Secondly, there must be administrative means to establish internal internet access norms.
Third, there must be technical means to ensure that the best solution is:
1. AD domain for intranet rights management. In this way, we can use group policy to make many restrictions and avoid the hidden dangers of LAN security caused by installing software at will.
2. External network permissions are managed by firewalls and online behaviors. Internet access is restricted during working hours, otherwise, as long as 1-2 people download P2P and watch online videos, the external network will basically be paralyzed.
3. If there is no Internet behavior management hardware, you can also deploy Internet behavior management software (such as "super sniffer dog" and WFilter). You can monitor traffic usage, online behavior, and prohibit downloading. Bypass and combine it with domain control.