Product Reviews

Keep Tabs on the Workplace Web

Websense helps you enforce your organization's Web policies and keep employees surfing on the straight and narrow.

While the Internet enables global communication, collaboration and access to data stored all over the world, it also poses an array of problems. Are your employees using the Internet for work or are they perusing the latest lingerie catalog? They may even be doing something criminal like pirating movies or behaving outside the legal boundaries of such regulations as Sarbanes-Oxley or HIPAA. Lawsuits are swarming around the Internet like angry wasps, and your business could get stung.

Keeping your employees' Web usage safe and legal is a challenge. Employees and employers are both entitled to some protection. Absolute trust is a thing of the past, but draconian measures won't work either. You can't assign someone to watch every employee.

The character Horatio Caine on "CSI: Miami" is fond of saying "Trust but verify." You can apply that philosophy to keeping an appropriate limit on employees' Internet use. First, develop a clear Acceptable Internet Use Policy and have it signed by all your users. That's the "trust" side of the equation. Next, develop a workable security procedure to fulfill the "verify."

Documentation 25% ————— 8
Installation 15% ——————— 8
Feature Set 20% ——————— 9
Performance 20% —————— 9
Management 20% —————— 8

Overall Rating: 8.7
1: Virtually inoperable or nonexistent
5: Average, performs adequately
10: Exceptional

Under a Watchful Eye
That brings us to the inevitable task of Web filtering. Nothing else conjures up Orwellian images of Big Brother watching or so sharply divides employees and managers. You may block and monitor your children's Web access, but can or should you do so at work? Regardless of where you stand on this debate, the simple fact is that Web filtering is here to stay.

To monitor Web usage in your organization, you'll need a good employee Internet management solution that fits the growing needs of your environment—something rich, mature and flexible like Websense Enterprise.

Here's how it works: when the Network Agent detects a request for Internet access, it queries Websense Enterprise to determine whether or not the requested site should be blocked. Websense Enterprise then consults the policy assigned to that client to determine what level of filtering is in effect. It also checks the master database of URLs. If the requested site is on the list of blocked URLs, Websense Enterprise Server sends a blocked page notice to the workstation that issued the request.

The Network Agent blocks the site by telling the workstation's browser to not accept access to the site when it is returned from the Internet. At the same time, it instructs the server at the originating URL to not send any more information.

Websense Enterprise filters network applications that use TCP-based protocols and provides filtering and logging for UDP-based messages. When a URL request is made through TCP and then blocked, then all subsequent UDP traffic will be blocked as well.

The Windows-based Websense Enterprise management interface is intuitive and easy to use. It presents a vast amount of information and keeps it well organized and readily accessible.

You can administer and monitor your company's Web access directly or remotely over a single TCP port. Set policies once and you can distribute them to multiple filters throughout a widely dispersed organization. Websense Enterprise can integrate with Windows domains and directories in order to set policies based on existing network users and groups. One minor glitch is the lack of delegated administration.

Another of Websense Enterprise's attributes is its flexibility. This is most clearly evident in how it helps you configure filtering policies. There is a set of 88 categories capable of distinguishing between such words and phrases as sex education and sex, prescribed drugs and illegal drugs, breasts and breast cancer and other potentially thorny topics. You can also set Websense Enterprise to limit usage by simple time quotas or block access by file type and keywords. If there are certain groups within your organization that require greater levels of Internet access, you can apply different policies to different users, groups, OUs and so on.

Figure 1.
Figure 1. The Websense Enterprise Manager interface lets you configure filtering categories and protocols. (Click image to view larger version.)

Besides filtering Web usage by time limits and topic, you can also use Websense Enterprise to block protocols for such applications as instant messaging, streaming media and newsgroups.

Websense Enterprise updates these protocols daily, just as it does category block lists. There is also an optional bandwidth optimizer that lets you set usage policies for notorious network bandwidth hogs like streaming media and Internet radio.

Websense Enterprise has a powerful reporting component that helps you gather and present data on your organization's Internet traffic. The Real-Time Analyzer monitors recent traffic and gives you many flexible views of the data. This means you can see what your users are doing and what sites they're visiting before you start configuring policies. Websense Reporter generates fully configurable traffic and activity reports. You can send those reports via scheduled e-mail. The Risk Reports warn you of any questionable activities in which your users may be engaging.

Up Next: Websense Enterprise 5.5

Just after submitting this review for publication, Websense announced version 5.5 of Websense Enterprise. Here’s a look at some of its new features:

  • Adds outbound protection from malicious applications to the Windows Firewall in Windows XP SP2.
  • Real-Time Security Updates automatically block access to any site infected with malicious code, identify and deny executing an infected application across desktops and laptops, and automatically update your database to protect against these threats.
  • Websense Client Policy Manager provides end-point security through multiple policies for a single laptop or a single user whether connected to the network or not. For example, you can allow Instant Messaging use while at work, but not on the road or at home.
  • Image search filtering prevents searches (whether innocently executed or not) from accessing inappropriate images, automatically categorizes new URLs for its master database and enforces policy for all database categories.
  • Broadened infrastructure support allows more than 30 integration points with firewalls, routers, switches, proxies and other devices.

— D.T.

Installation Notes
The Websense Enterprise package includes a number of components—Websense Enterprise Server, Policy Server, User Service, Websense Enterprise Manager, Network Agent, DC Agent, Real-Time Analyzer, Reporter and Log Server. Because the filtering and logging functions are so CPU intensive, you should never install the Websense Enterprise Reporter on the same machine as the rest of the components.

You can store the remaining components on a single machine or distribute them across the network. Installing multiple instances of Websense Enterprise Server will help you get around any network load balancing issues. You can also install Websense Enterprise as a standalone instance or as an integrated part of an existing network security system.

Websense Enterprise requires a Pentium III with an 800MHz CPU, 512MB RAM and 270MB if you need to install all the system's components. You'll need an additional 500MB for the Websense Enterprise Database and to process updates.

Installation was simple and painless. The program asks you a series of relevant questions and prompts you through the installation to speed the process and provide Websense Enterprise with information for the initial system configuration. Once you've installed all the relevant modules and launched the main interface, you can get to the more detailed configuration levels. The documentation is straightforward, and the help files are clear and easy to understand.

Filtering Finesse
If your enterprise has decided to go the road of Web filtering, then look no further. Websense Enterprise 5.1 is well developed and thought out. It addresses the most important issues in Web filtering and gives you the flexibility to configure it to match your organization's Internet monitoring policies.

About the Author

David W. Tschanz, Ph.D., MCSE, is author of the recent "Exchange Server 2007 Infrastructure Design: A Service-Oriented Approach" (Wiley, 2008), as well as co-author of "Mastering Microsoft SQL Server 2005" (Sybex, 2006). Tschanz is a regular contributor to Redmond magazine and operates a small IT consulting firm specializing in business-oriented infrastructure development.


comments powered by Disqus

Subscribe on YouTube