In general, web filtering is the idea of setting some kind of filter on your internet connection to block users who try to browse to a site with inappropriate content. You may not care about pornography on an adult’s computer at home (and indeed, it’s protected under free speech laws) but few businesses want to deal with the reputational damage that comes from finding one of your computer’s digital ‘footprints’ in the logs of a questionable site. Web filters are commonly put in place to help keep your users within your corporate Acceptable Use policy (or, at home, to make sure that you’re kids are staying at age-appropriate kinds of sites).
Corporate examples of web filters include Websense and OpenDNS. Home tools might include NetNanny or CyberSitter.
All of these tools work by building long lists of webpage addresses and categorizing each site. Amazon gets classed as a shopping site, Playboy as adult content, YouTube as streaming media, ESPN as a sports site and the local high school as an educational institution. When a user attempts to go to a webpage, the URL is compared to the filter’s master list. If the URL is on the list and allowed, the content flows through to the user’s browser. If the URL is in a blocked category, the user gets an error message on his/her screen instead.
There might be as many as a hundred different categories. You decide whether to permit or block each category on the list based on the risks to your organization including the risk that you will interrupt the business accidentally. Block too much and you’ll find that you’ve gotten in the way of business. Or that you’ve cut off some service that your younger employees take for granted, hurting morale and making retention more difficult. Don’t block enough and you increase legal and employment risks unnecessarily. And no matter how much or little you block, there will always be some false positives – legitimate sites that are mistagged by the vendor. (Breast cancer research sites, for example, are frequently mistagged as adult content.)
The problem now is that the hackers are starting to find ways around the web filters. Inappropriate sites are often up for only a short while, then moved to a new address faster than the filter-makers can update their lists. Inappropriate content is also hidden on hijacked sites that some legitimate business or person failed to properly protect. No matter how hard they try, some inappropriate sites can always slip through. (For more about the limitations of web filters, read this article from CSOonline.)
Even with those limitations, I strongly recommend that every organization install a webfilter to stay safe from hostile workplace suits and other employment risks. It won’t be perfect but it’s still an important part of your layers of defense. I also recommend that any parent with children still living at home install a filter. Kids may seem very web-savvy but they still don’t know how to fully protect themselves from strangers, hackers and other age-inappropriate content. Help to protect them from themselves.