Standards for Technology in Automotive Retail

 
 Home -  News Feed 

Chapter 14. INTERNET CONTENT FILTERING

Table of Contents

14.1. OVERVIEW
14.2. FILTERING METHODS
14.3. Useful Websites

14.1. OVERVIEW

Internet content filtering is just one part of a complete security solution that is necessary to protect a business against Internet risks such as viruses, malicious code and Internet misuse. However, providing access to the Internet brings many capabilities to a dealership including email capabilities for communicating with customers and suppliers, web sites containing information important, if not critical to daily business operations, manufacturer applications, and instant messaging. The challenge is to provide access to the beneficial aspects of the Internet while protecting corporate users and assets from the potential hazards.

Internet content filtering should not be confused with virus protection. Virus) protection is used to stop a virus from being transferred to a user’s computer. Internet content filtering is used to restrict a user’s access to certain information or their ability to release information outside of the work environment. Internet content filtering screens information leaving the company network as well as information entering the network. Information that a company may identify as warranting filtering often includes confidential company and employee information, discriminating or obscene material. The content restriction may be applied to an entire company, specific groups or individuals.

Many companies are taking steps to monitor and limit network usage by implementing Internet content filtering products. These products can be strictly software or a combination of hardware and software. Typical sites that may be considered for filtering include those that carry illegal copyrighted material, adult content, games and high bandwidth audio and video streams. Restricting access from certain Internet sites poses a challenge due to the sheer number of new sites that appear daily. For that reason, many content filtering vendors constantly update lists that categorize the types of Internet sites. These updates are usually offered as a subscription download service. Filtering products can also provide reports on what type of usage patterns exist in a dealership. By monitoring usage patterns, companies can begin to proactively mitigate the risks and cost of sensitive information losses, bandwidth overload and employee issues.

To complement filtering tools, employees need to understand the importance and benefits of content security. Dealerships should create a written Acceptable Usage Policy (AUP) document. The AUP will help employees to understand how to use network assets. The purpose of an AUP is to encourage employee behavior that will increase network security, limit legal liability, improve employee productivity and maximize network bandwidth. If monitoring is conducted without employee knowledge it could be counterproductive to the very goals it is attempting to achieve. The most benefit will be derived from programs that utilize monitoring tools in conjunction with employee training in the areas of information security and appropriate uses of company resources. Electronic surveillance laws vary by county, state and country so be sure to consult with a legal advisor before implementing any monitoring program.

Content filters can use a variety of methods to evaluate content. The most common are:

  • Keyword blocking - Keyword blocking scans requested web pages for words contained in its list of objectionable terms. If a word is encountered, the page is blocked. Over blocking can occur using this technique, which prevents accessing legitimate sites because they contain a word that is blocked.

  • URL site blocking - The URL typed into the browser designates the location from where a web page loads. URL site blocking can use either include lists or exclude lists. Include lists permit all sites to the web browser except what is included in a filter list. Exclude lists deny all sites to the browser except what is included in a filter list.

Filters can be used to evaluate email content, browser and instant messaging activity. One example is email blocking. Incoming emails are blocked using a scoring system based on certain attributes present in the email and/or based on the sender’s email ID or other system information. Specific filter lists may also be established by administrators or users to block specific emails.

Increasingly, filtering packages are using both site blocking and keyword blocking usually with a Graphic User Interface (GUI) to ease administration.

Additionally, web-rating systems can be built into web sites and browsers by the authors. The system works by rating web sites by content type. A content advisor setting in the web browser can be configured to accept or reject content based on rating levels. The most well known rating system is called the Platform for Internet Content Selection (PICS), developed by the World Wide Web Consortium (W3C). For example, in Microsoft Internet Explorer, ratings can be administered under the Tools Tab / Internet Options / Content Tab / Content Advisor Enable Button. This feature is a standard component of Internet Explorer. Note that participation in web rating systems is voluntary and therefore it is not guaranteed that all sites will have ratings.