Clearly adopting a head-in-the sand approach to managing access and praying that staff will not abuse resources is best avoided. Companies firstly need to understand what types of content are being accessed, when and how often.
Originally, organizations relied on list-based filters to block access to unacceptable sites. Human classifiers examined the content of web pages and added them to a database blacklist, a white list, or a time-specific list. This strategy, however, has become increasingly inadequate as the Internet continues to grow exponentially each year. Some Vendors have supplemented the database approach with keyword scoring, yet this has also proved to be problematic, as the filter scans a requested page for the frequency of keywords, and if the site scores above a preset level, the filter blocks it. This enhancement is very hit-and-miss and sometimes blocks purely informational pages, such as cancer sites that frequently use the word “breast.” Therefore, building a picture of reliable proactive management of web access and acceptable Internet usage across a company can be made easier with a dedicated third-party web filter that allows detailed reports to be created quickly and easily.
Once an understanding is obtained, a robust Internet acceptable usage policy (AUP) needs to be developed. This outlines what is acceptable, what isn’t and the consequences of breaking the AUP. It is absolutely critical that the AUP is enforced fully and consistently, as failure to do so may mean that staff find methods to avoid it, potentially harming their productivity or the organization IT network.
Bloxx is exhibiting at Infosecurity Europe 2009 held on 28th – 30th April in Earl’s Court, London.
By subscribing to our early morning news update, you will receive a daily digest of the latest security news published on Help Net Security.
With over 500 issues so far, reading our newsletter every Monday morning will keep you up-to-date with security risks out there.