Corporate web filtering
March 13, 2006 5:39 AM Subscribe
My company needs to find a web filtering solution that can filter out pornography, gambling and all the other sites companies don't like people looking at when at work. Our main requirements are that we don't want to have to host or manage a server ourselves and that we need very clear activity reports. Anyone have any experience with suitable products, good or bad?
And just to be absolutely clear not filtering is not an option. It's already been discussed ad nauseum and the powers that be are very, very insistent on this point.
And just to be absolutely clear not filtering is not an option. It's already been discussed ad nauseum and the powers that be are very, very insistent on this point.
Response by poster: I can't really give a specific answer to that but let me put it this way - we're not a wealthy company.
Having said that I'd be glad to hear about any products regardless of price.
posted by dodgygeezer at 6:16 AM on March 13, 2006
Having said that I'd be glad to hear about any products regardless of price.
posted by dodgygeezer at 6:16 AM on March 13, 2006
In order to be sure your company machines are compliant with a filtering policy, you need to be sure that all packets that can pass to outside sources from any desktop must physically pass through a filtering device. An external proxy service managed by your ISP or a hired service at the main router or remote end of your central Internet connection can be effective, and may be less expensive than a lawsuit your company gets for trying to do it alone, if no one at your company is competent to do this. However, there are setup and ongoing costs for doing this, which may be beyond your company's budget. If so, you are going to have to compromise somewhat, but doing something is always better, legally at least, than doing nothing.
If you can't justify a security management service, essentially, you do need to "run a server," but there is a class of firewall appliance products (such as eSoft's Instagate, Sonicwall, or ISS Proventia) that make this pretty easy to do, including setup and ongoing administration. There is an ongoing monthly or annual subscription cost for running these devices, which provides the security and administrative updates you'll need to stay secure, but there is also remote configuration help and telephone support to keep you operating, and to assist with setup.
posted by paulsc at 6:39 AM on March 13, 2006
If you can't justify a security management service, essentially, you do need to "run a server," but there is a class of firewall appliance products (such as eSoft's Instagate, Sonicwall, or ISS Proventia) that make this pretty easy to do, including setup and ongoing administration. There is an ongoing monthly or annual subscription cost for running these devices, which provides the security and administrative updates you'll need to stay secure, but there is also remote configuration help and telephone support to keep you operating, and to assist with setup.
posted by paulsc at 6:39 AM on March 13, 2006
Of course, the cheapest way to go is to not provide web access in the first place. This may be sacrilege, but, unless their work really requires web access, there's no real reason to provide it.
(I'm saying this, of course, not knowing what your business actually is...)
posted by Thorzdad at 7:04 AM on March 13, 2006
(I'm saying this, of course, not knowing what your business actually is...)
posted by Thorzdad at 7:04 AM on March 13, 2006
What do you mean by "activity reports"? Do you want to catch people attempting to go to websites?
posted by mediaddict at 9:48 AM on March 13, 2006
posted by mediaddict at 9:48 AM on March 13, 2006
Response by poster: The biggest priority is to see when a user tries to access something they shouldn't. After that we need to log all activity (just in case there's other stuff they're accessing that isn't blocked by the filter).
posted by dodgygeezer at 10:29 AM on March 13, 2006
posted by dodgygeezer at 10:29 AM on March 13, 2006
We use a Sonicwall firewall with the content filtering option. It works pretty well; the filter classifications (what kind of sites to filter) are acceptably granular, and it's easy to create site-by-site exceptions to the filters. Each time someone hits a filtered site they are shown a screen telling which part of the policy is being violated (as an example, the Sports Illustrated website got caught under the swimsuit filter when people wanted to read up-to-the-minute Barry Bonds steroid stories -- I'd much rather see Maria Sharapova than Bonds' mug any day), and the IP address of every workstation violating a policy is recorded in the firewall log. Filtering costs about $600 a year but is painless to install, and updates are automatic. I'm sure it's saved us more than a few hostile-workplace complaints.
posted by lhauser at 3:40 PM on March 13, 2006
posted by lhauser at 3:40 PM on March 13, 2006
« Older Need rss travel feed for Netvibes | Can you steer a runaway car with the engine turned... Newer »
This thread is closed to new comments.
posted by Jairus at 5:44 AM on March 13, 2006