# Software firewalls vs router access-lists



## Niqd (Oct 3, 2006)

Hi,
What is the difference between blocking websites with a software firewall like Zone Alarm or PCcillin and a access-list entry in a router. Specifically at a school i want to block kids access to myspace.com. It seems easier to do it at the router with an access-list entry vs. configuring every computer in the lab. Is one better than the other?

thanks

Nick


----------



## johnwill (Sep 26, 2002)

Clearly, the more hack-proof solution is indeed in the router.


----------



## SafeFromSites (Feb 2, 2007)

the main difference is that a router you will only have to configure one device, the other you will have to do each machine. Which router are you specifically referring to, or are you looking into that also? because their is also the question of blacklist, and white list. I would recommend my own product, but I dont block myspace at this time. the end outcome will be the same, but I would recommend looking for products that are external to the computers, that way they can not be bypassed as easy, or disabled by viruses


----------



## Niqd (Oct 3, 2006)

Thanks for the answers. I looked at SafeFromSites and will keep it in mind. Can a user on a win xp machine with limited prividliges change the DNS entries, i am guessing not.


----------



## johnwill (Sep 26, 2002)

A proxy server on the Internet gateway would be the most flexible solution.


----------



## SafeFromSites (Feb 2, 2007)

As far as I am aware, you would have to have access to the system folder to edit entries, and that would be in the form of adding records to the host file. So, to answer your question no. 

Also proxy servers are the most flexible, but they are also more costly.


----------



## johnwill (Sep 26, 2002)

It's a school, so it's your tax dollars doing the talking. Let them spend it on something useful. :smile:


----------

