Halls of learning are places for learning and exploration. They are also a treasure trove of sensitive and valuable information, making them prime targets for attack by cybercriminals. In an environment where people are rightly sensitive about surveillance or limitation, is it ever an appropriate choice to filter web traffic?

In a previous post, we discussed the delicate balancing act security practitioners must perform to protect the safety of our flock while respecting and maintaining privacy. It’s important to keep that same discussion in mind while contemplating the prospect of imposing any sort of limitation on exploration, especially web-filtering.

Why filter web surfing at all?
You’d be hard-pressed to find a modern email service that doesn’t currently have some sort of spam filtering. We’ve all collectively accepted this as the New Normal, and given the enormous proportion of email traffic that’s now unsolicited or malicious, few people would regard this as a problematic limitation.

It’s difficult to draw a direct comparison between email and web filtering, as the World Wide Web is a massive place, much of which is not indexed by search engines and is only accessible if you’re given its specific location (most often in the form of a URL). Whereas email is pushed directly to you, a website usually sits passively until something or someone pulls it down to your machine. Spam filters stop junk from being actively thrust upon you, while web filters limit you from downloading potentially harmful data.

But in practical application, there are a lot of things that push web traffic to you without your permission or any active participation. For example, while you’re visiting a local news site, you’re also receiving traffic from external sites like advertisers or third-party trackers. You could also be receiving “malvertisements,” where harmful code is spread via legitimate advertising networks.

Malicious links can reach you in ways that might convince you to click: in applications that aren’t necessarily filtered for malicious traffic, like instant messaging services, or in emails that manage to evade a spam or other types of filters. As such, web filtering can be a valuable layer of protection in a robust security architecture.

When and where to filter
There are certain places where web filtering will naturally be more appropriate. Areas of networks where you store data governed by the alphabet soup of data-privacy regulations are an obvious place to start. Any machines accessing financial, health care, or other private and sensitive data should be unable to access any more of the internet than is necessary for the employees to do their jobs. That may require blocking entire categories such as social media, video-streaming sites, or non-sanctioned cloud-storage services.

On computers that are used for academic research, it is possible that security personnel will need to create an environment that can be used without any sort of filtering, depending on the specific nature of the research. As an extreme example: If research teams are studying malicious files, spam, or online crime, they may need to have an environment that is entirely separate from the university network so that if something malicious were to affect their machines, it won’t spread to more sensitive areas of the network. In certain cases, it could even be advantageous for researchers to have machines set up completely outside the IP space of the university so that it’s less likely to tip off research subjects.

In residential or classroom areas, you may wish to take a middle approach; specifically blocking known malicious sites or unsanctioned traffic such as peer-to-peer file sharing, rather than broad categories of websites. This protects students and staff from inadvertently (or intentionally) inflicting harm, without materially impacting their ability to explore.

Web filtering does not have to be draconian and can be implemented with some flexibility in mind. For example, you may choose to offer a “right of appeal” so that when staff or students encounter a block on a site that they think is important to their work, they can request access. Of course, this requires a certain amount of staffing to work smoothly.

It’s imperative for the whole educational ecosystem to maintain an environment of openness that is conducive to exploration, as this is what makes learning possible. Explorers of the physical world are wise to outfit themselves with an array of safety gear to lessen the impact of any missteps or accidents, accompanied by an educated understanding of how to avoid problems. Likewise, explorers of the digital world also benefit from an assortment of protective gear to accompany the knowledge of how to avoid trouble in the first place.

About the Author:

As a security researcher for ESET, Lysa Myers focuses on providing practical analysis and advice of security trends and events. For nearly 20 years, she has worked both within antivirus research labs, finding and analyzing new malware, and within the third-party testing industry to evaluate the effectiveness of security products.


Add your opinion to the discussion.