How is a webfilter, hence a filter that blocks navigation towards dangerous websites, built? In this article we also explain how to make them work best taking into account personal or business needs.
1. What is a webfilter
A webfilter is an application that blocks navigation towards some categories of websites. The tool is used to deny access to dangerous websites or websites that include sensitive or offensive contents. It is the perfect solution to keep the navigation within the network of a company, a Public Administration or an educational institution, to make some examples. But it can also be used at home to prevent children from ending up in inappropriate websites during Internet navigation.
It is exactly for the protection of minors that, at the end of the 90s, when the web was booming, software producers decided to make the first webfilters. The idea was born in American public libraries, which provided PCs with free access to the web. The introduction of CIPA (Children’s Internet Protection Act) in the USA obliged libraries to start using a webfilter, or else they would not have been able to receive the funds for the purchase of terminals.
Since 2004, the year when the American law entered into force, webfilters have spread progressively to all the educational institutions, until they reached households and companies, extending their reach and aims.
Inside companies, a webfilter, also called content control software, is used to prevent employees from using the company network for purposes different from the work activity. Therefore, the company can for instance block access to porn websites but also to other services. These include audio and video streaming, YouTube, desktop versions of social networks, online gaming, job search websites, etc.
Within a company, the aim of a webfilter is to preserve productivity and efficiency, but it is useful also to protect the company network. Indeed, these tools can block access to malicious links, possibly received by email or through instant messaging apps that make use of the web.
All the places that make available a WiFi network can also be interested in using a webfilter. This has both strategic reasons and the willingness to limit band use. This is the case, for example, with railway companies that block acces to Netflix and YouTube, so as to prevent users from using too much bandwidth, but especially to push their offer of multimedia services.
>> FlashStart protects you from a wide range of threats and prevents access to malicious websites ? Start your free trial now
2. How does a webfilter work?
The functioning of a webfilter is pretty easy. First of all, we should notice that it can be distributed as a software but also as a service, or else it can be included in an app. The webfilter’s algorithm monitors navigation from a connected device. As soon as a device requires access to a website that is part of a black list, the access is denied.
Black lists are databases, lists of IP addresses whose access is blocked. They are pre-set by the software or service supplier. The list is built through an automatized search activity aimed at finding websites and categorizing them (porn websites, fraud websites, etc.). The FlashStart webfilter solution, for example, supports as many as 85 different categories of contents.
The spider used by this activity “reads” the domain name of websites or contents (texts, pictures, multimedia) and compares them to suitable tables of “prohibited” words. As soon as there is a match, the website IP is included in the black list.
On the contrary, in some cases, especially in business environments, white lists are used, hence lists of websites that the employees can access, limiting the navigation further.
The black lists initially used by the algorithm are standard ones, bu they can be dynamically modified and personalized. And it is (almost) always necessary to personalize them. Both because spiders can be bypassed, and because a company or institution can request the block of website categories not considered in the default options.
The filtering can be based on the Url, and in this case it will block the entire website, or it can be granular, hence the block is at the level of the single page. Usually, a general control at the DNS (Domain Name System) level is carried out. This means blocking a specific domain name and not all those that could refer to the same IP. In this way, the filter is more detailed, since it avoids blocking websites that might not be malicious.
It is clear from our discussion so far that filter accuracy, and hence black list accuracy, is the great distinctive feature of a webfilter. In order to increase it, today top sellers in this sector make use of new algorithms based on artificial intelligence. The idea, which introduces the concept of DNS Intelligence, is to collect data relative to DNSs, domains and contents, elaborate them and generate useful information to improve in real time the trustworthiness of the filters.
It should moreover be underlined that the webfilter can block access to an Url also when the action starts from an app that is not necessarily a browser. Hence, the block is granted also for the Urls found within an email or a chat.
3. Different types of webfilter
A webfilter can be an independent application, a module of a wider protection solution, a service provided remotely or an add-in of a navigation program. All the most widespread browsers have a webfilter that can be activated but that has a clear limit. Indeed, the filter can only limit navigation that stems from that specific browser.
In particular, Google SafeSearch “helps filter explicit contents in your results”, where by “explicit” they mean porn and violent contents. But they also clarify that the filter works only on the Google search results. Hence, it does not block explicit results from other search engines ot page and websites to which users access directly, for example from a message coming from Facebook Messenger, from Whatsapp or from an email. The same limit exists for filters offered by websites like the Restricted Mode on YouTube: the block works only inside the website, from a registered user and only with the used browser.
Furthermore, there are webfilters integrated within the security appliances available in a company (gateway, firewall, physical routers) and applications that can be installed in a single device. Finally, the webfilter can also be a service offered by the carrier or by the Internet Service Provider.
>> Are you an appliance producer? It is possible to integrate FlashStart as a native setting ? Contact us!
4. Features of the best webfilters
What is the best webfilter? And what are the features that distinguish one webfilter from the other? First of all, it is important to choose the correct type of webfilter. Within a company, it could be better to have a webfilter integrated in a hardware appliance or a service supplied by the Internet Service provider or by the Cloud Service Provider.
In order to protect the users’ navigation also outside the company network, for example in the case of remote work, it could be a good idea to set up a webfilter in the single device or to extend the service. On the other hand, if you wish to protect the navigation of children in the household, the default filters available in the browser could be enough as well as those in the protection programs set up on each device.
4.1 Which one should you choose in a company?
In other business contexts, like in SMEs or in educational institutions, it makes sense to install a webfiltering service independent from the presence of wider protection solutions. We must take into consideration, indeed, that most of the attacks take place starting from the access to a web page. Therefore, providing a webfilter already grants a good protection level.
More specifically, the value of a webfilter solution depends on some elements. First of all, the reach of the Anycast network offered by the service supplier is a crucial factor. Initially devised to grant the highest navigation speed, today an Anycast network is also intrinsically protected. This means that, when the users requires access to a given domain, the structure can verify its potential dangerousness in real time and block access to it.
The wider and more redundant the Anycast network, the better the performance and the higher the security level achieved.
4.2 The importance of personalization
Another fundamental element is accuracy of the database (the black list) against which the DNS is verified and its updating. It is important for the supplier to update in real time, through automatic spiders, the database simply because every day thousands of websites and dangerous pages are born.
Very important when you choose a webfilter is also the ability to personalize and integrate it. For example, the FlashStart solution is one of the few that allows integration with the Microsoft Active Directory, granting higher service quality.
The personalization of the database and of the functions is a crucial characteristic. Indeed, we saw that every environment has different needs. A company can choose different levels of navigation control, and the requests must be satisfied, both while implementing the service and during normal activity.
>> If you are already using FlashStart, read this guide that explains how to extend the blacklists for DNS Internet filtering.
You can activate the FlashStart® Cloud protection on any sort of Router and Firewall to secure desktop and mobile devices and IoT devices on local networks