Blocking facebook and other social networking sites from corporate LAN whilst maintaining an audit trail of all sites visited

Question

I am setting up an office LAN, and I want to give it internet access but i want to be able to do the following:

1. Maintain a black list of sites not to visit (e.g. facebook and other social sites), so that access to sites on the blacklist are restricted (i.e. no access)

2. Maintain an audit trail of sites accessed (and preferably, time spent on the site), so I can periodically check that staff have not been visiting inappropriate sites during work hours

The LAN computers are running Windows.

can anyone provide instructions on how I may implement the above restrictions on my network?

Answer 1

basically you could do it with some sort of proxy like Squid f.e. www.tldp.org/HOWTO/TransparentProxy.html

As for auditing the time, that might not be that easy reliable.

You do not know if the user is still reading the page or minimized the Browser f.e.

You could go with DPI and have the router(s) log http/https traffic, but that might be illegal depending in which country you do this.

There are some full-service products from Juniper/Cisco etc but i doubt you want to pay 50k $ upwards for the hardware alone on this solution.

Other approach would be group policies updates with a blacklist and some software you install on every pc.

Sadly i do not know of one (nor had i the need to search for it yet) which does exactly what you want.