Disabling web access while allowing email and webcam broadcast

  • Thread starter Thread starter Guest
  • Start date Start date
G

Guest

Hi,

I have a client with 10 shops who wants to allow email between the shops and
to be able to look at webcam footage collected at each shop, but who wants to
disable internet browsing from the shops.

Each shop has a stand-alone PC connected to broadband routers, and a webcam
connected to each router as well.

Can I allow just the IP ports that carry the email and webcam data and block
everything else? Can I do this through Group Policy? Or is there a product or
other solution that I should look at?

Thanks,

Brendan
 
There are various approaches. proabably the best is to block all unneeded
outbound ports on the router itself. The method varies between routers,
though.

To block outbound traffic on the PC you'd need a third-party firewall
(ZoneAlarm, Kerio) as the inbuilt firewall only blocks incoming traffic.

Another trick often used is to turn on content-control on IE, and set a
password on it. Since in reality almost no sites provide content-ratings,
this effectively means you can't surf without the password.
 
There are a number of ways that you can accomplish this.

My first suggestion would be to use either the Windows XP Firewall or a
third-party firewall to only allow Internet access to you e-mail application
and your webcam application and to restrict all other ports. Using a
third-party firewall will probably be most effective as the Windows XP
Firewall allows applications such as Internet Explorer to browse the web by
default.
This solution would require configuring the firewall and then ensurin that
your normal staff do not have the administrative rights to override the
settings.

An alternative to this is to configure your broadband router with firewall
rules (if it is advanced enough) to allow traffic to and from that machine on
specifi ports only. For standard POP/SMTP e-mail you should only require
ports 25 and 110 to be accessible. For your webcam you'd have to do some
checking to see which ports your application requires.

Hope this helps
 
Thanks, guys. This was pretty much what I had figured. The routers are all
Netopia 2247NWG's with built-in ICSA-certified firewalls, which should be
plenty configurable to block the necessary ports.

I might have to re-route the webcam's output to a particular port, but they
are pretty sophisticated units as well, so shouldn't present problems.

Needless to say, there is always an exception. One of the sites has 4 PC's,
3 of which have to have internet access. I'll stick ZoneAlarm Pro on the one
to be blocked.

Thanks & Regards,

Brendan
 
MOst Webcams uesd port 8080

boneill said:
Thanks, guys. This was pretty much what I had figured. The routers are all
Netopia 2247NWG's with built-in ICSA-certified firewalls, which should be
plenty configurable to block the necessary ports.

I might have to re-route the webcam's output to a particular port, but they
are pretty sophisticated units as well, so shouldn't present problems.

Needless to say, there is always an exception. One of the sites has 4 PC's,
3 of which have to have internet access. I'll stick ZoneAlarm Pro on the one
to be blocked.

Thanks & Regards,

Brendan
Click to expand...
 
Back
Top