Home page logo

basics logo Security Basics mailing list archives

Re: Web filters - Effects on Productivity
From: krymson () gmail com
Date: 23 Apr 2008 13:48:59 -0000

Your question is a good one, and one I see increasingly discussed in various forums, especially since "how do I bypass 
a proxy filter" posts occur daily on blogs and discussion boards (and in every issue of 2600!). 

Web filters really should only have two and a half primary uses:

1) Improved security by disallowing dangerous sites. This isn't perfect, but it should have a measurable effect with 
your desktop support staff. Stopping pornography and other inappropriate surfing should fall into this bullet as well.

2) Auditing of web browsing. While the filter itself shouldn't be playing ethics police with your workers' surfing 
habits, it does provide reporting and auditing for management/HR to use. If someone is addicted to gaming forums and 
wastes 5 hours a day trolling them, you want to proof to back up disciplinary actions.

2.5) Provide a little data loss prevention. For instance, do you allow employees to utilize their gmail/hotmail 
accounts at work? How do you know they're not siphoning off sensitive work docs through that email system? This is a 
"half" bullet because you can only stop the big parties that everyone knows, but you won't stop smaller mail portals or 
the one I can put up at home on my own mail server. But it should help for casual crimes of opportunity. Determined 
users will find ways through, unless the rest of your network security posture is tight.

This is all balanced against worker happiness. A happy worker is a productive worker. If you worked in a casual 
start-up, would you expect to have unfettered internet access? What about at a government facility? These extremes can 
illustrate that there is no universal answer to this question. It is very situational.

It also depends on the personality of your security officer(s). Do they only look at solutions that provide absolute 
security, or are they sympathetic to solutions that are not perfect, but add some value incrementally? These are two 
very different paradigms.

In a common SMB environment, I would use the above 2.5 points as the purpose of a web filter.

As a tech/security-savvy SMB worker, I feel happiest when I am not under the hard hand of a draconian web filter 
regime, and thus I also feel more productive. Likewise, being in security, there are times I need to see some 
questionable sites. And I definitely regularly pop up on web filter reports because IP xx.xx.xx.xx was scanning me, so 
I poked back at it only to find it hosted porn. Doh.

<- snip ->
I'm not bringing into question the technical security benefits of web
filtering; those are obvious. Do web filters in schools and offices
*really* give productivity a boost, or do they simply shift what sites
or activities employees waste company time on? Have there been any
solid studies on this topic?

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]