Surfing the Wild Web Responsibly
St. Bernard’s iPrism helps keep employees in check.
- By James Carrion
Sure, we all do it—surfing the Web on company time. What could it possibly
hurt? Well, you may not be concerned, but the CEO and HR manager probably
are. From the CEO’s perspective, you’re not being paid to surf on company
time; from the HR manager’s perspective, downloading Internet porn, jokes,
music and so on probably doesn’t fall within your job description. This
month, I take a look at an Internet appliance from St. Bernard Software
that will help corporate employees toe the line in compliance with a company’s
Internet Acceptable Usage Policy.
$2,195, plus user licensing fees
St. Bernard Software
iPrism is a self-contained Internet appliance that compares outgoing
URLs to a dynamic database of restricted sites to block access or simply
monitor. The appliance was extremely easy to set up and configure. For
the hardware installation, I simply attached a network cable between iPrism’s
internal interface and the local switch, along with a crossover cable
between the external interface and my Internet router. Effectively, all
Internet traffic at that point must cross through the device. The iPrism
setup software was just as easy to set up. I configured the appliance
as a transparent bridge where both interfaces shared the same IP address.
In this configuration, there was no need to install any additional software
on the client computers. Clients send their Internet-bound packets out
normally, and iPrism intercepts and filters the outbound HTTP requests.
All iPrism administration is done through a browser-based Java applet.
I did have to install Windows XP Service Pack 1 to get the Java runtime
environment, which turned out to be the most time-consuming part of the
whole installation. There’s also a console port on the back of the device
for out-of-band management. The iPrism manager software provides detailed,
Web-based reporting through a predefined set of reports.
iPrism’s URL database is automatically updated daily from the St. Bernard
Web site. Obviously, there are millions of sites on the Web and you can’t
expect all of these to be rated, so you have the option to contribute
unrated URLs to the central St. Bernard database where they’re manually
verified by St. Bernard.
I did a Google search for the word “sex” and clicked through the first
three pages of results. iPrism correctly blocked all the blatantly “inappropriate
sites,” as well as some sites that—although adult in nature—weren’t necessarily
pornographic. You can restrict sites based on 60 category filters, which
can relate to anything from sexuality and profanity to religion and politics.
iPrism is smart enough to do reverse lookups on all IP addresses submitted
in a URL to prevent users from trying to bypass a filter by not using
a fully qualified domain name.
|When a site is blocked, the user can request an override
of the filter. (Click image to view larger version.)
If a site’s blocked, users are shown the page depicted in the graphic.
At that point, if their user accounts were previously granted the privilege
to override the filter, they can click the Override/Request Access button
and log on with their iPrism accounts. If they weren’t granted this privilege,
they may request an override from the administrator. The iPrism administrator
will then have to grant or deny the override manually. An NT 4.0 domain
or any LDAP-compliant operating system can handle user authentication
and be used to configure per-user iPrism profiles. You can use these profiles,
for example, to grant the override privilege to specific users.
Face it, the Internet is a zoo, and corporate employees may be having
just a little too much fun on company time. If you want to regulate that
access, you’ll need a usage policy and some means of enforcing it. iPrism
is a great solution for keeping users “honest” and in compliance. It’s
easy to configure and administer and gives your users the flexibility
to override a filter. In short, iPrism will make the CEO and HR manager
happy and your employees more productive.
James Carrion, MCM R2 Directory, MCITP, MCSE, MCT, CCNA, CISSP has worked as a computer consultant and technical instructor for the past 16 years. He’s the owner of and principal instructor for MountainView Systems, LLC, which specializes in accelerated Microsoft Certification training.