CitrixNetworkingTechnicalArchitecture

Evaluating Web Filter Appliances

Evaluating Web Filter Appliances

Most of the enterprises would fall in need to enforcing restrictions and controlled access to internet for their users.  Establishing such a compliance among distributed users community in an enterprise requires a comprehensive solution.  Here am going to detail on various aspects to be considered for evaluating Web Filter Appliances for enterprises.

Evaluation Criteria: Understand your internet access Policy and infrastructure requirements.

  1. What would be your internet access policy?
  1. Block all and allow only known or given specific list of web sites?
  2. Block unintended categories of web sites and create exclusions for your specific pages?
  3. Do you also want to block internet access by applications?
  4. Do you want to block some applications itself like Skype, messengers, chats and other programs
  5. Is it firm wide, by teams, specific user roles like contractors?
  6. Where do your users come from? Local lan, remote access, third party trusted vendors, etc.,?
  • Know your users that you want to control
    1. Is it firm wide, by teams, specific user roles like contractors?
    2. Where do your users come from? Local lan, remote access, third party trusted vendors, etc.,?  Using which type of devices like PC, Mobile, etc.,.
    3. Who manages your users? Are they controlled by Active Directory, some Database for web applications, ADFS, etc.,?
    4. Assess the number of users that are going to make use of the service, also consider the expected future growth rate.
    5. What type of content do they allowed to access? Like rich streaming data, social media, conferencing, VoIP, etc.,  
  • Choosing Web Filter for your network
    1. Do you want to consider a Virtual appliance, Cloud based SaaS solution, or a on-premise physical appliance?
    2. Where do you place your web filter appliance?  How close or far (latency) your device to your user sessions?
    3. What mode do you want to configure your Web Filter? Is in in-line (will be directly connected to a server ), forward proxy (Web Filter will be connected between your LAN switch and Firewall and scans all LAN traffic), 
    4. Integrating with any of your existing Router, Firewall, NetScalar, Switches, vLans and other existing networking devices
    5. What capacity of appliance do you need, in particular about proxy-ing traffic throughput, NIC port speed, RAM and CPU, etc.,
    6. What are your existing bandwidth capabilities and restrictions?
    7. Which pricing model do you prefer? a Cloud based pay-as-you-use, on-premise one time pay-per-device,  on-premise and concurrent user based annual licensing, etc., Open source or Freeware?
    8. What is your budget and your performance expectations on Web Filtering?
  • How do you integrate your Web Filter with applications?
    1. How do you make your web filter rules applied to your users on computers, mobile devices and Citrix sessions?
    2. Is it you configure your Web Filter at network level or Internet Explorer application proxy level?
    3. How do you authenticate users to the Web Filter? Support for AD users and Citrix Sessions?
    4. Do you need any programming or Automation API interface to the Web Filter device configuration, reporting  and Monitoring for your development teams?
    5. Do you need an interactive system to notify users when any access is blocked by Web Filter?
    6. Do you need to re-brand the user messaging and notifications?
  • Any others.
  •  

    Understanding Web Filters:  Physical Appliances and Software

    1. Types of Web Filters – by their form of availability
    1. Physical Appliance – Hardware, usually of Rack Mounted in your DataCentre
    2. Virtual Appliance – A virtual device, usually be run on one of your virtualization platforms VMware ESXi, XenServer, Hyper-V, etc.,
    3. Application – A Software, usually be installed on supported operating system and configured. Examples include like SQUID, GFI WebMonitor, Microsoft ISA/TMG server, etc.,
    4. Cloud Solution – a hosted service from the vendor, usually be adding all of cloud benefits like high availability, faster performance, etc.,
  • About the Appliances and Software: Web Filter is a part capability of a Network Security Suite.  Thus it categories into Network Security Devices/Software.  As most of the security vendors design a complete suite with Web Filter being as an add-on or feature or component in their suites.  You usually end up either buying complete security suite or follow below model
    1. Buy the Network security Device – like Barracuda, WatchGuard, UnTangle, etc.,  Usually these device have more capabilities but you’ll be specifically using it only for Web Filtering
    2. Buy the Web Filter Component as a Software – WatchGuard’s WebBlocker, UnTangle’s Web Filter, etc., 

     

    Knowing How Web Filters Work:

    Dynamic Websites Categorization Lists/Engines: 

    In today’s world internet is very broad and dynamic.  To handle security for such ever changing scenarios, most of the Web Filters has come up with a Categorized lists of Web Sites that are very frequently updated.  With this any web site that users attempt, it would usually fall under its respective category.  So that you can defined the allow or block rules for categories that are suitable for your environment. Say you want to block all Social Media, Travel and Shopping categories and allow others.  The overhead of identifying and configuring every malicious web site would be simplified. It covers the up-to-date status of web sites. 

    Most of the Web Filter vendors rely on an Open Source antivirus engine ClamAV for detecting trojans, viruses, malware & other malicious threats from.  It used by Barracuda, Untangle, etc., There are also other website categories database providers like WebGrade,

    Programming or Automating Web Sites Approval (Allow) or Denial (Block):

    In case of a large enterprise that wants to implement a controlled web site access, its very often there would be exceptions to make upon either on a temporary basis or permanent.  To make a workflow of the overall web sites access, you’d require to provide an automated request and approval mechanisms.  To develop such an automation, we usually requires an application programming interface (API) to the Web Filter configuration.  However, the bitter fact is that  none of the Web Filter vendors have an API to auto update the allow or block lists.  One has to use the vendor provided interface and manually make the exception or blocking.

    Here are couple of other useful resources that may come handy in Evaluating Web Filter Appliances.

    Advertisements