I'm assuming you're running a network at a university or school of some kind and are using McAfee Inc.'s SmartFilter...
to control outbound Web access and protect against Web-based threats. SmartFilter is certainly a comprehensive Web-filtering product for controlling, filtering and monitoring Internet use. It allows customized policies by user, group, IP and IP range. Filters can be set by time of day, day the of week, file type and URL, using block and allow lists.
If students use their own iPhone and iPod Touch devices, however, to bypass Web filters, it's impossible to mandate what they can and can't install on their devices or which sites they can and can't visit. I'm sure, though, that you will have an acceptable usage policy covering what is and isn't permissible when students access and use the campus network. In this policy, you can state that accessing Facebook from any device via the campus network is not allowed. I accept that it is harder to dictate such a policy when users have their own devices, but if they are using your Wi-Fi to reach the Facebook site, then you have a legitimate case for expecting compliance with your usage guidelines.
The reason students want to use the campus Wi-Fi to access Facebook is because it's so much faster than using AT&T's EDGE network and much cheaper. If you use SmartFilter's reports, you can not only identify and document any inappropriate Web activity to enforce your Web-usage policies, but you can also use SmartFilter to control Web access via Wi-Fi, as well as conventional desktop/Ethernet access. You should explain why you're taking this step, though, such as to preserve bandwidth for work-related activities and reduce legal liability. Students will, of course, still be able to access Facebook from their own iPhones using EDGE, but that's not your problem.
It's worth taking steps to instill an understanding of the security threats and effects that certain activities can have on bandwidth, because you will have to contend with the next big thing: Skype, which has quickly become the most popular download at Apple's iPhone software store. Interestingly, mobile carriers in the U.S., Canada and Germany, such as AT&T, Rogers and T-Mobile, have blocked Skype from their networks so that it can be run only over a local Wi-Fi connection. These organizations defend what they see as their right to determine how their networks are used. You must do the same.
Dig Deeper on Web application and API security best practices
Related Q&A from Michael Cobb
A technique known as the GhostHook attack can get around PatchGuard, but Microsoft hasn't patched the flaw. Expert Michael Cobb explains why, as well...continue reading
Software developed by the hacking group Platinum takes advantage of Intel AMT to bypass the built-in Windows firewall. Expert Michael Cobb explains ...continue reading
Tensions between the U.S. and Russia have led to source code reviews on security products, but the process isn't new. Expert Michael Cobb explains ...continue reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.