nv-l
[Top] [All Lists]

Re: Use Netview/Optivity/DNS as WWW-Porno/Sex-Blocker

To: nv-l@lists.tivoli.com
Subject: Re: Use Netview/Optivity/DNS as WWW-Porno/Sex-Blocker
From: Holger Heimann <hh@IT-SEC.DE>
Date: Fri, 28 May 1999 15:24:05 +0200
Reply-to: Holger Heimann <hh@it-sec.de>
Sender: Discussion of IBM NetView and POLYCENTER Manager on NetView <NV-L@UCSBVM.UCSB.EDU>
>I would like to use our Netview V5.1/Optivity 8.1.1/BIND-DNS-AIX-machine
>for blocking users
>with big usage of Internet-Porno-pages automatically with a small program
>or script.

IMO this is not a very good approach. You want to reinvent the wheel in a
very, very complicated way (which reminds me on
intrusion-detection-systems).
I don't doubt it will work some day, but: KISS.

I suppose your company has a Firewall (if not, there are other problems for
you to solve).
In this case I would recommend to let the FW or a related Product like
WebSweeper or whatever fits for you do the job. Such programs maintain
databases with information about sites containing pornographic and whatever
content. Keyword sniffing may also be done by those programs, you have to
check this. If not, there are others, doing the job.
Remeber that the pattern-matching approach is often impractical at the end:
you will exclude registration sites that ask for "sex" not "gender", you
will kill connections to "breastcancer" discussions etc.

Usually you can even integrate above mentioned software into your management
environment and keep track on whats happening (via traps, syslogs ...).

Buying such a solution will probably be much more reliable, much more
up-to-date and eventually even cheaper than doing everything by hand and
afterwards frequently reenable your bosses business-critical-conections when
it has been killed due to a bug or a false positive.

If you have more than one controlled way to the internet, there is something
wrong and you definetily will have to review your complete network
configuration. Everything else, i guess, will lead you in wrong directions.

Regards,
Holger/hh@it-sec.de

<Prev in Thread] Current Thread [Next in Thread>

Archive operated by Skills 1st Ltd

See also: The NetView Web