[c-nsp] How to prevent https facebook from the cisco router 1841

[Doug McIntyre]

On Thu, Nov 14, 2013 at 01:43:33PM +0000, A.L.M.Buxey at lboro.ac.uk wrote:
> > i need to prevent users to open Facebook https traffic from my router cisco
> > 1841
> 
> you will need to invest in other technology that can achieve this...


I agree about the technology part. Run a box built to do this sort of
thing. I wouldn't think of using any low-end router to do firewall
functions any longer, dedicated hardware firewalls are a fraction of
the price of router hardware, and can handle infinately more bandwidth
and features. I could block facebook (or just about any "internet app")
for an internal user in about 15 seconds of setup on my FortiNet
firewall that my users are behind.

> .. blocking facebook isnt a technical issue...its a human resource
> issue. if your company doesnt want users accessing facebook from
> your network (at which point they'll use the 3G/4G/etc with their
> own devices) ..


If they have a 1841 router, it is probably a smaller company, and they
probably don't have the resources to police their users like a larger
company. A technology solution is easier. 

But it is a whole different thing to check sites on your phone
bypassing work restrictions, vs. on the desktop. On the desktop, it
is hard for a manager to see if the user is doing legit work functions
or not, but always fondling their phone is totally different looking
to the manager. 

If you need to just train the employee not to do the improper steps,
and putting in technology blocks is easier than standing over them
school teacher style to make sure they are working the full work day.