in the building. Is something like that possible?
Can it be done with the host file, or is there other way?
I don't think you can solve your problem at the hosts, IP firewall or
DNS blacklisting levels. These methods will fail and won't scale.
If this within your financial possibilities, I'd suggest you to install a web firewall. Here are the beginning of the prerequisites to build such a web firewall.
A PC with a pretty large amount of RAM (≥ 8 Gb), 2 100 Mbit/s Ethernet ports, a large disk (≥ 1 Tb). This PC will have to be inserted as a breaker on your Internet connection cable (hence the 2 Ethernet ports).
A rock solid OS (FreeBSD, Linux…) correctly secured (most notably everything not usefull will be closed). A rock solid free software used by ISP to manage web performance and filtering: Squid
The configuration of this application level firewall should progress as follows:
squid as a transparent web proxy,squid logs,The easiest solution would be to block dns resolution to those sites in the internal dns server†. If your pcs go through a proxy, a better solution would be to block those urls in the proxy configuration.
Note however that although your manager thinks that facebook or youtube shall never be used in the office, you will find that it will sometimes be needed: someone managing a company profile in social networks, that video relevant to the company that you should see that happens to be hosted on youtube… and you will probably be making your users angry, so block with caution.
† they could overcome it by changing their dns settings or using proxies/VPN, but would server as a soft-block, and they supposedly aren't local administrators.
Update: Yes, you could list them in the hosts file. But do you really want to add those entries on 120 PCs?
