Internet Access Control.

by The Editor [Published on 7 Dec. 2000 / Last Updated on 20 May 2013]

This internet access control article aims to tackle the various security issues facing companies such as, viruses, hackers and much more. Controlling and monitoring internet access is a must for every corporate network to ensure ultimate network security and integrity. Also reviews products which are leading the way in network security and controlling internet access.

Ensuring productive Internet use at work


Introduction

This white paper examines the increasing need for Internet access control and explains the business benefits of using the right monitoring tool coupled with a corporate policy document on Internet use.

The following topics are covered:

  • Internet - a prime business tool
  • Millions of sites to visit: Wasting corporate time, money and bandwidth
  • Pornography and offensive sites - an additional dimension
  • Virus contamination from the Internet
  • Controlling Internet use
  • Creating a Web use/network policy
  • LANguard Content Filtering & Anti-Virus for ISA server

INTERNET ACCESS CONTROL
Internet - a prime business tool

The Internet has become a prime business tool and workplaces the world over are rapidly becoming 'wired'.

A July 1999 CyberAtlas article listed the different ways in which Internet has made life easier for business people: it facilitates communication, enhances collaboration without the need for travel or expensive phone bills, and improves productivity.

Millions of sites to visit: Wasting corporate time, money and bandwidth

This is all very well if employees use the Internet at the workplace as intended, that is, to meet company goals. However, a wired workplace can equally find its productivity hampered rather than augmented due to employees having Internet access: The Internet is vast and the temptation to surf the Net out of personal interest while at work proves to be a highly alluring proposition for many!

The US Department of Labor estimates that wasted time costs corporations up to $3 million a year for every 1,000 employees, as reported in TheStandard.com (January 2000). The article continues: "Where are employees wasting most of their time these days? It's not the watercooler. Companies that want to improve efficiency are looking to rein web-surfing workers…"

The Sacramento Bee (July 19, 1999) reported that "organizations lose an estimated $50bn a year in productivity due to employees web-surfing out of personal interest at the workplace"

The same article continues: "From the lowly file clerk to the high-level executive, computer users are openly or secretly navigating in cyberspace, checking ball scores, playing games, shopping for clothes, reading movie reviews, perusing job postings or even signing on at adult-oriented sites".

In 1993, there were 26,000 domain names in use; in 1999 there were over 5 million web sites. Of these, for example, the number of porn sites totals over several hundred thousand. Overall traffic to porn sites continues to multiply. Nielsen NetRatings recorded a 140 per cent jump in porn traffic from April to September 1999, to 12.5 million unique visitors.

It is no surprise that the cover of The New Yorker of December 6, 1999 depicted a group of office workers in their cubicles concentrating on their computer screens, while giving a view of what was really catching their attention!

And yet it is not just porn which distracts employees from the work at hand - even though employee visits to sexually explicit sites not only reduce productivity and waste bandwidth, but could also reap unwanted legal repercussions for the company, as discussed below.

The general view is that uncontrolled Internet use at work diminishes overall corporate productivity by squandering precious company time as well as wasting bandwidth, slowing the system down, causing unnecessary bottlenecks and exposing the organization to security risks.

Pornography and offensive sites - an additional dimension

· Xerox Corporation fired 40 people in October 1999 for excessive non-work-related use of the Internet and visiting inappropriate sites, such as pornography and gambling sites - in violation of corporate policy.
· 1970s glam rock star Gary Glitter was convicted of possessing pornographic pictures of children that he downloaded from the Internet (November 1999).
· On December 9, 1999, UK police arrested 11 men in connection with Internet porn, as part of a countrywide raid aimed at catching those in possession of or distributing indecent images of children.

Downloading or trafficking child pornography is recognized as a crime in many countries and states. Should an employee use a company computer to access such sites, this could lead to criminal proceedings not only for the user concerned, but also for the company.

Even if criminal proceedings do not enter the picture, employees visiting pornographic or other sites that could be considered offensive lay themselves - and the company - vulnerable to harassment lawsuits from bemused co-workers.

Few if any laws challenge the idea that any information sent or received by a company computer is company property, regardless of which employee(s) uses that workstation. This leaves little option for wired workplaces but to invest in the right protection.

Virus contamination from the Internet

The proliferation of web sites as a means of corporate promotion, customer care and commerce gives rise to another way in which Internet access at the workplace could lead to loss of time, money, information, and more!

This threat comes in the form of web-borne viruses that could be present in HTTP/FTP downloads or malicious scripting that could be encountered while browsing.

A new alarm was sounded in December 1999, when a virus called W.95Babylonia made an appearance. This virus spreads through Internet chat rooms and updates itself automatically with files from the web.

Web pages may secretly contain malicious code and online files available for download could include Trojans, viruses, objectionable material and more. (For more information, please see the GFI white paper on "Keeping corporate web use productive and secure".)

Organizations must arm their Internet users against such threats, which could have devastating effects on one's station or network.

Controlling Internet use

It would be impractical and self-defeating to ban Internet use as the solution to these problems. At the same time, however, they must be tackled with immediacy.

Such an approach could only lead to the waste of precious corporate resources. A more responsible strategy would help:

  • Optimize bandwidth,
  • Vastly improve network speed,
  • Increase productivity,
  • Block crucial information loss,
  • Save time, and
  • Stem the possibility of lawsuits resulting from employees' surfing habits.

The first step to stop the abuse of network resources at work, and to protect against threats would be to devise a clear policy to direct staff as to what is acceptable or otherwise. Next, the organization should invest in unobtrusive but effective tools, such as an Internet access control and anti-virus/content filtering tool.

A July 1999 bulletin on Internet access control by International Data Corporation predicts that more corporations will buy Internet access control products "to block and filter Internet access to improve productivity, conserve network bandwidth, and limit legal liability".

A reliable Internet/network access control package - and a well-written usage policy document (see below) - can curb employee visits to waste-of-time sites and ensure greater productivity and efficiency.

Creating a web use/network policy

It is important to prepare an Internet use policy document that advises all members of staff that their Internet usage is being monitored, while setting guidelines as to what the company deems acceptable in this sphere.

Your policy should list your acceptable-use Internet policies in a written document that is circulated to all members of staff. For example, you might wish to allow employees to access the Internet for personal use during lunch-break and before/after official work hours.

Outline those practices that are unacceptable - such as surfing out of personal interest during work hours; visits to sexually explicit, racist or terrorism-related sites whether during work hours or not; and the downloading of (specified) objectionable material.

Introduce a system for employees who land on an unacceptable site by accident - for example, by clicking on a seemingly relevant link during a work-related search - to report the mishap to an authorized person, to prevent undue censure.

Stress that employees should only go online when needed, rather than leaving their Internet connection running throughout the day.

Explain how such measures not save precious company time and bandwidth but also serve to guarantee a more pleasant work environment while safeguarding the company and its employees from legal suits.

Create a similar document on network use, clearly defining who has access to what shares, for instance.

It is important to specify the penalties that apply for breach of Internet or network use policies.

In a November 1999 article on the topic, InfoWorld senior business and technology architect Brooks Talley advised: "Communicate clearly the change in policy. Be sure to enumerate the reasons for the change, but also be sure to make it clear that if someone has a real need for a service, you are committed to providing it."

Of course, once you have created a distributed your policy, you must install a tool that can enforce it. Once such product, which is simple to use and highly effective, is LANguard.


Content Filtering & Anti-Virus for ISA server

LANguard Content Filtering & Anti-virus for ISA Server provides content filtering and anti-virus checking of inbound material at server level. It scans incoming traffic for viruses, Trojans or objectionable material. Using its powerful rules engine, you can define which files you wish to allow users to have. You can also configure LANguard to quarantine file downloads for administrator approval. In addition, LANguard enables you to set rules that can stop unproductive use of the Internet at the workplace.

LANguard was built from the ground up to work with ISA Server. As a result, installation and administration are easy: No dedicated machine or specialized know-how is required and there is no need to change anything to your network configuration. LANguard links in as an ISAPI extension and can leverage features such as alerts, reporting and so on, that are already found in ISA Server.

LANguard can prevent unproductive use of the Internet at the workplace by checking for keywords in URLs and web pages to determine whether a site is appropriate or not. LANguard can detect specific keywords in Internet traffic, for example, if a user is reading a web page with a certain keyword, or doing a Search for that keyword. You can also specify combinations of keywords. This allows you to block searches for objectionable material, without having to prevent access to an entire search engine site.

Besides, LANguard's anti-virus module scans incoming traffic - such as HTTP and FTP files that are being downloaded - and checks them for viruses. Additionally, LANguard automatically downloads virus updates whenever necessary to keep your protective set-up up-to-date.

Working hand in hand with this is LANguard's content filtering module. This allows you to quarantine suspicious file types such as .exe files, zip files and other files that could contain harmful content, including Java applets and ActiveX controls. It is true that you can block all these files at firewall level, but this would substantially reduce the usefulness of the Internet and therefore employee productivity. Instead, LANguard quarantines the files for review and approval by the administrator. This way, users can still download the files they need, but these can be checked for malicious content before being delivered.

As further defence, LANguard protects you from present and future Word macro viruses. If it detects a Word or Excel attachment that contains a macro, it automatically disables the macro. This means you do not have to worry about users downloading documents that contain Word macros, which could possibly harbour a virus.

Featured Links