Controlling Internet Access

• Reduce the chances of opening surfaces for the intruders (intentionally or accidently).
• Reduce the chances virus infections.
• Preserve Internet bandwidth.
• Prevent users from accessing inappropriate pages, such as porn sites, social networking sites, gaming sites, etc.

There can be several ways by which administrators in organizations of all scales can control Internet access for the users. The method administrators choose to control Internet access depends on the level of security they need in the organization, and the funds that an organization wants to invest to secure the network and control access to the Internet.
Some of the most commonly used ways to control Internet access in an organization are:

	Firewalls – Dedicated hardware or software firewalls are the most common security solutions in most organizations. Administrators can create several firewall policies and rules to control and limit access to the Internet on the basis of port numbers and the protocols. Since the evaluation is done on the basis of port numbers and protocols, and the packets are then allowed or denied as per the rules and policies, this process is technically known as packet-filtering. Although it is much easier to limit Internet access using hardware or software firewalls, in-depth knowledge of port numbers and the protocols is required to prepare and implement a foolproof solution. Because of this reason, organizations hire highly skilled and experienced security administrators.
	Proxy Servers – Proxy servers are the applications installed on a dedicated computer and can be configured to allow or restrict communication on the basis of application layer protocols such as HTTP, FTP, etc. For example, a proxy server can be configured to restrict all type of communications to and from any one or all FTP servers. Although proxy servers cannot replace firewalls, and they cannot be configured as granularly as the firewalls can be, they are still a cheaper solution to control Internet access in small or medium scale organizations. An added advantage that proxy servers provide to the networks is that they can preserve Internet bandwidth by caching the already visited webpages in the local disk. When users request for the same webpage multiple times, or multiple users request for the same page, the cached copy of the page is transferred to the users. This prevents the proxy server from downloading the webpage from the web server every time it is requested by the users. Webpage caching is not available in firewalls.
	DHCP Configuration – This is the cheapest method that administrators can implement to restrict Internet access for the users. If a DHCP server is configured in an organization, and all the client computers are configured to obtain IP addresses dynamically from the DHCP server, DHCP server can be configured to assign the IP addresses without the default gateway. This method requires manual configuration of the DHCP server every time the Internet is to be made available to the users, and each time the Internet is to be made unavailable. However, administrators can create scripts to automate the DHCP configuration as per the above mentioned method. The scripts can then be scheduled using any built-in or third-party scheduling application. Using this method, Internet access can be made available/unavailable to the all client computes in a network, or only to some computers by creating a DHCP user classes and making the computers its members. The drawback with this method is that administrators can only make the Internet available or unavailable to the users. They cannot restrict the websites, ports or protocols as in proxy servers or firewalls. Because of this reason, this method is mostly used in schools and small academic institutions.
	Limiting Time for Users – Time limit for Internet usage can also be specified for the users by using third-party applications such as Elim. With the help of such applications, administrators can add web sites to black lists, white lists, total number of hours in a day one or multiple users can use the Internet, block the categories of unwanted sites such as social networking sites, porn sites, gaming sites, etc. These software solutions are best for small scale industries as they are not too expensive and are easy to use. Since these applications have user-friendly interface, no highly skilled and experienced security administrators are required to manage them.
	Monitoring Users Activities – Administrators can also monitor users’ web activities by using third-party applications such as CurrentWare BrowseReporter and can take appropriate actions against the ones found misusing the privileges. Although monitoring activities just keeps tracks and logs the records of the webpages that are accessed by the users, once users are aware of presence of such monitoring tool in the network, they restrict themselves and avoid visiting unwanted websites in order to remain clean in the eyes of network administrators. Since such applications are capable of generating instant reports and even mailing them to the concerned administrators, administrators can track the culprit users instantaneously, and can notify them about their activities and the legal actions that can be taken against them.

Although there can be several different ways to control Internet access for the users, which can be from the very basic operating system configurations to extremely complex dedicated devices or applications’ configurations, the above mentioned five ways are most commonly used in the organizations of different scales.