Collaboration

Lock IT Down: Using SmartFilter and Microsoft Proxy to control Internet use

SmartFilter is a URL-filtering tool that works with Microsoft Proxy Server to control Internet use.


It’s 11:00 A.M. Do you know where your users are? More precisely, do you know where they’re surfing on the Internet? How do you keep them from going to inappropriate Web sites, such as porn sites? In this Daily Feature, I’ll look at a third-party tool called SmartFilter and how you can use it to keep your users in line when they’re online.

What is SmartFilter and where can I get it?
SmartFilter is a URL-filtering tool that works with Microsoft Proxy Server to control Internet use. SmartFilter uses a database containing hundreds of thousands of Web sites and tens of millions of URLs, which are compiled into different categories called Control Lists, to perform filtering. With SmartFilter, there is no client software to install. Instead of running as a service on your proxy server—as do some other URL-filtering software products like SurfControl and Little Brother—it keeps the configuration you define in the registry.

SmartFilter works in conjunction with Microsoft Proxy Server to filter Internet sites. Microsoft Proxy Server provides some valuable features, such as extending Internet applications to every desktop on your private network, caching frequently accessed Web pages, and acting as a firewall between your private network and the Internet. It can also restrict access to specified sites on the Internet without using SmartFilter but isn’t as efficient.

Author’s note
Restricting Web site access using Microsoft Proxy Server is a cumbersome process. It is really only useful for filtering a small number of sites. For instance, to block a single site, you must launch the Internet Service Manager (ISM) to configure proxy. From the ISM, you must choose the proxy server to configure and pull up the properties sheet. From there, you must select the Service tab, the Security tab, the Domain Filters tab, and then Enable Filtering. You can add exceptions from there by specifying a specific domain name, IP address, or group of IP addresses. Trying to block all sites that pertain to adult material would be an impossible task using only Microsoft Proxy Server.

You can download a free evaluation copy of SmartFilter from the Secure Computing Web site. If you want to purchase it, contact the sales office listed on the Web site. Pricing varies depending on the number of clients you’ll be using. Two-year subscriptions are also available with a discount on the second year. All subscriptions include the reporting tool, maintenance, 24-hour technical support, and upgrades. Prices (on a per-user level) for the SmartFilter Control List subscription at the time of this article are:
  • 50 to 99 users—$25.00
  • 100 to 249 users—$16.90
  • 250 to 499 users—$10.60
  • 500 to 999 users—$6.70
  • 1,000 to 2,499 users—$4.60
  • 2,500 to 4,999 users—$3.60

Author’s note
At the time this article was written, SmartFilter only worked with Windows NT and Proxy Server. Secure Computing, the company that wrote SmartFilter, is working on a version for Microsoft’s ISA Server and Windows 2000. A plug-in for the ISA Server became available May 18, 2001.

Control Lists
There are 30 categories in the Control List that group Internet sites into easily identifiable categories. The Control List is actually comprised of two different files named Wtcontrol and Wtcntldr, which are stored on the proxy server. Using control lists on the server prevents you from having to load any additional software on the client. As long as the Web browser is configured to use a proxy server for connectivity, SmartFilter will screen the URL requests.

Your Microsoft Proxy Server must be able to automatically update and reload the Control List via FTP. Every 60 minutes, SmartFilter checks to see if the list is older than 15 days. If it is, SmartFilter will initiate automatic download of an updated list. Control List categories include:
  • Anonymizers/Translators
  • Art & Culture
  • Chat
  • Criminal Skills
  • Cults/Occult
  • Dating
  • Drugs
  • Entertainment
  • Extreme/Obscene/Violence
  • Gambling
  • Games
  • General News
  • Hate Speech
  • Humor
  • Investing
  • Job Search
  • Lifestyle
  • Mature
  • MP3 Sites
  • Nudity
  • On-line Sales
  • Personal Pages
  • Politics, Opinion & Religion
  • Portal Sites
  • Self-Help/Health
  • Sex
  • Sports
  • Travel
  • Usenet News
  • Webmail

Installation
Installing SmartFilter is similar to installing other software; there are no surprises. Simply run Setup and hang on for the ride. One small bump occurs when you must input the information necessary to download updated Control Lists. Just supply FTP site, username, and password information on the appropriate screen, and you’re done.

The World Wide Publishing Service must be running on your proxy server for SmartFilter to work. If you uninstall SmartFilter, it will stop this service and you will have to manually restart it or reboot.

Configuring SmartFilter
Once you have successfully installed SmartFilter, you will need to configure it to meet the needs of your organization. To start the program, go to Start | Programs | Secure Computing | SmartFilter. You will be presented with a screen that has multiple tabs you can configure, as shown in Figure A.

Figure A
At the start, SmartFilter gives you a simple configuration screen. 


The List Control tab allows you to check to see if the program has an updated Control List. This is performed regularly through the automatic download function, but you can also choose to update the list right away. If you get an FTP error, you may want to check your connectivity. In some cases, reloading SmartFilter will be necessary. Also, if you are still running Internet Information Server 3.0 (IIS), you may have to upgrade to version 4.0 or higher.

From the Categories tab, you can choose to Allow, Deny, Coach, or Deprioritize categories during specific times. All sites defined within each category are deemed potentially inappropriate for today's typical workplace or educational environment. In the broad context of cultural norms and individual taste, what is considered inappropriate may be debatable. Identifying sites for inclusion in one of the SmartFilter categories is an ongoing task, and Secure Computing does not guarantee that all potential sites within a given category have been identified. Therefore, users are encouraged to consult the SmartFilter Where Tool to determine whether a specific site is defined in the current SmartFilter Control List. Users can also submit sites for indexing.

For each of the categories, you must select the times and days of the week you want the action to apply. SmartFilter has four actions from which to choose. The Coaching feature allows you to display warning messages to users who access restricted sites, but will still allow viewing of the site. The Deprioritizing feature lets you impose response time limits to user access. The user is allowed to view the site, but the URL is deemed a lesser priority than other sites and each packet is delayed as it is downloaded from the site. The Allow feature will let the user view the site without warning messages or response time limits. The Deny feature completely blocks the user from viewing the site and displays a message.

The Special Sites tab, shown in Figure B, allows access to specific URLs within a restricted or denied category. You would also use this if you discover a new site that is not yet categorized.

Figure B
You can use the Special Sites tab to customize your control lists.


For instance, if you have blocked the Online Sales And Merchandising category, you can use the Special Sites to exempt a site such as Sears.com. This would allow your users the permission to access the site. Conversely, you can add a site’s URL to a category that you have already restricted.

You would use the Search Sites tab to restrict the use of search engine sites that allow searches for information across the Internet as shown in Figure C. From here you can also restrict searches based on specific words.

Figure C
You can control how search engines display searched content on the Search Sites tab.


Usenet traffic can potentially cause a lot of bandwidth usage. The News Sites tab is used to allow access to specific news sites that may be in a restricted category, as shown in Figure D.

Figure D
You can block Usenet on the News Sites tab.


SmartFilter allows you to block file types as well as Web sites. To restrict access to specific types of files, such as .mp3 files, you would add them to the Forbidden Files tab shown in Figure E.

Figure E
SmartFilter can block file types, too.


The Logging/Reports tab, shown in Figure F, allows you to set logging options for SmartFilter. SmartFilter uses either standard ODBC logs or text logs to track connections and the action applied to each connection. To create these logs or reports, use the LoggingReports tab. You can choose to log all requests, categorized HTTP requests, or restricted HTTP requests. To use the ODBC Logging feature, Microsoft Proxy Server requires you to configure the ODBC database schema for SmartFilter. To do so, complete the tasks in the Creating A Database Schema For SmartFilter Using Microsoft Access Wizard or in Creating A Database Schema For A Sql Server Database, as appropriate.

Figure F
You can control how SmartFilter logs accesses.


You can configure SmartFilter to warn users when they’re visiting an inappropriate site. To have a message appear on screen when a user completes a particular action, define the message in HTML using the Messages tab shown in Figure G.

Figure G
In addition to blocking files, SmartFilter can issue warnings.


If you have particular users on your network that require special HTTP filtering, configure them using the Groups tab shown in Figure H. For example, in a school setting, you may want to exempt teachers and administrators from some types of filtering.

Figure H
You can create groups with special filtering needs.


Conclusion
Since there are thousands of new sites posted to the Web daily, it is impossible for any program to completely filter inappropriate material. SmartFilter’s update feature helps to overcome this problem by continually adding new sites to its database. Also, the user interface and category lists make it easy to configure. So, if you are currently using Microsoft Proxy and need to have an Internet filtering tool, SmartFilter is a smart choice.

Editor's Picks

Free Newsletters, In your Inbox