Disabling web access while allowing email and webcam broadcast

G

Guest

Hi,

I have a client with 10 shops who wants to allow email between the shops and
to be able to look at webcam footage collected at each shop, but who wants to
disable internet browsing from the shops.

Each shop has a stand-alone PC connected to broadband routers, and a webcam
connected to each router as well.

Can I allow just the IP ports that carry the email and webcam data and block
everything else? Can I do this through Group Policy? Or is there a product or
other solution that I should look at?

Thanks,

Brendan
 
G

Guest

There are various approaches. proabably the best is to block all unneeded
outbound ports on the router itself. The method varies between routers,
though.

To block outbound traffic on the PC you'd need a third-party firewall
(ZoneAlarm, Kerio) as the inbuilt firewall only blocks incoming traffic.

Another trick often used is to turn on content-control on IE, and set a
password on it. Since in reality almost no sites provide content-ratings,
this effectively means you can't surf without the password.
 
G

Guest

There are a number of ways that you can accomplish this.

My first suggestion would be to use either the Windows XP Firewall or a
third-party firewall to only allow Internet access to you e-mail application
and your webcam application and to restrict all other ports. Using a
third-party firewall will probably be most effective as the Windows XP
Firewall allows applications such as Internet Explorer to browse the web by
default.
This solution would require configuring the firewall and then ensurin that
your normal staff do not have the administrative rights to override the
settings.

An alternative to this is to configure your broadband router with firewall
rules (if it is advanced enough) to allow traffic to and from that machine on
specifi ports only. For standard POP/SMTP e-mail you should only require
ports 25 and 110 to be accessible. For your webcam you'd have to do some
checking to see which ports your application requires.

Hope this helps
 
G

Guest

Thanks, guys. This was pretty much what I had figured. The routers are all
Netopia 2247NWG's with built-in ICSA-certified firewalls, which should be
plenty configurable to block the necessary ports.

I might have to re-route the webcam's output to a particular port, but they
are pretty sophisticated units as well, so shouldn't present problems.

Needless to say, there is always an exception. One of the sites has 4 PC's,
3 of which have to have internet access. I'll stick ZoneAlarm Pro on the one
to be blocked.

Thanks & Regards,

Brendan
 
G

Guest

MOst Webcams uesd port 8080

boneill said:
Thanks, guys. This was pretty much what I had figured. The routers are all
Netopia 2247NWG's with built-in ICSA-certified firewalls, which should be
plenty configurable to block the necessary ports.

I might have to re-route the webcam's output to a particular port, but they
are pretty sophisticated units as well, so shouldn't present problems.

Needless to say, there is always an exception. One of the sites has 4 PC's,
3 of which have to have internet access. I'll stick ZoneAlarm Pro on the one
to be blocked.

Thanks & Regards,

Brendan
Click to expand...
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

broadcasting (non-static) IP address 1
Choosing a webcam technology 3
XP Home - Sony Laptop - Ethernet - Unable to connect to anything a 2
Disable Web Access to Specific Workstations 8
How to access an IP printer upstream through a firewall router? 9
Who do I allow access to my firewall? 1
Unable to do email while using switch/router 1
dial up sharing not working all else is 15

Top