- Posts: 101
- Thank you received: 0
Internet on/off control (ideas needed)
16 years 5 months ago #26398
by NeoTech
Hi, there.
An ACL (Access Control List) seems to be an ideal solution for what you want provided the people doing it knew how, but it can be time consuming and complex to somebody not used to the process. Put simply it is basically set of rules something a firewall would use, to choose which ip addresses are allowed to access other ip addresses. Using extended ACLs you can also block individual ports from being accessed. The advantage to this is that you could block internet traffic from some machines, and still allow them access for file sharing and everything else, by simply blocking port 80.
Im only a student on the CCNA course and dont know a heck of a lot about it all, but what somebody else suggested about using a graphic interface to make changing the ACLs faster would be ideal, if such a thing exists, as you may have to halt traffic on the interface before changing the ACL each time. You would also need to create multiple ACLS and have them stored on the router, or on an FTP server to change between them.
You may need to get a Cisco router to do this, im not sure if other routers can do the same kinda thing, maybe somebody else can shed more light on the whole thing for you.
Only other thing i can suggest, i dont know your network structure but if you have a gateway server/computer you could always install a software firewall (the kinda thing u get with norton internet security) on it and block hosts that way.
Sorry i cant be of more help. Its really a question for somebody that has CCSP (Security Professional) experience...
NeoTech
Replied by NeoTech on topic Re: Internet on/off control (ideas needed)
Don't know much about ACLs, or ho to implement them,but will look into it.
Note: The servers are not necessarily Windows based.
The solution should be as simple as possible, since the people that will be granting or denying access have little IT knowledge. But I will accept all sugestions.
Cheers,
Beexo
Hi, there.
An ACL (Access Control List) seems to be an ideal solution for what you want provided the people doing it knew how, but it can be time consuming and complex to somebody not used to the process. Put simply it is basically set of rules something a firewall would use, to choose which ip addresses are allowed to access other ip addresses. Using extended ACLs you can also block individual ports from being accessed. The advantage to this is that you could block internet traffic from some machines, and still allow them access for file sharing and everything else, by simply blocking port 80.
Im only a student on the CCNA course and dont know a heck of a lot about it all, but what somebody else suggested about using a graphic interface to make changing the ACLs faster would be ideal, if such a thing exists, as you may have to halt traffic on the interface before changing the ACL each time. You would also need to create multiple ACLS and have them stored on the router, or on an FTP server to change between them.
You may need to get a Cisco router to do this, im not sure if other routers can do the same kinda thing, maybe somebody else can shed more light on the whole thing for you.
Only other thing i can suggest, i dont know your network structure but if you have a gateway server/computer you could always install a software firewall (the kinda thing u get with norton internet security) on it and block hosts that way.
Sorry i cant be of more help. Its really a question for somebody that has CCSP (Security Professional) experience...
NeoTech
16 years 5 months ago #26399
by NeoTech
NeoTech
Replied by NeoTech on topic Re: Internet on/off control (ideas needed)
wish id read the last post before typing all that LOL!
i see its already been sorted, sorry! :oops:
i see its already been sorted, sorry! :oops:
NeoTech
15 years 5 months ago #30546
by Meisme
Replied by Meisme on topic Re: Internet on/off control (ideas needed)
Easy! Use the group policy on ur LAN, create a new policy to allow users on the domain to utilize the Internet at a specifed time/day.
Time to create page: 0.128 seconds