Web Filter nuggets

For many open internet enthusiasts, blocking internet content is sometimes seen as non-democratic and a departure from a deeply-embedded culture of freedom of speech. However, web filtering takes many forms. Not only do states order the take-down of illegal or immoral material, but search engines block content in order to adhere to privacy laws. Add to this the fight against the ‘dark net’ and its use for the sale of everything from child pornography to weapons, and it’s clear that some filtering and blocking needs to take place. Indeed, in Europe, most filtering is applied to the above and any material that promotes hatred and terrorism. In the UK, the debate rages on as to whether laws should be extended to include monitoring of citizens in the proposed ‘Snooper’s Charter’.

ISP Blocks – Illegal Step too Far?

Recently, we’ve seen European governments attempt to force ISPs to block access to certain sites, particularly those that relate to intellectual theft. However, this didn’t come about quickly enough to not bring about change in the entertainment industry, which has essentially been forced to rethink distribution models and pricing, despite Hollywood’s policy for chasing down torrent sites.

The EU is working now, alongside ICT firms, to bring about a more unified approach to web filtering and share information more effectively. This is an effort to combat the growing and increasingly sophisticated business of cybercrime, as well as to ostensibly protect citizens from external threats.

State-Sponsored Attacks

It’s worth noting too that as the threat from state-sponsored cyber-attacks continue to grow, EU states will have to work towards a common goal of protecting national infrastructures. For example, the Conficker Worm, as so eloquently described by Black Hawk Down author Mark Bowden in his book Worm: The first digital world war, still remains a mystery to security experts.

The nature of Conficker led security experts to believe that it could be nothing other than a state-sponsored attack as it was written in a code that was both unfamiliar and sophisticated. All attempts to stop its progress and halt what was thought to be an attack that could essentially take down the entire internet (and with it, all that the internet controls) itself were fruitless as the author simply counter measured every attempt to stop it.

And it was serious,

“The Conficker worm infected its first computer in November 2008 and within a month had infiltrated 1.5 million computers in 195 countries. Banks, telecommunications companies, and critical government networks (including the British Parliament and the French and German military) were infected. No one had ever seen anything like it. By January 2009 the worm lay hidden in at least eight million computers and the botnet of linked computers that it had created was big enough that an attack might crash the world.”

Conficker never ‘dropped its payload’ and as such, nothing happened. But it served as a warning for what could happen and woke up global governments to the possibilities of a large scale cyber-attack.

So web filtering is necessary in many instances. But it doesn’t just apply to the internet as a whole, it’s also needed at any level wherever there’s a possibility that a breach/hack/attack/infection might occur. Ideally, every digital citizen would understand and take responsibility for malware and phishing, but this is a utopian idea in the current climate. Cybercrime is not a battle that security analysts and experts are winning right now.

Business Networks are Inherently Insecure

When it comes to network-level security, many businesses have inadequate security protection. This ranges from a lack of the most basic protection, such as antimalware software, to the IT department simply lacking the time to carry out timely patch management.

In a survey carried out in 2014:

  • 71% of businesses suffered a successful cyberattack
  • Security incidents grew by 66% CAGR
  • Europe suffered 41% more incidents than the previous year
  • Security incidents on average caused more than 8 hours of downtime
  • Mobile devices, tablets and social media were perceived to be the ‘weakest link’ when it came to security
  • 58% of end users operate 3-4 devices daily
  • 63% of users have had their password compromised at work

Policies

When it came to written security policies, it was found that one in three companies didn’t have one and 77% of companies don’t have a password policy. However, 46% of firms did have a disaster recovery plan. The research also revealed that less than 40% of organisations perform active vulnerability scanning or monitoring, and of those businesses that employ security professionals, or have an internal IT department, only 20% of these were confident that their organisation’s had done enough to educate end users on phishing attacks.

According to research from IDT, 41% of companies now use web filtering. This is a disappointingly low level as clearly a business needs to protect its infrastructure and data and this starts with the end user. Spear phishing and social engineering techniques have become increasingly targeted and sophisticated in recent years. Whilst ideally a good security policy will work to educate staff on the dangers faced to the organisation should a breach occur, this can’t be guaranteed.

Instead, the easiest and most effective answer to prevent a user from inadvertently clicking on a malicious link, or downloading an infected attachment, is to not allow them to do so in the first instance. Web filtering works by ensuring that inbound threats can by effectively shut out of the network.

With regards to what sites a business should block, that has become a little more complex since the rise of social media. Initially, the majority of companies blocked social sites as they were predominantly used on a personal level. Now though, there is widespread and valuable professional use of social media for marketing and customer service purposes.

Whilst web filtering is capable of blocking specific URLs, there are also social media tools that allow for login and social management without browsing the site itself that are presented in simple streams which can also help to mitigate the risk posed by social media.

To Block or Not to Block

Many businesses use web filtering as a means to prevent employees from wasting time on sites such as social media. However, they are also commonly used as a means for preventing malware, as discussed above. Advanced filters can also have the capability of blocking sensitive information being sent out by email or IM to ensure that sensitive data is protected.

A business grade filter often comes in the form of a browser extension or is built into a firewall or into the router. It should be used in conjunction with the filtering policy that makes up a part of an overall security policy.

The web filter software itself, should be capable of policies which include:

  • Category filtering to block commonly unsafe sites such as gambling sites.
  • Protocol filters which apply actions to internet protocols
  • Capability of blocking specific URLs, as defined by the administrator
  • Scheduling so that certain filters can be applied at certain times
  • Roles which define what different groups and teams can access and send

It should of course also be capable of blocking known malicious websites and malware, as well as stop phishing attacks. The cloud has enabled better web filtering services to come onto the market insomuch as they impact the network minimally. The filter is controlled by the IT administrator or department who will work with the policy documents of the company to ensure that its needs are met.

Web Filtering and the End User

For the end user, it’s often the case that they won’t notice that a filter has been applied, just that they are unable to perform certain tasks. However, it’s worth noting that if administrative permissions are enabled at the client level, then it’s possible that an employee could disable it.

For companies that are security aware however, it’s rarely necessary to give many employees – save IT administrators – full permissions to change client settings. Doing so in itself presents a security risk as some viruses can only be executed from an infected attachment when the user has full administrative right.

So while filters can and do effectively protect your business from threats, it’s important that attention is paid to security at network level too. The best security takes a layered approach, of which web filtering is just one layer.

Further measures should include:

  • Antimalware software installed on each client
  • Security updates for all installed software to be applied when they become available
  • Sound security and incident response documented plans

For smaller businesses, it’s often worth considering using a managed security service alongside your web filtering and antivirus solutions. As well as the end user, often poor patch management – where software is not updated to prevent exploits – is a common cause of breaches and other security issues.

Web filtering is a must for every business network. Even the most tech savvy employees can get caught out by a sophisticated spear phishing attack or a clever social engineering tactic. This means that it’s necessary to take the responsibility out of the hands of the end user and ensure that your network is protected by other, more predictable and reliable means.

Share this post!