|
windows
newsgroups
|
|||||||||||||||||||||||
|
|||||||||||||||||||||||
Disabling web access while allowing email and webcam broadcastHi,
I have a client with 10 shops who wants to allow email between the shops and to be able to look at webcam footage collected at each shop, but who wants to disable internet browsing from the shops. Each shop has a stand-alone PC connected to broadband routers, and a webcam connected to each router as well. Can I allow just the IP ports that carry the email and webcam data and block everything else? Can I do this through Group Policy? Or is there a product or other solution that I should look at? Thanks, Brendan There are various approaches. proabably the best is to block all unneeded
outbound ports on the router itself. The method varies between routers, though. To block outbound traffic on the PC you'd need a third-party firewall (ZoneAlarm, Kerio) as the inbuilt firewall only blocks incoming traffic. Another trick often used is to turn on content-control on IE, and set a password on it. Since in reality almost no sites provide content-ratings, this effectively means you can't surf without the password. There are a number of ways that you can accomplish this.
My first suggestion would be to use either the Windows XP Firewall or a third-party firewall to only allow Internet access to you e-mail application and your webcam application and to restrict all other ports. Using a third-party firewall will probably be most effective as the Windows XP Firewall allows applications such as Internet Explorer to browse the web by default. This solution would require configuring the firewall and then ensurin that your normal staff do not have the administrative rights to override the settings. An alternative to this is to configure your broadband router with firewall rules (if it is advanced enough) to allow traffic to and from that machine on specifi ports only. For standard POP/SMTP e-mail you should only require ports 25 and 110 to be accessible. For your webcam you'd have to do some checking to see which ports your application requires. Hope this helps Show quoteHide quote "boneill" wrote: > Hi, > > I have a client with 10 shops who wants to allow email between the shops and > to be able to look at webcam footage collected at each shop, but who wants to > disable internet browsing from the shops. > > Each shop has a stand-alone PC connected to broadband routers, and a webcam > connected to each router as well. > > Can I allow just the IP ports that carry the email and webcam data and block > everything else? Can I do this through Group Policy? Or is there a product or > other solution that I should look at? > > Thanks, > > Brendan Thanks, guys. This was pretty much what I had figured. The routers are all
Netopia 2247NWG's with built-in ICSA-certified firewalls, which should be plenty configurable to block the necessary ports. I might have to re-route the webcam's output to a particular port, but they are pretty sophisticated units as well, so shouldn't present problems. Needless to say, there is always an exception. One of the sites has 4 PC's, 3 of which have to have internet access. I'll stick ZoneAlarm Pro on the one to be blocked. Thanks & Regards, Brendan Show quoteHide quote "Brendan S" wrote: > There are a number of ways that you can accomplish this. > > My first suggestion would be to use either the Windows XP Firewall or a > third-party firewall to only allow Internet access to you e-mail application > and your webcam application and to restrict all other ports. Using a > third-party firewall will probably be most effective as the Windows XP > Firewall allows applications such as Internet Explorer to browse the web by > default. > This solution would require configuring the firewall and then ensurin that > your normal staff do not have the administrative rights to override the > settings. > > An alternative to this is to configure your broadband router with firewall > rules (if it is advanced enough) to allow traffic to and from that machine on > specifi ports only. For standard POP/SMTP e-mail you should only require > ports 25 and 110 to be accessible. For your webcam you'd have to do some > checking to see which ports your application requires. > > Hope this helps > > "boneill" wrote: > > > Hi, > > > > I have a client with 10 shops who wants to allow email between the shops and > > to be able to look at webcam footage collected at each shop, but who wants to > > disable internet browsing from the shops. > > > > Each shop has a stand-alone PC connected to broadband routers, and a webcam > > connected to each router as well. > > > > Can I allow just the IP ports that carry the email and webcam data and block > > everything else? Can I do this through Group Policy? Or is there a product or > > other solution that I should look at? > > > > Thanks, > > > > Brendan MOst Webcams uesd port 8080
Show quoteHide quote "boneill" wrote: > Thanks, guys. This was pretty much what I had figured. The routers are all > Netopia 2247NWG's with built-in ICSA-certified firewalls, which should be > plenty configurable to block the necessary ports. > > I might have to re-route the webcam's output to a particular port, but they > are pretty sophisticated units as well, so shouldn't present problems. > > Needless to say, there is always an exception. One of the sites has 4 PC's, > 3 of which have to have internet access. I'll stick ZoneAlarm Pro on the one > to be blocked. > > Thanks & Regards, > > Brendan > > "Brendan S" wrote: > > > There are a number of ways that you can accomplish this. > > > > My first suggestion would be to use either the Windows XP Firewall or a > > third-party firewall to only allow Internet access to you e-mail application > > and your webcam application and to restrict all other ports. Using a > > third-party firewall will probably be most effective as the Windows XP > > Firewall allows applications such as Internet Explorer to browse the web by > > default. > > This solution would require configuring the firewall and then ensurin that > > your normal staff do not have the administrative rights to override the > > settings. > > > > An alternative to this is to configure your broadband router with firewall > > rules (if it is advanced enough) to allow traffic to and from that machine on > > specifi ports only. For standard POP/SMTP e-mail you should only require > > ports 25 and 110 to be accessible. For your webcam you'd have to do some > > checking to see which ports your application requires. > > > > Hope this helps > > > > "boneill" wrote: > > > > > Hi, > > > > > > I have a client with 10 shops who wants to allow email between the shops and > > > to be able to look at webcam footage collected at each shop, but who wants to > > > disable internet browsing from the shops. > > > > > > Each shop has a stand-alone PC connected to broadband routers, and a webcam > > > connected to each router as well. > > > > > > Can I allow just the IP ports that carry the email and webcam data and block > > > everything else? Can I do this through Group Policy? Or is there a product or > > > other solution that I should look at? > > > > > > Thanks, > > > > > > Brendan 
Other interesting topics
Long Pause when accessing Mapped Drive
Possible Breach? (Wireless connection) Can't enable auto-dns detection Computer still appears in workgroup after it's been turned off Internet Connectivity Drops after 10 minutes Small Home Network - XP Network Place to Samba Share Missing connection status icon from taskbar Program (not responding) dhcpNodeType Lost My Ping |
|||||||||||||||||||||||
