 |
Content Filtering v.s. Content Blocking
|
|
|
|
| Today, roughly 30% of all employees in the United States are online during working hours. As an increasing number of American businesses provide high-speed and dial-up Internet access to their employees, they also seek to avoid the liabilities associated with their employees accessing pornography, gambling sites, games, excessive personal business through e-mail, and disseminating company confidential information. Most companies have recognized that employees do in fact abuse Internet privileges, and until 2002, companies have addressed the legal liability and consumption of network bandwidth associated with this abuse by the method known as Site Blocking. |
|
|
Browser content is not the sole source of legal liability and bandwidth consumption that American companies are forced to handle; rather, these challenges exist throughout desktop applications that are utilized by employees on a daily basis. Some of the applications that are large contributors to the problem include: instant messaging, e-mail, e-mail attachments, peer-to-peer applications and all Windows applications. In addition to the inappropriate use of company computers for entertainment and shopping activities, the misuse of confidential company data and coworker harassment create an even broader and more complex organizational security problem. According to CSI and Information Security, browser related misuse explains only 20% of all employee abuse that occurs each day, the remaining 80% is attributable to misuse of various desktop applications.
The following document explains the concept behind Site Blocking and Content Monitoring as well as demonstrates how Content Monitoring is the next logical step in Internet Risk Management. Organizations can compliment an existing Site Blocking program with Content Monitoring or utilize Content Monitoring as an absolute solution to the misuse of both Internet browser and desktop-based applications.
|
|
|
| Site Blocking applications are based on pass-through filtering technology as the method of Internet filtering. Pass-through filtering requires all web page requests to pass through an Internet control point such as a firewall, proxy server, or caching device that immediately inspects each request to determine whether it should be allowed or denied. For reporting purposes, all responses from these pass-through filters are logged to a database. Site Blocking filters Internet content by working in conjunction with a master database of approximately 3 to 4 million web sites, organized into 70 to 100 categories including: adult content, MP3, gambling, shopping and online trading. For each content category, individual user, or group of users, site blocking can be used to entirely block access to content, permit access to content, or limit access to content by time-based quota. New Internet sites are added to the master database daily, and in most instances updates are automatically downloaded to the database every night to ensure you’re keeping up with the rapid evolution of the Internet. Following is a summary of the most obvious advantages and disadvantages of employing Site Blocking as the primary means of preventing Internet abuse. |
|
|
| |
|
|
| |
- Site Blocking provides an effective way to either block user access or allow user access to numerous categories of Internet data.
|
|
|
| |
- It is estimated that 3 to 5 million web sites are newly established or renamed each week, making the collection and storage of accurate data virtually impossible. Providers of Site Blocking technology, however, claim a greater than 90% accuracy in database tracking of Internet sites, a claim that is highly improbably based on the shear volume of new and renamed sites.
- Site Blocking can block vast amounts of good data along with the bad.
- Site blocking technology focuses only on HTTP based web traffic, leaving other applications such as instant messaging, e-mail, e-mail attachments, and other desktop applications a continuing security risks.
- Site Blocking conveys to your users that if they find inappropriate sites that are not blocked then its OK to use them.
|
|
|
The key to Content Monitoring/filtering technology is its ability to monitor and filter content from the Internet, chat rooms, Instant Messaging, e-mail, e-mail attachments, Word, PowerPoint, and all other Windows applications. Additionally, Content Monitoring/Filtering will only report on violations identified in those applications. Content filtering is accomplished using a library of terminology, words and phrases that are compared to those emanating from the content of the Internet browser and Windows applications. When accessing, receiving, or sending content, the data is analyzed against this library, and if a match occurs the data can be filtered, captured, blocked, and the application closed, or any combination thereof. Content filtering requires an agent on each workstation that checks the content data to determine whether it violates the organizations Acceptable Use Policy. If captured content data violates the Acceptable Use Policy, a capture of the violating screen is stored on the server with user, time, date, application and violation stamp for reporting and review purposes.
The utilization of a library of explicit terminology allows an organization to focus on specific content that violates policy. For example, the pornographic and sexually explicit library contains all data specific to this Industry. Content Monitoring/Filtering technology allows those words that used within a scientific or medical context to pass through the filter without causing a violation to be reported or logged. An example of such content is the word "breast". This same library approach also enables an organization to monitor for unexpected or unauthorized flow of confidential information. |
| |
|
|
| |
|
|
|
Content filtering allows filtering in all applications including: Internet, chat, instant messaging, e-mail, e-mail attachments, Word, PowerPoint and all other Windows applications. The software is integrated at the Operating System level so that the content in any windows event are compared against the libraries to determine if the content is inappropriate, such as opening files in explorer.
Content filtering fills the largest security hole in a company’s network. Statistics (CSI) state that 70 to 80% of all security breaches occur from within the organization. Content monitoring can monitor for and stop the accidental or intentional disclosure of a companies Intellectual Property, confidential information or other non public content, that can be accessed or disclosed electronically.
Working in conjunction with Human Resources training and Acceptable Use Policy (AUP) deployment, the Acceptable Use Policy informs the employee of what is expected from them as a computer user, while the content monitoring/filtering monitors and reports on compliance thus changing a computer user’s behavior by making them responsible for adhering to the organizations AUP and computing activities.
Content filtering uses screen captures of each violation with user name, date, time, application and violation stamp, to assist as part of a solution to provide the forensic data needed to protect the company.
Content monitoring is ideal for establishing an employee awareness program. When inappropriate data is discovered, organizations can choose to make users aware of the policy or notify employees by blocking the offensive content. Utilization of the Policy Central application results in full disclosure of the organization’s policy to all employees so it remains non-repudiated.
Does not require the daily updates to keep the database effective and current.
Content filtering does not filter out the good content with the bad. Content filtering libraries have been developed to distinguish the difference between pornographic and sexually explicit material vs. material that is scientific and medical in nature. Content filtering also eliminating the need to block out vast amounts of educational material to stop small amounts of pornographic material found on a particular site. |
|
|
| |
| 1. Content filtering takes more effort to filter non-pornographic material because the user must define and input the non pornographic terminology into the user defined library. |
2. Common Questions about Content Monitoring:
- Is Content Monitoring/Filtering an effective way to filter or monitor a user’s access to inappropriate web content? Answer: Yes, in fact this is the most accurate way to prevent access to inappropriate content because it only blocks when inappropriate data is encountered.
- Can Content Monitoring/Filtering compliment an existing site blocking program? Answer: Yes. Some organizations deploy Site Blocking to address URL access and Content Monitoring for user desktop application. This provides for double security.
- Can Content Monitoring/Filtering replace a Site Blocking program? Answer: Yes. Content Monitoring is more effective than Site Blocking because it blocks when inappropriate data is encountered.
- Can Content Monitoring/Filtering address Internet time management for activities such as shopping and seasonal non-work activities? Answer: Yes, content filtering supports internet time management functionality.
- Can Content Monitoring/Filtering provide user activity reporting? Answer: Yes, user violation reports are available along with screen captures of the violation.
- How is a desktop client application deployed to hundreds, thousands of users? Answer: This is easily accomplished via push technology.
|
|
|
Large organizations focus on building value for their customers and shareholders. Unfortunately that value can easily be undermined by lawsuits (harassment, misconduct, employee dismissal) and loss or misuse of private corporate information form corporate computers via the Internet, E-mail, Attachments, Chat, Instant Messaging or any Windows application. Site Blocking, a common first generation solution, only addresses 30% of the problem, HTTP traffic. Organizations serious about security need to compliment or replace Site blocking with a content monitoring solution that can monitor, filter, warn, and block in all applications, not just HTTP traffic.
Security Software System’s philosophy is simple: monitor, filter, block, or lock where needed. If you are currently using software to perform Site Blocking; Content Monitoring Software is a strong compliment or replacement, that will monitor all the activities on the desktop. If you are not using a software application to enforce your Acceptable Use Policy, Content Monitoring software is a cost effective total solution. |
|
|
- A study conducted by the Department for Trade and Industry's annual Information Security Breaches showed that 48% of large companies blame their worst security incident on employees. By contrast, the 2001 edition of the survey showed that 75% of those questioned named external hackers and criminals as the biggest threat to security (BBC News).
- In 2001, 60.7% of employees surveyed said they visit Web sites or surf for personal use at work (up from 50.7% in 2000) (UCLA study on Internet/E-Mail use).
- The number one reason employees give for the Internet causing them to be being less productive at work is the time they spend surfing sites that are unrelated to work. (UCLA study on Internet/E-Mail use).
- Secret monitoring by the U.S. Treasury Department of Internet use among Internal Revenue Service employees found that activities such as personal e-mail, online chats, shopping and checking personal finances and stocks accounted for 51 percent of employees' time spent online. The top non-work Web activity favored by IRS employees was going to financial sites. Chat and e-mail ran a close second, followed by miscellaneous activities (which included visiting adult sites), search requests, and looking at or downloading streaming media (Business 2.0).
- Users of online auctioneer eBay Inc. at work spent 157 minutes at the site in January, compared with 126 minutes while at home. Long a favorite among surfers, eBay ranked 7th among the most-visited sites for at-work surfers. eBay, however, ranks first in terms of average pages per person and time spent per month, at almost 300 pages and two hours per person. (Reuters). 70% of all Internet porn traffic occurs during the 9-to-5 workday (SexTracker).
- Surfers access news, information and finance sites much more frequently during the workday than at night so that they can keep up with breaking news or the markets (Nielsen//Net Ratings).
- 82% of U.S. business executives surveyed by the consulting firm Dataquest (a division of the Gartner Group) believe Internet use should be monitored at their companies (InformationWeek Online).
- The desire to boost productivity and keep confidential information secure are compelling businesses to take a closer look at the way employees use technology. Still, some businesses don't monitor workers' use of technology. Sometimes, companies assume that there isn't a problem, but they're often surprised by the degree of employee misuse when they finally use monitoring software, (Gartner Group)
- Instant messaging is one technology prompting increased monitoring as its use in the workplace grows. IM use in U.S. companies grew from 2.3 billion minutes in September 2000 to 4.9 billion minutes last September, according to research by ComScore Media Metrix. "There's still concern that it's a largely unmonitored channel, " says Jonathan Penn, a Giga analyst. (InformationWeek Online).
|
|
| |
|
|
