Web Content Filtering Essentials

As with any organization, the effective use of the internet presents significant and dynamic internal and external threats to your computing assets.  Knowing these threats alone is a significant stride to protecting what your organization deems valuable to their existence.  

Today, ContinuityFocus released their Whitepaper on Web Content Essentials, so we thought this may be of particular interest to our readers.  Hence, here are some of the highlights of that paper. Share and enjoy...

Organizations have embraced filtering technologies as the accepted defense of such threats.  Knowing what precisely what is being received and sent and the policies that are commensurate to the company’s acceptable use are what this technology enables.  The technology monitors the network traffic and permits, advises, or blocks the information based on the classifications determined by the policies of the respective company being protected.  

Although the precept is relatively simple, the choice of the appropriate technology to meet the performance, growth, and features unique to your type of computing traffic can be not only daunting, but quite complex.

This article is intended for system administrators and IT professionals desiring to update their current filtering strategies to ensure that today’s threats to internet access are appropriately addressed.

Content Filter Landscape

Today, with the advancements in the web experience and the Anonymizer browser tools and hidden malware, the challenge to thwart unwanted exposure to unscrupulous material or malware is vastly different than just 10 years ago.  

Unfortunately, the technology vendors out there haven’t really been keeping pace.  Granted there are a few exceptions, but by in large, many providers are still using the technology that they provided years back, and now are finding that in today’s environment, they are falling short of what is needed in both performance and functionality.  

In their defense, some organizations are butted against the cost of the necessary changes; hence, are slow to respond, due to the forklift change required to keep pace.  As a result, many organizations are compensating their deficiencies and downplaying the filtering role by enticing customers to look at peripheral enhancements.  Some of these enhancements include Mobile device Management, Anti-Virus, or even, not kidding here either, Video Portals.  Yes folks, forget your worries about malware or content filtering, because we have a place you can store your videos!  Now it can be argued that these adjunct sub roles provide a more “holistic” service, yet the problem still exists, is your web filtering technology sufficient in today’s environment.  Fancy video repositories or MDM adjuncts are nice, but being a jack of all trades and a master of none is no way to run a business, especially if these nuances are at the expense of your network security.  

So what should someone be looking for in Web Filtering today to ensure they are getting an effective solution?  

 

Today’s Challenges

With a general understanding of web filter architectures, we can now examine what features are relevant in today’s computing environment.  This is where we must acknowledge the current challenges that are to be met with such a technology.  

Understandably, this may vary with respect to the type of business need; however, there are some common fundamental features that if not recognized, would be debilitating to the enterprise it is chartered to protect.  We understand that there are a myriad of adjunct combo features that many manufacturers have added to their solution, and acknowledge their tireless dedication to be more than a filter; however, for the purposes of this paper, we will focus on the features that are salient to web security; hence, how well you store videos, or manage mobile devices will be mentioned only if it is fundamental to web filters.  In short, we chose to spare the readers the bells and whistles.

Here are some of the few common denominators that are a must for any web filter in today’s market.

1. SSL Decryption
2. Scalability
3. Social Networks
4. BYOD

SSL Decryption

Ok so what is SSL Decryption, and why is it important to you.  The Application Usage and Risk Report, Palo Alto Networks, analyzed the traffic of 1,253 organizations reported that applications that applications using SSL represent 25 percent of the applications examined and 23 percent of the overall bandwidth used by applications in its study.

 

Cert Inspection vs. Full Decryption

Many Content Filters today cannot perform full SSL decryption, or if they do, they would require an agent placed on every single device to be filtered.  This would be a logistical nightmare for those with a substantial amount of users; hence, impractical.  As a compromise, many manufacturers offer certificate validation which inspects the certificate of the providing site for validity.  However, this does nothing in the area of inspecting the payload of the session; hence, not really content filtering.  Full decryption is the only way to ensure your policies are not being subverted.  In fact, with full decryption, devices like UltraSurf, a browsing anonymizer, is thwarted from subverting your security policies.

Scalability

Although you would think this is a given when defining any technology, but there are some serious considerations.  As eluded before, the architecture you select may be a big factor in this arena.  The logic behind this is simple.  Proxies require the replication of the entire communication stack, where bridging only needs to go to the datalink layer.

Hence, using a proxy configuration may be feasible in low user numbers, but may be impractical for large enterprises.  Not to mention the logistics associate with deploying agents on each device if required.  Bridges are simply placed on your network.

Social Network

Social Networking and Social Media sites like Facebook, Google and YouTube have become so much more than mere “websites”. They are Web-enabled applications that provide users with a range of tools and capabilities. Simplistic policies, like block YouTube, are impractical in today’s always-connected Web 2.0 world. Today’s Web filtering solutions need to be able to provide granular control over Web applications and actively segment content within websites.  Hence, there must be a function that will allow you to compromise and granularly control these sites.  For example, 

• Google, Yahoo!, Bing and other search engines – enforce Safe Search results, and limit access to functions such as Gmail or Google Images.
• Facebook, Twitter, Linkedin and other social networking sites – control the ability to use chat or comment functions and block apps.

BYOD

Mobile Device Management solutions have made great strides in the past few years; however, It is simply not enough to just know where a device is.  Your Security Policy can no longer sit idly by and ignore devices on your network that literally can double your traffic let alone double your exposure to malware and viruses.  The form factor of the computing device is incidental; It is an absolute necessity to be able to enforce the same policies across the board regardless of the computing device size, shape, or form.  

In Short

If you are in the market to improve your Web Content Filtering, make sure your selection is current with today's features, for without them, you may as well have no filter at all.  Just Say'n

Source(s):

• Web Content Filtering Essentials, ContinuityFocus, August 20, 2013,  If your interested in a copy of the paper send an email to sales@continuityfocus.com.

So “Once more unto the breach, dear friends, once more;”

____________________________________________________________

About Rick Ricker

An IT professional with over 21 years experience in Information Security, wireless broadband, network and Infrastructure design, development, and support.

For more information, contact Rick at (800) 399-6085 x502