When the news broke that several employees at the National Science Foundation had been disciplined for viewing inappropriate Web sites at work, I wondered what had happened that such content even got through to the NSF network. Though I have yet to speak with anyone who works for or directly with the foundation regarding what went wrong, I did talk to Black Box Network Services' Jim Schriver. His gut reaction?
It's a little surprising that an organization of that size, in 2009, would not have at least very basic filters in place. ...[F]or the sake of the person running that IT organization, I hope they did have something in place and that people were just able to find ways to get around it.
Schriver stressed to me that basic content filtering -- using a URL or keyword filter, perhaps -- is nowhere near enough to keep inappropriate, illegal, or otherwise unwanted content off the company network. Whether it's senior staffers at a national government agency looking at adult content at work or kids in a school, it doesn't matter. "You can go into a school district, which...has spent hundreds of thousands of dollars on very nice equipment..., and you can get an eighth-grader with a very simple piece of software who can circumvent that half-million dollar system in five minutes," he said. They do it using anonymous proxies, or maybe with encrypted links.
Companies that want to do it right have to add to basic URL and keyword filtering. Black Box technology, for example, does deep packet inspection and looks at HTTP and encrypted traffic as well, Schriver said..
Reports about the NSF situation say the agency took steps to implement appropriate technology. Though we don't know exactly what that technology is, I'm sure it includes at least the elements that Schriver described, if not a few more.
I hope so, anyway.