Filtering software has many advantages. It avoids potential legal problems for your company, helps to increase staff productivity, aids your IT manager to understand what it is the staff actually want from the Internet service with which they've been provided, prevents them from (inadvertently) encountering offensive material and reduces overall bandwidth requirements.
Choosing your EIM software
Nowadays there are many EIM (Employee Internet Management) software packages on the market, so how do you choose the one that's best for your company? EIM suites fall into two broad categories, so your first task is to decide whether to go with a dynamic filter or a database-driven package. Dynamic filters analyse incoming Web pages in real time, looking around all the while for known keywords. Such software is generally quite accurate in detecting porn sites because the vocabulary used on the latter is fairly limited and highly predictable.
However, simply filtering on porn-related words can lead to an unacceptable number of false hits. An employee wanting to look up a recipe for chicken breasts, for instance, or wanting advice on breast cancer or sex education may well find their access blocked.
Filter-based software is an acceptable option if you simply want to detect access to porn sites, but there are problems with this approach if you also need to prevent access to sites which offer sports results, share trading information and streaming audio, etc because simply scanning for known keywords isn't totally reliable. Having to scan all pages in real time can result in a slowdown, too, causing the end user to waste precious time waiting for pages that they've requested.
Database-driven EIM software relieves these obstacles, and is a much more powerful option. Such software relies – as its name implies – on a database of prohibited web sites so that access may be managed by site name and IP address. Thus there's no scope for confusion between, for example, breastcancer.com and bigbreasts.com
Having made the decision to go with database-driven EIM, you need to consider some additional (and crucial) questions before making your final choice. Any database-driven EIM package is only as good as the quality of its database. If undesirable material falls through the net (or, just as importantly, useful information is incorrectly considered unacceptable) then the software becomes a hindrance rather than a help – and is of no use to the security/IT manager, nor its end users.
Categorised databases
Each EIM vendor creates and maintains its own database so it's essential to choose a product with one that's as comprehensive as possible, and which is updated regularly. Ensure that your chosen database is categorised so that you can ban (or permit only at certain times) access to specific groups of sites. For example, you'll want to ban all porn sites, but you may wish to allow access to sports results, home shopping sites and news headlines, etc outside of normal working hours (and perhaps at lunchtimes, too). You may also want to ensure that access to bandwidth-hungry sites such as streamed music only occurs at off-peak times (maybe before your US office wakes up).
Some web site operators try various tricks to avoid being blocked by Employee Internet Management software. A common technique is to change IP addresses, so it’s a good idea to ensure that your EIM tool is able to cross-reference URLs and IP addresses to
EIM companies use various automated techniques to ensure that their databases are truly comprehensive. Common search terms (sex, drugs, Britney and so on) are regularly fed into all the major search engines, and the list of resulting hits scanned to ensure that all matching sites are already on the database. Large portals and hub sites, which act as subject-specific directories, are also a good way of finding new sites to categorise.
Although these techniques work well, some jobs are still best left to people rather than machines. Look to buy from a company which uses real people, as well as computers, to maintain and test its database.
Another element to be wary of is the global reach of your EIM vendor. The Web is worldwide, so choose a supplier with a multinational presence. That way, you can be sure that the people who compile the database are aware of international considerations. For example, although quite acceptable in the Netherlands, any sites offering marijuana for sale will surely spell trouble for UK employers.
Basic reporting capabilities
All EIM software includes basic reporting capabilities, so you can easily discover which sites are being accessed by your users – and just how effective your controls are in the real world. Some packages go further still, recording details such as how long a user spends looking at any given site. Security managers can then use that data to help improve productivity and resolve disputes.
Make sure your chosen software offers a facility for customers to send back information to the EIM vendor to help improve the database. This is the best way to ensure that the program knows about the sites for which real people are currently searching. There will normally be a configuration setting that allows administrators to enable the facility. Once enabled, if a user attempts to access a site that doesn't appear in the database, that site's name will be sent anonymously to the EIM supplier so that database maintenance staff can evaluate and categorise it, and include it in the next update.
There will always be users who'll attempt to bypass your EIM system. Security managers should make this a disciplinary offence, and ensure that the company's Internet AUP (Acceptable Use Policy) clearly explains the penalties. If your EIM database includes a category that encompasses sites offering tips on circumventing EIM tools, this will go some way towards resolving the problem.
Source
SMT
Postscript
Geoff Haggart is vice president of Websense (Europe) (www.websense.com)
No comments yet