|
In this topic: |
Configure Computers
By default there is no Internet blocking; you need to set it up. The Block Internet Access panel in the Deployment Utility or in Client Settings allows you to prevent any Internet access or communication at a particular port, such as the port used by FTP or ICQ chat. Use this type of blocking in addition to web site (domain) blocking and Chat/IM contact blocking as part of your blocking policy.
|
|
Your settings at this Block Internet Access panel, Block Websites, and Block Chat/IM may overlap. For example, blocking Yahoo Messenger ports blocks ALL Yahoo IM contacts. The most restrictive policy always applies. |
The top option turns on blocking, and allows you to specify which Internet ports to block.
Block Internet Access - Check this option to turn on blocking and activate settings below. Clear this option to allow all Internet access.
Block All Internet Access - Select this option to block ALL access to the Internet on the Client computer. This option blocks all Internet ports, web sites, email, and chat/IM communication (no further settings are needed). If a Blocking Schedule is set, it applies to this option. If no schedule is set, the Client blocks Internet Access at all times.
Block Selected Internet Access - Select this option to specify (on this panel) types of Internet access to block. If a Blocking Schedule is set, it applies to the selections on this panel.
Blocking Schedule - Click this button to set a schedule for the blocking you specify on this panel. See When to Block.
You can block all Internet access of a particular type: HTTPS sites where shopping and banking occurs, AOL sites, types of email and types of Chat/IM. For example, in a test lab or library, you might block ALL Chat/IM protocols (AIM, ICQ, ICQ Lite, MSN Messenger, etc.), but allow access to web sites for research, and allow the messaging interface used at your organization.
To block ports by function:
For each of the options, check the box to block access; clear the box to allow access. Use the left/right scroll bar below the list to see which incoming/outgoing ports are blocked or whether all ports the protocol happens to use are blocked.
Web Sites via HTTP/HTTPS - Check to block all Internet access to normal and secure Internet sites via the http and https protocols; this include most web sites, but not local network or ftp addresses. Clear this option to allow normal Internet access. Blocks outgoing ports 80, 443, 8008, 8080, and 8088.
SMTP/POP Email - Check this option to block standard SMTP and POP email activity (MS Outlook, etc.) on the Client computer. Clear to allow SMTP/POP email activity. Blocks outgoing ports: 25, 100, 109, 110, 465, and 995.
File Transfer via FTP - Check to block file transfers using FTP (File Transfer Protocol). Clear this option to allow FTP uploading and downloading. Blocks outgoing ports 20, 21, 989, and 990.
AOL and HTTP/HTTPS - Check to block America Online sites, and normal and secure web sites that might not be covered by the first option. Clear to allow access. Blocks outgoing ports 80, 443, 8008, 8080, and 8088 plus 4000, 5190-5193, and 11523.
AOL Instant Messenger (AIM) - Check to block instant messaging using AIM. Clear to allow access. Blocks all outgoing and incoming ports used by the AIM client.
ICQ - Check to block any chat communication using the full-version, standard ICQ Chat protocol, such as through older AOL clients. Clear to allow access. Blocks all outgoing and incoming ports used by the protocol.
ICQ Lite - Check to block any chat communication using the stripped down Lite version of ICQ messaging. Blocks all outgoing and incoming ports used by the protocol.
MSN Messenger - Check to block MSN instant messaging. Clear to allow access. Blocks all outgoing and incoming ports used by the client application.
Trillian - Check to block instant messaging that uses the Trillian protocol to communicate on major chat networks. Clear to allow access. Blocks all outgoing and incoming ports used by the protocol.
Windows Messenger - Check to block instant messaging of this type. Clear to allow access. Blocks all outgoing and incoming ports used by the protocol.
XMPP (Jabber) - Check to block instant messaging that uses the XMPP or Jabber protocol. Clear to allow access. Blocks outgoing port 5222.
Yahoo Messenger - Check to block instant messaging via Yahoo. Clear to allow access. Blocks all outgoing and incoming ports used by the protocol.
Other Chat/IM and HTTP/HTTPS - Check to block other Chat and Instant Messaging communication plus web sites. Clear to allow access. Blocks outgoing ports 80, 443, 8008, 8080, and 8088 plus 1863, 5190, 6660-6669.
Kazaa - Check to block peer-to-peer communication via Kazaa, a file-sharing application commonly used to download MP3 and video files. Clear to allow access. Blocks all outgoing and incoming ports used by the protocol.
Kazaa Lite - Check to block the Lite version of Kazaa, a modification of the original using the same protocol. Clear to allow access. Blocks all outgoing and incoming ports used by the protocol.
If you notice inappropriate activity at non-standard ports, you can block the ports at the bottom of this panel. All ports in the Additional Outgoing Ports and Additional Incoming Ports lists will be blocked. Be sure to avoid blocking a port that a user may rely on for normal work.
To add a port to block:
At the top of the panel, you must check Block Internet Access and choose Block Selected Internet Access to activate these entry boxes.
Click in the Outgoing or Incoming Ports list.
Type the port or ports to block.
Separate multiple port numbers with a space or comma.
