DrayTek's Web Content Filtering (WCF) facilities enable you to protect your network and your users from web content according to your preferences.That includes staff within a company, or children within your home or other educational/community environment. There are many risks online but the four main reasons are:
Reason to Block
Adult material for children
Time wasting sites for employees
Malware or virus-ridden web sites
Confidiential data leaving your network
As DrayTek WCF is performed by your router - your point of entry to the Internet - it is far more difficult to circumvent than software solutions installed on each client/PC and applies to guest PCs too (laptops, tablets etc.). Blocking/filtering can be selective for certain computers or users so that, for example, managers or parents can have less filtering imposed than other users and time schedules can apply these content filtering for specific time periods only. For example, in your home, you might block YouTube and Facebook during homework time, but allow it at other times of day.
Internet Control in the Home
Whilst the Internet can be hugely beneficial to any home, both for adults and children, there is also the opportunity for it to become distractive, over-consuming as well as risky. For children, a common use of control control is to block inappropriate content, such as web sites with sexual, violent or other adult-oriented content. That's the inappropriate content, but even age-appropriate content can be undesirable. Facebook might be great for your teens, and CBeebies for your younger children, but not if they are supposed to be doing something else. Many parents want to control access to the Internet, for example allowing access to acceptable web sites for specified times of day only. For your adult users in the home, you may want to block access to sites which have a high probability of being infected with malware. You may also wish to block your own computers from sending emails in case of trojan/zombie infection. There are infinite combinations of content filtering and firewalling you might want to impose in your home.
Staff Internet Abuse - A real cost to your business
The Internet provides your business with an effective, useful and often essential facility. Your staff can use it to find quick answers, liaise with customers, send and receive emails and many other productive tasks. Unfortunately, the Internet also provides the opportunity for mis-use. DrayTek products can help you restrict, control and monitor staff Internet usage.
Staff using your Internet facility for time-wasteful activities are costing you. Even more importantly these activities can put your businesses computers and network at risk. A recent survey of 10,000 employees indicated that 44% admitted to spending time on the Internet for personal use, for up to 2.1 hours per day.
Most staff are responsible and prudent with their Internet use and we always recommend a suitable AUP (Acceptable Use Policy) to be in place so that staff or any users of your systems know what they are and aren't permitted to use the computers for. This AUP can be re-inforced by DrayTek routers which can block specific content (either at certain times only or all times) and also block potentially harmful file/code types from being installed by rogue web sites. There are some staff who will make severe abuse of the Internet facilities - spending literally hours on personal matters or social networking sites.
Top 5 Personal Internet Uses for Employees
Personal Email: Hotmail, Gmail, Yahoo etc.
Intant Messaging: MSN, AOL, Yahoo etc.
Social Networking: Facebook, MySpace etc.
Buying: Using Amazon, Ebay etc.
Multimedia : YouTube, iPlayer etc.
It's easy to let a 'quick visit' become a prolonged stay without realising and losing track of time. All of the above activities can be immensely time consuming and addictive. What doesn't quite make the list but could be even more serious in its consequences is adult or illegal material being accessed in the workplace, as well as the higher likelyhood tht such sites are infected with malware which will then get onto your business network. There is also the potential to 'innocently' download software and install it on local PCs, unwittingly introducing spyware or trojans onto your network.
Introducing DrayTek Web Content Filtering
DrayTek Web Filtering allows you to block web content in three main ways:
By matching keyword / specific sites
By web site category
By digital content type
IP Filtering (Actually part of the firewall, along with many other security features.)
Features 1,3 and 4 above are included with the router. Feature 2 is included but requires a modest annual subscription to the external server which keeps a real-time contstantly updated database of web sites. More details of that (Globalview) follow later.
1. Keyword Matching
In Keyword Matching you can specify a list of either banned (blacklist)) or permitted sites (whitelist). The DrayTek method is 'object' oriented, which means that you create lists of keywords or sites, can then group them and then apply them into specific user groups or time periods
Using a blacklist, all sites would be accessible by your users except those that match the keywords you specify. This would be useful, for example where there are specific sites known to be causing distuption or timewasting in your organsiation such as social networking or webmail. The example below would allow access to all sites except the ones listed:
A whitelist, on the other hand, is much more restrictive on what your users can access as it blocks all web sites by default and then only allows access to web sites which match your keywords. This is useful when you really want to lock down your Internet access to only allow very specific web site access. The example below would block access to all web sites except those listed:
The URL blacklist and whitelist feature is included as standard on all supported DrayTek routers.
2. Web Site Category (DrayTek GlobalView)
DrayTek's GlobalView is built into most of our routers and allows you to select specific categories of web site which your router will allow access to. For example, an office may wish to block access to social networking or other company time-wasting sites or a home user might want to block adult sites from their children. In public Internet access facilities, you might want to block various unsuitable categories.
GlobalView covers 64 separate categories which you can select as blocked or permitted. Every time one of your users attempts to access a site, the router's automatically queries the central GlobalView server to ascertain its classification. This takes only milliseconds. If a site is blocked by GlobalView, according to the categories you have selected, instead of the requested web page, a warning message is displayed to the user (you can customise the message).
The GlobalView central database is continuously updated with new sites and changes to sites but also records normally legitimate sites which have become compromised or contain malware (a unique feature to GlobalView). Access to the GlobalView server requires an annual subscription. A free 30-day trial is included with all new routers so that you can try the feature out before subscribing. Scroll down the box below to see the 64 different categories which can be blocked by GlobalView, either permanently or at certain times of day/week according to your chosen schedule and for the PCs you choose.
GlobalView Categories :
Globalview requires a subscription to the Globalview server. This is a 12-month subscription available from your dealer by way of an activation key (code). There is no additional licencing for the number of users you have on your LAN; it is a flat fee based on your router model:
Vigor 2830, 2920, 3200, PBX2820
Vigor 2110, 2130, 2710, 2760
Vigor 2925, 300B, 2960, 3900
An activation key can be used for a single router unit (it cannot be re-used on additional devices or transferred to another person or product) and provides 12 months of service. You must renew your subscription in order to have continued service of Globalview.
Globalview uses a unique method of categorisation to ensure the most accurate, relevant and up to date database of web sites. In particular compared to other services, these are some important advantages of Globalview:
Globalview is built into the hardware. There are software solutions for category blocking or parental control but they have to be installed on each PC, maintained on each PC and someone with the right skills (a skilled employeee or smart child!) can often find a way to bypass or disable the software. DrayTek's Globalview operates at your Internet point of entry so examines all web site URLs requested and cannot be turned off without administrative rights to the router.
Globalview is at your border. As above, because Globalview operates at your Internet border, all traffic to the Internet from devices on your LAN must go through it. In the ever-increasingly connected digital home, that means that all devices using your router are subject to Globalview, including tablets (iPads etc.), smart-phones, smart-TVs, laptops and set-top boxes.
GlobalView is a commercial/professional Service . Unlike some other services, GlobalView does not rely on volunteers to submit suggestions for sites to include or rely on voluneers to categorise each site submitted (and multiple users to then concur which the category proposal). Relying on community-driven categorisation can lead to inaccuracies, delays, mischief and an incomplete database which omits many sites, particularly those which are more obscure or unknown (which are also more likely to be undesirable). The Globalview WCF service has been available for many years, and continuously evolves to improve performance and accuracy.
GlobalView is not a Domain Resolution Service, therefore it is not possible to bypass it merely by changing the DNS settings on your PC, or by browsing by IP address instead of URL. Globalview intercepts and examines all web requests for their specific destination rather than just intercepting DNS requests and rejecting those which it believes should be blocked.
Categorisation uses an automated mechanism.
GlobalView URL filtering is based on a hugely scalable cloud-based architecture that uses the extensive cloud computing resources available for categorization. GlobalView URLF uses a dynamically built, relevant local database with real-time connectivity to a hugely scalable cloud-based repository. GlobalView URLF therefore provides more complete, relevant categorization of the Internet. GlobalView's main benefit is the highly intelligent and accurate categorisation algorithms which are used to build its database.
Zero-Hour Protection The Internet is a living, continuously growing and evolving system. As GlobalView operates in real-time, it can categorise a site from the moment it becomes available from the first time it is requested, and re-categorise it if it changes at a later date without community-driver or user intervention. Users do not have to manually submit sites for categorisation.
Categorise IP Addresses Some other content filtering services can be bypassed simply by the user browsing to an IP address so that the URL is never considered/checked. Globalview will categorise sites based on their IP address if a user tries to access via that method. i.e. Both www.facebook.com and 220.127.116.11 would be blocked by GlobalView if you have prohibited social networking. This is also particularly useful in combatting Phishing emails which commonly use IP addresses instead of URLs. The DrayTek router can, in addition, block browsing by IP address altogether.
Multiple Categories Per Site Globalview can identify a single web site or page as falling into several catgegories, for example a site might provide both 'dating' and 'adult' content so if you choose to block either of those, Globalview will correctly identify it as both.
Site granularity Whereas other services considers only the top level domain (TLD) i.e. the URL up until the first �/�, Globalview will parse/consider the whole URL. This is particularly a problem for Web 2.0 sites such as blog sites (members.tripod.com/sitename) where one user's blog might be for kids and other user's contain adult-suited material. Another example is commercial sites which contain different materials types. For example, Globalview will distinguish between "sportsillustrated.cnn.com" (Sports pages) and "sportsillustrated.cnn.com/swimsuit/" (Swimwear models/nudity).
Embedded Links are examined. Another common methods that users might use to bypass web controls is using parsing or translation web sites. For example, if you try to visit "http://translate.google.com/translate?tl=it&u=http%3A%2F%2Fwww.swimwearplace.com%2F" then GlobalView will correctly identify that you have asked Google to display 'www.swimwear.com' and block it if that is a category you have prohibited, whereas other services will just see 'Google'' and permit access based on the categorisation of Google (search engine).
3. Digital Content Type
DrayTek's Content filtering allows you to specify particular data types or web content to be blocked by the router. The vigor is pre-set with many different content types or protocols. You can select any or all of them for blocking. There are infinite combinations but some examples of commonly blocked content are:
Block download of executable (EXE) or compressed (ZIP) files to reduce the chance or virus infection or installation of untested software.
Block Peer-to-Peer (P2P) software such as BitTorrent, to avoid users using vast amounts of your bandwidth or engaging in media piracy.
Block HTTP/FTP upload or webmail to prevent theft/espionage of your company data
At Home, block Instant Messaging protocols to prevent your children from unsupervised chat with strangers.
Block SMTP from all devices other than your mail server to stop Trojan Zombies
For detailed list on the protocols and content type which can be blocked, Click Here.
4. IP Filtering
This is a more technically complex method. All data sent across the Internet is sent as a 'data packet' between devices (for example between your PC and a web site) Each device has its own IP address (such as '18.104.22.168'). In addition, each data packet can be one of several data types (TCP, UDP, ICMP etc.) and may also have additional information such as TCP port numbers. Don't worry if this all sounds a bit complicated; the useful factor here is that these packets can be distinguished and therefore rules can be set up on the router to block or pass packets which match parameters you choose.
Examples of useful IP filters might be to block incoming mail from all but known mail servers, or to allow access to your internal web server from all addresses except known remote locations. IP Filters can be nested so that a chain of filters can all be tied together and data passed only if one of, or all of the rule criteria are met. As we said, it's a technically complex feature but immensely powerful.
Note : Although we include IP filtering here, most users actually consider that to be part of the main firewall features as it's not filtering 'by content' as such. All DrayTek routers include a comprehensive firewall, heping protect your network, computers and users from IP-related attacks.
Most DrayTek routers support Web Content Filtering; check out our specific product line to select a suitable product or speak to your DrayTek authorised dealer today!