CF Port 8500 Lock IE Access

If web server connectors have been installed for the ColdFusion servers, you could just turn off the internal web server.
http://kb.adobe.com/selfservice/viewContent.do?externalId=94a16ba6&sliceId=2

Trying to limit client access to port 8500 doesn't solve issues of servers running on other ports besides port 8500 or port 80. What about other common ports such as 8080, and so on?

Does the charity want to limit all access, even local resources on their INTRANET or only limit INTERNET access. I would assume that the charity would want access to local resources on their subnet but not allow external access, except for a maybe a select few workstations.

It's much easier to control by using a hardware firewall. If the charity is using a broadband connection through a cablemodem or DSL, consider adding a router with built-in firewall such as a LinkSys Broadband Router..

Many of the routers available are easily configurable as to which ports can be allowed or prohibited, such as blocking all traffic and only allowing some traffic to specific IP's, and so on. The basic level of these of these types of routers run around $100 or so.

One other option available if the charity has a spare pc laying around is to configure the pc as a dedicated firewall with options such as allowing traffic to only specific types of sites that might be helpful in the charity's efforts. Maybe it might be worthwhile for a volunteer being able to access a website for contact information from their target donor but limit access to Fantasy Football.

Take a look at Dan's Guardian

http://dansguardian.org/?page=introduction