UTM / Firewall / VPN / Wireless
Content Filtering Service
SonicWALL Content Filtering Service (CFS) provides enterprise-class businesses
and educational institutions with greater control to transparently enforce
productivity and protection policies and block inappropriate, illegal and
dangerous Web content. Featuring a dynamic rating and caching architecture,
SonicWALL CFS blocks multiple categories of objectionable Web content, providing
the ideal combination of control and flexibility to ensure the highest levels of
productivity and protection. Data is forwarded directly to the ViewPoint™
reporting package, delivering a high level of network visibility through graphs,
charts and data search functionality. As an added benefit, SonicWALL content
filtering is configured and controlled from the appliance, eliminating the need
for a costly, dedicated filtering server.
SonicWALL CFS is deployed in a wide variety of large organizations, including
business enterprises, universities, libraries, and government agencies, as well
as distributed public Internet "hot spots". Ease-of-management, scalability and
superior performance make CFS an ideal solution for larger enterprises with
complex configuration requirements.
MITIGATING RISKS OF UNRESTRICTED ACCESS
SonicWALL CFS helps mitigate numerous risks associated with not restricting
employees, students, or other users from accessing Web sites that are
inappropriate or offensive: * There is a legal responsibility and obligation to
keep the workplace free from offensive material, and not taking steps to do so
could lead to costly lawsuits. * Unrestricted access drains productivity by
promoting wasteful Web surfing. * Bandwidth usage patterns can be seriously
affected when employees turn to bandwidth-hungry applications such as
file-sharing, and this could affect the productivity of business-related
applications. * Unrestricted access often leads to infection by viruses, spyware
and malware, since many of the sites that are contained in blocked categories
are common sources of malicious attacks.
FLEXIBILITY AND POLICY ENFORCEMENT
Administrators are free to create enterprise-wide policies that are specifically
designed to meet their own requirements and legislative mandates. The dynamic
rating architecture can be used to block up to 56 categories of objectionable or
inappropriate Web content, providing a high level of transparent control, ease
of administration, and granular policy enforcement. The local URL filtering
feature adds flexibility by letting administrators go beyond categories to block
or allow specific domains or hosts. Policies can be applied to individuals or
defined groups (e.g., students and faculty) and set to block
automatically-downloadable files or apply filtering by time-of-day.
CACHING AND PERFORMANCE
SonicWALL CFS is built around a Web site caching and rating architecture that
allows administrators to automatically block sites by category for easier
administration. The caching feature stores URL ratings locally on the SonicWALL
appliance, so response time is only a fraction of a second. In addition to
filtering offensive Web content, CFS helps enhance performance by filtering out
download sites for MP3s, streaming media, freeware and other files that consume
tremendous amounts of bandwidth and are often the source of spyware and other
malware.
COMPLIANCE AND REGULATIONS
A number of legislated regulations contain content filtering requirements that
can be met using SonicWALL CFS. For example, the Children's Internet Protection
Act (CIPA) requires all schools and libraries that receive eRate funding to
install content filtering. The flexibility of CFS, and the ability to set custom
policies for different groups or different times of day, makes it ideal for
educational settings. In addition, the reporting necessary to comply with these
mandates can be fulfilled by SonicWALL's Global Management System (GMS) and
ViewPoint™ reporting package. In addition to external regulation compliance, CFS
is an integral part of internal compliance programs designed to reduce the
liabilities that may incur when inappropriate content is allowed into the
network. When Web access is unrestricted, not only is the result
counter-productive, it can also result in costly lawsuits.
VISIBILITY (REPORTING)
SonicWALL ViewPoint™ reporting software along with SonicWALL CFS can allow
customers to run granular reports summarizing Web access details. Both real-time
and historical reports can be easily customized and delivered in a variety of
formats. In addition to comprehensive graphical reports, users also can take
advantage of "at-a-glance" reporting.
HOW IT WORKS
SonicWALL CFS is based on a rating architecture that relies on a dynamic
database to block objectionable or inappropriate Web sites. CFS cross-references
all Web sites as they are requested against a vast and highly accurate database
of URLs, IP addresses and domains. The SonicWALL appliance then receives a
rating in real time, and then compares that rating to the local policy setting.
The appliance will then either allow or deny the request, based on
locally-configured policy. SonicWALL CFS categorizes millions of URLs, IP
addresses and domains in a continuously updated, dynamically rated database. CFS
rates over four million URLs, with hundreds more added daily. Because the
ratings are determined both by artificial intelligence and human observation,
the database is highly accurate, and the instance of false positives is
minimized. The policy-based system allows the administrator to block all
pre-defined categories or any combination of categories, and to apply these
policies on a granular level. For example, if one group of users requires access
to sites typically found within one category, this level of access can be
granted, while still denying access to other users. Categories range from
offensive types of content such as "Violence," which would include anti-social
Web sites that advocate use of weapons or explosives, to sites that may not be
offensive but would otherwise cause a potential risk to the network in terms of
bandwidth usage, such as "Software downloads" or "Streaming Media/MP3".