Educause Security Discussion mailing list archives
Re: Web Content Filtering
From: Kevin Reedy <KReedy () EXCELSIOR EDU>
Date: Wed, 22 Apr 2015 13:43:34 -0400
Hi Don, An interesting proposition. Each organization has a very personal approach to most things security, this is no exception. The most common approach advocated by IT, HR and Legal in my experience is to block only pages that can cause harm to the workplace. Malware/viruses, illegal file sharing, porn, maybe a few others. It gets more interesting when some of the business managers get involved, usually they want to block shopping, social media, etc. If this is allowed it usually doesn't last very long, or the exception process becomes tedious to maintain. I've implemented this twice at two organizations only to have them fall back on the basics above after some time frame. I would suggest that the tool is there to protect the network, provide logs files on usage if needed for HR or legal actions, but that it is not designed to be a babysitter or to 'give managers one less thing to worry about'. If the University really feels that recreational pages need to be blocked, they should also play gatekeeper in the exception process. It could come into the helpdesk, they can pass along to IT Security analyst, who reaches out to the users, ascertains need, and without comment to user they pass this information along to the University gatekeeper, who is the final decision maker. In my former life this was the COO, who after 3 months of dealing with exceptions told me let's find an easier way to do it. We settled on the above, and while not every line manager was happy about facebook coming back, it was a much better position for IT and Security to maintain. We do some basic blocking here, it works fine. The only issue we run into occasionally is when an otherwise safe site gets compromised, the software knows it and blocks it for us, but then the users are upset they can't get to the known good (but not at this exact moment) site. -Kevin Kevin Reedy Executive Director, Information Security Excelsior College (518) 464-8720 From: Donald Welch <djwelch () UMICH EDU> To: SECURITY () LISTSERV EDUCAUSE EDU, Date: 04/22/2015 01:08 PM Subject: [SECURITY] Web Content Filtering Sent by: The EDUCAUSE Security Constituent Group Listserv <SECURITY () LISTSERV EDUCAUSE EDU> Colleagues, I'm the new CISO for the University of Michigan. I look forward to meeting you and working with you. One of my first issues is web content filtering. I've been asked whether any other higher education institutions implement web content filtering and if so what groups to you filter for and what kinds of content. If you wish, I'd also welcome your opinion on how well it works. This has started with our health system and my guess is that would be our focus if we went forward. However, one of our Trustees has been questioning why we don't filter across the University. I have to go to an initial meeting Friday afternoon, so any info you can give me before then would be much appreciated. Sincerely, Don Donald J. Welch, Ph.D. Chief Information Security Officer University of Michigan 734-615-0334 This message and any attachments contain confidential Excelsior College information intended for the specific individual and purpose. If you are not the intended recipient, you should notify the College and delete this message. Any disclosure, copying, distribution or inappropriate use of this message is strictly prohibited.
Current thread:
- Web Content Filtering Donald Welch (Apr 22)
- Re: Web Content Filtering Bradley, Stephen (Apr 22)
- Re: Web Content Filtering Donald Welch (Apr 22)
- Re: Web Content Filtering Jim Cheetham (Apr 22)
- Re: Web Content Filtering Kevin Reedy (Apr 22)
- Re: Web Content Filtering Brian Helman (Apr 22)
- Re: Web Content Filtering Barros, Jacob (Apr 22)
- Re: Web Content Filtering Spaller, Mary E. (Apr 22)
- Re: Web Content Filtering Brad Judy (Apr 22)
- Re: Web Content Filtering Donald Welch (Apr 22)
- Re: Web Content Filtering Spaller, Mary E. (Apr 22)
- Re: Web Content Filtering Kevin Reedy (Apr 22)
- Re: Web Content Filtering Carroll, Tim (Apr 22)
- Re: Web Content Filtering Tevlin, Dave (Apr 22)
- Re: Web Content Filtering Miller, Richard H (Apr 22)
- Re: Web Content Filtering Harry Hoffman (Apr 22)
- Re: Web Content Filtering Tevlin, Dave (Apr 22)
- Re: Web Content Filtering David L. Wasley (Apr 22)
- Re: Web Content Filtering Grose, David A (Apr 22)
- Re: Web Content Filtering Miller, Richard H (Apr 22)
- Re: Web Content Filtering Jim Cheetham (Apr 22)
- Re: Web Content Filtering Grose, David A (Apr 22)
- Re: Web Content Filtering Bradley, Stephen (Apr 22)