Surfing the Wild Web Responsibly

St. Bernard’s iPrism helps keep employees in check.

Sure, we all do it—surfing the Web on company time. What could it possibly hurt? Well, you may not be concerned, but the CEO and HR manager probably are. From the CEO’s perspective, you’re not being paid to surf on company time; from the HR manager’s perspective, downloading Internet porn, jokes, music and so on probably doesn’t fall within your job description. This month, I take a look at an Internet appliance from St. Bernard Software that will help corporate employees toe the line in compliance with a company’s Internet Acceptable Usage Policy.

Product Information
$2,195, plus user licensing fees
St. Bernard Software

iPrism is a self-contained Internet appliance that compares outgoing URLs to a dynamic database of restricted sites to block access or simply monitor. The appliance was extremely easy to set up and configure. For the hardware installation, I simply attached a network cable between iPrism’s internal interface and the local switch, along with a crossover cable between the external interface and my Internet router. Effectively, all Internet traffic at that point must cross through the device. The iPrism setup software was just as easy to set up. I configured the appliance as a transparent bridge where both interfaces shared the same IP address. In this configuration, there was no need to install any additional software on the client computers. Clients send their Internet-bound packets out normally, and iPrism intercepts and filters the outbound HTTP requests.

All iPrism administration is done through a browser-based Java applet. I did have to install Windows XP Service Pack 1 to get the Java runtime environment, which turned out to be the most time-consuming part of the whole installation. There’s also a console port on the back of the device for out-of-band management. The iPrism manager software provides detailed, Web-based reporting through a predefined set of reports.

iPrism’s URL database is automatically updated daily from the St. Bernard Web site. Obviously, there are millions of sites on the Web and you can’t expect all of these to be rated, so you have the option to contribute unrated URLs to the central St. Bernard database where they’re manually verified by St. Bernard.

I did a Google search for the word “sex” and clicked through the first three pages of results. iPrism correctly blocked all the blatantly “inappropriate sites,” as well as some sites that—although adult in nature—weren’t necessarily pornographic. You can restrict sites based on 60 category filters, which can relate to anything from sexuality and profanity to religion and politics. iPrism is smart enough to do reverse lookups on all IP addresses submitted in a URL to prevent users from trying to bypass a filter by not using a fully qualified domain name.

St. Bernard Software iPrism
When a site is blocked, the user can request an override of the filter. (Click image to view larger version.)

If a site’s blocked, users are shown the page depicted in the graphic. At that point, if their user accounts were previously granted the privilege to override the filter, they can click the Override/Request Access button and log on with their iPrism accounts. If they weren’t granted this privilege, they may request an override from the administrator. The iPrism administrator will then have to grant or deny the override manually. An NT 4.0 domain or any LDAP-compliant operating system can handle user authentication and be used to configure per-user iPrism profiles. You can use these profiles, for example, to grant the override privilege to specific users.

Face it, the Internet is a zoo, and corporate employees may be having just a little too much fun on company time. If you want to regulate that access, you’ll need a usage policy and some means of enforcing it. iPrism is a great solution for keeping users “honest” and in compliance. It’s easy to configure and administer and gives your users the flexibility to override a filter. In short, iPrism will make the CEO and HR manager happy and your employees more productive.

About the Author

James Carrion, MCM R2 Directory, MCITP, MCSE, MCT, CCNA, CISSP has worked as a computer consultant and technical instructor for the past 16 years. He’s the owner of and principal instructor for MountainView Systems, LLC, which specializes in accelerated Microsoft Certification training.


comments powered by Disqus

Subscribe on YouTube