Implement Monitoring and Website Filtering
Step No. 2: Implement monitoring and Website filtering
Once you have agreed on the extent of your policy, you need to identify a technology that will support your philosophy and business requirements. Management and network administrators need to address and agree on the following:
1. Will everyone fall under the same policy or do some employees require broader access to the Internet than others?
2. Do policies need to be adjusted at different times of the day?
3. Is filtering HTTPS (HTTP Secure) traffic, a common Web filter workaround, important?
4. In addition to Web filtering, do restrictions need to be put on peer-to-peer applications such as IM?
5. Is there a need to integrate with Active Directory?
6. Do any of our computers that are shared by multiple users require different policies based on log-in?
Bear in mind, Web filtering must take into account the extent to which employees need to use the Web for work purposes. Essentially, it's important to decide whether restrictions should be implemented by using a system of blacklisting (that is, employees can visit all Websites except those specifically banned by name or by predefined category) or whitelisting (that is, all sites are banned except for a few that are useful for work), as might be the case in a retail or clerical environment. There are tools available to enable the network administrator to adapt filter and blocking depending on requirements.
Once your organization's specific business policies regarding Web filtering are settled, you should put a monitoring process in place. When it comes to monitoring the Web access and behavior of employees, one of the most efficient strategies is to regularly review reports of network users' online activity, in a random order.