Content Filtering

From the WELSTech archive - 208 - What Will Google Change Next? includes and interview with Greg Boggs & Joshua Johnson on content filtering

Capturing information from the March 2009 WELSTech listserve discussion:

Joshua S., Director of Technology, Kettle Moraine Lutheran High School -

I've never used Barracuda products, but have heard good things about them. We use Lightspeed Systems Total Traffic Control which does content filtering and virus protection and a number of other things. I've been pleased with it so far. If you are looking for just basic content filtering, the free service from OpenDNS is very good. I use it on top of my Lightspeed box and have recommended it to a couple of grade schools looking for an inexpensive solution. I am also looking into the open source product Untangle (actually a collection of open source products) for possible use at my children's grade school.

Ben P. -

I know an LES in the Madison area is using a Barracuda web filter, but I moved right after they installed it so I don't have much feedback other than

that it seemed to work well in the first few weeks. Maybe someone from there who is reading can chime in. I remember thinking the Barracuda products were pretty expensive up front, but never got to do a TCO comparison over 3 or 5 years after you throw in the cost of subscriptions.

I've also really liked SonicWall's products. It's also a gateway with other features rather than just a web filtering appliance. Their new TZ210 series

looks to be a really solid product.

Similar to the SonicWalls, Fortinet's Fortigate product is also very good. Before SonicWall launched their TZ210 appliance, Fortinet would come in

cheaper with better performance. Now I think SonicWall's TZ210 makes them very competitive. Unfortunately, it's hard to find a partner who handles both products in order to get a good TCO comparison.

Linksys by Cisco is supposed to have some new gateways that partner with Trend and/or WebSense for Antivirus/Spyware/Web filtering. Even though I'm a Cisco engineer, I'd say stay away from these for the time being.

If anyone else has suggestions for software-based products that are FOSS and how they perform in a typical LES setting I'd love to hear them. This stuff gets expensive quickly and stays that way due to the necessary subscriptions.

Karl H., St. Mark, Green Bay, WI -

At. St. Mark, we use OpenDNS and Comsifter. We picked that because it works so nicely with our domain. I went to a teachers' conference where squid + dan's guardian were suggested, but then you need a computer to run them on.With comsifter, I would recommend the CS 1 if you don't use a windows SERVER, CS 8 if you do.

Bob J., Star of Bethlehem Lutheran School, New Berlin, WI -

At Star of Bethlehem, we are using OpenDNS (http://www.opendns.com/)

There are free and paid options. Some quick thoughts: Cons: I imagine it can be bypassed using a proxy. Pro: You have a wide choice of content to be filtered. We block Facebook and MySpace as part of our configuration along with other content such a pornographic and hate sites. Open DNS is also blocks the conflicker worm:

http://blog.opendns.com/2009/02/09/stats-are-back-and-conficker/

Check it out and see if it meets your needs.

Mike P., St. Paul's Lutheran School, New Ulm, MN -

No experience with Barracuda. We use SmoothWall 2.0 <www.smoothwall.org> with the Dansguardian modification (on the fly content filter), URLBlacklist <urlblacklist.com> for our blacklists as well as a Clam AV modification for Virus scanning. We've been happy with this set up for our situation and have been using it for almost 5 years now. Yes, this does need to be run on a separate computer, but it is Open Source, allows me to add in any hack or mod I want and does everything we want it to do for the free price (you do pay for the blacklist if you choose to use it).

A positive word about Dansguardian content filter-- We love how Dansguardian not only incorporates a blacklist but will also scan every word on a web page, assign a positive or negative number to each word and, based on how I set the "naughtiness" limit, will block pages that aren't in any black list. For example, I have our "naughtiness" level set at a limit of 50 pts. for websites - could be higher for high school students allowing more access. Since we don't want any flash gaming websites to be used here, I set the word <flash> at +50 points and <game> at +50 points. This ensures that <coffeebreakarcade.com>, for example, won't be allowed through our filter even though it might not be in any blacklist since it returns at least 100 points.

A couple of years ago we had to add <proxy> at +100 since kids had discovered that proxy sites are a wonderful way to bypass content filtering. This shut access to those sites down completely.

With Smoothwall, we have an option to add sites to whitelists that teachers request - usually edutainment flash games sites - and a password based bypass option if a teacher needs to access a site.

Joshua S., Director of Technology, Kettle Moraine Lutheran High School -

Please be careful that you are following the licensing agreement for free products. AVG clearly states that their free product is for private, home use only. This is a quote from their site:

Licensing details

AVG Anti-Virus Free Edition is for private, non-commercial, single computer use only. The use of AVG Free within any organization or for

commercial purposes is prohibited. http://free.avg.com/download-avg-anti-virus-free-edition

At my children's grade school, we had been using F-Prot from Frisk software, which at educational pricing was about $3.50/computer per

year. Just this last month we have switched to the free product Comodo Antivirus. They advertise that it is free for home and business use:

No license fee - complete protection at no cost for business and home users http://www.personalfirewall.comodo.com/firewall.html

Comodo is for Windows XP only.

Karl H., St. Mark, Green Bay, WI -

OpenDNS https://www.opendns.com/start/ is indeed free, to businesses, or individuals, or schools, etc.I would encourage everyone to use it as well. The only downside I noticed to it is that they steal the search from address bar feature from most browsers (not chrome) and the search is not nearly as good as Google. Otherwise, it is only positive.

Jason P., Network Admin, Holy Trinity Wyoming, MI -

We currently use OpenDNS which does a good job of filtering, but I will let you know that you may have to add some domains to the blocked list as some game sites have not been blocked. It does block the Facebook and MySpace sites. I have been pleased with it.