Webfiltering - what do you use - assuming you do.
- 
 Well, the employees have finally screwed around on Facebook long enough. The boss is asking for a solution to cut facebook access from the office. So what do you use? I know most people around here are not fans of Unified Security Appliances, I currently have a SonicWall in place, but soon to be replaced with an already purchased EdgeRouter Pro. I know Barracuda has (or is it had?) a well respected one. pFsense can do it to. Other options? 
- 
 Webroot does also have a web content filter service, to add to your list of things to consider: 
 http://www.webroot.com/us/en/business/products/web-security/The nice thing about that is that it isn't an appliance and you can lock down settings on the machine so no matter where they are they can't get to dangerous sites. 
- 
 @Nic said: Webroot does also have a web content filter service, to add to your list of things to consider: 
 http://www.webroot.com/us/en/business/products/web-security/The nice thing about that is that it isn't an appliance and you can lock down settings on the machine so no matter where they are they can't get to dangerous sites. drat! I had just renewed my old AV a few weeks before you posted the sale prices on Amazon... and I was swamped.. so didn't really have to time to look to rolling out a different AV at the time... 
- 
 Those prices on Amazon have now come down from the insane 60% off to a more reasonable 16% - I don't know if it was a typo or a pricing error or what, but it's a moot point now  
- 
 pfsense can do it, but if I remember correctly it just uses squid. You could just fire up a squid vm and use that. 
- 
 @johnhooks said: pfsense can do it, but if I remember correctly it just uses squid. You could just fire up a squid vm and use that. Yeah I was reading that. I might try that next week. Does it work by just blocking DNS on the blocked lists? 
- 
 Untangle is another thing for me to look at. 
- 
 @Dashrender said: Well, the employees have finally screwed around on Facebook long enough. The boss is asking for a solution to cut facebook access from the office. Their mobile phones on a data plan will beat your content filter  Do you have any other products on your network at the moment that could be adapted? It might be worth identifying if the boss wants to spend money tackling this issue or if he wants to tackle non productivity. You've blocked facebook? I'll just read MangoLassi.It, block that I'll read bbc news. 
- 
 @johnhooks said: pfsense can do it, but if I remember correctly it just uses squid. You could just fire up a squid vm and use that. nearly all free solutions are Squid under the hood. 
- 
 @Breffni-Potter said: It might be worth identifying if the boss wants to spend money tackling this issue or if he wants to tackle non productivity. 
 .This ^^^^ Blocking Facebook is about proving impotence, it does not fix business problems. Facebook isn't a problem, it's just a website. if the problem is people not working, this isn't a solution. It's avoiding the solution. All it is likely to do is demonstrate to staff that management is out of touch and lacks control. Lots of them will likely not even notice that it has been blocked, people will work around it, use their phones or go to another site. My guess is this actually hurts productivity because it makes management and IT spend their time and money implementing technical solutions designed to avoid an HR issue. 
- 
 @Dashrender said: Untangle is another thing for me to look at. Just a poor implementation of Squid with a horrible interface and unnecessary overhead. 
- 
 I have not used a squid proxy in a while, but has it improved to handle SSL? when used transparently? 
- 
 Better than it used to (which was not at all) but it seems pretty limited. Been a long time since I configured one. 
- 
 @scottalanmiller said: @Breffni-Potter said: It might be worth identifying if the boss wants to spend money tackling this issue or if he wants to tackle non productivity. 
 .This ^^^^ Blocking Facebook is about proving impotence, it does not fix business problems. Facebook isn't a problem, it's just a website. if the problem is people not working, this isn't a solution. It's avoiding the solution. All it is likely to do is demonstrate to staff that management is out of touch and lacks control. Lots of them will likely not even notice that it has been blocked, people will work around it, use their phones or go to another site. My guess is this actually hurts productivity because it makes management and IT spend their time and money implementing technical solutions designed to avoid an HR issue. I always found it amusing that managers wanted to block social media and other "time wasting" sites, but then can walk around and bother/waste other people's time all day. 
- 
 @johnhooks said: @scottalanmiller said: @Breffni-Potter said: It might be worth identifying if the boss wants to spend money tackling this issue or if he wants to tackle non productivity. 
 .This ^^^^ Blocking Facebook is about proving impotence, it does not fix business problems. Facebook isn't a problem, it's just a website. if the problem is people not working, this isn't a solution. It's avoiding the solution. All it is likely to do is demonstrate to staff that management is out of touch and lacks control. Lots of them will likely not even notice that it has been blocked, people will work around it, use their phones or go to another site. My guess is this actually hurts productivity because it makes management and IT spend their time and money implementing technical solutions designed to avoid an HR issue. I always found it amusing that managers wanted to block social media and other "time wasting" sites, but then can walk around and bother/waste other people's time all day. They tried this at the bank that I worked at. Lasted minutes. Turns out the trading floors were communicating with customers over FB and blocking it constituted an SEC violation. The traders were talking about a lawsuit against the IT folks who thought that they could decide what people had access to. 
- 
 All above pointed items are known - And I tend to agree with you.. those people who wasted time on FB will just waste it on something else. As for phones, currently it's expected that people will use their phones for this, because it's off our network, not using our resources, except for power, we let then charge devices at the office. I agree with you, Scott, This won't really solve anything, the lazy still won't do more work. What other options should I suggest in how to fix the laziness other than firing someone. Like Scott said about Burger King hiring people as a form of welfare, I think we are in the same boat, it's definitely not because they need the people.. fewer people who actually did the work would do better. 
- 
 @Dashrender said: As for phones, currently it's expected that people will use their phones for this, because it's off our network, not using our resources, except for power, we let then charge devices at the office. The other thing worth mentioning here is that if this is the case, the point should have been to reduce network utilization rather than "people have been fooling around on". This makes more sense if the network is struggling. With only the rarest exception, I would suggest that if this is FB (rather than say YouTube or Netflix) causing this issue, this means that your network isn't up to snuff and people are already unable to work efficiently because the network is too slow and the better solution is to improve the network to where things like Facebook are pointlessly marginal in the performance of it and people are able to all things (fool around as well as work) at high efficiency. This way you solve several problems rather than potentially creating them. And address the actual issue rather than an artefact of the issue. 
- 
 @Dashrender said: What other options should I suggest in how to fix the laziness other than firing someone. There is no solution for laziness. Read that sentence to yourself and see how silly it sounds? "This person is a bad worker and doesn't do their job." Um, why is IT having this discussion at all? Is it because management is lazy and not doing their job? Well, sounds like maybe management is leading by example. Or HR is. Or both. IT cannot fix this, any attempt to do so is covering up the real issue and proving to the workers that it won't be fixed. You can attempt to fix this issue by warning, yelling, making policies but at the end of the day, people who can't work, or don't want to work or feel no motivation to work are not going to work. If the issue is that they don't know how to work, someone needs to train them. Ensure that they have the resources that they need. Maybe they are on FB because they are waiting for the saturated network to do other things? But if the issue is already identified as laziness, then there is but one solution and everyone knows what it is (insiders, outsides, management, HR, IT, children passing in the street) and no attempt to cover it up is going to improve things. 
- 
 Also, as we know, blocking doesn't even make an attempt at stopping people doing things, blocking is generally considered the worst possible move because of the way that it interacts with the staff. What shops that are taking a bit more effort to address issues with the network do for this is prioritize work traffic (sites, traffic types, etc.) so that it always has precedence over leisure sites. That way sites like FB work but never interrupt work. If the concern is truly resources, then this solves that while keeping staff happy but while keeping the network from having issues and keeping work traffic snappy. In this day and age, people use FB to keep track of family, kids, calendar, events - blocking it seems draconian and doesn't make people want to use their phones, it forces them to. Unless you consider your employees worthless, which should prompt you to question why someone is employee them, their time is too valuable to be intentionally taking them away from work and the work environment and sending them to another device. FB on a work machine is fast and non-jarring. FB on a phone is jarring and causes a huge drop in efficiency. FB on the phone also encourages people to leave their work station rather than to remain at it. 
- 
 If you are going to do it, do it right. https://www.forcepoint.com/product/content-security/websense-web-filter-security AD integration, transparent, and damn near impossible to avoid. Nothing says "Get back to work drone!" than a block with their name, the reason why they are blocked, and no way around it. And now they are part of Raytheon, you can threaten them with Patriot missiles. 





