Internet monitoring and filtering can increase network security and performance.
You may feel fairly confident that you’re maintaining a security policy that protects your company from the majority of external threats.
But do you have any idea what the other people at your company are doing on the Web? If you don’t know or care, you should. Many people use working hours and their employer’s Internet bandwidth to download files, visit inappropriate Web sites, make travel plans, look for a job, and exchange personal e-mail, among other things.
On the surface you might think that this is no big deal. However, nonwork-related Internet activity costs businesses a significant sum of money in lost productivity each year. In addition, unmonitored Internet activity can likely increase security risks (e.g., downloading of virus-bearing files) and legal liability. The bandwidth needed for company operations is also diminished without proper activity monitoring. The best way to manage Internet activity is to implement an Internet monitoring and filtering solution. For many companies, completely locking down Internet access just isn’t practical. Staffers may need to use the Web to do research for projects, to access applications on a business partner’s Web site, or to order business equipment, and so on. The best way to approach Internet monitoring and filtering is to define an Internet Usage Policy (IUP)–a document that clearly spells out what is and isn’t acceptable use of company bandwidth.
To do this, start a discussion across your company about appropriate Internet use. As a company, come up with a policy that is reasonable from both management and worker points of view. For example, you might find it reasonable to allow end-users up to 60 minutes per day–during the lunch hour or before or after working hours–to view news headlines, visit educational sites, and so on.
By contrast, you may want to block end-users from accessing personal Web-based e-mail accounts to prevent information leaks. You also might want to block the ability to download MP3 files to conserve network bandwidth and limit liability.
An IUP should be defined and a monitoring and filtering solution implemented only after everyone at the company has given input into what is reasonable. Once defined, the IUP should be clearly communicated to all employees.
I recently spent time defining an IUP and evaluating three Internet monitoring and filtering solutions–Elron Software’s IM Web Inspector, SurfControl’s SuperScout Web Filter, and Vericept’s Vericept Pro.
Elron’s IM Web Inspector
Elron Software’s IM Web Inspector was remarkably easy to install and tailor to the IUP that I had defined. This software-based solution supports installation on Windows NT 4 with SP4 or later or Windows 2000. Even though IM Web Inspector cannot be installed on non-Windows platforms, such as Linux or Solaris, the solution is fully capable of monitoring, filtering, and blocking activity in mixed operating-system environments.
IM Web Inspector classifies user activity via its included dictionaries. The solution provides default activity classification out of the box, including categories for FTP, Web-based e-mail, chat, instant messaging, sexually explicit material, news, sports, stock quotes, and more.
Elron Software’s dictionaries support content-based technology called SmartList, which inspects the content of Web activity, such as metatags, and adds restricted activity to the dictionaries based upon your IUP definition. For example, I created a dictionary for job-searching activity that used the SmartList technology. Then I acted as an end-user and surfed to a variety of job sites. IM Web Inspector detected my job-searching activity correctly.
IM Web Inspector monitors in real time and can filter both sites and user activity. Web sites may be categorized as open to all, blocked, or unmonitored. Users can be categorized as monitored with no restrictions, monitored with restrictions, unmonitored with restrictions, or unmonitored and unrestricted.
One eye-opening setting in IM Web Inspector is the default surf time cost-per-minute setting. Companies can define the per-minute cost for inappropriate Internet activity based on their median salary rate. For example, I calculated that the cost per minute in my test company was 50 cents per staffer. When I viewed IM Web Inspector’s SurfTime reports, I was able to view exactly how much money was being lost to inappropriate Internet activity and the percentage of working hours that were being devoted to non-work-related activity.
Elron supports more than 100 built-in reports out of the box–some of the most comprehensive reporting in this software category. Management can view reports based on sites, users, workstations, or network bandwidth. There are also summary reports that let management view user activity by category or the top 10 users based on inappropriate activity.
SurfControl’s SuperScout Web Filter
As with Elron Software’s Web Inspector, I had no trouble installing and configuring SurfControl’s SuperScout Web Filter to match my test IUP. This software-based solution supports Windows NT and 2000, Solaris, Linux, and also works with CheckPoint’s FireWall, Novell’s BorderManager, and Microsoft’s ISA and Proxy Servers.
SuperScout Web Filter was able to monitor activity across all of the mixed platforms on my test network, including Solaris, Linux, and Macintosh-based systems. The solution includes a color-coded real-time monitor as well as tools that help you track historical data.
By default, SuperScout Web Filter comes with a number of predefined rules based on activity categories, such as audio file downloads. The solutions’ Rules Administrator allows administrators to quickly create and modify rules to meet the needs of nearly any IUP. For example, I created a rule with a threshold that allowed users to access news sites only during lunchtime.
SurfControl provides an optional add-on module called Virtual Control Agent, which performs a function similar to Elron’s SmartList technology. Virtual Control Agent analyzes content and dynamically updates category listings to maintain a company’s IUP over time.
I liked the built-in reports that are included with SuperScout Web Filter. The company supplies more than 50 reports, including cost analyses of inappropriate activity by department or by user. I was able to customize the existing reports, but could not find a way to create new reports.
In addition, I had trouble accessing the Web-based reporting module remotely. It worked fine with Internet Explorer but not with Netscape or Opera.
Overall, I was fairly pleased with SurfControl’s SuperScout Web Filter. Companies considering this solution should order it with the optional Virtual Control Agent to maximize protection and minimize administrative requirements. Moreover, businesses with browser-compatibility concerns or those that require significant report customization options will want to carefully examine these aspects of SuperScout Web Filter before buying.
Vericept’s Vericept Pro
The third solution–Vericept’s Vericept Solutions–takes a markedly different approach to implementing a company’s IUP. This combination hardware and software solution plugs into the network (10BaseT or 100BaseT) and passively monitors all TCP/IP-based traffic.
Vericept’s V1100 is a Linux-based appliance that is configured to match your IUP. The device collects network traffic of all types–e-mail, Web, instant messaging, FTP, telnet, and the like. Built-in linguistic and mathematical analysis modules then analyze the traffic.
Activity that matches a company’s acceptable use policy is discarded while actions considered inappropriate based on the IUP are identified and stored for later retrieval and examination by designated personnel. The Vericept solution does not block or filter activity; it enables the company to identify and deal with inappropriate use issues in an offline manner.
Setting up the V1100 was very straightforward. I connected a monitor and keyboard to the device and set its parameters, such as its IP address. Once configured and connected to the test network, the V1100 was ready to monitor traffic.
Next, I checked out the included browser-based administration and reporting tools. I had no trouble accessing and using Vericept’s tools–locally or remotely–using Navigator or Internet Explorer.
Like the other solutions I examined, Vericept can be highly customized to meet the IUP definition of most any company. For example, I added and modified keywords that denoted inappropriate access to audio and video files and was able to specify users who should and should not be monitored.
Vericept includes built-in reporting available via Web browser. I was able to view IUP exceptions in a color-coded format that clearly showed what users were doing. I then drilled down into the data and was able to view exactly what a test end-user was doing and when. The V1100 had saved copies of all inappropriate activity. However, I could not create customized reports.
Vericept correctly trapped all instances where I deliberately tried to access inappropriate content. It did a good job of trapping even the sneakiest workarounds that I attempted. What’s more, it accurately reported on my activity and notified the person designated in the test IUP.
Implementing an IUP
All the solutions I evaluated are prepared to meet the needs of businesses that want to implement an effective IUP strategy at a budget-minded price. Choosing one over another largely comes down to the platforms and approaches that you want to take to support your IUP.
Based on the IUP I defined in my test environment, Elron Software’s IM Web Inspector did the best overall job. However, the way an organization defines an IUP is going to vary substantially given business dynamics, the computing environment, and the type of work being performed. Therefore, this product category is one in which you really need to evaluate solutions in a hands-on manner after having defined the IUP that matches your organization’s requirements.