Anti-Spyware Forums


Reply
Thread Tools Display Modes

Locking down a browser / HOSTS file

 
 
corn29@excite.com
Guest
Posts: n/a

 
      02-03-2012, 08:48 PM
Hello:

I have a requirement to lock down the internet browser. Locking down meanspreventing the browser from going to sites. Yes, an ACL on the router could do such a thing but the requirement states the control must be deployed on the same host as the browser. With that said, The way I'm thinking to lock down the browser and meet all the requirements is to put entries in theWindows HOSTS file to block an IP.

Yes, I know entries in the HOSTS file can affect system performance. MS recommends a HOSTS file that is less than 135K as well.

Unfortunately, all the IPs I have to block make the file larger than that limit. Is it possible to put an IP range or subnet in the HOSTS file then? That would limit the number of limes for each and every IP address and bring the file size down to a more recommended level!!!

Thanks!
 
Reply With Quote
 
 
 
 
Virus Guy
Guest
Posts: n/a

 
      02-03-2012, 10:58 PM
(E-Mail Removed) wrote:

> I have a requirement to lock down the internet browser. Locking
> down means preventing the browser from going to sites.


Which OS are you talking about?

XP? Vista? Seven? Windows 9x/me?

"preventing the browser from going to sites"

So your want it so that there is no web-browsing possible at all on this
computer. In that case, it's probably possible to remove all links to
Internet Exploiter from the desktop and all start menus, and even to
rename the IE executable file so that it can't be invoked by the user.

> Yes, I know entries in the HOSTS file can affect system performance.


Only when the system is using the DNS service, which by and large there
really is no reason for that service to be running on the typical
NT-based OS these days.

> MS recommends a HOSTS file that is less than 135K as well.


Because they assume you are running the DNS service - which you don't
have to, and for which I disable on any XP systems I administer or
setup.

Again, if the goal is that there is no web browsing to be done on the
machine, then you can achieve that by

1) not installing any web browser on the system (firefox, opera, etc)

2) removing all links to Internet Exploiter. This includes desktop
links, start-menu links, etc.

3) rename the IE program executable so that it can't be run via the
start-run method.
 
Reply With Quote
 
 
 
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Locking down top level folder permissions Tmiber Security Software 2 07-02-2006 05:29 AM
Locking down Event Viewer hockeytown_rox Security Software 1 21-10-2005 07:20 PM
Locking down Top Level Folders Dave Morschhauser Security Software 1 03-09-2005 05:23 AM
Locking devices down Ziguana Security Software 4 26-05-2005 09:46 PM
Locking a XP machine down.... Michael P Security Software 2 08-10-2003 06:40 PM


All times are GMT. The time now is 01:56 PM.