If you really need to implement these types of blocks, depending on your environment, you may want to go with a...
network-based device or one installed locally on your client computers. Make sure to have a clear policy supported by management so you can justify implementing the best technology for the job. Some devices will allow you to get as granular as allowing particular groups to perform specific actions, like visit approved sites during lunch hour.
There are several multifunction Web proxies or similar devices that will enable the necessary network controls. Some operate inline, through sending TCP resets, and others via client configurations. Many come with other features like antimalware. If you allow unmanaged computers on your network or allow users to install their own software, you will probably need a network-based control to make it more difficult to bypass. Some of these devices also block many of the ways around traditional Web-only proxies.
Client-side software may work in your environment and not increase the complexity of your network infrastructure, but it can be bypassed if you allow unmanaged clients or users with administrative access. This option also requires complete coverage for pushing software out where the install could be missing. If you have a small environment and tight control of the computers, you could even restrict social network access through configuration of the Web browsers, but this may be difficult to do correctly and efficiently.
Related Q&A from Nick Lewis, Enterprise Threats
Chameleon malware targets insecure wireless access points. Enterprise threats expert Nick Lewis explains how to defend against the malware.continue reading
The Zeus malware is threatening RTF security by embedding itself in the file, which is commonly seen as safer than other file formats such as PDFs. ...continue reading
Enterprise threats expert Nick Lewis explains how to detect and avoid one of the most advanced malware threats: The Mask.continue reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.