Chapter 20

How Site Blocking Works


CONTENTS

Inside an intranet, it's easy to control the kinds of pages, information, pictures, and other data that people are accessing. The corporation controls what gets posted and what doesn't, and so nothing can get posted that the company believes would be objectionable. That's far from true out on the Internet, however. Objectionable content makes up a very small part of what's available on the Internet, and to find the objectionable content you have to do a bit of digging. Still, anyone who wants to find it can certainly get access to it.

Congress, among others, has tried to ban certain kinds of content-such as pornography-from being available on the Internet. The real answer to the problem, though, doesn't lie in legislation, because even if such laws are held constitutional, anyone who truly understands the Internet and its technology also recognizes that the laws are unenforceable. The real answer lies with technology itself: software that will allow people such as parents and intranet administrators to block access to those sites. A number of companies make and sell software that allows site blocking.

Many problems can occur if people from inside an intranet are visiting pornographic or objectionable sites on the intranet. And in any event, companies would not want employees viewing those kinds of sites on company time, using company hardware, software, and network resources.

To block objectionable sites on an intranet, the answer is not to put site-blocking software on each individual computer on the network. It would be too unwieldy and expensive to do that. Instead, server-based site-blocking software is used. Site-blocking software on a proxy server examines the URLs sent to it and decides whether or not to retrieve the requested page by reviewing databases that list objectionable sites and words.

One group working on the issue is PICS (Platform for Internet Content Selection). They are trying to develop industry standards for technology that would allow the content of all sites and documents on the Internet to be rated according to its sexual and violent content. They would also create standards that would allow software to be developed that would be able to block sites based on those ratings.

Not all intranets need site-blocking software. However, intranet administrators may want to know what kind of sites people on the intranet are visiting. They can use server-based software that can keep logs of what kinds of sites people are visiting on the Internet. This will help not only to decide whether site-blocking software is needed, but also to know when more server resources are needed for the intranet.

Blocking Objectionable Sites from an Intranet

Since intranets allow access to the Internet, intranet users can visit objectionable sites on the Internet-sites with sexual, violent, or other kinds of distasteful content. This illustration shows how server-based blocking software might work, based on the SurfWatch product that can be used to block sites on individual computers.

  1. Site-blocking software examines the URL of every request going out of the intranet. URLs most likely to be unacceptable will be accessing the Web (http); newsgroups (nntp); ftp (ftp); gopher (gopher); and Internet chat (irc). The software takes each of those five types of URLs and puts them each in their own separate "boxes." The rest of the intranet information going out is allowed to go through.
  2. Every URL in each of the boxes is checked against a database of the URLs of objectionable sites. If the blocking software finds that any of the URLs are from objectionable sites, it won't allow that information to be passed on to the intranet. Products like SurfWatch check thousands of sites, and list several thousand in their database that have been found to be objectionable.
  3. The site-blocking software next checks the URL against a database of words (such as "sex") that may indicate that the material being requested may be objectionable. If the blocking software finds a matching pattern, it won't allow that information to be passed on to the intranet.
  4. Site-blocking software can then use a third method of checking for objectionable sites, a rating system called PICS (Platform for Internet Content Selection). If site-blocking software finds, based on the rating system, that the URL is for a site that may contain objectionable material, it won't allow access to that site. Rules about passing or dropping can be configured to control. access to unrated sites.