How to Pick a Web Filter

 
 
By Brett Littrell  |  Posted 2008-03-06
 
 
 

How to Pick a Web Filter


There is nothing worse than buying into something and then finding out that it is merely a shadow of what it was advertised to be. I was unfortunate enough to find out first-hand that more testing, and a little more research, is definitely better to do first-before basing a purchase decision on a company's good track record with another product.

Being a customer of the Barracuda spam filter, I was very happy and impressed by its cost and functionality. When we had to look at a replacement for our Web filter software, I was inclined toward Barracuda. This was because of the product's price and from my previous good experience with the company. Next, however, is what I learned after purchasing its Web filter software.

If you can get an appliance, then get one. The reason is simple: There are no issues with server memory, hard disk storage, etc. We took this approach as we looked at various Web filter vendors such as Blue Coat, SurfControl, Cisco Systems and a few others. What we found was that most of them cost a whole lot of money. We went with Barracuda due to the affordable cost and the trust we had that it could deliver a quality product similar to its low-priced spam filters.

Filter Interoperability is Important

First thing to look at in a Web filter, appliance or not, is the interoperability of the filter with your own environment. For my school district, we usually use LDAP and Syslog for interoperability. Most of the Web filters we looked at did not have both of these pieces. Most of the reporting done from the other solutions was sent to another server the Web filter company supplied (at a price). Barracuda, however, fit the bill for both of these requirements, so that was another plus for it.

Consider Web Filter Capabilities


 

Little did we know at the time, Barracuda's Syslog format was all but useless due to the inability to efficiently parse it with regular expressions. In addition, Barracuda would eventually break its own secure LDAP functionality with an update-leaving customers not using MS LDAP with clear-text LDAP only.

We found that the second thing to look at is what the Web filter can do. We reviewed the different Web filters and found that most did the exact same thing: blocked content by category, blocked viruses, blocked spyware, etc. Barracuda seemed to fit the bill for this as well, and it still seems to do a good job, except for when it decided to move MySpace from one category to another, leaving me to figure it out on my own when a lot of students started accessing the site all of a sudden.

Reporting is a Major Issue

The third feature to look at is reporting. For us, this can be a very major issue. All the different Web filters reported in one way or another; Barracuda as well. The interface for the Barracuda is actually pretty nice. But a huge issue Barracuda has is this: If you run a report that requires the server to access archive files, you are out of luck with the Barracuda. We found this out the hard way when a police investigation requested some records. It took us more than two months to find out from a Barracuda technician that this is a known issue, and that the fix is at least two major firmware releases away. This, of course, is not something you would find out until after you have had the software installed for a period of time.

Security is Key

The fourth issue is security. Not having your Web filter bypassed or made a prime target for DOS (denial of service) attacks is always a good thing to look for. So far we have not had any issues with someone breaking into the Web filter, but I did find an easy to exploit DOS attack that literally shuts down the server by downloading a certain type of file. I reported this to Barracuda and never had it fixed.

Strong Tech Support Vital


 

High-Quality Tech Support

Fifth, and most important, is to look at the quality of the tech support. If you have a good working relationship with a company, then you are already one step ahead. But that does not always hold true across product lines. I have had nothing but a good experience with Barracuda spam filters, but that did not equate with their Web filter support.

For example, I would open a ticket and work with a tech for a while. But when they found they could not fix an issue, they would say they had to research it. Then they never called back. Plus, calling them back resulted in a brand-new ticket being generated and a new tech assigned. So, frustratingly, I had to start from the beginning again and again each time. The DOS attack I reported four to five months prior recently recreated the same scenario, while locking up the entire server again. Obviously, tech support dropped the ball on that one.

Lessons Learned

The lesson we learned while choosing our Web filter was that going with a company that makes another good product does not always mean that the Web filter it provides will be as good. Tech support may not be the same across product lines. Good spam filter support does not necessarily equal good Web filter support. Also, just because a company says it supports a format or standard does not mean that the way in which it supports it will work for your company (i.e., Syslog and LDAP).

What comes out in the end is you should first create a detailed list of all the functionality desired and needed by your company. When that list is complete, then you should test, in-depth, each and every option to ensure it works correctly within your environment. Many of the issues I ran into may not have shown up during testing due to the changes that Barracuda made later, which broke some things (like LDAPs), or due to other tasks that take a bit of work on another system such as parsing the Syslog messages via regular expressions to be read by our MARS (Multiuser Archival Retrieval System) box.

Still, other things just have to be learned over time and they are hard to test for-such as tech support and archived logs. Unfortunately, in general, presales tech support always seems to be 500 percent better than postsales support. If companies reversed that trend, they would probably have customers who never went away.

 Brett Littrell is the network manager for the Milpitas Unified School District in California. The school district manages about 10,000 students and 1,000 employees. The network has around 2,000 to 2,500 client computers with three techs to maintain them all. He can be reached at blittrell@comcast.net.

Rocket Fuel