ML
    • Recent
    • Categories
    • Tags
    • Popular
    • Users
    • Groups
    • Register
    • Login

    Content filtering options

    IT Discussion
    opendns content filtering strongarm.io
    15
    47
    3.6k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • R
      Romo @RojoLoco
      last edited by

      @rojoloco that does change the complexity of the solution then.


      Crazy idea, if you have any sort of configuration management tool, you could still do one vm, 3 dnsmasq containers and push manual dns settings via the config-management tool to your users to their respective dns server.

      R 1 Reply Last reply Reply Quote 1
      • R
        RojoLoco @Romo
        last edited by

        @romo said in Content filtering options:

        @rojoloco that does change the complexity of the solution then.


        Crazy idea, if you have any sort of configuration management tool, you could still do one vm, 3 dnsmasq containers and push manual dns settings via the config-management tool to your users to their respective dns server.

        Looking only at hosted solutions, we have no extraneous hardware at that site and it's a 100% windows shop.

        1 Reply Last reply Reply Quote 0
        • O
          Obsolesce
          last edited by Obsolesce

          Can you get away with forcing them all to use Internet Explorer? Is that a realistic option?

          Or are you 100% set on a paid hosted DNS solution?

          R 1 Reply Last reply Reply Quote 0
          • R
            RojoLoco @Obsolesce
            last edited by

            @obsolesce said in Content filtering options:

            Can you get away with forcing them all to use Internet Explorer? Is that a realistic option?

            Or are you 100% set on a paid hosted DNS solution?

            They have to use multiple browsers for the testing they do. I'm not necessarily set on a DNS solution, but that seems like it would provide some protection from malicious sites in addition to being able to block time wasters. Hosted and easy to manage are the main goals (hard to fix hardware in India from Atlanta).

            O 1 Reply Last reply Reply Quote 0
            • O
              Obsolesce @RojoLoco
              last edited by

              @rojoloco said in Content filtering options:

              @obsolesce said in Content filtering options:

              Can you get away with forcing them all to use Internet Explorer? Is that a realistic option?

              Or are you 100% set on a paid hosted DNS solution?

              They have to use multiple browsers for the testing they do. I'm not necessarily set on a DNS solution, but that seems like it would provide some protection from malicious sites in addition to being able to block time wasters. Hosted and easy to manage are the main goals (hard to fix hardware in India from Atlanta).

              Going the DNS route, what's your plan?

              Change the DNS servers on each PC there, and on the edge firewall or whatever you have there?

              R 1 Reply Last reply Reply Quote 0
              • R
                RojoLoco @Obsolesce
                last edited by

                @obsolesce pretty much. They have a Cisco firewall on site, I can gpo the rest, they are part of our domain. If it works well, we will likely use it in our office once our subscription for websense expires. What a clunky POS.

                1 Reply Last reply Reply Quote 0
                • O
                  Obsolesce
                  last edited by Obsolesce

                  A proxy server like Squid Proxy would be so perfect for this, especially with whitelisting... but since you can't have anything there...

                  Just use the best cheapest DNS filtering service you find... I seen a bunch listed above like DNSFilter.com.

                  See if any of them have any trials and pick the one that is the easiest to manage that works the best.

                  R 1 Reply Last reply Reply Quote 0
                  • R
                    RojoLoco @Obsolesce
                    last edited by

                    @obsolesce said in Content filtering options:

                    A proxy server like Squid Proxy would be so perfect for this, especially with whitelisting... but since you can have anything there...

                    Just use the best cheapest DNS filtering service you find... I seen a bunch listed above like DNSFilter.com.

                    See if any of them have any trials and pick the one that is the easiest to manage that works the best.

                    I'm going to hit up a couple of them after lunch with my list of questions. So far, DNSFilter and Strongarm are top of the short list. Thanks to everyone for the suggestions, evaluation phase is coming soon.

                    1 Reply Last reply Reply Quote 3
                    • S
                      SmithErick @RojoLoco
                      last edited by

                      @rojoloco

                      @rojoloco said in Content filtering options:

                      @smitherick said in Content filtering options:

                      Webroot DNS on the endpoints?

                      Interesting... I'll have to check into that. We already run Webroot endpoint AV.

                      Should make it easy to deploy or test. I have it deployed with a few folks.

                      W 1 Reply Last reply Reply Quote 1
                      • W
                        wrx7m @SmithErick
                        last edited by

                        @smitherick said in Content filtering options:

                        @rojoloco

                        @rojoloco said in Content filtering options:

                        @smitherick said in Content filtering options:

                        Webroot DNS on the endpoints?

                        Interesting... I'll have to check into that. We already run Webroot endpoint AV.

                        Should make it easy to deploy or test. I have it deployed with a few folks.

                        I have webroot av and was curious about how well the DNS feature would work. My main concern is if there is a way for it to recognize internal AD DNS vs external DNS requests. If I have devices that are domain-joined and are remote on or off the VPN or they come to the office and connect to the WiFi, how does it deal with internal name resolution?

                        1 Reply Last reply Reply Quote 0
                        • S
                          syko24
                          last edited by

                          NxFilter is a decent content filter. The pricing is reasonable as well. It allows you to filter by authentication tokens, ip addresses, or username via ldap. They also have a couple additional tools to help prevent the running of certain applications.

                          https://nxfilter.org/p3/

                          1 Reply Last reply Reply Quote 0
                          • S
                            syko24
                            last edited by

                            pfBlockerNG is another interesting option.

                            Youtube Video

                            black3dynamiteB 1 Reply Last reply Reply Quote 1
                            • black3dynamiteB
                              black3dynamite @syko24
                              last edited by

                              @syko24 said in Content filtering options:

                              pfBlockerNG is another interesting option.

                              Youtube Video

                              That setup works pretty well if you already using pfSense.

                              1 Reply Last reply Reply Quote 0
                              • jt1001001J
                                jt1001001
                                last edited by

                                I was playing with Comodo Domeshield for DNS based filtering a while back. I haven't looked at the product in a while but allowed for DNS filtering for"free" (think you ahve to go through a process to get a license, then the call-backs started)
                                https://cdome.comodo.com/shield/

                                1 Reply Last reply Reply Quote 0
                                • D
                                  dave_c
                                  last edited by

                                  I use DNSfilter for a client for simple filtering. It works well.

                                  1 Reply Last reply Reply Quote 0
                                  • 1
                                  • 2
                                  • 3
                                  • 3 / 3
                                  • First post
                                    Last post