Web Security
Over 75% of Malware reaches the average computer network from the internet. The internet represents an opportunity for organisations to exploit new communication and advertising medium but by the very same nature represents a very real risk to the safety and security of the Local Area Network.
The Challenge
How to allow safe, productive Internet usage?
Many organisations choose to block access to unwanted content by category, utilising URL filtering. However URL filtering should only form part of the solution as malware and inappropriate content can come through unathorised sites and the internets sheer size means that not all content will be correctly categorised. Other security controls from malware scanning to reputation scoring should be utilised alongside traditional defences such as URL filtering.
 |
Foursys recommends you try |
Technologies in use across the internet vary from organisation to organisation. Below are listed some of the common types of internet usage:
- Instant Messaging
- Social Media
- Streaming Content
- Web Browsing
- P2P downloads
Each one of these areas has specific challenges associated with securing access and preventing malware from entering an organisation.
There are many types of web gateway available and the range of features and technology vary from system to system. It is important to understand the organisations full range of requirements, the threats associated with such requirements and the level of technology available before choosing a solution.
In the following paragraphs we have outlined some of the technology available within web gateways and how it mitigates malware or misuse (note that the technology and features vary between solutions).
URL Filtering
URL filtering is the backbone of web control. If an organisation can prevent access to the website then malware cannot be downloaded. URL and category control also form the solid backbone of controlling acceptable web browsing usage.
Dynamic Categorisation
Closely related to URL filtering, some solutions have the ability to dynamically categorise uncategorised content or re-categorise social media content on the fly allowing significantly more accurate URL filtering i.e. inappropriate content on social media can be blocked out.
Malware Scanning
Foursys recommend a web solution have the ability to scan content for malware using a scanner with a proven track record.
HTTPS Scanning
HTTPS web sites prevent traditional web gateways from scanning/identifying malware and proxy avoidance websites. Frequently content on HTTPS wont be categorised, particularly if a password or form entry is needed to proceed.
Foursys recommend a web gateway that can analyse and scan https websites to prevent threats reaching the desktop from these sites.
Delegated Administration
Depending upon the size and nature of the organisation, it may be prudent to delegate administration of reporting and even policy management to certain department heads or individuals.
Most web gateways allow particular delegation through devolved helpdesk roles to full on delegated access.
Remote Filtering
How to secure remote laptops or remote branches from downloading malware or accessing inappropriate content?
Today there are a wide range of options available for ensuring remote filtering (away from the main site) takes place to ensure controlled and secured access. From client installed software to integrated SAAS solutions, Foursys account managers can advise as appropriate.
Content Controls
Controlling access to content allows an organisation to restrict access to potentially damaging content.
Fault Tolerance/Load Balancing
Consideration around providing a fault tolerant solution should be given, along with the ability to load balance in a larger deployments.
Protocol Filtering
Restricting access to certain protocols allows control over what content can be utilised over the network i.e. P2P, Instant Messaging, Remote access etc.
Time based policies and Quota time
Many web gateways allow control over the times or time periods that users can access certain categories of websites. Thus controls around what is and whats is not acceptable in terms of recreational browsing becomes enforceable.
DLP
These days Data Leakage Prevention is becoming an increasingly important control that organisations want to put in place. Whilst not directly a security related issue, DLP can pose a significant risk to an organisation if confidential information is uploaded on to a public website or to internet based email.
Finding the balance
Foursys recommend a layered approach to security, with combined web gateway features ensuring inappropriate or damaging content is screened out. In general the more layers of defence the better security, however this frequently has a higher cost associated with it. Foursys Account Managers are best placed to advise you on the most appropriate solution for the organisation’s needs.
|
Foursys recommends you try |
