CensorNet Pro - Web Filtering | Internet Filter | Web Content

CensorNet Pro

Test Report December 2008

CensorNet Pro

Vendor Details

Name: CensorNet Ltd

UK Office: The Old Post Office, Bristol Road, Hambrook, Bristol BS16 1RY

Telephone: 0845 230 9590

Fax: 0845 230 9591

Website: www.censornet.com

Product: CensorNet Pro

Test Laboratory Details

Name: West Coast Labs, Unit 9 Oak Tree Court, Mulberry Drive

Cardiff Gate Business Park, Cardiff, CF23 8RS, UK

Telephone: +44 (0) 29 2054 8400

Date: October 2008

Issue: 1.0

Authors: Matt Garrad, Michael Parsons, Richard Thomas, Paul Jones

Contact Point

Contact name: Mark Thomas

Contact telephone number: +44 (0) 29 2054 8400

2 www.westcoastlabs.com

CensorNet Pro

Contents

Product Information 4

Test Objective and Scenario 6

Checkmark Certification Information 8

Test Report 9

West Coast Labs Results & Conclusion 14

The Latest Enhancements to CensorNet Pro 15

Acceptable email and internet usage policy 16


CensorNet Pro

The Product

CensorNet says... about the product

CensorNet Professional is a leading edge, policy based Web content control solution comprising enterprise class features and flexibility at a price point that delivers true value for money.

url : www.censornet.com/products/censornetpro/

CensorNet says... about the product’s business benefits• Rapidly improve productivity by limiting personal and non-business Web

browsing to outside working hours based on flexible filtering rules.

• Comply with CIPA, BECTA, HIPAA and other guidelines to reduce business risk and liability.

• Improve network security by eliminating the risk of Web borne threats, such as viruses, malware, spyware and phishing sites.

• Improve network performance by regulating bandwidth, restricting unnecessary content types and utilising an on-disk web cache.


4www.westcoastlabs.com

CensorNet Pro


CensorNet says... about the product’s technical benefits

• Powerful and intelligent real time raters detect unknown sites and are trained to filter web content ranging from Alcohol and Gambling through to Pornography and Violence in multiple languages.

• The comprehensive database contains over 60,000,000 known Web sites categorised into over 70 categories.

• Included as standard is the Active Image Control image filter which inspects over 13 different image formats for unsuitable and offensive content, replacing suspect images with a safe symbol.

• Decrypt and filter secure SSL/HTTPS web sites on-the-fly to protect against encrypted threats such as anonymous proxies - a technique used to bypass traditional Web filtering systems.

• Automatically enforce safe searching on leading search engines such as Google and Yahoo!.


CensorNet Pro

Test Objective and Scenario

The report examines the functionality and performance of CensorNet. The objective is, through a real-world test environment, to provide anindependent validation of content filtering effectiveness with particular reference to:

• A detailed view of the features, functionality and performance of the solutions.

• The extent to which the security policy is enforced.

• The completeness and accuracy of the logs produced.


CensorNet Pro

Test Methodology

The Web Filtering test methodology has been developed to replicate in a short space of time a number of hits on sites that fall outside of theprescribed Acceptable Usage Policy, along with providing genuine sites as a control group.

WCL will initially perform the testing with an “out-of-the-box” configuration, changing only those settings on the solution needed to ensure correct op-eration inline with the vendor’s recommended installation and configuration procedures.

WCL has produced proprietary software based upon a well-known Internet browser to load in a list of URLs from a regularly updated database of we sites that fall outside the Acceptable Usage Policy.

The application switches through a list changing web pages at astandard interval until it either runs out of URLs or receives an END command.

The HTML code from each web page is appended to a log. A designated test engineer will then analyse the logs to ascertain if any pages have been passed through the solution incorrectly. The logs from the software were then examined to see if any sites had been allowed through, and these results were compared with the logs on CensorNet.


CensorNet Pro

Checkmark Certification

On completion of the Testing and based on the product performance, appropriate Checkmark Certifications will be awarded based on achieving the following performance criteria.

Upon successful completion of the testing, CensorNet will be accredited to the relevant Checkmark Certifications for either :-

Checkmark PREMIUM Certification for Web Filtering100% of all attempts to access web sites outside the terms of the security policy should be blocked and that such attempts will be logged.

Checkmark STANDARD Certification for Web FilteringOver 95% of all attempts to access web sites outside the termsof the security policy should be blocked and that such attemptswill be logged.


Test ReportCensorNet Pro is a Linux-based HTTP/HTTPS URL filter system that actively scans and blocks websites based on content and URL reputation. Designed for deployment into a corporate network environment, and acting as a proxy server for web traffic, the solution is installed onto a host machine, taking the entire machine over for its operation.

CensorNet Pro includes a Debian 4.0 distribution, a widely recognised version of the Linux operating system onto which the CensorNet software is then installed. The supported number of computers is limited only by the type of license that is purchased, with the standard license supporting up to one thousand individual machines.

CensorNet Pro


CensorNet Pro

Installation and configuration

Installation of CensorNet Pro is very straightforward and should be a simple task for most system administrators. The software is supplied as a downloadable ISO which, when burnt, creates a bootable installation CD. Documentation is available for the entire process on CensorNet’s website at http://www.censornet.com/. The CD runs through the operating system installation, after which the administrator may then proceed to install the CensorNet Pro software.

Very little subsequent work is required to complete the installation of the software, requiring just the configuration of Debian’s list of update sources for packages to include the CensorNet servers, followed by some questions related to the installation path and logfile directories to which the default answer will likely suffice.

The final step in setting the server up is the addition of a license key that is provided separately by CensorNet – for the case of this test, West Coast Labs were provided this via email. The entire installation is completed in very little time and the majority of the steps should already be familiar to any Linux administrator, however the provided documentation is well written and concise and should guide even a novice Linux administrator through the stages quickly.


Operations and FeaturesOnce the software is installed there are two options for deploying the filtering to client machines. The first option is to configure the browser on each client machine to use the newly installed CensorNet Pro server as a web proxy – a task which is easily accomplished via an Active Directory Group Policy Object. The second option is to deploy CensorNet as an interception proxy, whereby it transparently intercepts connections to port 80 and 443 from client machines. Once completed, each user will then immediately begin benefiting from the monitoring and protection offered by the solution.

Further configuration of the CensorNet solution is carried out over a web-based interface that may initially be accessed from any machine that may access the network on which the server resides.

Once logged in to the interface, the administrator is presented with a statistical overview of network activity including the status of the server and its services, web traffic volume, and relevant update and licensing information. This gives an instant one-look summary of the network and is useful for spotting any anomalies from a high level perspective before digging further into the logs.

The CensorNet solution has many options that may be configured, including the setup of both user and workstation groups, useful for the application of various policy restrictions that the administrator or company may require. For example, when setting up a User Group the administrator is free to limit the amount of bandwidth that each group may use and the timeframes in which different web-use policies should be applied. This allows the administrator to easily manipulate the level of web activity throughout the entire day. Also, as the policy implementation can be group based, particular groups of users may be allotted total web access while others may be heavily restricted

CensorNet Pro


CensorNet Pro

in terms not only of traffic bandwidth, but also categories that can be accessed.

This high level of flexibility is carried over to the way in which CensorNet Pro handles its policies. On creating a new policy the administrator is provided with multiple modes in which the policy should operate.

Each of these modes defines the number of filters that the administrator may configure. For example, setting the mode to Closed provides no further options and blocks all web traffic, while selecting Filtered allows the administrator to decree which site categories should be blocked or allowed and how stringent image scanning should be. The Advisory mode provides users with the opportunity to override a blocked site if they deem the content to be suitable for their work remit. This reinforces the companies Acceptable Usage Policy whilst providing the freedom for the user to continue with their work. This granular approach allows for a highly customized approach to web traffic filtering.

Along with the comprehensive database of known sites, over 60 million in 70 categories, CensorNet also employs real-time detection in over 15 languages and categorisation of both web page content and image control. HTTPS/SSL filtering is also included in the product.


ReportingThere are multiple reporting methods by which an administrator may keep track of user activity, each providing information that may be useful to an administrator looking to monitor established user trends and traffic.

Reports can be generated for blocked and allowed website visits and may be configured to include specific users, machines, and the durations for which each site was viewed. Further, these reports may then be archived in either PDF or CSV format for backup or auditing purposes, ensuring that a historical perspective of web traffic usage can be made available.

Real time information may also be viewed via the Reports menu and includes such data as currently active users, the machine on which they are browsing, a record of the URLs they have visited, and whether they were subsequently denied or permitted access to the sites.

For those administrators concerned with websites being falsely blocked by any of the filtering technologies, users may send Unblock Requests back to the CensorNet server that may be manually approved or denied by the administrator – a useful tool in some sectors, for example medical technology where certain sites may be banned to a more general user because of their content.

For business managers, CensorNet Pro is able to generate a regular e-mail management report containing a digest of user activity for the groups that the manager is responsible for. For example, the Sales Manager could receive a monthly report of all Internet activity within his team and act on the results accordingly.

CensorNet Pro


CensorNet Pro

ResultsThe CensorNet Pro solution performed extremely well, and West Coast Labs are pleased to announce that it has been awarded the Premium Level of Certification for the Web Filtering Checkmark.

Conclusion CensorNet Pro is a highly customizeable software-based solution that provides high performance URL filtering capabilities in its out-of-the-box configuration.

The flexibility of policies means that different users can be granted different permissions and over different time frames giving great adaptability to changing business requirements and environments.

The reporting offers a large amount of data that is useful not only in identifying transgressors, but also can be used to look at more widespread trends of internet usage.


The Latest Enhancements to CensorNet Pro Outline of how the product has been developed over the last 12 months to deal with increasing information security problems .

The product has a dedicated team of programmers in the UK continuously evolving the filtering techniques and modules available to combat new web borne threats. The URL database is updated incrementally daily, with a full baseline update every 3 months. We release new real-time raters every quarter to detect new types of content and work with our business partners to ensure CensorNet includes their latest releases.

Additional Noteworthy Product Features • Download & Go using our self-installation Linux software, a virtual appliance

for VMware or order one of our Dell® powered hardware appliances.

• Quickly configure authentication for a number of network environments, including Active Directory, Windows NT, Samba, E-Directory (NDS) or LDAP.

• Simply synchronise CensorNet™ with your Active Directory OU structure or import users using a variety of simple tools.

• Create advanced filtering policies and schedules for groups of users and machines within minutes

CensorNet Pro


CensorNet Pro

Acceptable Usage PolicyThe Draft Acceptable Usage Policy lays out general principles both for email usage and for internet access. Like most policies, it allows a certain amount of personal use for staff, but impresses on them that this should be ‘reasonable’, and that if they have any doubts, to check with their manager. It also states explicity that all traffic can be monitored and recorded, thereby reminding users that nothing they do on the company network is private.

It also spells out actions that are forbidden. These include sendingoffensive messages, breaching copyright by downloading pirated material, or generally clogging up the network with trivial traffic. In other words, it is a typical acceptable usage policy that tries to explain why the rules are in place, where the boundaries lie, and the penalties for crossing them.

A good content filtering system should be expected to block any attempt to access websites outside the terms of the policy, and stop users from sending illicit emails. It should also log any attempts to breach the policy.

At the same time, it should not get in the way of day-to-day business. Asystem that starts blocking legitimate emails and stopping users fromusing the internet for their work is worse than no system at all.


Email and Internet Acceptable Usage Policy The following policy applies to all staff of Company XX (“the Company”) and to those offered access to the Company resources.Electronic media are of increasing importance to the Company, bothinternally and externally. The following policy gives guidance forappropriate usage.

E-mail - General PrinciplesIn general, staff are expected to apply basic good judgement and common sense in their use of e-mail.

You should bear in mind that e-mails are not private to you. The Company has the right to monitor and/or record e-mails or electronic documents that you create, send or receive:

• For security and network management reasons;

• To ensure compliance;

• Where necessary in order to carry out the business of the Company;

• To prevent or detect a crime.

All e-mail recorded messages remain the property of the Company.Furthermore you should be aware that even when you delete a message, a back-up copy is likely to be retained.

You should also remember that e-mails are admissible as evidence inlegal proceedings involving the Company. In addition, however carefully the system is protected, hacking is always a possibility and you should be wary of sending confidential information by e-mail. If in any doubt, make sure you ask your manager.

CensorNet Pro


CensorNet Pro

Limited personal use of e-mail is, at the discretion of your manager,acceptable. However, this must not interfere with your work orperformance. Unreasonable personal use, including in particular the use of the system for personal business activities or a high volume of personal e-mails, will be considered a serious disciplinary offence.

Employees expressly shall not:

• Use e-mail for personal advertisements or participate in chain letters

• Send or solicit material that is thought to be obscene, abusive, defamatory, sexually explicit, offensive, racist or sexist to the recipient or any other individual or which is intended to annoy, harass or intimidate another person. The soliciting of such e-mails will be considered a serious disciplinary offence.

• Create e-mail congestion by sending trivial messages or unnecessarily copying e-mails.

• Download, copy or transmit to third parties, the works of others without their permission as this may infringe copyright.

• Download unlicensed copyrighted software.

The following are allowed:

• Internal regular reporting

• Sensible requests for information

As a rule of thumb, you must be as careful about sending an electronicmessage as you would a letter on the Company’s headed paper. TheCompany may be liable for what you do from the Company networkwhether we know about it or not.

You are expected to protect the integrity, security and confidentiality of your data and equipment. Abuse of the e-mail system will be dealt with under the


disciplinary procedure and serious breaches may result in dismissal.

Internet - General Principles:Use of the Internet by Company employees is permitted and encouraged where such use is suitable for business purposes and supports the goals and objectives of the Company.

You should bear in mind that the websites visited by you may be monitored and/or recorded:

• For security and network management reasons;

• To ensure compliance with this policy;

• Where necessary in order to carry out the business of the Company;

• To prevent or detect a crime.

The Internet is to be used in a manner that is consistent with theCompany’s standards of business conduct and as part of the normalexecution of an employee’s job responsibilities.

Corporate e-mail accounts, Internet IDs and web pages should not beused for anything other than corporate sanctioned communications.Users may be subject to limitations on their use of such resources.

The distribution of any information through the Internet, computer-based services, e-mail, and messaging systems is subject to the scrutiny of the Company. The Company reserves the right to determine the suitability of this information.

CensorNet Pro


CensorNet Pro

Employees are expressly forbidden to:

• Download, transmit or have possession of any pornographic material.

• Transmit, download or store any material that is thought to be obscene, abusive, defamatory, sexually explicit, offensive, racist or sexist or which is intended to annoy, harass or intimidate another person. Transmitting, downloading or storing such material will be considered a serious disciplinary offence.

• Download or install software from the Internet without prior approval from the Company’s IT Purchasing department.

• Send or otherwise participate in chain letters.

• Transmit confidential or proprietary matters of the Company.

• Send customer/supplier related info over any public computer system unless with proper agreement and encryption.

• IInfringe copyright laws.

• Participating in “chat rooms”.

• Use the Company’s computer resources to break into another site or to illegally obtain information from another site.

Infringement of these prohibitions will be dealt with under the Company’s disciplinary procedures and serious breaches may result in dismissal.

Limited personal use of the Internet is, at the discretion of your manager, acceptable. However, this must not interfere with your work or performance. Unreasonable personal use, including in particular the use of the system for personal business activities or a high volume of personal Internet use, will be considered a serious disciplinary offence.


US Headquarters and Test FacilityWest Coast Labs16842 Von Karman Avenue, Suite 125,Irvine, California, CA92606, USAT +1 (949) 870 3250 , F +1 (949) 251 1586

European Headquarters and Test FacilityWest Coast LabsUnit 9, Oak Tree Court, Mulberry Drive Cardiff Gate Business Park, Cardiff CF23 8RS, UKT +44 (0) 2920 548400 , F +44 (0) 2920 548401

Test Facilities also in Hong Kong and Sydney, Australia

E [email protected] www.westcoastlabs.com

Date post:	04-Feb-2022
Category:	Documents
Upload:	others
View:	5 times
Download:	0 times

CensorNet Pro - Web Filtering | Internet Filter | Web Content

Documents