-5

I am setting up an office LAN, and I want to give it internet access but i want to be able to do the following:

  1. Maintain a black list of sites not to visit (e.g. facebook and other social sites), so that access to sites on the blacklist are restricted (i.e. no access)

  2. Maintain an audit trail of sites accessed (and preferably, time spent on the site), so I can periodically check that staff have not been visiting inappropriate sites during work hours

The LAN computers are running Windows.

can anyone provide instructions on how I may implement the above restrictions on my network?

Homunculus Reticulli
  • 133
  • 2
  • 10
  • 2
    -1 for evilness. – Felix Frank May 20 '14 at 09:07
  • 1
    @FelixFrank: I know it sounds evil, but I am in a part of the world where we are being ripped off severely by the telecom providers (Vodafone, I'm looking at you). We use 1G bandwidth and the operators charge for 10G and think we are incapable of knowing the difference. I am tired of paying hundreds of dollars a month for internet access, when staff have been surfing facebook all day. Someone has to pay the bill one way or the other, and I'm tired of footing the bill. – Homunculus Reticulli May 20 '14 at 09:11
  • @HomunculusReticulli by your comment you would not need an audit trail for the time spend on the pages. So Squid (or a similiar Proxy Server) would be enough. BTW to only use 1G(bit?)/s bandwidth you could just get a contract with that bandwidth limit. – Dennis Nolte May 20 '14 at 09:37
  • ps: i would like to pay only hundrets of dollar per month for a Gbit line :) – Dennis Nolte May 20 '14 at 09:37
  • @DennisNolte: In that case, I would also like to swap revenue streams with you (if 100's of $ per month is a mere 'trifling' expense for you ;) ). BTW, we buy the units here using prepaid cards. It's galling to be told that you have burnt through several hundred dollars worth of credit (meant for a month), in about a week. I'm being fiddled by both the telecom provider (the big 'V'), and also by staff watching videos and other non work related stuff that is consuming bandwidth. The only part of this double ended f***ery that I can control is what goes on on my LAN - hence the question. – Homunculus Reticulli May 20 '14 at 10:21
  • 1
    @HomunculusReticulli we seem to talk about different things i am afraid. If you want to cut traffic cost (not bandwidth) just block the usual video services in the router. This should make a lot difference already. I was talking about the actual bandwidth of ~1Gbit/s which here costs 1K$+ per month. But it seems you talk about traffic /GB, so if you pay f.e. 100$ for 10GB then you could go with blocking high amount of traffic sites like FB /Youtube etc on the router directly. – Dennis Nolte May 20 '14 at 11:37

1 Answers1

1

basically you could do it with some sort of proxy like Squid f.e. www.tldp.org/HOWTO/TransparentProxy.html

As for auditing the time, that might not be that easy reliable.

You do not know if the user is still reading the page or minimized the Browser f.e.

You could go with DPI and have the router(s) log http/https traffic, but that might be illegal depending in which country you do this.

There are some full-service products from Juniper/Cisco etc but i doubt you want to pay 50k $ upwards for the hardware alone on this solution.

Other approach would be group policies updates with a blacklist and some software you install on every pc.

Sadly i do not know of one (nor had i the need to search for it yet) which does exactly what you want.

Dennis Nolte
  • 2,848
  • 4
  • 26
  • 36
  • Thanks for your answer, but the LAN is a windows one - I'm not sure the link you posted will work for a Windows LAN - unless I'm missing something? – Homunculus Reticulli May 20 '14 at 09:23
  • @HomunculusReticulli there is a windows port for it, but as i said, you need some server(VM) for beeing the proxy. Depending on the size of your lan you need to make sure that the proxy server is able to handle the traffic load. – Dennis Nolte May 20 '14 at 09:32