But in practical application, there are a lot of things that push web traffic to you without your permission or any active participation. For example, while you’re visiting a local news site, you’re also receiving traffic from external sites like advertisers or third-party trackers. You could also be receiving “malvertisements,” where harmful code is spread via legitimate advertising networks.
Malicious links can reach you in ways that might convince you to click: in applications that aren’t necessarily filtered for malicious traffic, like instant messaging services, or in emails that manage to evade a spam or other types of filters. As such, web filtering can be a valuable layer of protection in a robust security architecture.
When and where to filter
There are certain places where web filtering will naturally be more appropriate. Areas of networks where you store data governed by the alphabet soup of data-privacy regulations are an obvious place to start. Any machines accessing financial, health care, or other private and sensitive data should be unable to access any more of the internet than is necessary for the employees to do their jobs. That may require blocking entire categories such as social media, video-streaming sites, or non-sanctioned cloud-storage services.
On computers that are used for academic research, it is possible that security personnel will need to create an environment that can be used without any sort of filtering, depending on the specific nature of the research. As an extreme example: If research teams are studying malicious files, spam, or online crime, they may need to have an environment that is entirely separate from the university network so that if something malicious were to affect their machines, it won’t spread to more sensitive areas of the network. In certain cases, it could even be advantageous for researchers to have machines set up completely outside the IP space of the university so that it’s less likely to tip off research subjects.
Is web filtering ever appropriate for higher ed?
In residential or classroom areas, you may wish to take a middle approach; specifically blocking known malicious sites or unsanctioned traffic such as peer-to-peer file sharing, rather than broad categories of websites. This protects students and staff from inadvertently (or intentionally) inflicting harm, without materially impacting their ability to explore.
Web filtering does not have to be draconian and can be implemented with some flexibility in mind. For example, you may choose to offer a “right of appeal” so that when staff or students encounter a block on a site that they think is important to their work, they can request access. Of course, this requires a certain amount of staffing to work smoothly.
It’s imperative for the whole educational ecosystem to maintain an environment of openness that is conducive to exploration, as this is what makes learning possible. Explorers of the physical world are wise to outfit themselves with an array of safety gear to lessen the impact of any missteps or accidents, accompanied by an educated understanding of how to avoid problems. Likewise, explorers of the digital world also benefit from an assortment of protective gear to accompany the knowledge of how to avoid trouble in the first place.