Web content filtering is an integral part of today’s multilayered security plan for enterprises. A content filtering solution is designed to prevent access to well-known malware deployment sites as well as parked domains and temporary sites often utilized for malvertising or other unscrupulous deeds. Some security minded companies enforce strict whitelisting policies around web usage, preventing access to any site not on an approved list.
A content filter is also designed to manage the web usage parameters of employees and users. Many companies block their employees from accessing unproductive websites as well as sites that contain inappropriate or offensive content. Some organizations such as school systems implement content filtering to meet government compliance's in order to get education funding and grants.
When it comes to content filtering, not all users are the same because different users have different job functions. For instance, a bank branch may deny internet access to bank tellers while mortgage brokers need access to a variety of sites to do their job. This can be achieved using network configuration strategies such as VLANs.
Teller VLAN devices would be denied access while the mortgage VLAN is assigned a less restrictive policy. This strategy works perfectly well as long as users always use the same device. But what if an IT technician is working on a teller machine and needs access to the Internet? What if an instance occurs in which an administrator needs to access a blocked site? A common example is school systems, which may universally block a site such as Facebook. Yet, there are excluding circumstances every week such as a principle that needs to access Facebook to do an investigation of cyber bullying. While each school could have a kiosk computer with an assigned static address that could then be assigned an open web profile for school administrators or media librarians, this type of strategy limits the agility of privileged users that have roaming profiles. Clearly managing content filtering according to VLANs and subnets provides little flexibility.
This is why LDAP integration is so important today for content filtering solutions. Managing web access for users and groups offers far greater flexibility. Most web content filtering solutions today provide a configuration section to input LDAP information, which allows the software to use LDAP authentications. Different filtering solutions capture LDAP credentials in different ways. In a school computer lab environment, teachers and students could logon to the same desktops and receive the proper web access they need by their LDAP account ID. This is a far simpler way of providing multiple web access policies. You can also assign certain users override privileges so that approved users can access blocked websites for those instances when it is critically necessary.
LDAP integration really shines in the area of logging and reporting. Because most organizations use DHCP for their workstation and mobile devices, it is impossible to review logs more than a day old to determine which machines accessed or attempted to access unauthorized sites. Often, even if the exact machine is located, correlating that machine with a designated user is challenging at best. With LDAP integration, reporting is a breeze. For content filtering solutions that provide extensive reporting functions, a complete report can be created showing every site accessed by a user within a designated time window should an investigation be warranted.
If a user is assigned to multiple web policies due to being a member of more than one LDAP group, management can specify that the least or most restrictive policy serve as the default. You can also create a default policy for visitors and guests that do not have an LDAP account within the enterprise.
LDAP integration is even more important for cloud based DNS filtering locations. These cloud-based solutions are ideal for organizations that have mobile devices that frequently leave the enterprise such as sales people or students enrolled in K12 one-to-one programs. However, because the filter manager does not live on site in these cases, NAT enabled IP address will not be recognized. This means that filtering policies cannot be derived around IP addresses and VLANs, so LDAP integration is a must in these circumstances. LDAP integration is employed using a client-based solution that captures the LDAP session.
LDAP integrates into so many aspects of today’s enterprises and your web content filtering solution should be no exception. It provides the granularity you need to manage all your users, no matter where they are. If you are in the market for a new solution, be sure to ask about this critical function.
If your organization uses directory services such as LDAP, NetIQ, or Active Directory, WebTitan provides the APIs to integrate our HTTPS content filtering solution into your directory service and other deployment, billing and management tools.
Sign-up for email updates...