Implement Monitoring and Website Filtering

By Bob Walters  |  Posted 2010-02-01 Print this article Print

Step No. 2: Implement monitoring and Website filtering

Once you have agreed on the extent of your policy, you need to identify a technology that will support your philosophy and business requirements. Management and network administrators need to address and agree on the following:

1. Will everyone fall under the same policy or do some employees require broader access to the Internet than others?

2. Do policies need to be adjusted at different times of the day?

3. Is filtering HTTPS (HTTP Secure) traffic, a common Web filter workaround, important?

4. In addition to Web filtering, do restrictions need to be put on peer-to-peer applications such as IM?

5. Is there a need to integrate with Active Directory?

6. Do any of our computers that are shared by multiple users require different policies based on log-in?

Bear in mind, Web filtering must take into account the extent to which employees need to use the Web for work purposes. Essentially, it's important to decide whether restrictions should be implemented by using a system of blacklisting (that is, employees can visit all Websites except those specifically banned by name or by predefined category) or whitelisting (that is, all sites are banned except for a few that are useful for work), as might be the case in a retail or clerical environment. There are tools available to enable the network administrator to adapt filter and blocking depending on requirements.

Once your organization's specific business policies regarding Web filtering are settled, you should put a monitoring process in place. When it comes to monitoring the Web access and behavior of employees, one of the most efficient strategies is to regularly review reports of network users' online activity, in a random order.

Bob Walters is President and CEO of Untangle. Bob began his career landing F/A-18 Hornet fighter aircraft on aircraft carriers. Today, Bob leads Untangle. Most recently, Bob landed Teros, his application security startup, at Citrix Systems via acquisition. Along the way, Bob has contributed in executive and general management positions at a number of top startup and public companies including Securant Technologies (now part of RSA Security), Linuxcare, Informix Software and Red Brick Systems. Bob is a published expert and invited speaker in Internet security, data warehousing and data mining, entrepreneurship and leadership. He is an honors graduate of the U.S. Naval Academy in Annapolis and was a Guggenheim Fellow at Princeton University. He can be reached at

Submit a Comment

Loading Comments...
Manage your Newsletters: Login   Register My Newsletters

Rocket Fuel