Re: Quick Survey - Does everyone do SOME form of "web filtering"??

[Walter Petruska <wpetruska () USFCA EDU>]

There are a range of possible answers here. I believe the original question
has to do with 'web filtering' and 'blocking', not about tracking usage, or
even collecting such data.  The method you use, the IP ranges or networks
filtered, and the policies put into place can all address those concerns.

As it has also been stated, there certainly are times when 'web filtering'
can provide appropriate tools- such as implementing blocks against sites
serving malware or phishing schemes.
There are the CIPA concerns, as well as several state laws which may
regulate or require use of web filters:
http://www.ncsl.org/issuesresearch/telecommunicationsinformationtechnology/stateinternetfilteringlaws/tabid/13491/default.aspx

For those of you who host minors (18 and under and/or non-secondary school
graduates) on your campuses during the summer for various programs- what do
you put into place to protect them from inappropriate material for a minor
while they are staying in your residence halls?  Do you turn off network
ports?  Or allow them to surf the web openly?

For the HEAR (Higher Education Act Reauthorization)  'suggestions' re: DMCA
technical controls: web content filters, when subscribed to a categorization
service, could also be used to pop up policy reminder pages for Appropriate
Use Policies, but still allow users to 'burn through' the warning/reminder
page and continue on to their destination.  Again, with appropriate policies
and logging- or aggregation of usage, there is no 'tracking' per se.  Unless
you'd like to know that you actively warned a student about going to a known
malware, illegal activities, or questionable actions site, (your policy may
ban P2P) and for correlation with the DMCA complaint when it later arrives
and you're faced with student counselling issues such as 'oh, I didn't know
that was against policy'.

As I posted a similar earlier question on this topic and have product quotes
in hand, I'm also eager to hear about people's implementations, policies,
successes and failures.

I believe that we are all committed to both protecting our community from
threats, and protecting our precious privacy. Both of which seem like
loosing battles.

Walter Petruska, CISSP, CISA, CGEIT
Information Security Officer
University of San Francisco
On Sat, May 8, 2010 at 6:27 AM, Willis Marti <wmarti () tamu edu> wrote:

> SCHALIP, MICHAEL wrote:
>
> > Hi Folks.....
> >
> >
> > Our Board decided about 3 years ago to require "web filtering" here.  The
> > concern related to "academic freedom" are mitigated through a simple request
> > process.  If a faculty member or student finds that an instructionally
> > legitimate website is being blocked - all they have to do is submit a
> > request to have the website passed through the web filter and they are in
> > business.
> >
> >
> > *My question:  Does everyone do some sort of web filtering?  If you *do*
> > filter your web access - how long have you done so?  And do you have a
> > "bypass" process?*
> No. And I don't keep track of what sites they may visit (a side effect of
> your bypass process). Nor do I check what phone numbers are dialed, or books
> checked out of the library, etc, etc.
>
> We may temporarily block all access to a site serving malware or involved
> in the current phishing scheme, but content filtering belongs in K-12, not
> higher ed.
>
> Cheers,
> Willis Marti
> Director & CISO
> Networking and Information Security
> Texas A&M University