PaulusBill

Honorable
Dec 7, 2012
2
0
10,510
Hi I am trying to find a way of blocking porn access on a network in an internet cafe. I have bullguard internet security however some porn is still getting through
 

john-b691

Honorable
Sep 29, 2012
703
1
11,160
Not sure what the software you have it appears to run on the end client ?

If you do not 100% control all the machine connected to your network you must use a centralized filter box.

The common one used is OPENDNS. This is a feature on most routers that forwards DNS requests to a centralized server which based on settings resolves the url or not. Not real secure anyone that has a clue about DNS can bypass this. If you can prevent users from changing the DNS settings on the end machine it will work well.

Most other solution require a subscription to some filter list. These are not cheap and the router/firewall they run on are not are also expensive but it is the only solution when you do not control the machines.

Any PC based solution is dependent on how good the filter lists are. If you use free ones then there will be lots of holes. You normally must use a pay filter list service. For home use I normally recommend bluecoat K9 because its free and uses the exact same list as their super expensive commercial boxes. You can download it and try it. The version used for a application like yours costs less than $2/month per device. This one is nice because they have filters for things like proxy avoidance that prevents the users from bypassing your filters by using proxies.


 

Andrew Stingray

Honorable
Dec 20, 2013
3
0
10,510
When we used a standalone (not proxy or dns based) solution to block the porn (work examiner), also supposed that it's not good enough. But after reading some instrucitons started to use clever content keyword-based technique to avoid any kind of sexual content. By the way, they have a nice page describing how to block porn here.
 

choucove

Distinguished
May 13, 2011
756
0
19,360
The method that we have used at a few different business is content filtering services provided through subscriptions on a business-class firewall. Namely, the ones we have used are Sonicwall firewalls with the Content Filtering service. This is an annual subscription that you have to pay, but given the complexity of other solutions and the investment that might have to be made into routers and servers necessary to make it work, it ends up being a great value.

Sonicwall content filtering service works with configuring the firewall with different content filtering policies (you can have multiple for different networks or segments of your network as needed.) Instead of having huge long lists of allowed or blocked websites (called whitelists) it is category based. There's just a list of different categories of websites that you can check to block if you wish (such as pornography, violence, hacking, social media, etc.) The benefit with this is you don't have to be updating any lists or adding anything special to do, just select the category and done. There's also not a simple DNS change to bypass this as with OpenDNS, because it is a running service on your gateway regardless of DNS. It has worked wonderfully at all of the offices we have used it.
 

Andrew Stingray

Honorable
Dec 20, 2013
3
0
10,510
We're usually suspicious about hardware based solutions: can a customer try it for several days for testing? How? Can it block websites based on the time spent on them? Software based solutions offer more flexibility and are easy to install\remove, hardware and firewall independent.. And yes, it can track the active user time on the website and give you e.g. 30 min of personal web usage per day. Regarding categories - nothing special here, all solutions use them and internally they are based on domain lists of course. But user just sees categories, that's ok.. Btw, what is the price for Sonicwall for 50 or 100 user license?
 

choucove

Distinguished
May 13, 2011
756
0
19,360
I don't know about the cost of user licenses for Sonicwall as we've never had to purchase any. The subscription is an annual fee but the content filtering policies are just applied to network zones or VLANs for our scenario, not per user. And as always, there are a lot of options out there. I had not heard of Work Examiner before you mentioned it here but I will be giving it a look and reading more to see what they offer. After all, having available options makes for the best work environment!