If anyone tells you that there is a perfect URL filter then they are probably being "economical with the truth". The truth is that like most security threats one is always following in the wake of the bad guys. In this case the fraudsters, the pornographers, the illegal music sites.... you get the idea.

However, there are some great products available that can scan for content, even within an encrypted session, that means that the probability of inappropriate web content reaching your staff or your netowork is greatly reduced. Not all scanners can do this, but Secure Computing's SecureWeb (formerly WebWasher) protects enterprises from this otherwise nasty blind spot.

As well as being able to scan content in real-time some vendors rely partly on the reputation of a Source IP address. If the black/white lists are gathered from sufficient nodes and categorised properly, then most of the web content can be passed through to the browser without the need for further scanning. This reduces any latency and protects the bandwidth all at the same time.

Protecting users from the written word and shocking graphics is understood but not everyone knows that web browsers and its content can deliver a plethora of malicious code, that includes; malware, viruses, Trojans, ScareWare, key-loggers, unwanted ads......

Most malicious content will come from sites that you wouldn't want your employees visiting, so it makes perfect sense not allow them there in the first place. Additionally, a system that can spot known and unknown malicious code can reduce the risk further.

So for an organisation with a single head office, no remote workers, no branch offices, it's so simple. Just position a product on the Internet gateway, agree an Internet Usage Policy, set the switches and wait for the groans. BUT, what about those organisations with multiple Internet Gateways over multiple sites and those with a roaming work force. Should we forget them? They have been neglected in the past because of the cost but nowadays there is no excuse.

Now one can deploy an "in-the-cloud" solution where remote workers and branch offices can be forced to browse through a managed service. Our favourite Secure Computing are soon to release a hybrid solution where head office users can benefit from an in-house managed device whilst remote workers can be forced through Secure Computing's managed solution, all at the same per user price. Brilliant! There are a number of vendors who have in-the-cloud solutions and we can recommend them too.

So, now we've blocked users by various means from "inappropriate", malicious code riddled content, but you want to be sure that the filters are working correctly and that users aren't misusing their privileges. Firstly ensure that you have an enforceable Internet Usage Policy and that all users have agreed to be bound to it. Secondly make sure that you have the right reporting tool for the content filter that you've purchased. Often there are choices for the sophisticated and unsophisticated user. Too complicated and you'll never use it; too basic and you won't get what you need. So evaluate before you purchase and make sure the VAR has some experience too!

Then deploy, but expect some fall-out as there are always users (especially at the top of the tree) who will complain like hell that they need access to some dodgy site. Make them aware of the dangers and ask them to put the request in writing.

Our skill here at Net-Ctrl is finding the right solution for your organisation. Performance and cost are always the most significant drivers and we have a number of excellent products that will be a good fit for you.

To find out more about our products and services please call sales on 01473 281 211 or email sales@net-ctrl.com.

Thanks for listening.