This is a guest post by Jesmond Darmanin. If you want to guest post on this blog, check out the guidelines here.
Today’s Internet connected businesses must be concerned not only with threats originating from the Internet, but also threats that can manifest from their employees accessing the Internet both recreationally and as a part of their job. Employees can expose the company to threats from malware, and from litigation resulting from employees downloading copyrighted material or accessing inappropriate content. An acceptable use policy and a written information security policy are both critical, and great places to start, but more is required.
Packet filtering firewalls are very effective at blocking unsolicited inbound connections, but they can do very little to block malware downloaded by an internal client with Internet access. Nor can they recognise inappropriate content, or copyrighted material. Antivirus software can help protect against malware, but not against pornography or the latest Hollywood blockbuster. Internet monitoring software is another layer of defence that can help protect your network from threats of the technical variety, and your company from threats of the litigation variety.
Internet monitoring software can be run on appliances inline to your Internet connection, on a server acting as a proxy, out of band but in tandem with your firewall, or as an agent installed on your clients. The type of deployment you choose depends on your network architecture, how easily you can manage your clients, and whether or not you want the ability to protect machines when they are remote. Whatever the type of deployment, the purpose of Internet monitoring is to examine all internet activity and, protect against threats, and to enforce policy. Your acceptable use policy should define what is considered acceptable business use, address whether or not any recreational access to the Internet is acceptable, and clearly explain what is considered inappropriate use of the Internet.
Internet monitoring solutions can help protect your users from threats in several ways. Most combine several different methods. One popular approach is to maintain a list of websites by category that is regularly updated through a subscription service. Websites and ip addresses are sorted into categories that make it very easy for the administrator to select what types of sites should be permitted, and what types of sites should not be accessed. When the client makes a request, the traffic is compared against the lists and permitted or blocked based on policy. Another way these products can monitor Internet activity and protect against Internet threats is to examine file types requested; permitting html, text, and graphics, but blocking scripts, executable content, and media files that could contain copyrighted material. Many Internet monitoring software packages also offers anti-x capabilities; examining all files for malware, emails for suspect links, and traffic flows for known patterns related to backdoor programs and bot-nets.
Internet monitoring can, but does not necessarily have to, log all such activities. Whether you log access or not depends on many factors, including your privacy policies, your corporate policy regarding monitoring employee activities, and whether or not you wish to invest the time and storage necessary to review and archive these logs. Some companies expressly choose not to log; taking advantage of the protections offered by their Internet monitoring software without tasking personnel to monitor Internet activity. They get the benefits of policy enforcement without the efforts and potential HR overhead that goes along with investigating policy violations to determine whether the act was accidental or intentional. With this approach you can safely regulate Internet access without being branded as the Internet Police.
Whatever approach you take, monitoring Internet activity is a critical part of a defense in depth approach to securing your network. Look at your options, and select the approach that best fits in with your client base, your Information Security Policies, and your management’s philosophy.
This guest post was provided by Jesmond Darmanin on behalf of GFI Software Ltd. GFI is a leading software developer that provides a single source for network administrators to address their network security, content security and messaging needs. More information about GFI web filtering solution can be found at http://www.gfi.com/internet-monitoring-software
