I'm looking for advice on managing access to blocked websites in our organization. My manager has a strong stance against letting users access popular social media and cloud storage sites. Currently, we use a tool called ThirdWall that modifies host files on endpoints to control access. However, since we're switching from Connectwise Automate to CW RMM, my manager wants to find alternatives for the same functionalities ThirdWall provided, particularly regarding how we manage temporary access to these blocked sites. I could set up scripts to modify host files directly on endpoints, but I'm hoping there's a more modern solution. We have a VPN in place, but it's not always active for remote users (due to cybersecurity protocols), so blocking these sites at the network DNS level isn't a viable option. Has anyone dealt with a similar situation, and how did you manage to both block sites effectively and allow temporary access when needed?
5 Answers
I recently dealt with a similar issue and found that Umbrella managed to solve most of it. Sure, it might not be everyone's cup of tea, but it really does provide the flexibility you need for temporary access.
Another option you might want to explore is using something like NetNanny. It's not as robust as Umbrella, but it can handle basic filtering and access management without needing many adjustments.
Have you considered using a solution like Cisco Umbrella? It allows for internet filtering and you can set up bypass codes for temporary access, which seems like exactly what you're looking for. It can target specific users or groups, making the whole process much smoother than just editing host files.
I second that! Cisco Umbrella has its quirks, but overall, it does the job when it comes to managing access without all the manual adjustments.
I agree, having a centralized product for filtering could save you a ton of headaches. Look into solutions designed specifically for this kind of per-user access control.
While blocking DNS can work, it doesn't offer much in terms of user-specific access which seems essential for you here. Some type of authenticated web proxy could be an option for more controlled access, but be aware that it might be a bit complex to roll out with remote users.
Yeah, but keep in mind the user experience is kind of mixed. It can be a bit tricky if you don't configure it properly.