Few resources come close to equaling the Internet in terms of its value to today’s enterprises. But if you don’t manage how your employees use it, productivity may take a big hit. Although the Internet provides unparalleled access to information and tools that can make everyone’s job easier, it can also be a workplace distraction. And there’s plenty of content on the Internet we can do without and would just as soon not even see—especially in the workplace.

Software solutions for filtering content and monitoring Internet use—including CyberPatrol and SurfControl—have been available for some time and are popular with schools and libraries. Now, St. Bernard Software has weighed in with a hardware solution to Internet filtering called iPrism.

iPrism is what St. Bernard refers to as an “Internet access management appliance.” To call it a simple filtering device belies its full capabilities. While it certainly can be used as a filter to block access to sites deemed unacceptable, it can do much more to give you greater control over how your employees use the Internet. You can configure iPrism in a variety of ways to prevent users across your enterprise from abusing Internet access privileges. A brief examination of what iPrism offers may help you decide whether a hardware solution is the right filtering and management option for your company.

Purple box
The first thing you notice about the iPrism is that it’s purple. Yes, purple. I asked if it came in other colors, but St. Bernard reports that what you see is what you get. If, for some reason, you’re concerned about color coordination with other appliances in your enterprise, you might want to take this into consideration.

Included with the iPrism are a standard Ethernet cable, a crossover cable, power cord, and parallel cable.

iPrism, shown in Figure A, resembles a thin rack server and weighs 15 pounds, with a footprint of 1.75” x 15” x 17”.

Figure A
iPrism Internet filtering appliance

The front panel of the iPrism features a power indicator light and Internal and External ports that separate network segments. iPrism’s ports are wired like a server rather than a hub or a switch. The iPrism is designed to reside just inside the firewall or router that connects to the Internet and acts as a kind of bridge between the internal and external segments. Of course, the iPrism must reside inside the firewall, otherwise, it won’t be able to identify and monitor individual workstation Internet traffic.

The iPrism is compatible with networks running at either 10 Mbits per second or 100 Mbits per second.

Features and interface
On board the iPrism is a database of Web site URLs categorized according to the type of content displayed. St. Bernard has divided the Web site classifications into 60 categories, ranging from shopping to pornography. Site assignments to these labels are a key element in the filtering rules you set up and apply using the iPrism.

The onboard database is updated automatically via St. Bernard’s iGuard software, which manages the process by which URLs are classified in the defined categories. If you encounter a URL that is not in the database, you can send the link to St. Bernard, and its staff will inspect and classify the site. That’s right—the classification of sites is actually handled by staff members rather than being automated. St. Bernard says it takes this measure to ensure the accuracy of the URL ratings in its database.

Having a predefined list of categories streamlines the process of setting up Internet access rules. All you have to do is select the category and how you want those types of sites handled, and iPrism does the rest. iPrism handles categories in one of two ways depending on how you set it up: It either blocks access to sites in a given category or monitors visits to those sites (see Figure B).

Figure B
Site category list and filter options

Note that each category also features subheadings that allow you to make finer distinctions in your rules. You can block access to some types of sites within the category but monitor others you want to allow.

The configuration of iPrism as well as the filtering rules are managed through a Web interface on the designated host machine. You can host the iPrism configuration tool (Figure C) on any machine on your network.

Figure C
Configuration via Web interface

The iPrism does more than just filter Internet sites. In addition to allowing you to block or monitor access to certain sites, it offers the following features:

  • Access threshold settings
  • E-mail notification of users reaching thresholds
  • Time of day and day of week settings for rules
  • Reporting with multiple output options
  • Custom messages for blocked sites

You can set a variety of thresholds and specify actions when those thresholds are reached. For example, if you’re monitoring user access to gaming sites, you set a threshold that specifies a maximum amount of allowed time spent at sites in this category. If an employee spends that much time or more connected to those sites, iPrism can automatically send an e-mail message to a designated person, perhaps the employee’s manager, indicating that the employee may be abusing Internet privileges.

Similarly, you can set thresholds for the number of accesses. Instead of specifying a connect time limit, you might specify a limit of three accesses of a particular site.

You can also link filtering rules to certain days of the week and hours of the day. You might, for example, allow access to blocked sites outside of business hours, during the evening or on weekends. Or you might want to allow employees to surf freely on their lunch breaks. You can block off certain time spans in iPrism to accommodate relaxed rules at certain times.

iPrism can output data on Internet use and bandwidth utilization in report form on a regular basis according to your preferences and e-mail the information to a designated address. You can set up daily reports of Internet activity, for example, and have that report e-mailed to the network administrator and/or to designated managers.

You can also set up a custom message to be displayed when users attempt to access a site that has been blocked.

Who needs it?
Given the existence of software tools to accomplish similar goals relating to content filtering, you may ask why you need a hardware solution, and who might benefit from using it. Schools and libraries would appear to be the best consumers for the device. Controlling how the Internet is used and what sites users can access is obviously a big concern in these institutions. Organizations that face productivity issues as a result of Internet use might also consider the iPrism as a possible solution.

Because of ever-tightening budgets, you also have to consider the price of the device. The iPrism costs $2,195, plus the one- or three-year subscription fee, which varies according to the size of your company. That’s an important detail to factor in when determining whether you need such a device.

St. Bernard says that the benefits of the hardware solution add up to a lower total cost of ownership vs. software-based solutions. With the iPrism, you have the hardware and software you need bundled in one package, and the database is updated automatically. No additional hardware or software is needed for other servers or workstations on your network. The single install of the iPrism is sufficient to handle Internet access management.

Since many companies have come to rely heavily on the Internet as a productivity tool, devices like the iPrism can help ensure that the Internet does not have a negative impact on productivity or the professionalism of the work environment. We’ll take a more detailed look at the iPrism in a future article and evaluate how well it performs.