Companies Combine URL Filter, Proxy Blocking for CIPA Compliance
Network security vendor DeepNines Technologies is combining one of its products with URL filtering technology from SurfControl to create an intelligent filter to help school districts prevent students from using Web proxies to view unauthorized Web sites.
The new tool, named iTrust, is aimed primarily at school districts because of the provisions of the CIPA (Childrens Internet Protection Act).
CIPA requires districts take measures to prevent pornographic content and other material deemed inappropriate from being accessed on school computers. It combines DeepNines Security Edge Platform, which has helped hundreds of K-12 districts across the country detect and eliminate all types of Web proxies, with SurfControls URL filtering technology.
The product has the intuition to block access to both known and unknown malicious online content and web proxies, Officials at Dallas-based DeepNines said.
Despite the presence of URL filters, school administrators have found students use Web proxies to make an indirect connection to the Internet through an outside proxy server.
Once the student has established this connection, the proxy searches the Internet for the desired Web site on the students behalf.
Ron Smith, administrator of technical services at the Highland Park Independent School District in Dallas, described students use of Web proxies to get around Web filters as an "epidemic problem in education."
"Their appliance, because it does packet inspection and [you have] the ability to create rules on it...works really well at stopping access to prohibited Web proxies," he said.
Greg Jackson, vice president of technical services at DeepNines, said the company found in its research of how businesses are using URL filters and saw a need for an integrated security tool.
"We found that a number of them are not sitting in line, and when I say in line I mean all traffic has to go through [the filter]," Jackson said. "Basically what theyll do is theyll sit off of the firewall, so as the firewall sees a port 80 request from the inside it will hold that connection and re-direct it to the URL filter and ask it if this person can go to the URL."
"So," he continued, "what we said, since they are sitting off to the side, if they are ever down or if theyre ever too busy to take anything, then kids will be able to go by it, because they dont necessarily have to go through the device. So we developed the SurfControl piece to go in line with our current product."
There are about eight to 10 different kinds of Web proxies, all of which can be stopped by DeepNines product, company officials said.
Smith said the Security Edge Platform has made monitoring Internet activity much easier. While other products provide after the fact reporting, DeepNines product offers the ability to watch Internet traffic in real time, he said.
"We could track [unauthorized Web activity] back to a workstation through the reporting, which of course is after the fact, but we couldnt necessarily tell you who was logged into that workstation," Smith said.
"You can have [Security Edge Platform] on your desktop and you can watch every Web site that anybody in your network is going to. Plus you can stop it and you can filter back through it."
Though iTrust is currently aimed at schools, DeepNines VP of Marketing Dirk Christiansen said it could serve the same purpose for corporate leaders interested in controlling Web surfing at work.
"It certainly is applicable to all those environments," he said.