A recent posting on baseline magazine will give you some of the recent facebook numbers as it relates to business.
The link to the article is here:

http://www.baselinemag.com/c/a/Business-Intelligence/30-Fast-Facts-on-Facebook-at-Work-406941/?kc=EWWHNEMNL09132010STR1

We are not here to debate the merits of facebook; however, if you need to block it, I have included the instructions on how to block it using the NetSentron below. If you need a teacher, marketing department or the HR department to have access to facebook, while closing it to the rest of your network you would exempt that person or workstation from the filter.

The specific instructions on how to block facebook came from the following request:

The kids have discovered that if they go to https://www.facebook.com they can
bypasss the filter. From that point on even http://www.facebook.com and
facebook.ca is accessible. I need your help to block this.

First thing to do to block facebook is to blacklist the domains.
That would include facebook.com and facebook.ca.
That alone is not enough since kids will do all of the following:
1) Try a proxy server – they would go to another server that is not in the black list and then facebook from the proxy server.
The solution here is to block all the proxy servers. Netsentron administrators know how to do that.  There is a checkbox to block all known proxy servers.

2) They could go to another facebook site. The students could try facebook in Germany or France or??.
Now we have to block all facebook domains.
Latest exploit the kids discovered to bypass the NetSentron filter:
Go to babelfish.yahoo.com enter in www.facebook.com and choose Greek to English,
voila you have access to facebook even though it is blocked.
The fix:
Go to Filters->Content Filter
Then click on “Edit Banned URL Expressions”
Scroll down the window to the very bottom (you should probably see #(proxy) as the last
line)
Add the following line
(facebook)
Click on “Update Banned URL Expressions”
Now, anytime that facebook shows up in the URL (which it does when you do a
translation on yahoo), the site should be blocked. This works even if YAHOO.COM is in
the exception list.

3) The students in the above case used https.  It is a secure connection (like online banking) where we should not break into the middle of the online conversation. One way to fix that is to take control the proxy server.   If we break into the middle it basically creates a ‘man in the middle attack’. We don’t want to look like a hacker – our job is to stop them!

The quick way to stop all traffic to facebook servers is to stop at the source. The final resolution was generated by Darren in our office:

Go to Firewall->IP Block

Add the two following entries:

TCP 69.63.176.0/20 1:65535 DROP BOTH
TCP 66.220.144.0/20 1:65535 DROP BOTH

This will block all current IP’s owned by Facebook.

Darren

This is part of an internal post by Darren Crithley to the KDI techinican support team which I think if of real value to general public.

The kids at one of the schools are circumventing the NetSentron using this:
http://www.hotspotshield.com/

It is an installable program that becomes a proxy on their own PC and allows them to get past the NetSentron.

It is actually a VPN endpoint with a proxy that runs on your localhost (127.0.0.1)

It is using OpenVPN as a VPN client and they have set up some websites that are the endpoints. So far 68.68.108.3 and 68.68.108.4

There have been a lot of these VPN bypasses showing up of late and this one is pretty slick.

But I am able to block it, so here are the instructions for you to block it:
———————————————————————–
Go to Firewall->IP Block
Choose Protocol:udp
Source IP or network: 68.68.108.0/24
port: *
Drop Packet
Direction: In and Out bound packets
Enabled (yes)

Do the same for TCP
Choose Protocol:tcp
Source IP or network: 68.68.108.0/24
port: *
Drop Packet
Direction: In and Out bound packets
Enabled (yes)

I have probably blocked off more than I should have with the /24, but I figured that they may have a block of IP’s. You can try just the 68.68.108.3 and 68.68.108.4 (udp/tcp)
———————————————————————–

Now here is the tech part on how to figure this out if the kids are using a different product to bypass:

These bypasses are VPN’s and therefore they need to connect to “somewhere” so they can surf the net. That “somewhere” is what we will block.

If someone is not already using the bypass product, then install it on your laptop or computer.

Next, run it and connect to what should be a banned site.

Then look at the connections analysis on the NetSentron, I suspect you will see a connection to a weird port (either tcp or udp)

Stop the bypass product on the PC or laptop

Add the IP address and ALL ports to IP Block, set in and out packets.

Run bypass product again and see what shows up.

Keep doing this until you get all the IP’s

This hotspot shield was pretty slick, when I blocked all the UDP ports for it, it switched over to TCP and connected again. Once I had the tcp and udp blocked, that was the end of it (until they get another block of ip addresses)

Darren