Using the MVPS HOSTS File Block List on the ISA Firewall to Block Non-Productive Sites
Great post by Rob John over on the Web boards at http://forums.isaserver.org/Hosts_file_to_block_ba...#8230;
======================
To all,
I discovered a good little trick tonight, maybe you’ve seen it before, but here goes.
I’ve been considering the installation of a blackhole DNS solution to supplement all the other layers of our computer security. I haven’t been really keen on the idea because of the need for another DNS server and the upkeep of the records wasn’t exactly easy and quick.
I’ve known about the hosts files on the Internet for a long time that are useful to home users, and decided to play with it a little tonight at home. I couldn’t get my DNS server to use it, didn’t think it would, but I tried. I then applied the host file to my ISA2004 server, after a reboot, it worked and actually speed up client response times and blocked instantly. This is on a small home network, so I don’t know the impact yet in a large environment, I suspect the benefit will be similar.
The purpose of the blackhole DNS and a appropriate hosts file is to block spyware, adware and other malicious or annoying sites, such as ads, banners, counters and such. By using the hosts file, the site resolves to 127.0.0.1 immediately, or any address you want to specify.
I used the hosts file from http://www.mvps.org/winhelp2002/hosts.htm. I also reviewed their criteria, and it was very thorough. They mention on the site that the hosts file is updated periodically.
The benefit is that I can now take this to work and protect my entire enterprise, with another layer of protection, that is easily updated and maintained. Kudos to the mvps.org folks for a great service.
One caveat to using the hosts file, it appears to have no effect on firewall traffic, but worked great on proxy traffic. If your network allows web traffic only through the proxy, this should help greatly.
Best wishes,
_____________________________
Rob John
MCSE, CCNA
============================
HTH,
Tom
Thomas W Shinder, M.D.
Site: www.isaserver.org
Blog: http://blogs.isaserver.org/shinder/
Book: http://tinyurl.com/3xqb7
Email: tshinder@isaserver.org
MVP — Microsoft Firewalls (ISA)
Robert Says:
October 9th, 2006 at 10:11 am
I contacted the http://www.mvps.org/winhelp2002/hosts.htm a while back and was surprised that they were totally clueless about how their HOSTS file would work with ISA Server. I guess some of the MVPs are really stuck in their areas of interest and don’t venture out much.
Thanks for the information - I was a little paranoid to try this out on my ISA Server - I just don’t have the time to create a test server.
Thomas Shinder Says:
October 17th, 2006 at 6:29 am
Hi Robert,
I’ve been using the MVPS Hosts file for a couple of weeks now and haven’t found any problems. It definitely speeds up Web page loading!
Thanks!
Tom
S G Says:
May 17th, 2007 at 3:56 pm
Any idea of using HOST file on a Websense Server Stand Alone Configuration?
Thomas Shinder Says:
May 17th, 2007 at 6:24 pm
What’s a “Websense Stand Aone Server”?
Tom
Kevin Says:
February 15th, 2008 at 4:23 pm
The site warns of sluggishness when using large hosts files on newer Windows OS’, like Windows Server 2003. Has anyone implemented this on their ISA Server and noticed a performance hit or has the experience been faster as a result of using the host file on the ISA Server?