Restricting inappropriate access to the Internet

By Ken Doyle

Advertisement
At a recent meeting of a local computer users' group, held in a rented meeting room, we had planned a presentation that centered around online shopping sites. Unfortunately, we discovered that the corporate firewall had been configured to block access to just about every Web site that was even remotely related to online shopping. While I won't digress on the clumsiness of the method used, it did bring up a serious issue: How do companies handle employee Internet use at work?

Personally, I don't think blocking access is an effective solution for unproductive employees, since productivity problems are far better addressed by human resources professionals than with technology. And for every technological restriction imposed, including those discussed here, there's a way to circumvent the barrier. Nonetheless, many companies are rightfully concerned that their employees' Internet activity could expose them to legal liability, and technology can help to mitigate those concerns.

Most companies will use one of two approaches: content-filtering software or security appliances. Software products are generally more flexible and easier to configure; however, security appliances are easier to integrate into existing networks, especially for larger companies. Both types of solutions use common approaches to determine what Internet activity should be allowed on a network.

First, content filters rely on "blacklists," which are simply databases of sites that should be blocked. These databases can be configured according to your company's requirements (for example, to block pornography but allow shopping) and are updated frequently by the vendor. Second, some filters attempt to block sites based on their content, using complex algorithms. These methods are typically less effective than blacklists. Finally, all products offer the option to block specific network ports.

Two popular software products are Websense Enterprise (www.websense.com/content-filtering) and SurfControl Web Filter (www.surfcontrol.com). Both products are priced based on the number of users, run on Windows 2000/2003 Server, and allow you to set different policies for different groups of employees. While Websense offers more powerful features, it can be more difficult to configure and manage than SurfControl. Small businesses on tight budgets or those with basic needs may also want to consider open-source software such as DansGuardian (dansguardian.org).

Security appliances offer an integrated solution that includes content filtering, antivirus protection, firewall and router functions, and user authentication. These devices typically feature Web-based administration tools, allowing management from any location, which is convenient for companies with multiple offices. In addition, most of them feature Windows-specific software that allows them to integrate tightly with existing network services. Security appliances are available in a variety of models suitable for small businesses to large corporations, and there's no shortage of choices when it comes to manufacturers. Some popular brands include Cisco's
PIX series (tinyurl.com/b9ks), SonicWall PRO series (tinyurl.com/a4hy6), and FortiNet's FortiGate (tinyurl.com/dogwb).

No matter what solution your business implements, it's important to have clearly defined polices that are communicated to all employees. As with many other issues, technology is only part of the equation.


Ken Doyle is a principal consultant for Loquent LLC, a Madison-based company that offers technology training and consulting services.

Resources

Printable format

E-mail this story

Index of advertisers

Directory