Most companies these days provide Internet access to their employees. Most employees consider Internet access like coffee service – something that they take for granted. While this is a great thing for both employers and employees to have, when that Internet access is completely unrestricted, bad things can happen with alarming frequency. Companies’ IT or security teams need to implement technical protections to block harmful websites, or employees can quickly find their workstations compromised by malware. Let’s first discuss why you would want to block harmful websites, and then how.
Unrestricted Internet access is great but extremely risky. Harmful websites are not just those set up to infect visiting machines or serve up malicious files. On any given day, hundreds to thousands of websites are compromised, either by malicious attackers, or propagating malware. They may be sites that would be considered innocuous, or they may even be sites you would consider relevant to your business, but some misconfiguration or missing patch allowed them to be compromised. But there are also other kinds of sites that should be considered “harmful”. These could be sites that serve content that is not appropriate for the workplace. Adult content, content containing questionable or objectionable material, or social sites that can simply become time wastes could all be considered harmful. As such, you want to have a well-written policy that defines what is and is not considered acceptable, and a technology that can easily and effectively block harmful websites with a minimum of administrative action or client touch.
The most effective way to block harmful websites is to implement technology at your Internet connection point that can filter traffic. You want a product that can provide key protection levels, including site blocking and content filtering. Site blocking will work with lists of websites, divided into categories, that can be blocked or limited based on corporate policy. You might choose to completely block access to pornographic sites, and allow limited access to social networking sites. You may also be willing to let employees access streaming media sites, but you should limit the amount of bandwidth that can be used, to preserve a level of bandwidth for more business critical services.
You also want to be able to scan downloads for malicious content. Remember, perfectly legitimate sites are compromised every day, and you don’t want your users to download a virus-laden file, or load a malicious script from a webpage. You should have functionality that can look inside HTTP streams to make sure that everything the browser loads is safe.
Look for a solution that offers both content analysis and category blocking. The best of these include regular updates to category lists so you don’t have to maintain them yourself, but also enable you to whitelist or blacklist sites based on your own needs. When it comes to content analysis, more is better, so choose a solution that uses multiple antivirus engines to get the job done.
Bandwidth controls should be available to restrict or block streaming media or other content that can consume bandwidth, and you may find time-based solutions to be very valuable. If employees are on their lunch break, let them check their walls and feeds, but after lunch, it’s back to work!
You need to block harmful websites, you know this. Now you also have a good idea on how to block harmful websites. Find the right solution for your environment that includes the maximum number of options available, with the minimum amount of administrative work required, and you’ll be all set to protect your company and your users, without blocking Internet access completely.