[SGVLUG] Preventing certain Machines from Internet

Emerson, Tom (*IC) Tom.Emerson at wbconsultant.com
Mon Nov 5 17:20:04 PST 2007 

-----Original Message----- Of Arthur Baldwin
I was wondering if anyone knows of an existing project where the
following can be acheived:

[...]  From one of the workstations, be able to limit the access on any
number of the 8 workstations so that Internet access would be completely
excluded.  All this without affecting the browse-ability of other
workstations on the LAN (with File sharing and Printer sharing).  The
machine names and IP Addresses would be known.

I think that this type of software would fill a very common need in very
small businesses (less than 10 employees).

=============================================

What you're describing is a firewall -- yes, they can work "both ways"
[keeping "them" out and "you" in...] however, are you /entirely/ sure
that you want to exclude *ALL* "internet access"?  With the advent of
"B2B" [business-to-business] and similar [business-to-???] "business
models", access to the "web" is becoming a requirement more than an
exclusion.

However, a well-maintained firewall [and/or an HTTP "proxy"] can allow
access to trusted or desired websites.  Unfortunately, you need to rely
on people "out there" maintaining a fairly static/stable site  (or else
maintainence on your side becomes a nightmare)

---------------------------------------------

Similar/related horror stories: as I said, a firewall can completely
block access to the "outside", or at the very least it can allow it BUT
maintain a "log" of accesses for reporting to "management" [likewise, I
believe web proxies can do such logging as well]  But watch out for the
following cases:

   -- employees legitimately on "break time"
   -- employees related to the owner [or the owner himself!]
   -- employees seeking information of "a delicate nature" [be
creative...]  (where knowledge of such about an employee puts an
employer in an "at-risk" situation)

My brother-in-law has, in fact, set up an access/logging system, but
when he ran into the above situations, he realized that stopping access
was rather difficult.

More information about the SGVLUG mailing list