Efficiency by Proxy

Windows Networking: 602LAN SUITE Content Filter provides a flexible means to lock down Web access on your network, but it has a few blind spots.

By Aaron Weiss | Posted Apr 21, 2006
Print ArticleEmail Article
  • Share on Facebook
  • Share on Twitter
  • Share on LinkedIn

602LAN SUITE Content Filter: Proxy server with filter for blocking Web sites.

The Internet is a big city, and sometimes you may need to prevent patrons, children, or employees from visiting certain neighborhoods. The subject can be controversial in a free society, but content filters are an option some people and organizations choose. Businesses may use content filters to reduce distractions, unproductive time, and bandwidth by limiting employee access to sites unrelated to work, such as those with gambling and personal Webmail. Schools and libraries may use content filters to meet federal funding requirements. Families may use content filters to emphasize their personal values.

602Software sells a bundled version of its LAN SUITE 2004 Internet sharing/firewall/e-mail server that includes a proxy server with content filtering. With the proxy server enabled and LAN clients configured to connect to the Web through the proxy, the content filter can regulate access to specified individual or categories of sites.

The entire suite is a 30 MB download that expands to more than 100 MB when installed, which can grow even more if the proxy cache is enabled. A routine InstallShield wizard steps through the installation with a few simple inputs.

LAN SUITE is managed through its local administration client, which also acts as a live activity log, and its Web-based management system via a browser. Among the many configuration pages for the suite's various features is the content filter configuration.

The Content Filter

For an administrator, the filter is easy to setup and has limited options. You can setup a whitelist or blacklist for individual URLs to be banned or allowed. You can create filtering rules from among 22 categories of Web sites, including such unsavory topics as sex, gambling, sports, jobs, Webmail, news, travel, and auctions. Each filter rule can encompass multiple categories. Rules can be applied to all or particular users on the LAN and be identified by authenticated name or IP address or range. Rules can also be set to a time-of-day schedule, so certain pages might be blocked only during business hours, for example.

Each rule can lead to one of several actions — block the page and show an error page explaining the action, show only a blank page, redirect the user to a specific alternative page, or do not block the page but log the visit on the record.

The content filter can also cache URLs for a period of time for faster processing.

Ultimately, the heart of the Web filter is its set of classifications. The engine relies on several sources of data. You can include or exclude classification data from two third-party content filter vendors, SafeSurf, and ICRA. In addition, 602 Software touts that the filter uses PureSight Active Filter technology to analyze the content of sites rather than simply relying on manually-compiled lists of URLs. Supposedly, this proprietary algorithm takes into account both non-textual (colors, fonts, and pictures) and textual (links, meta tags, and text) information to classify a page.

We put the 602 LAN SUITE content filter to a simple test. First, we created a rule to block sexually oriented Web sites. For the purposes of research, we tried to visit several such sites. Many well-known adult sites were blocked, but surprisingly, some were not, including the popular "Suicide Girls." Next, we tried a similar experiment with gambling sites. We visited Google and typed "poker" to find the highest ranked poker sites. Among the first four Google answers returned, one was not blocked by the content filter. Moving further down the Google list, it became easier to find unblocked poker sites, such as Chip Vault. Like the adult sites, most but not all in this limited sample were successfully blocked.

Testing the Webmail filter revealed a significant logic loophole in the content filter. Attempts to visit Hotmail and Yahoo mail were successfully blocked by the rule. It also successfully blocked access to gmail.google.com. But get this — you can also get to GMail using the URL's google.com/gmail or mail.google.com. The filter did not block these! Considering all three URLs return the exact same page content, and only one is blocked by the Webmail filter, we wonder just how well the "content-based" PureSight Active Filter functions.

No doubt 602 LAN SUITE's content filter will block access to individually named sites, and many sites within its 22 classifications. For some organization that may be reason enough to employ the content filter on their network. But it would be misleading to assume the filter is without loopholes, some of which are significant enough to be effective workarounds for those determined to access certain kinds of content.

Pros: Simple to administer; Flexible rules include user and schedule criteria.
Cons: Opaque filtering algorithm is a black box with significant loopholes.

Article courtesy of ServerWatch

Comment and Contribute
(Maximum characters: 1200). You have
characters left.
Get the Latest Scoop with Enterprise Networking Planet Newsletter