If you really need to implement these types of blocks, depending on your environment, you may want to go with a...
network-based device or one installed locally on your client computers. Make sure to have a clear policy supported by management so you can justify implementing the best technology for the job. Some devices will allow you to get as granular as allowing particular groups to perform specific actions, like visit approved sites during lunch hour.
There are several multifunction Web proxies or similar devices that will enable the necessary network controls. Some operate inline, through sending TCP resets, and others via client configurations. Many come with other features like antimalware. If you allow unmanaged computers on your network or allow users to install their own software, you will probably need a network-based control to make it more difficult to bypass. Some of these devices also block many of the ways around traditional Web-only proxies.
Client-side software may work in your environment and not increase the complexity of your network infrastructure, but it can be bypassed if you allow unmanaged clients or users with administrative access. This option also requires complete coverage for pushing software out where the install could be missing. If you have a small environment and tight control of the computers, you could even restrict social network access through configuration of the Web browsers, but this may be difficult to do correctly and efficiently.
Related Q&A from Nick Lewis
As the Angler exploit kit evolves and adopts new functionality, it's becoming harder to detect and defend against. Enterprise threats expert Nick ...continue reading
A proof-of-concept attack on Apple's Siri allowed researchers to steal data from iOS. Learn more about the iStegSiri attack and how to defend against...continue reading
A new global email scam has cost enterprises millions. Expert Nick Lewis explains how to defend against man-in-the-email attacks with proper training...continue reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.