Help scripting dns lookup using awk
Matthew Seaman
matthew at FreeBSD.org
Sun Sep 17 07:21:35 UTC 2017
On 16/09/2017 15:24, Ernie Luzar wrote:
> Yes all my different posts over the last month are related to a solution
> I am trying to development. It all started with what looked like a very
> simple request from top management. "Stop employees from using social
> media from company PCs while at work" The one and only Freebsd system
> is the front door to the Company LAN and wifi. All LAN devices are
> WINDOW machines either cabled or wifi including hand held smart phones.
> So needed a single point solution that would effect the whole digital shop.
The canonical solution to this sort of requirement is to implement a web
proxy on the egress from your network. Within the proxy you maintain a
blacklist of forbidden sites that it will refuse to provide service to.
The trick is to use firewall redirection to force any and all web
traffic to hit the proxy, and permit only the proxy to make web requests
from your corporate network to the outside world -- the term is
"transparent proxy."
This works best with unencrypted traffic, but can also be made to work
with HTTPS, although not quite as effectively. It is also possible for
a motivated person to use VPN software to get around this sort of
restriction, but anyone so desperate to evade your corporate policies is
probably better handled by your HR department than by getting into a
technological arms-race.
Cheers,
Matthew
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 931 bytes
Desc: OpenPGP digital signature
URL: <http://lists.freebsd.org/pipermail/freebsd-questions/attachments/20170917/b725a88b/attachment.sig>
More information about the freebsd-questions
mailing list