Locking down a browser / HOSTS file

Discussion in 'Security Software' started by corn29, Mar 2, 2012.

  1. corn29

    corn29 Guest


    I have a requirement to lock down the internet browser. Locking down meanspreventing the browser from going to sites. Yes, an ACL on the router could do such a thing but the requirement states the control must be deployed on the same host as the browser. With that said, The way I'm thinking to lock down the browser and meet all the requirements is to put entries in theWindows HOSTS file to block an IP.

    Yes, I know entries in the HOSTS file can affect system performance. MS recommends a HOSTS file that is less than 135K as well.

    Unfortunately, all the IPs I have to block make the file larger than that limit. Is it possible to put an IP range or subnet in the HOSTS file then? That would limit the number of limes for each and every IP address and bring the file size down to a more recommended level!!!

    corn29, Mar 2, 2012
    1. Advertisements

  2. corn29

    Virus Guy Guest

    Which OS are you talking about?

    XP? Vista? Seven? Windows 9x/me?

    "preventing the browser from going to sites"

    So your want it so that there is no web-browsing possible at all on this
    computer. In that case, it's probably possible to remove all links to
    Internet Exploiter from the desktop and all start menus, and even to
    rename the IE executable file so that it can't be invoked by the user.
    Only when the system is using the DNS service, which by and large there
    really is no reason for that service to be running on the typical
    NT-based OS these days.
    Because they assume you are running the DNS service - which you don't
    have to, and for which I disable on any XP systems I administer or

    Again, if the goal is that there is no web browsing to be done on the
    machine, then you can achieve that by

    1) not installing any web browser on the system (firefox, opera, etc)

    2) removing all links to Internet Exploiter. This includes desktop
    links, start-menu links, etc.

    3) rename the IE program executable so that it can't be run via the
    start-run method.
    Virus Guy, Mar 2, 2012
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.