A scalable content filtering strategy keeps your business on track

Filtering the content of email messages coming into and out of your organization, Web sites being accessed by your company computers, IM conversations and other data that travels on your network makes business sense because it can save money that might be lost to lawsuits or reduced employee productivity.

Regardless of the size and nature of your business, keeping
inappropriate material out of your network and keeping sensitive business
information from going out of your network have to be top priorities in today’s
business climate. Lawsuits can happen at the drop of a hat, and good intentions
aren’t enough to protect you. Let an employee glimpse a sexually provocative
photo on a co-worker’s computer and you could find yourself sued for creating a
“hostile workplace.” Have an employee who inadvertently lets slip personal
information about one of your customers and you could find yourself in
violation of privacy laws. And even if you escape litigation, having the wrong
content come in or go out can result in reduced productivity or loss of your
competitive edge. That’s why it makes sense to get a content filtering strategy
in place as early as possible — and it makes even more sense to choose
solutions that can grow with your company.

Beyond packet filtering

You may think you have all the protection you need because
your network is behind a firewall. After all, that’s what a firewall does: it
sits between the Internet and your internal network and filters inbound and
outbound traffic. Unfortunately, traditional firewalls filter at the packet
level; that is, they filter data packets based on IP addresses and port
numbers, the information that’s added in headers at the network and transport
levels of the OSI model.

Tips in your inbox

TechRepublic’s free Strategies that Scale newsletter, delivered each Tuesday, covers topics such as how to structure purchasing, when to outsource, negotiating software licensing or SLAs, and budgeting for growth.

Automatically sign up today!

The good news is that most modern firewalls go beyond packet
filtering and add some degree of application layer filtering. With ALF, a
firewall can analyze higher layer information and recognize the protocols used
by specific services, and validate that the data inside the packet is valid.
Content filtering is a form of application layer filtering, in which the actual
data itself is examined and can be compared against a database of text strings,
for example, that is prohibited.

Some ALF firewalls, such as ISA Server 2004, can perform
this rudimentary form of content filtering “out of the box.” However, an
effective content filtering strategy generally requires more sophisticated
filtering than can be done with an ALF firewall alone. Better content filtering
programs go beyond lists of keywords to block, and can use heuristics and other
methods to analyze the context in which words are used to determine whether the
content should be blocked.

Content filtering solutions for small to large businesses

The smallest businesses may not even have business-class
firewalls in place, since such firewalls tend to be costly. For example, ISA
Server 2004 Standard Edition costs $1499 (per processor). Firewalls from Cisco,
CheckPoint and other vendors that have ALF
functionality often cost even more. Many small businesses rely on inexpensive
firewall appliances designed for telecommuters or SOHO (Small Office Home
Office) models such as those made by SonicWall and Watchguard for under $500. Others can’t afford to spend
extra on a firewall at all; they may use open source firewalls on Linux boxes
at the network edge, or rely on the Windows firewall built into XP/Server 2003.

Those without ALF firewalls will need to use a third party
solution for content filtering. If you’re on a tight budget and you only have a
few computers to protect, you might be tempted to use a consumer level content
filtering program. The most basic content filtering packages are those intended
primarily for parental control of children’s Internet activities, such as NetNanny or CyberPatrol. Many of
these programs are available for under $50.

Drawbacks to consumer-level solutions

Although the low price looks attractive, there are some
drawbacks to going this route. These are client-side programs. Since you’ll
need to install the software on every computer, as you add more systems, you’ll
have to buy more copies of the content filtering program, creating a hidden
cost as your company grows. At the same time, you have no centralized control
or centralized reporting–which become more important as your network gets
bigger and more complex. Finally, these consumer-level packages don’t offer the
same degree of sophistication as content filtering packages that are designed
for businesses, and may either allow harmful content to get through or, more
likely, block more than you intend to and thus hamper workers’ ability to use
the Internet to get their jobs done.

Small business solutions

Some of the companies that make consumer level solutions
also offer business versions. However, the most popular small business
solutions are those that also offer enterprise level solutions. For example:

Websense offers a Web Security Suite for small to
medium businesses that runs on Windows 2000 Server, Server 2003, Red Hat
Linux or Sun Solaris. For more info, see http://www.websense.com/global/en/ProductsServices/WSSecuritySuite/
SurfControl offers Web and email filtering software
for Microsoft Windows that can be deployed in configurations to protect
networks of all sizes. For more info, see http://www.surfcontrol.com/

Turn-key appliances

If you have a bit more money to spend, another option is one
of many “security appliances” that include firewall functionality
with content filtering (some also include anti-virus and other security applications).
There are relatively low cost devices that are targeted toward small
businesses, such as:

The Network Engines NS series
security appliances that run Microsoft ISA Server 2004 and the Websense Web Security Suite that performs content
filtering
The CelestixSafe@Office model
that runs the CheckPoint firewall software and
offers a subscription to anti-virus and content filtering services

Other appliances operate separately from your firewall. Some
examples include:

McAfee
Secure Internet Gateway, which provides anti-spyware,
anti-virus, anti-spam, anti-phishing, along with
email and web content filtering for small and medium businesses)

·
ContentKeeper SB is designed for sites with up to 50
users, while ContentKeeper SME is more scalable; it
can support from 25 to 2500 users

Scalability considerations

Appliances are attractive because they can be deployed
quickly, with no need to install and configure operating systems and
application software. However, generally appliances are not as scalable as
software solutions because you’re locked into the hardware configuration that
you purchase. It may be difficult or impossible to upgrade the processor,
memory and other hardware components without buying a whole new appliance.

The most scalable solutions are those that can be deployed
on a single, low powered computer while your needs are modest, but can be
upgraded to support more users as the network grows.

TechRepublic Premium editorial calendar: IT policies, checklists, toolkits and research for download

TechRepublic Premium content helps you solve your toughest IT issues and jump-start your career or next project.

Payroll

The Best Human Resources Payroll Software of 2023

With a lot of choices in the market, we have highlighted the top six HR and payroll software options for 2023.

A computer running Windows 11. — Image: Microsoft.

Software

Windows 11 update brings Bing Chat into the taskbar

Microsoft's latest Windows 11 allows enterprises to control some of these new features, which also include Notepad, iPhone and Android news.

A software engineer works from home. — Image: tanatat/Adobe Stock

CXO

Tech jobs: No rush back to the office for software developers as salaries reach $180,000

Salaries for remote roles in software development were higher than location-bound jobs in 2022, Hired finds.

Project management process to manage and develop with resources to deliver quality product, agile development cycle, businessman project manager balance on clock juggling project management elements. — Image: Nuthawut/Adobe Stock

Software

The 10 best agile project management software for 2023

With so many agile project management software tools available, it can be overwhelming to find the best fit for you. We've compiled a list of 10 tools you can use to take advantage of agile within your organization.

A user typing a password. — Image: Song_about_summer/Adobe Stock

Security

1Password is looking to a password-free future. Here’s why

With phishing-based credentials theft on the rise, 1Password CPO Steve Won explains why the endgame is to 'eliminate’ passwords entirely.

PURPOSE This Media disposal policy from TechRepublic Premium provides specific instructions for ensuring organization data is properly protected when disposing of old storage media. From the policy: POLICY DETAILS When disposing of damaged, unusable, obsolete, off-lease, decommissioned, old, or end-of-service-life equipment and media, the organization requires that the guidelines outlined herein be followed: Hard drives, ...

PURPOSE To take some of the effort out of writing (and rewriting) emails to share with company staff and executives, TechRepublic Premium has assembled basic templates to handle the most common types of communications. Simply copy the text into your favorite word processor and customize it to fit your needs. Then, paste it into an ...

A scalable content filtering strategy keeps your business on track