Web Filtering for Hotels, Libraries, Schools

Service for Blocking Porn and Viruses

SiteSURV is Cyberpatrol’s Internet filtering service for small-to-medium organizations, like businesses.  Using a technology called SiteCAT, it filters web sites by inspecting (also known as crawling or spidering) their content and categorizing them according to their apparent purpose.  Categories include malware, pornography, drugs and so on.  User organizations can choose to filter selected categories.

I asked Cyberpatrol VP Chris Overton to discuss how SiteSURV stacks up for user organizations in terms of efficiency, effectiveness and resource requirements.  Chris said:

“Since SiteSURV is a completely in-the-cloud product, it takes up no system resources on the computers it’s protecting.  The only caveat to this is that customers with a dynamic external IP must run our Dynamic IP tool on a single computer behind their access point.

“As far as bandwidth, all the filtering decisions happen at our SiteSURV server, so we’re not using any more of the user’s bandwidth than they’d already be using to browse the web.

“The setup for SiteSURV is very simple, but our online configuration portal gives users the ability to tailor their protection to their needs.  Users that want a set-and-forget product can leave the default settings in place.  Users that want more control can adjust the filtering to their specific needs.

“Filtering the web is hard work because the web is so big and ever-changing.  Our SiteCAT technology holds many advantages over its competitors.  Notably, the categorization results from one user get applied to other users.  For example, if one user of our system tries to browse to a site that SiteCAT has never seen or analyzed, the SiteCAT crawler immediately starts analysis of that site.  The results support all users of our SiteCAT system.  This means that we’re able to find new sites somewhat faster than other systems that rely purely on spidering the web.”

–Ben Wright, advisor to Cyberpatrol

Facebook In-security

Warning for Business, Corporate and School Computer Networks

Is Facebook safe enough for access by office computers?  For many organizations, the answer is no.  The bad news about the popular social network grows with each passing week.  Facebook has been plagued with the Koobface worm (some call it a virus), which has through Facebook infected (or attempted to infect) work PCs.

Now Facebook faces the scrooge of the Dancing Girl.  The Dancing Girl exploit arrives as an e-mail appearing to be a typical notification from Facebook, saying someone has left you a Facebook message.  The rogue e-mail directs you, the victim, to click to see a video of a sexy dancing girl.  If the victim clicks, he is taken to a fake, Facebook lookalike page, which instructs the victim to download a software upgrade so that the video can be viewed.  But in truth the software to be downloaded is a group of damaging, malicious programs.

If an employer were to prevent (forbid) access to social network sites, then employees would not be tempted to fall for tricks like this.  To say it a different way:  failure to prohibit Facebook and Myspace can promote a lax computing environment in the office.

Local chapters of the Better Business Bureau (such as the Hawaii chapter and the Chicago & Northern Illinois chapter) have issued warnings about the transmission of malware and the propagation of other threats through social networks, especially Facebook.  Among other scams, bogus posts to a victim’s “wall” can link to dangerous external web pages, which might try to install malicious software through the victim’s web browser.

The Maryland General Assembly blocked its network users from access to social networks, especially Facebook.

Update:  Recent research compares the success rates for propagation of malware via e-mail and via social networks.  Hacker are ten times more successful on social networks sites.

–Ben Wright

At the SANS Institute, Mr. Wright teaches IT administrators how to stay out of jail.

Security Threat: Facebook and MySpace at Work

Koobface Virus Spreads among Office Workers

Employees (workers) visiting social networking sites are infecting workplace computers with viruses (or they are subjecting their computers to attempted infections).  Facebook and MySpace are known as breeding grounds for Koobface (technically classified as a “worm”).  Security is a reason for businesses, libraries and schools to block or limit access to social media web pages.

These are documented examples of Facebook being implicated in Koobface infections (or attempted infections) in the workplace or related to the workplace:

  • Richard Larmer, chief executive of RLM Public Relations in New York, had to replace his computer.
  • “[H]undreds of Boston journalists, ad execs and public relations professionals [such as Scott Farmelant of Mills and Co.] who use the popular social networking service have received a Facebook message that purports to link to compromising video of its recipient.”
  • A journalist at Washington City Paper haplessly clicked on a link purporting to be from a colleague at the paper, only to discover that the link caused an infection.

Koobface thrives in social networks because users think they can trust their friends.  The victim believes a trusted friend has left on her “Wall” a link to a video.  Her guard is down, so she clicks the link and then follows Koobface’s diabolical instructions to download a software update.  The worm infects the victim’s computer with malware that seeks to control the computer and steal personal information.

In addition to Facebook and Myspace, Koobface is reported to have infected other social networks, such as Bebo, Friendster, MyYearbook, Classmates.com and Blackplanet.  Experts predict more virus attacks through social web sites.

Although Koobface is not the first virus to spread through Facebook, it is the one that is reputed to have inflicted the most harm.

Update: Local chapters of the Better Business Bureau (BBB) are issuing warnings about the insecurity of Facebook and MySpace.

One strategy for employers is selective blocking, where only certain suspect sites are blocked, with a screen that reminds employees they are responsible for getting their work done.

–Ben Wright teaches computer security law at the SANS Institute.

Screening Twitter from Work or School

Employees Wasting Time with Micro-blogs?

Twitter is popular, and if it is not blocked or forbidden, it can depress workplace productivity.  Twitter is a free service that broadcasts text messages (also known as updates or tweets) of up to 140 characters in length.  Twitter can be addictive, as readers can enjoy the distraction of reading each little instant message as it comes in.

Twitter supports multiple media for sending and receiving.  Users can exchange tweets by way of web pages, electronic mail or mobile (cell) phones (text, IM or SMS).

Responsible use of Twitter can help employees perform their job. For example stock brokers might use Twitter to keep abreast of the latest financial gossip.

But many employers or teachers may have little tolerance for Twitter within their domains.  Although employees or students may need access to Internet-connected computers, Twitter can be a nuisance.  Administrators therefore might adopt a policy that bans Twitter, and take technical steps to block it.  Technical measures might include the deployment of software that blocks certain URLs (such as twitter.com, tweetie.com, facebook.com, myspace.com, which support Twitter or its widgets).

Further, an administrator might use Internet monitoring software to discover which time-wasting sites users are visiting – the latest access points for Twitter and other worthless chat.

An administrator who monitors computer usage is wise to warn users of that fact.

Update:  Popular services like Twitter inevitably attract the interest of hackers.  Some Twitter users contracted the StalkDaily virus.  For some employees there is no reason for them to be on Twitter at work.  Security is an additional reason to block the access of these employees to Twitter.

–Ben Wright Mr. Wright teaches data security and e-mail records law at the SANS Institute.