Keep Your Network Safe With Content Filtering

By Ronald Pacchiano | Posted August 14, 2006

As valuable as the Internet is in conducting business, companies of all sizes, schools, government agencies and libraries are faced with the need to control access to inappropriate materials or objectionable Web sites. Also, unclogging valuable bandwidth resources in organizations is becoming increasingly important as more Web sites offer access to streaming audio, video, FTP and chat features.

Many employees are unaware of the network bandwidth consumption associated with listening to online music. This type of activity not only affects the network performance of the responsible party, it also degrades network performance for everyone else on the network.

Moreover, legal liability risks around downloading MP3s and full-length DVDs from Web sites are becoming a major concern. The Recording Industry Association of America (RIAA) recently fined an organization $1 million for having copyrighted music files on the corporate network.

In addition, schools and libraries risk forfeiting federal funding unless they provide the content filtering mandated by the Children's Internet Protection Act (CIPA).

One of the best ways to maintain the security and performance of your network is to restrict access to inappropriate Web sites. This is type of restriction is known as content filtering.

Content filtering software screens Web pages or e-mail and excludes that whatever you pre-determine to be objectionable. Opinions on what is considered objectionable content, of course vary, but typically it includes things like pornography, gambling, and violent or racist content. It can also include shopping and music download sites. Content filtering has always been an important strategy for blocking viruses, spyware and malware.

People typically configure content filters in one of two ways. In the first scenario, an administrator actually compiles a list of restricted sites or keywords to restrict access. Products such as the Symantec Gateway Security 360R appliance also function this way. The 360R uses a simple URL static list that lets you block or allow up to 100 sites.

You need to manually enter each URL into the gateway. This approach is not only time consuming, it limits the filter's effectiveness, since there is no way for the administrator to block every possible site. It's also more prone to user error since it's easy to misspell the site name, for example.

A more reliable approach is to use a subscription service to maintain your content filter. The service creates categories of restricted content and updates them on a monthly basis, increasing your chances of blocking inappropriate sites. For instance, Smartfilter from Secure Computing, provides a database of millions of block-worthy Web sites in more than 70 categories — a far more efficient solution.

Many companies implement content filtering via a Proxy server. The primary role of the proxy server is to limit a person's ability to access sites or materials that might be deemed inappropriate within a corporate environment.

The proxy will intercept all Web requests coming from network clients and check them against the contents of its Access Control List (ACL). Entries in the ACL can be in the form of domain names, individual pages, specific words or categories (e.g., sex, violence).

If the Web page requested is not on the proxy server's ACL, the request is processed normally and the retrieved Web page is sent back to the requesting client. If, however, the requested Web page is on the ACL, it will be blocked, and the client will receive a message indicating they have tried to reach a restricted site.

Proxy servers are not foolproof, but they do provide a greater level of control than that of unrestricted computers. Proxy servers are most effective when used in conjunction with a strong Internet Security Policy and Acceptable Use Policy ((AUP ) that addresses what material is and isn't appropriate to access, and what the consequences will be if the terms and conditions of the AUP are violated.

As an added benefit, proxy servers can also improve your network's performance by functioning as a caching server. However, proxy servers can be difficult to maintain and troubleshoot, which is why they are typically found only in large organizations with a good-sized IT staff.

For smaller companies, there lots of Internet Security appliances available from many of the big vendors such as Symantec, SonicWALL and Trend Micro. In addition to being relatively easy to use and to deploy, this type of appliance usually offer even more control over filtering options by not only blocking Web traffic, but also Internet applications.

For example, a single checkbox can block instant messaging traffic and eliminate a distracting and frequently used channel for virus propagation and inappropriate communication. Some even offer a client lockdown feature that lets you quickly disable Internet access from systems that have been hacked, hijacked or otherwise compromised. Though effective, these solutions can vary greatly in cost, ranging from a few hundred to a few thousand dollars.

However, if you're just looking to protect a handful of PCs, a more cost-effective approach is a package such as NetNanny, Cybersitter or CyberPatrol. While not as elegant as some of the security appliances mentioned above, these products do an adequate job filtering Internet activity by implementing the following:

  • Blocking harmful sites and images
  • Restricting chat and instant messaging
  • Limiting time online and access to programs
  • Controlling program downloads
  • And, most importantly, protecting the privacy of users

Best of all, you can buy these products for less than $50 per PC. Even though they don't give you the unified control of the more expensive networking products we discussed earlier, they do offer some protection.

Unlike many traditional security products, the need for content filtering might not seem apparent, but its value is undeniable. Protection from legal action, increased productivity and the maximization of IT assets makes it, at the very least, something worth investigating.

Adapted from PracticallyNetworked.com, part of the EarthWeb.com Network.

Do you have a comment or question about this article or other small business topics in general? Speak out in the SmallBusinessComputing.com Forums. Join the discussion today!

Comment and Contribute


     

    Get free tips, news and advice on how to make technology work harder for your business.

    Submit
    Learn more
     
    You have successfuly registered to
    Enterprise Apps Daily Newsletter
    Thanks for your registration, follow us on our social networks to keep up-to-date