Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss
Locking down a browser / HOSTS file
39 views
Skip to first unread message
cor...@excite.com
Mar 2, 2012, 3:48:53 PM3/2/12
to
Hello:
I have a requirement to lock down the internet browser. Locking down means preventing the browser from going to sites. Yes, an ACL on the router could do such a thing but the requirement states the control must be deployed on the same host as the browser. With that said, The way I'm thinking to lock down the browser and meet all the requirements is to put entries in the Windows HOSTS file to block an IP.
Yes, I know entries in the HOSTS file can affect system performance. MS recommends a HOSTS file that is less than 135K as well.
Unfortunately, all the IPs I have to block make the file larger than that limit. Is it possible to put an IP range or subnet in the HOSTS file then? That would limit the number of limes for each and every IP address and bring the file size down to a more recommended level!!!
Thanks!
I have a requirement to lock down the internet browser. Locking down means preventing the browser from going to sites. Yes, an ACL on the router could do such a thing but the requirement states the control must be deployed on the same host as the browser. With that said, The way I'm thinking to lock down the browser and meet all the requirements is to put entries in the Windows HOSTS file to block an IP.
Yes, I know entries in the HOSTS file can affect system performance. MS recommends a HOSTS file that is less than 135K as well.
Unfortunately, all the IPs I have to block make the file larger than that limit. Is it possible to put an IP range or subnet in the HOSTS file then? That would limit the number of limes for each and every IP address and bring the file size down to a more recommended level!!!
Thanks!
Virus Guy
Mar 2, 2012, 5:58:18 PM3/2/12
to
cor...@excite.com wrote:
> I have a requirement to lock down the internet browser. Locking
> down means preventing the browser from going to sites.
Which OS are you talking about?
> I have a requirement to lock down the internet browser. Locking
> down means preventing the browser from going to sites.
XP? Vista? Seven? Windows 9x/me?
"preventing the browser from going to sites"
computer. In that case, it's probably possible to remove all links to
Internet Exploiter from the desktop and all start menus, and even to
rename the IE executable file so that it can't be invoked by the user.
> Yes, I know entries in the HOSTS file can affect system performance.
really is no reason for that service to be running on the typical
NT-based OS these days.
> MS recommends a HOSTS file that is less than 135K as well.
have to, and for which I disable on any XP systems I administer or
setup.
Again, if the goal is that there is no web browsing to be done on the
machine, then you can achieve that by
1) not installing any web browser on the system (firefox, opera, etc)
2) removing all links to Internet Exploiter. This includes desktop
links, start-menu links, etc.
3) rename the IE program executable so that it can't be run via the
start-run method.
David H. Lipman
Mar 2, 2012, 6:12:42 PM3/2/12
to
From: "Virus Guy" <Vi...@Guy.com>
Add ...
* Limited User Accounts w/o administrative rights
* Implementation of Group Policies
I don't think you can eliminate web browsing but IE can be locked down.
--
Dave
Multi-AV Scanning Tool - http://multi-av.thespykiller.co.uk
http://www.pctipp.ch/downloads/dl/35905.asp
* Limited User Accounts w/o administrative rights
* Implementation of Group Policies
I don't think you can eliminate web browsing but IE can be locked down.
--
Dave
Multi-AV Scanning Tool - http://multi-av.thespykiller.co.uk
http://www.pctipp.ch/downloads/dl/35905.asp
0 new messages