It's unfortunate, but true: Some employees spend their work hours playing games, searching for jobs, reading the news, and perusing pornography--all over your network Internet connection. To help control this behavior, you need an effective tool that's easy to configure. While this tool also works in the Unix environment, this article explains how to configure and run it on Microsoft servers.
SmartFilter control lists
Proxy Server acts as a gateway between the private network and the Internet. It will allow you to do many things, such as:
It is easy to see the benefit of a Proxy Server; however, it is a cumbersome process to restrict access to specific sites. To restrict a site using Proxy Server, you must do the following:
If you needed to block all sites that pertain to adult material, this process would be impossible.
SmartFilter, from Secure Computing, of San Jose, Calif., www.securecomputing.com, works in conjunction with Microsoft's Proxy Server. It operates using a comprehensive database of URLs compiled into a Control List, containin more than 250,000 non-business related entries in 27 content organized categories. After you install the product, you can configure it to monitor and restrict access to specific Internet sites or categories.
SmartFilter allows you to transparently control Internet use without having to install software on each client. While the Control List keeps a current record of inappropriate categories, Microsoft Proxy Server must be able to automatically update and reload the Control List. SmartFilter checks every hour to see if the list is older than 15 days. Before you can configure SmartFilter, you must first download the control file(s) and complete the installation process.
SmartFilter does not run as a service, like some other filtering tools (such as surfControl and Little Brother). It keeps the configuration you define in the Registry. The installation process is pretty straightforward, but you must have FTP capability on your Proxy Server in order to download the Control Lists and set them up. The instructions are step by step, but do include some Unix commands once you are in FTP mode.
Using SmartFilter, you can quickly and easily restrict access by category. The Categories tab allows you to select particular URL categories and assign whether you want to deny access, allow access, coach, or deprioritize the category (see Figure 1 ).
For these categories, select in the grid the times and days of the week you want the action to apply. Actions that SmartFilter can perform are as follows:
- Allow--The user can view the site.
- Deny--The user is prevented access to the site(s).
- Coach--The user is allowed to view a site but is forced to read a message describing its contents for each site in that category.
- Deprioritize--The user is allowed to view the URL, but the URL is deemed a lesser priority than other sites. Each packet is delayed as it is downloaded from the site.
SmartFilter is a very flexible product that is designed to change to meet your needs. Some of the features it contains are listed here:
- Allowing access to a restricted site--If you want to allow access to specific URLs within a restricted or denied category, or you discover a new site that is not yet categorized, you can add it to the Special Sites tab (see Figure 2 ). In this window, you simply add the URL to exempt. You can also add a specific site to a predefined category in the Custom Filtered Sites section by clicking Add and typing the URL. To remove sites or words, select them and click the associated Remove button. To edit an existing entry in the list, double-click on it.
- Restricting search engines--You can control the use of search engine sites that allow searches for information across the Internet; to do so, add them to the Search Sites tab. You add the full domain, such as www.altavista.digital.com or the IP address of the search engine. You must also enter the CGI parameter the site uses to trigger searches. Only sites using the HTTP GET method are blocked. For example, the CGI parameter for Altavista is pg=q. You can even input your list of words to prohibit.
- Allowing access to news sites--If a specific news sites that you want to view is in a restricted category, add the site to the News Sites tab. You must add the full domain, such as www.cnn.com or the IP address of the site. You must also enter the CGI parameter the site uses to trigger searches. Only sites using the HTTP GET method can be used. For example, the CGI parameter for hotbot is sw=usenet.
- Denying access to specific file types--You can restrict access to specific types of files, such as .mpg or .jpg, by adding them to the Forbidden Files tab (see Figure 3 ).
- Define custom HTML messages--You can configure SmartFilter to display a message on screen when a user completes a particular action. To do so, define the message in HTML using the Messages tab.
- Group configuration--You can add users to groups that require special HTTP filtering.
For about $3,500, you can get a 1,000-user SmartFilter license that includes updates for a year. You can evaluate the product free for 30 days by downloading it from www.smartfilter.com. The company's Web site also provides additional pricing information. //
Troy Thompson (email@example.com), MCSE+Internet, is a freelance consultant in the Louisville, Ky., area.