IIS Security Restrictions

I’m on W2K w/ IIS5 and was curious if there was a way to authenicate a user to only visit certain sites? I have a couple different site for my clients that access via an HTTP://IP/SITE NAME but if they find out the other site names they can access that too. I want to restrict that capability to their specific site. Is that possible with IIS or do I need a 3rd Party Vendor involved?