blocking websites

Kristian Rink kristian at zimmer428.net
Fri Sep 1 16:12:04 UTC 2006 

Chris;


Chris Lemire schrieb:
> i have blocked myspace. here's how to do it.
> 
> echo "127.0.0.1  www.myspace.com" | sudo tee -a /etc/hosts


As soon as your user(s) discover(s) how to use an external HTTP proxy,
this solution has reached its end. And probable he / she will try to
find a way, seeing that myspace doesn't work on that machine all of a
sudden. Actually, what do you intend to do by blocking myspace?





> i dont believe the person is smart enough to use instant message from a
> website, but if i need to, ill start blocking all those websites. 

No offense, but I think that's simply not the way. As a system
administrator (and you are right that in this very solution), oppressing
your users surely is not what you are supposed to do. What reasons are
there to block users from using IM services on that very machine?
Security concerns? The intention to keep users from simply doing things
they're not supposed to?





> logging in with the server for IM, so how can I block that? There should
> be one command  to do it instead of installing squid and a bunch of
> other software.

It's not a matter of commands or software but first and foremost a
matter of concept. If you made yourself clear about that, everything
else will be just fine. To make yourself clear, start reading:



http://iptables-tutorial.frozentux.net/
http://www.networkcomputing.com/unixworld/tutorial/013/013.part2.html
http://www.ecst.csuchico.edu/~dranch/LINUX/TrinityOS/cHTML/TrinityOS-c-10.html




The latter one is a little outdated but has some basic concepts
explained very well, nevertheless.



Some more basic thoughts on that idea: In any networked environment, no
matter how small, if there are users there should be rules of behaviour,
policies of use or something the like. And, then, there are two things:


- Users should be informed about these very terms of usage, they should
  know that access to network ressources has been blocked, and they
  also should know for which reason this is happening.

- A security concept should support but not necessarily enforce these
  rules. A good way of doing so is to make up a firewalling concept and
  use some soft- / hardware to get it implemented. Linux, iptables,
  privoxy and friends are good tools that come in handy here, but they
  won't keep you from (a) planning a secured environment and (b) knowing
  how to implement it using the tools you are given.


Sorry, this is nothing personal, but I just see too many network
administrators right now restricting access to services, preventing
people from communication and access to information, and that's not how
things should be.


Cheers,
Kris




-- 
Kristian Rink *  http://zimmer428.net * jab: kawazu at jabber.ccc.de
icq: 48874445 *  fon: ++49 176 2447 2771
"One dreaming alone, it will be only a dream; many dreaming together
is the beginning of a new reality." (Hundertwasser)

More information about the ubuntu-users mailing list