Sign in with
Sign up | Sign in
Your question

Block porn access on a network

Last response: in Networking
Share
December 7, 2012 11:37:48 AM

Hi I am trying to find a way of blocking porn access on a network in an internet cafe. I have bullguard internet security however some porn is still getting through
December 7, 2012 2:26:15 PM

Not sure what the software you have it appears to run on the end client ?

If you do not 100% control all the machine connected to your network you must use a centralized filter box.

The common one used is OPENDNS. This is a feature on most routers that forwards DNS requests to a centralized server which based on settings resolves the url or not. Not real secure anyone that has a clue about DNS can bypass this. If you can prevent users from changing the DNS settings on the end machine it will work well.

Most other solution require a subscription to some filter list. These are not cheap and the router/firewall they run on are not are also expensive but it is the only solution when you do not control the machines.

Any PC based solution is dependent on how good the filter lists are. If you use free ones then there will be lots of holes. You normally must use a pay filter list service. For home use I normally recommend bluecoat K9 because its free and uses the exact same list as their super expensive commercial boxes. You can download it and try it. The version used for a application like yours costs less than $2/month per device. This one is nice because they have filters for things like proxy avoidance that prevents the users from bypassing your filters by using proxies.


February 21, 2014 5:45:57 AM

When we used a standalone (not proxy or dns based) solution to block the porn (work examiner), also supposed that it's not good enough. But after reading some instrucitons started to use clever content keyword-based technique to avoid any kind of sexual content. By the way, they have a nice page describing how to block porn here.
Related resources
February 21, 2014 8:11:42 AM

The method that we have used at a few different business is content filtering services provided through subscriptions on a business-class firewall. Namely, the ones we have used are Sonicwall firewalls with the Content Filtering service. This is an annual subscription that you have to pay, but given the complexity of other solutions and the investment that might have to be made into routers and servers necessary to make it work, it ends up being a great value.

Sonicwall content filtering service works with configuring the firewall with different content filtering policies (you can have multiple for different networks or segments of your network as needed.) Instead of having huge long lists of allowed or blocked websites (called whitelists) it is category based. There's just a list of different categories of websites that you can check to block if you wish (such as pornography, violence, hacking, social media, etc.) The benefit with this is you don't have to be updating any lists or adding anything special to do, just select the category and done. There's also not a simple DNS change to bypass this as with OpenDNS, because it is a running service on your gateway regardless of DNS. It has worked wonderfully at all of the offices we have used it.
February 21, 2014 8:54:34 AM

^ +1

We use a Sonicwall Pro 2400 at work. I agree, the content filtering works quite well.
February 21, 2014 9:12:01 AM

We're usually suspicious about hardware based solutions: can a customer try it for several days for testing? How? Can it block websites based on the time spent on them? Software based solutions offer more flexibility and are easy to install\remove, hardware and firewall independent.. And yes, it can track the active user time on the website and give you e.g. 30 min of personal web usage per day. Regarding categories - nothing special here, all solutions use them and internally they are based on domain lists of course. But user just sees categories, that's ok.. Btw, what is the price for Sonicwall for 50 or 100 user license?
February 21, 2014 10:29:10 AM

I don't know about the cost of user licenses for Sonicwall as we've never had to purchase any. The subscription is an annual fee but the content filtering policies are just applied to network zones or VLANs for our scenario, not per user. And as always, there are a lot of options out there. I had not heard of Work Examiner before you mentioned it here but I will be giving it a look and reading more to see what they offer. After all, having available options makes for the best work environment!
!