First Things First - Content Filtering
Firewall configuration should have been a single post, but I realized that I do quite a lot of configuration without even thinking about it. With that said, I decided to break this up into small but progressively more complicated tasks.
One of the things I see disabled almost immediately by most firewall admins is content filtering. Yes it is overbearing, annoying, and raises concerns over censorship. What it can do is protect your workstations from crap floating around the internet embedded in sites they really had no reason to be on in the first place. Here are some tips for keeping your job, and keeping people on your side:
1. Go slowly: If you don't have content filtering turned on, configure the policy to only block sites in categories such as freeware or malware. Then enable content filtering and see if anything breaks.
Next, print off the list of categories that are available in your platform, and take it to the leadership of your organization to get approval on which categories you can block and which are off limits. Establish a process for white listing sites that are miscategorized or are necessary for business. I like to set up a system where I can email the decision maker and only white list a site with their approval in an email.
Once you have your marching orders, enable one category per day and wait for the calls to come in.
2. Explain the change in advance, and let leadership take the heat for the decision.
3. Work with users, don't make them feel like you're working against them.
Advanced Categories and Custom Configs:
I will shout it out on top of a mountain: "I HATE ADS"
I also have found that it's very easy to block them by loading the frame in a seperate window and grabbing the URL. I then add it to my blacklist and say goodbye to the Russian Brides and the free games. If the Zedo issue from earlier this week taught us anything, it's that no good comes from ads.
The other category that I really like but that breaks a lot of sites is the "Uncategorized" category. Be advised, your life will be hell for a while. But after some tweaking and some grumbling, our Malware infections at customer sites that have allowed me to implement this had plummeted. One customer had 5 infections in a week, and since we put the work into this category it's dropped to one in 9 months.
Finally, stick to your guns. This will likely be a painful change for a lot of users but it will be worth it in the long run.
No comments:
Post a Comment