Small Business Defense – Web Filtering

The term Web Filtering has many connotations.  On one side, employees (often younger ones) view it as a form of censorship.  On the other, business owners do have the right to require that employees spend their time doing what they are paid to do.  As is often the case, the best answer doesn’t really match either extreme.

Filtering technologies come in many flavors.  They range from highly simplistic technologies that block specific domains to complex deployments that set rules for each user, matching them against a set of categories to block or allow.  They can also give fine-grained control over operations like file downloading and updates.

The costs vary too.  Generally, the more control you want, the more it will cost.  While there are some open source solutions that you could deploy for free, they tend not to be robust enough to work well in enterprise environments.  The dedicated appliances work well, but often require rearchitecting the network for implementation.  Lastly, there are modules that can plug into your existing network equipment, but they may be a bit more expensive than you would like.

Of course, the challenge of using such a technology is often not technical.  The problem is primarily a social one.  Do you have the political environment where it is acceptable to monitor Internet traffic?  Will users allow you to block access to sites that they’re used to visiting?  Will management have a problem with you knowing the browsing habits of your fellow employees?

As usual, it’s best to start with a policy that specific controls what you will be doing and how the technology should work.  Then you can start implementing the technology using the policy as a guide.  At a minimum, you will want to define:

• which types of sites are to be permitted and which are not.
• which types of downloads are to be permitted (if any).
• what to do when employees are regularly found to be attempting to visit blocked sites.
• what “regularly found” may mean.

Lastly, before you implement the technology, it may be good to identify which types of applications you are using.  Some of these filters support a “transparent” mode but some must be run as a proxy.  Both methods work fine, but some applications may not be proxy-aware.  This can determine both the solution selected and the mode of deployment.

Small Business Attack – Web Browsing

As much as we dislike it, a part of most people’s jobs these days involves waiting.  Though they keep making computers faster and faster, there is still a bit of downtime involved.  While in the past, this time might have been spent talking with coworkers, these days it is more likely to be spent online.

There are many ways to spend your time online, from shopping to reading news to social media.  While there is nothing inherently wrong with being online, there are some concerns.  From a business perspective, managers may be concerned about productivity.  From a legal perspective, H.R. may be concerned about “inappropriate” sites.  And, of course, from a security perspective, we would concerned that sites could be the source of a compromise of user data.

At issue is the fact that, while most malware runs directly on the computer, web malware can run inside the browser. If it doesn’t run locally, and is sourced from a web site, it cannot be blocked with traditional anti-malware (though newer malware is aware of this attack vector). If all the malware accesses is data, there isn’t a good way to identify valid data access from unintentional leaks.

So, how to you protect against this particular threat vector without completely banning employees from accessing the Internet? How do you manage to classify which websites are OK and which ones are not?