Content Filtering

The challenge of keeping inappropriate material out of your network and keeping sensitive business information from going out of your network are priorities in business climate. Legal problems can be created and good intentions will not to protect you. An employee can glimpse at sexually provocative information on a colleagues computer and you could find be creating a "hostile workplace." An employee who inadvertently lets slip personal information about one of your customers and you could find yourself in violation of privacy laws. Having the wrong content come in or go out can result in reduced productivity or loss of your competitive edge. When companies select a content filtering strategy in place as early as possible -- and it makes even more sense to choose solutions that can grow with your company.

Beyond the firewall

You may believe you have all the protection necessary because your network is behind a firewall because that’s what a firewall does: it stands between the Internet (public network) and your internal (private) network and filters inbound and outbound traffic. Unfortunately, traditional firewalls filter at the packet level; that is, they filter data packets based on IP addresses, port numbers, and services. The information that’s added in headers at the service, network and transport levels of the OSI model.
Most modern firewalls go beyond packet filtering and add some degree of application layer filtering (ALF). With ALF, a firewall can analyze higher layer information and recognize the protocols used by specific services, and validate that the data inside the packet is valid. Content filtering is a form of application layer filtering, in which the actual data itself is examined and can be compared against a database of text strings, for example, that is prohibited.

Some ALF firewalls, such as ISA Server 2004, can perform this rudimentary form of content filtering "out of the box." However, an effective content filtering strategy generally requires more sophisticated filtering than can be done with an ALF firewall alone. Better content filtering programs go beyond lists of keywords to block, and can use heuristics and other methods to analyze the context in which words are used to determine whether the content should be blocked.

Content filtering solutions for SOHO to large enterprise businesses

The smallest businesses may not even have business-class firewalls in place, since such firewalls tend to be costly. For example, ISA Server 2004 Standard Edition costs $1499 (per processor). Firewalls from other vendors that have ALF functionality often cost even more. Many small businesses rely on inexpensive firewall appliances designed for telecommuters or SOHO (Small Office Home Office) models such as those made by cost  under $500. Others can’t afford to spend extra on a firewall at all; they may use open source firewalls on Linux boxes at the network edge, or rely on the Windows firewall built into XP/Server 2003.
Those without ALF firewalls will need to use a third party solution for content filtering. If you’re on a tight budget and you only have a few computers to protect, you might be tempted to use a consumer level content filtering program. The most basic content filtering packages are those intended primarily for parental control of children’s Internet activities.

Drawbacks to consumer-level solutions

Although the low price looks attractive, there are some drawbacks to going this route. These are client-side programs. Since you’ll need to install the software on every computer, as you add more systems, you’ll have to buy more copies of the content filtering program, creating a hidden cost as your company grows. At the same time, you have no centralized control or centralized reporting--which become more important as your network gets bigger and more complex. Finally, these consumer-level packages don’t offer the same degree of sophistication as content filtering packages that are designed for businesses, and may either allow harmful content to get through or, more likely, block more than you intend to and thus hamper workers’ ability to use the Internet to get their jobs done.

Small business solutions

Some of the companies that make consumer level solutions also offer business versions. However, the most popular small business solutions are those that also offer enterprise level solutions. For example:
 
• Websense offers a Web Security Suite for small to medium businesses that runs on Windows 2000 Server, Server 2003, Red Hat Linux or Sun Solaris. For more info, see http://www.websense.com/global/en/ProductsServices/WSSecuritySuite/
• SurfControl offers Web and email filtering software for Microsoft Windows that can be deployed in configurations to protect networks of all sizes. For more info, see http://www.surfcontrol.com/

Turn-key appliances

Another option is one of many "security appliances" that include firewall functionality with content filtering (some also include anti-virus and other security applications). There are relatively low cost devices that are targeted toward small businesses,.

Scalability considerations

Appliances are attractive because they can be deployed quickly, with no need to install and configure operating systems and application software. Generally these appliances are just as scalable as software solutions because you have the ability to stack hardware configuration that you purchase. It may be difficult to upgrade the processor, memory and other hardware components but your investment is protected with the ability to add new appliances.

The most scalable solutions are those that can be deployed on a single, low powered computer while your needs are modest, but can be upgraded to support more users as the network grows.