Always a contentious topic, we look server-based Internet content filters and some of the reasons why your organisation might want one, or not.
Undeniably someone needs to stand up and be the sheriff in this global frontier, but who? And because it affects the global community, not just a single set of users, then how? Has the time come to turn off the Internet or make a wholesale upgrade?
The arguments on this subject are endless and emotionally charged. The impending changeover to IPv6 may provide the opportunity to also start applying some international laws and standardised regulations on content.
(In case you were not aware, the Internet system inherently runs on series of unique numbers called IP addresses, which consist of four eight-bit digits (from zero to 255). This allows just under 430 million different addresses, and when the Internet protocol was created, the innovators thought that there would never be a call to use all the numbers available. Hmmm, another great IT mistake. The time of saturation is upon us -- it has been for quite some time now -- so shortly many services will be moving from IPv4 to IPv6. Apart from addressing the potential for running out of numbers again in a hurry, it also has additional features that can be used for traffic control.)
Content filters have surreptitiously crept into the digital landscape over the past year or two, generally under the guise of being added features packaged with antivirus, firewalls, or spam filters (and other traffic inspection systems such as these). Depending on the operator's incentive or need for deploying such tools, there is even perhaps a valid reason for all the posturing and positioning of the filtering products. Indeed, some organisations may even be justified hiding them in clandestine locations to spring on the unwary.
Whether you believe it or not, many people actually take their privacy for granted and would not like to think their online experiences and antics on the "anarchic" Internet could be traced, tracked, logged, or even -- shock horror -- controlled. The truth is that these products do exist and have been readily available for quite some time. Incorporating powerful feature sets, they enable the administrators to log virtually every aspect of the users they are able to control.
We are here to open the can of worms -- well, more like a 44-gallon drum of king-sized worms -- for thought and comment, and in the process try not to impose our personal beliefs on what should and shouldn't be considered acceptable in the arena of information control. However, with such a contentious issue it is very difficult to maintain a independent view at times.
So the questions are, should a line be drawn? And if so, where should that line be drawn, and who should draw it? Who should regulate the drawer and who can control the line? What do the people think of someone else drawing a line on their behalf to control their use? Who would conform and who would not? Big questions, lots of theories, and no answers. Now the scene has been set perfectly for a media frenzy and application vendor marketing hype.
But why would people or organisations want to apply these filtering products? The four main uses of a information content filter are:
- Business. Employers wanting to enforce their acceptable usage policies (AUPs), also can be used for spying on staff use of company's Internet resources. This spying can be recorded, logged, and archived for later use should it be necessary. Some content control in this area could be deemed acceptable particularly when looked at from a HR point of view. Several well-documented overseas legal cases have arisen with an employee suing an employer -- most often for sexual harrassment -- because of information received via the company Internet resources from either a manager or another staff member within the organisation. Therefore it is in the employer's interest to control access as much as possible to the distribution of material that may potentially offend employees. Employers can save money by curtailing non-work-related Internet access, particularly to bandwidth-intensive applications like streaming video, and many employers also believe this will make staff more productive. On the flipside, some employees are resentful of being monitored, censored, or not being able to access their Hotmail accounts. Does this lead employees to be fearful of the technology they have been handed by the employer?
- Service Providers, wishing to protect themselves against action from their users and/or legislation that exists in the area(s) that their services are provided. Whether they are Internet service providers, application service providers, or content providers, it is currently a hot topic and one well open for debate; for instance who within the service provider makes the decision to control the individual users' access to content, and how is that regulated? Is it purely based on content hosted by that provider or traffic that flows through that provider's equipment?
- Personal. An Internet user wanting to control content at their end of the connection. Common use includes parental or carer control in an effort to block access to sites not suitable for their charges. Despite popular belief, this method does not replace the watchful eye. Any carer allowing their charges to have an Internet-connected PC in a private room unsupervised is potentially allowing access to harmful information whether there's a content filter or not. The old adage seems to apply well here: where there's a will, there's a way.
- Government. Depending on where you live, you would already have a fair idea of your government's requirements and agendas in controlling information on the Internet.
Technology & Business readers mainly fall into the "business" category of users, therefore this review will focus mainly on those applications designed around controlling Internet content in the workplace.
Computer Associates (CA), developers in their usual way have sat down and really thought out this application, and then worked to integrate an amazing array of features set fairly and squarely at their target user base. The product is a gateway application and the feature set includes not only HTTP (Web) content filtering capabilities but also FTP (file transfers) and SMTP (e-mail) filtering/management. For the purposes of this review, we will look only at the HTTP content filter side of the product. The application also includes central reporting and a quarantine manager; it's very modular, fits into many varying environments, and can scale well.
The Web content filter itself ships with no less than 19 real-time black hole list services (RBLs). The installation documentation provided by CA is very thorough and takes even the novice content filter administrator through several key topics such as good DNS housekeeping practices. The actual installation itself was very straightforward with several simple configuration steps taken along the way.
Administration and monitoring is performed through the same interface, with extra access to quarantine and advanced logging applications built in and accessible at the click of a button. The application sets itself up as a proxy server to filter all relevant traffic passing through it. This can still be used in conjunction with a traditional proxy ser-ver application.v Overall, this is a very powerful, refined package that is simple and easy to use. The extended feature set is also a plus to any company needing the extra functionality. Definitely add this application to the shortlist for evaluation. Additional included applications further enhance the ability of the CA filtering application to integrate with domain and directory structures to increase the user auditing capabilities.
|Product||Computer Associates eTrust Secure Content Manager v1.0|
|Price||US$55 per user|
|Phone||02 9937 0500|
|Very easy to install and use; excellent feature set.|
|Good set of updates and schedules available.|
|Pricing is a lttle high when compared to the competition, however still very good value for feature set.|
|No details provided.|
Symantec Web Security comes with a very informative 300-page implementation guide. Symantec filtering scans HTTP (Web), HTTPS (secure Web), and browser FTP (file transfers). The Symantec Web Security application can be configured to work with a directory service to authenticate its users and groups.
There is a range of predefined lists included with the package, everything from Alcohol-Tobacco to Weapons, and all 28 categories in between including job search, news, and vehicles (useful in an office full of rev heads, but perhaps less so at a car manufacturer).
Installation was as simple as inserting the CD and following the prompts. Configuration is performed via a Web interface. The main configuration revolves around setting up the computers, users, and groups. There are also more detailed settings (less used, or set once) under the System configuration settings. It takes some time to get used to using the Web interface and its particular nuances, however we are sure once the administrator spends some time coming to terms with it, there should be no problems.
The Web Security application can be configured to filter on a per-user, per-computer, or per-group basis, therefore giving the administrator great control over their environment and enabling them to easily enforce their security policies.
The reporting tools are very extensive and can extend to logging all Web sites that users visit, to providing a complete audit log of Web activity. The application installs as a proxy service, albeit on a default port of 8002 (which can be changed), and it can be used in conjunction with other proxy servers too.
In summary, while it's definitely a content filter, the system is let down by its Web user interface which takes some time to learn and is a little harder than necessary to navigate. Very good integrated reporting does however ease the situation.
|Product||Symantec Web Security v3.0|
|Price||AU$53.20 per user for 10 users, down to AU$18.80 per user for more than 2000 users|
|Phone||02 8879 1000|
|Let down a little by the user interface; very good feature set.|
|Good set of updates and schedules available.|
|Fair pricing for this application.|
|12-month warranty/support included.|
Trend Micro's Interscan Web Security Suite is a feature-rich, well-developed security product. Installation could not have been any easier for such a relatively complex application. There is basically nothing to it, just answer a few simple routine install questions and let it run its course. The server needs to be rebooted, then the operator can access the browser interface.
Configuration is via a series of drop-down menus on the left-hand side of the interface. If the administrator is familiar with other Trend Micro applications such as the InterScan Messaging Security Suite, then they will find a similar look, feel, and terminology is used.
Administration and reporting is also comprehensively covered. As part of the installation routine, the administrator is given the option of installing to an included MSDE database, or for larger sites use an SQL Server database. There are several key routine updates included in the subscription, covering items such as Phishtrap and Spyware patterns. There is also a very comprehensive URL filtering database included if the administrator chooses to install and make use of that.
In conclusion, Trend Micro's Web Security Suite is robust, refined, and easy to implement and manage. Very good reporting tools and extra functionality should put it on the top of any administrator's short list for evaluation.
|Product||Trend Micro InterScan Web Security Suite v.20|
|Price||Approx. AU$45 per user for URL filtering and antivirus|
|Phone||02 9870 4888|
|Very easy to install and use; excellent feature set.|
|Very good set of updates and schedules available.|
|Very good pricing considering the application and features.|
|12-month warranty/support included.|
Webspy is a relative unknown when compared to the other vendors participating in this review. Despite Webspy's prodigous range of applications there is none which does content filtering per sÃƒÂ©. The majority of their applications simply take application logs, such as proxy or firewall, and attempt to make sense of them to enable administrators to generate reports from the overwhelming amount of data these applications tend to generate.
Possibly the application that comes closest to a content screening device is the Webspy Sentinel product. It provides a real-time gateway environment which also has full logging, accounting, and reporting facilities to enable administrators and managers to monitor employee Web surfing events. Due to the nature of the product -- and given the fact that it does not actually apply any rules or policies to block or filter content -- the installation and initial configuration takes only a few minutes and is very straightforward.
Once Sentinel has been configured via the small configuration interface, the log files can then be examined. We installed Webspy Analyzer Giga 2.1 which is the enterprise-level log analyser. With the minimum of fuss, we followed the wizard through to create the log file storage area and import the data, it was then a matter of running a summary report and the results where there for all to see. In conclusion, if spying and logging is your game and content control is not a requirement, then the Webspy range of products would surely have some kind of tool to suit your requirements.
|Product||Webspy Sentinel v3.2|
|Phone||1800 801 121|
|Limited in that it does not actually filter content, but does have powerful logging/spying capabilities.|
|Not too many features required in the Sentinel monitoring/logging application, however great log analysis in the Giga application.|
|Certainly not cheap, but may be the monitoring solution you have been looking for without all the bells and whistles.|
|No details provided.|
|Product||Computer Associates eTrust Secure Content Manager v1.0||Symantec Web Security v3.0||Trend Micro InterScan Web Security Suite v2.0||Webspy Sentinel v3.2|
|Vendor||Computer Associates||Symantec||Trend Micro||WebSpy|
|Phone||02 9937 0500||02 8879 1000||02 9870 4888||1800 801 121|
|Price Range||US$55 per user||AU$53.20 per user for 10 users, down to AU$18.80 per user for more than 2000 users||Approx AU$45 per user for URL filtering and antivirus||From AU$1397|
|Warranty (months)||No information provided||12 months maintenance||12 months maintenance||No information provided|
|Extended service available||No information provided||3||3||3|
|Standalone client application||8||8||8||3|
|Gateway server application||3||3||3||8|
|Custom list import capable||8||3||3||8|
|Automatic online definition updates||3||3||3||8|
|Advanced logging and monitoring of user activities||3||3||3||3|
|Management reporting feature for employee Internet activity||3||3||3||3|
|Operating system required||Microsoft Windows 2000, XP, 2003 Server||Microsoft Windows NT 4.0 Server SP6a, 2000 Server SP2; Sun Solaris 7 or later||Windows; Linux||Windows 98 or later|
Each product was installed onto a Windows 2000 Advanced Server system. Due to the time and level of detail required to build up an accurate and reliable table, we did not attempt to formally test the accuracy of these products. In testing the Lab has done for other clients, we have found all the systems in this review to be sufficiently accurate for business purposes. Consideration was given to the installation and more importantly the configuration and ongoing administration of the applications themselves.
To what level of granularity can administrators filter for different users, and how easy is it to do?
Does the package have advanced features such as allowing different types of access at different times?
What will the software cost and will this be compensated by the time and resources saved?
What support is standard and how much will support contracts cost?
Company: LCS Enterprises
This company wants to monitor and block employees' access to non-work-related Web sites, as management believes employees are wasting too much time on the Web.
Approximate budget:Ã‚Â Open.
Requires:Ã‚Â Web content filtering software or appliance suitable for 200 concurrent users.
Concerns: The company is most concerned with the ease and flexibility of applying and customising rules, getting updates, and using/importing custom lists of Web sites. The ability to apply different policies to different groups or users will be highly regarded, as will the ability to integrate with existing directory systems. Management tools and reporting will also be an important factor. The ability to block peer-to-peer file sharing applications or to prevent users from downloading spyware applications would be a bonus.
Best solution: The scenario winner in this case is a 50/50 tie between CA's eTrust Secure Content Manager (SCM) and Trend Micro's InterScan Web Security Suite. Really the features, ease of administration, and logging levels between these two applications are very close.
Look out for...
- Ease of tracking/identifying users, particularly if management want to audit certain employees Internet usage, the ability to correctly identify and track an individual within a company is important, therefore the company must ensure that their user logins and authentication systems are accurate and the filter that they choose enables easy identification preferably on network user ID, or IP address/MAC address.
- Support for custom white and/or black lists. Some sites which may be automatically blocked by the filters may legitimately need to be accessed by certain employees therefore white lists may be necessary to cancel out false positives.
- Granularity in applying rules to users or groups. Some users or corporate groups may require tighter or looser restrictions to the sites that they can access via the network therefore the greater the level of policy enforcement the application supports without getting too difficult to maintain the better.
- Ease of monitoring and management. What is desired is a system that generates no false positives, alerts the operator as soon as an event is triggered (with a full concise logged history) and can support 100,000 users over 100 sites... we may be going overboard here, but you get the gist. Logically if it isn't easy to operate, monitor, and maintain it will potentially become a burden to the administrators.
Trend Micro InterScan Web Security Suite
Highly Commended: Computer Associates eTrust Secure Content Manager
With these business-oriented content filtering applications to choose from, the winner of the Editor's Choice this month goes to Trend Micro's InterScan Web Security Suite with CA's eTrust Secure Content Manager coming a very very close second. Trend Micro gets the gong because it's easier to use, cheaper, and has additional features such as spyware filtering. However, both packages have the features and flexibility to work very well in a business context.
This is a many faceted and very hot topic indeed. Whether you are for or against the filtering of Internet content, the battle certainly seems to be hotting up. Combined with vendors now specifically targeting applications tailored for the various potential users, there are several different fronts and opinions that will emerge in the coming months as more and more people turn to filtering content. So the question remains: to control content or not to control content?
This article was first published in Technology & Business magazine.
Click here for subscription information.
RMIT IT Test Labs is an independent testing institution based in Melbourne, Victoria, performing IT product testing for clients such as IBM, Coles-Myer, and a wide variety of government bodies. In the Labs' testing for T&B, they are in direct contact with the clients supplying products and the magazine is responsible for the full cost of the testing. The findings are the Labs' own -- only the specifications of the products to be tested are provided by the magazine. For more information on RMIT, please contact the Lab Manager, Steven Turvey.