Re: Can Windows Firewall do this?

From: Leythos (void_at_nowhere.lan)
Date: 02/07/05 

Date: Mon, 07 Feb 2005 21:02:46 GMT

On Mon, 07 Feb 2005 13:19:12 -0700, D.P. Roberts wrote:

> Our Unix guy claims this can't be done with Windows:
>
> We have a lab at a university with 40 Windows XP Pro computers on a Windows
> 2003 Active Directory domain. Normally, these computers are open to freely
> send/receve data via the internet. However, sometimes a professor conducting
> an exam in this lab would like everything blocked except the specific
> website used for the exam. In other words, during the exam students cannot
> access e-mail or visit any site except for the specific exam site.
>
> Our Unix guy (who hates vehemently hates Windows) has said it can't be done
> with Windows firewall because it won't block both outbound and inbound
> traffic. So he has set up an elaborate and complicated firewall system which
> involves a unix-based firewall hardware device, setting up local accounts on
> the 40 lab boxes, and swapping switch cables back and forth each time an
> exam takes place.
>
> My question: Isn't there a simpler and easier way to do this using Windows
> firewall and/or group policy, or perhaps a third-party software tool?
>
> Thanks, it would be great to show our Unix guy that Windows CAN accomplish
> this task!

People need to stop thinking of the SP2 Firewall as a firewall, just a
simple toy that might possibly, maybe, most likely not, save anyone.

We have a bunch of labs, they are all behind firewalls, the firewalls are
configured as needed based on the classes. If we want to limit outbound
access to ONE website it only takes a simple rule and it's done, no need
to make a BUNCH of change in cables/anything. A simple HTTP rule only
allowing outbound access to www.somesite.com would cover the entire group. 

-- 
spam999free@rrohio.com
remove 999 in order to email me
Loading