Content

Web filtering (2005)

While the internet might be a valuable tool for business - who picks up the phone now when the information they want is probably on a website? - we also know that it's a colossal waste of working hours, too. And even when it's not strictly a waste of time, no one is going to agree that booking a holiday is the best use of company time or bandwidth.

As well as the issues surrounding lost productivity, there are many others surrounding open web access. First and foremost is people downloading illicit material on your company's computers. This is a situation you don't want – your firm could be prosecuted.

Next, there are offensive images. Again there's the potential that these images are illegal, but there is also the harm this can do at work. Companies could easily suffer from a joker in the office downloading something offensive to other workers.

There is now also the growing problem of spyware, which can be cut by blocking access to the kinds of sites that carry this content.

Each company should have an acceptable usage policy that lays down policy and states which websites can be viewed.

But while this gives you legitimacy when disciplining staff who breach this policy, prevention must be better than cure.

As you can see, there is little reason not to enforce web filtering, which is why we have ten products to enforce policy. We have five software products, which require a dedicated server, and five appliances that you can just plug into an existing network.

Testing these products is tricky. They all, bar one, use a URL database as the main line of protection. These databases categorize millions of websites. The idea is that you can block swathes of sites through a single tick box.

The problem is that it is very difficult to check all of the sites in the database to ensure that they are categorized correctly. The next problem is that websites appear and disappear on a daily basis, so keeping these databases up to date is very tricky, as is verifying them.

That said, all the companies on test do a good job of categorizing the main, easy-to-find sites. For most companies, if the occasional website slips through the net it's still not as bad as a virus.

Even so, we wanted to ensure that the filtering was working, so we picked a range of test sites we think should be blocked by all companies. In all cases the sites were blocked.

Next on our list was HTTP-Tunnel (www.http-tunnel.com). This is a free, but slow, service that installs a Socks proxy on a local PC and tunnels web traffic through port 80 on the firewall. Doing this prevents internet monitoring, and can bypass blocking software and hardware.

We made sure that we blocked all remote proxies on each test product to see if we could remove this potential backdoor. Remember – employees can and will install open source tunnelling programs that connect to their home PCs, so in most cases you're better off blocking all sites unless specifically allowed.

We also paid attention to how the products can apply blocking. Scheduling was one important factor, as there is nothing really wrong with shopping online, provided it is done at lunchtime or after work. If you can relax your policy out of work hours, your employees will appreciate it. Some of the products featured have time and bandwidth quotas for categories. You can allow, say, 10MB of MP3 sites a day.

One of the biggest problems with URL filtering is that different departments often need access to different sites in order to do their jobs. In these cases, a blanket, company-wide policy isn't going to do the job.

We tested each product to see how it can use user-authentication (local or through connectors to Active Directory, Radius or NDS) to verify the current user and apply suitable policy.

Finally, other tools such as keyword filtering can help block sites that are uncategorized, although they need to be carefully implemented in order to cut down on the number of false positives.

Choosing the right product for your network can be difficult, which is why we have a large range. There are those that integrate into existing environments providing pure and simple web filtering. For other networks, we have some products that also have firewalls, antivirus and anti-spam tools in them as well.

In particular, these products are well suited to branch offices, as it gives you a single point of management for all of your security.

We hope the range of products tested gives you enough to choose from. In this day and age, no company should be without one.

Related

DevSecOps Scanning Challenges & Tips

There are many ways to do DevSecOps, and each organization — each security team, even — uses a different approach. Questions such as how many environments you have and the frequency of deployment of those environments are important in understanding how to integrate a security scanner into your DevSecOps machinery. The ultimate goal is speed […]

It Should Be ‘Cybersecurity Culture Month’

It’s Cybersecurity Awareness Month, but security awareness is about much more than just dedicating a month to a few activities. Security awareness is a journey, requiring motivation along the way. And culture. Especially culture.That’s the point Proofpoint Cybersecurity Evangelist Brian Reed drove home in a recent appearance on Business Security Weekly.“If your security awareness program […]

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.