Industry Trends

Making a Case For Content Filtering

By Chris Dawson | December 11, 2015

When I was "the tech guy" (and a math and science teacher and the Drama Club Advisor) at our local high school, I often said that if our students devoted as much time to their studies as they did to trying to bypass our content filter, we'd have a bunch of Rhodes Scholars. It only got worse when I made the mistake of getting into administration as the district's first technology director. Not only did I dramatically increase bandwidth at all of our schools, making the Internet a much more attractive place to look for trouble, but I inherited a variety of legacy firewalls and content filters scattered among our schools.

Ultimately, the experience led me to write a book on DIY firewalls with a particular focus on content filtering. In public K12 schools, content filtering isn't just a nice-to-have. It's a requirement if you want to get E-rate funding and keep angry parents, complaining about the naughty pictures that little Johnny found, out of your office. Content filters, though, are the bane of most students' existence when all they really want out of life is to troll their friends' Instagrams or download music with more bandwidth than they have at home.

As most of us in the corporate world know, content filters aren't just kid stuff. They pop up all over the place, keeping us on task or, more importantly, keeping us out of trouble. Most of us in the corporate world would also agree we don't need some sort of digital nanny keeping us out of trouble or making sure that we're working all the time. If we need breaks, we'll take breaks, and the occasional cat video on YouTube probably won't make or break our respective organizations. Content filters, however, are often the first line of defense against malicious and compromised websites. The less savory regions of the Internet are not known for being malware-free. Many of those very websites that get blocked for objectionable content are also home to drive-by malware and a host of potential security problems, just waiting to exploit a weakness in your device's OS.

The other day I was at Fortinet headquarters to film a webcast. I accidentally clicked a link on my personal email while I ate lunch - a careless swipe of the thumb was all it took in an email that Gmail hadn't flagged as spam. Suddenly my browser redirected and the corporate content filters were telling me how naughty I was for trying to access pornography on the network. Not my usual lunchtime activity, of course, but the content filters kept me out of harm's way before any other service picked up a potential issue.

Content filters, of course, also allow organizations to implement policy and the exact nature of that policy is worthy of some substantial internal discussion. The filters are just tools and largely block what admins say to block, even if those are just broad categories set by the firewall/content filter vendor. In K12 schools, the level of filtering tends to be fairly strict for a variety of fairly obvious reasons. In university settings, students are given much more latitude while administrative jobs often see stricter filtering for network protections. Some organizations take a fairly Draconian approach. Again, this is a matter of policy. As long as the technology can implement whatever policies are in place, it's doing its job.

Bottom line? Content filters can be annoying, frustrating, or even maddening for end users. Until they don't have to explain to their helpdesks why their computers keep popping up Viagra ads. For the system administrator, they are critical pieces of the network security picture and one more layer of protection for their networks and data assets. Just remember that the stricter the filtering without clearly communicated, thoughtful policies behind the filters, the more likely users are to try to circumvent the filters. And that is a far bigger drain on productivity and risk to security than the occasional Facebook post or cat video.