Content filtering - Part 1 

 

Technology can be a boon as well as a bane. On one hand, technology provides — information at your fingers tips, global connectivity in a fraction (both in terms of time & cost, etc.) and on the other hand the very same technology can take away your privacy, steal your data/identity and so on and so forth. There will always be uses and as will be abuses of this unique innovation.

 

To put it closer to reality, we can now file income tax returns and other statutory reports thru the Internet from the comfort of our offices/home. We are able to communicate with our near and dear ones or with our co-workers/colleagues and clients thru Internet and email. However, the Internet can also be the source of your biggest worries — e.g., a very large firm is facing legal action and public rebuke on account of what some say harmless and many say despicable email.

 

As the prevalence of Internet grows in business, personal use and in education, so do the risks of uncontrolled access. In today’s business environment, organisations rely on the Internet for access to information and resources. While instant access to information over the Internet is critical, it introduces incredible risks to the network and data. Every day, new threats such as viruses, worms, trojans, phishing attacks and spyware programs cause serious financial damage to companies through compromised computing systems, lost productivity and theft of passwords and other confidential information. When workers inadvertently or deliberately access sites containing inappropriate, illegal, or dangerous content, use instant messaging (IM) and peer-to-peer (P2P) applications, they expose themselves to legal liability, and in some cases experience degraded network performance. The opportunity to connect to websites that contain objectionable or even illegal content can leave organisations vulnerable to legal liabilities and unwanted security risks. Businesses, parents, schools, and libraries with Internet connections need the ability to control access to objectionable or inappropriate content or else face businesses risk, productivity loss, erosion of available bandwidth, and legal liability.

 

Businesses (as well as parents/schools) are also becoming increasingly aware and are concerned about the dangers posed by instant messaging and Internet chat. However, the first generations of Internet filtering software have produced challenges as well as solutions. Traditional Internet filters have been known for slowing down computer performance, for blocking appropriate and important sites as well as bad ones, and worst of all, for leaving behind holes that tech-savvy employees/children and teenagers can easily circumvent.

Thus the challenges faced can be summarised as under :

• Improving employee productivity — Restricting web access to appropriate sites can enable companies, thus preventing excessive non-productive web surfing.

• Minimising liability exposure — By preventing access to objectionable content, businesses can shield themselves from potential legal liability that can arise if an employee repeatedly sees offensive material on a co-worker’s computer.

• Preserving network bandwidth — Preventing downloads of large video files and pictures unrelated to business helps preserve bandwidth and application performance.

• Preventing hacker attacks and protecting privacy — Blocking automatically downloaded files such as Java applets and ActiveX scripts helps protect the network from viruses and hacker attacks, while rejecting cookies helps ensure privacy is not compromised.

Having said the above, the question is — What can we do about it ?

 

Filtering solution :

Solutions can be either localised — CLIENT-based, or can be centralised — SERVER side.

 

Client-based filtering solutions :

 

Client-based content filtering solutions are software products installed on individual desktops. The software includes a management interface and a database of blocked websites; the user downloads database updates via the Internet. Some of the names in the client-based solutions category include Zone Labs, Net Nanny, and Computer Associates. Abroad, some Internet Service Providers (ISPs), such as Microsoft MSN and AOL, integrate clientbased filtering into their standard broadband service offerings.

 

Pros & Cons : The advantage of the client-based approach is the low initial cost of software-only solutions, making them popular with home users. The initial cost, however, is counterbalanced by cost of maintaining the software, which are comparatively higher costs. One reason for the high total cost of ownership is that database growth is constrained by the amount of available storage on each desktop, limiting scalability. Another reason is a lack of manageability. The organisation cannot enforce regular, frequent database updates. Rather, the administrator must visit every desktop to instal software upgrades or change filtering policies.

 

Client-based solutions can also provide less effective content filtering than other architectures. For example, because users download database updates at their own convenience, inappropriate content might be accessible for some time before it is blocked. What’s more, savvy workers or students can sometimes uninstal or disable the filtering function entirely.

 

Server-based filtering solutions :

 

The server architecture consists of two components: a dedicated database server platform and a separate gateway or firewall. The database contains URLs, their content categories (such as nudity or violence), and specifications on which categories are allowed or blocked. The gateway or firewall enforces the content filtering policies on the server. Some of the names in the server-based solutions category include Websense®, N2H2™, and SurfControl®.5

 

Pros & Cons : Server-based content filtering solutions are more manageable than client-based solutions. The network administrator can create a filtering policy once at the gateway, and then apply it across all desktops. This eliminates the need to update every desktop individually and ensures that policy is applied consistently.

But the simplified manageability comes at a high cost. The business, educational institution, or library must purchase two hardware devices — the dedicated server and its companion gateway or firewall — as well as the content filtering software. With two devices to manage, organisations double their equipment cost and management burden, and may even be forced to dedicate resources to manage this solution. For distributed organisations, deploying an effective content filtering solution at each site can be prohibitively expensive. While the server architecture is more manageable than the client architecture, it does not address a chief drawback of client-based solutions : limited scalability. Hundreds of potentially objectionable sites are launched each week. Therefore, as the database of websites grows, the business, educational institution, or library eventually will be forced to purchase additional storage for its database server.

The ideal solution would meet the following criteria :

• Scalable : Support any size database without requiring hardware or memory upgrades — as would be possible if the database were provided by a hosted service.

• Cost-effective : Eliminate the need to purchase, maintain, and administer multiple hardware devices, while maintaining a consistent cost model, even as the user base grows.

• Manageable : Ensure policies are updated in a timely fashion and enforced consistently on all desktops, for all users.

• Comprehensive : Store millions of URLs, IP addresses, and domains, while distinguishing among rating categories such as pornography and sex education.

• Flexible : Allow administrators to create different policies and apply them to groups of users or individual departments customising policy enforcement. Allow administrators to create custom lists of blocked and allowed sites, unblock specific sites or switch off filtering entirely.

• Secure : Support multiple authentication databases and provide User Level Access (ULA) control.

In the next article, we will study the available options, their pros and cons, etc

 

Article by Mr. Samir Kapadia, a renowed Chartered Accountant