Last time we discussed the need and benefits of implementing Internet content filtering. Now, we will look at some of the options available for a business or home to implement filtering and which options are best suited. Please keep in mind that this is not designed as a purchasing guide or product evaluation. It is more designed to give an idea of the possibilities.
Option 1 – Dedicated appliance
This option uses a dedicated appliance to do the filtering. A common configuration is for the filtering appliance to be installed in-line on the segment between the firewall and the protected network. This forces all traffic to pass through the device. Content inspection takes place as packets pass. The following are two examples of dedicated content filtering appliances.
- St.Bernard iPrism
- Barracuda Web Filter
Dedicated appliances may be considered reasonable for small organizations who do not have the manpower to manage a dedicated server. An advantage of this option is that it is independent of the OS used on the client machine. No software is installed on the client.
Option 2 – Dedicated server
Dedicated servers is the option chosen by organizations needing a high-level of control over the filtering. They consist of software that is installed on either a Linux or Windows server. Often they use software that “proxies” the connection from the workstation to the web site. Here are some examples of software that requires a dedicated server for content filtering.
- Dan’s Guardian
- SafeSquid
- WebSense Web Security Gateway
The dedicated server option requires an administrator that is knowledgeable of hardening the underlying operating system and can manage the software installation. This option also is independent of the OS used on the client machine. No software is installed on the client.
Option 3 – Host-level software
This option is a common personal solution. Software is installed on the client computer. It requires a separate password to make changes to the filtering level. The following are well-known examples.
- NetNanny
- CyberPatrol
- bSafeOnline
- SurfWatch
This option is best suited for the home or individual. It is dependent on the operating system of the computer.
Option 4 – Filtering services
This is fairly recent option. These services require a change to your network settings so that your requests for web pages are routed through their service. They seem to work pretty well.
- Google Apps Security Service
- OpenDNS.org
The advantage of using filtering services is that someone else is configuring and running the servers. Also, no software has to be installed on the client computer. The primary disadvantage is that this filtering solution can be straightforward to bypass if a user has complete local admin rights to their computer, and they know basic tcp/ip.
I hope this discussion helps clarify the options.
- Dan
