Recommending Internet Filters to Church Members

This forum contains discussions related to keeping families and individuals safe while making use of technology. Acceptable topics would range from how to protect families from Internet predators and online pornography, monitoring and protecting cell phone usage and text messaging, locking unwanted television and movies from various devices, protecting and monitoring computer game usage, and promoting safe Internet and technology use.
LakeyTW
Member
Posts: 86
Joined: Fri Jan 19, 2007 3:29 pm
Location: Salt Lake City, UT

Postby LakeyTW » Sat Mar 10, 2007 9:42 pm

jeffphil wrote:True, but the church does use a product or system employed in its own filtering for Family History Centers and what not. Is there any way to use this same service or a very close match to it at home? I realize we don't have the Cisco Pix firewall installed at home, but I'm mostly referring to just the same data source as far as which sites should be blocked.
Enterprise filtering products are typically very customizable and allow the enterprise to choose what types of sites are allowed and what types of sites are blocked. Just using the same product still does not mean you would have the same filtering in place. Additionally, enterprise applications are not priced for the home user.

No filter is perfect. They either block sites that shouldn't be blocked or they allow sites which you may not want allowed. Filtering products are usually only capable of blocking known bad sites. Unless they are updated very often and have a good mechanism for harvesting and analyzing new sites in a timely manner, they are going to have gaps in their coverage.

Tom

User avatar
WelchTC
Senior Member
Posts: 2088
Joined: Wed Sep 06, 2006 8:51 am
Location: Kaysville, UT, USA
Contact:

Postby WelchTC » Mon Mar 12, 2007 7:47 am

jeffphil wrote:True, but the church does use a product or system employed in its own filtering for Family History Centers and what not. Is there any way to use this same service or a very close match to it at home? I realize we don't have the Cisco Pix firewall installed at home, but I'm mostly referring to just the same data source as far as which sites should be blocked.

-Jeff
I'm not aware of the product that the Church uses but I'm sure it is a commercial corporate system. At one time I thought that at least part of the Church was using a solution from BlueCoat (Cerberian) but I can't verify that. Two my knowledge there are two different methods for blocking available.
  1. Replicated database of blocked sites. This method replicates a database of blocked sites to all machines that are doing the filtering. Much like a virus checking solution that has to have a copy of all virus definitions locally, these machines on a daily basis check with the master database to ensure that they have the latest "block" list. The advantage of this approach is that lookups are fast because they are on the local machine (or network). The disadvantage is that sometimes the DB can get out of sync because of communication or connection problems.
  2. Proxy access to blocked sites. In this approach, the master database of blocked sites is kept at a central location (vendor's location) and each request for a site is first check with the central site before it is allowed to go to the original site. This approach has one big advantage which is that the database does not need to be distributed amoung potentially thousands of machines. The disadvantage is that each request has to "phone home" for permission .. causing a slight delay when going to any particular site.
Tom

russellhltn
Community Administrator
Posts: 31116
Joined: Sat Jan 20, 2007 2:53 pm
Location: U.S.

Postby russellhltn » Mon Mar 12, 2007 12:56 pm

tomw wrote:Two my knowledge there are two different methods for blocking available.
I think #1 is used on machines connected via dial-up. #2 is used by the systems that have a Cisco PIX box - which should be all broadband networks.

User avatar
garylm-p40
New Member
Posts: 31
Joined: Sun Mar 04, 2007 12:33 am
Location: West Valley City, UT
Contact:

Postby garylm-p40 » Mon Mar 12, 2007 1:17 pm

tomw wrote:Proxy access to blocked sites...causing a slight delay
Doesn't MStar's filtering service employ proxy access to cleared sites, with staff on-hand to pre-browse URL requests that don't yet appear in the database? How long would the delay be if a site did not appear on the cleared or the prohibited list?

JamesAnderson
Senior Member
Posts: 773
Joined: Tue Jan 23, 2007 2:03 pm

Postby JamesAnderson » Mon Mar 12, 2007 1:49 pm

I do remember seeing that the Cerberian product was used for FH sites between at least 2002-2004, but they never said if they replaced it with another system or are using a different or in-house system that uses the Blue Coat database only.

Another update on what became of Cerberian: The people that built Cerberian are still around, the only difference really is they are now part of Blue Coat, and they do offer a free filtering application for home PCs that uses the same exact database as its corporate counterpart, that can be downloaded and set up in a couple of minutes.

One of the problems with some filters is you have to download the database, and get updates regularly. That was the case with alot of the earlier ones, some of those are still around in fact. Most of the big corporate solutions now keep the database on their servers and your copy of their filtering software just queries the database when you request a given URL. That makes the filter harder to defeat.

The local library here used one of the first big filtering software packages that hit the market, and that was rendered largely useless right away, they used another, and are now using a third. The last two use the offsite database method of storing URLs, while the first used the database download/update method of keeping updated. That's why it was rendered useless because users could defeat the updating mechanism.

LakeyTW
Member
Posts: 86
Joined: Fri Jan 19, 2007 3:29 pm
Location: Salt Lake City, UT

Blocked Sites

Postby LakeyTW » Mon Mar 12, 2007 3:50 pm

garylm wrote:Doesn't MStar's filtering service employ proxy access to cleared sites, with staff on-hand to pre-browse URL requests that don't yet appear in the database? How long would the delay be if a site did not appear on the cleared or the prohibited list?
I have no experience with Mstar so I cannot speak about how they do it. They may be able to do it in a very short period.
Assuming you are using a centrally managed enterprise content filter, it would depend on the approach that is taken. A company can choose to either block or allow uncategorized sites. If they allow them, then there is always risk that a new uncategorized site will contain objectionable content. If they choose to block uncategorized sites then the site will be blocked until someone reviews the request to allow the site.

russellhltn
Community Administrator
Posts: 31116
Joined: Sat Jan 20, 2007 2:53 pm
Location: U.S.

Postby russellhltn » Mon Mar 12, 2007 6:06 pm

When the church first started Internet access they did use MStar. Since then I think there's been a parting of the ways.


On another note, I aways have to smile when I see the main forum page and see the most current topic for this section is "Recommending Pronogorphy..." I guess I just have a warped sense of humor. :D

LakeyTW
Member
Posts: 86
Joined: Fri Jan 19, 2007 3:29 pm
Location: Salt Lake City, UT

Postby LakeyTW » Mon Mar 12, 2007 10:20 pm

RussellHltn wrote: On another note, I aways have to smile when I see the main forum page and see the most current topic for this section is "Recommending Pronogorphy..." I guess I just have a warped sense of humor. :D
Yeah, it is an unfortunate title. Ironically, it is one that would potentially be blocked by a content filter. Any chance an admin could change this to Internet Filtering Software?

User avatar
WelchTC
Senior Member
Posts: 2088
Joined: Wed Sep 06, 2006 8:51 am
Location: Kaysville, UT, USA
Contact:

Postby WelchTC » Tue Mar 13, 2007 7:28 am

lakeytw wrote:Yeah, it is an unfortunate title. Ironically, it is one that would potentially be blocked by a content filter. Any chance an admin could change this to Internet Filtering Software?
The title was changed on the post but the thread (which keeps a separate title) is harder to change. I'll see if I can dig into the DB to change it.

Tom

jensencraigdennis1
New Member
Posts: 2
Joined: Sat Mar 17, 2007 10:35 pm

One decent solution

Postby jensencraigdennis1 » Sat Mar 17, 2007 11:00 pm

I have used many different 'solutions' in an attempt to filter internet for my home. By far the most effective is what I now use:

Built from an old machine, make sure it has two network cards, and a working hard drive, cd-rom, and video (very basic video card)-
  1. install SME Server linux os - this will boot from the cd and configure your system as it is installed. One network card will be for incoming access (i.e. from your cable modem/dsl modem/whatever), the other 'serves' the connection to your home after filtering.
  2. install Dansguardian, squid internet access monitor, and sarg reporting package
  3. use a router/switch to connect from your SME machine's 'out' network card with enough ports for your computers (or a wireless router)
  4. create accounts on the SME server for all your home users.
The results of the above configuration provide-
  • login requirement for all internet access
  • restriction of access as per your Dansguardian/Squid configuration (can even be by 'group'... some with very strict restrictions, others not)
  • logging of ALL access BY USER
  • administration of all of this or more
I set these up for others as well, but I have been impressed enough with it's effectiveness (compared to client software) that I thought I would mention it for those who would be knowledgeable enough/bold enough to try to set one up themselves.:) An old machine, a couple network cards, several hours of configuration and you have a home network filtering solution.

Craig Jensen


Return to “Family Safety with Technology”

Who is online

Users browsing this forum: No registered users