Ask the Expert

What controls should be used to block social networking sites?

What controls can we implement as a company to address the risks associated with employees accessing Facebook and Twitter? Our default position is that this access is removed and will only be provided if a valid business case is presented. We have started getting some requests that do have valid business cases. Most employees only want the browsing capability, however, and don't need to post.

    Requires Free Membership to View

If your company has decided it must block social networking sites such as Facebook, Twitter and others, you may want to reevaluate the security risks, benefits and costs of this action. It is easy to get around these types of blocks; all an employee really needs is a smartphone beyond the controls of the corporate firewall. Also, because your restrictions may lead to a backlash from your users, security resources may be better utilized on other risks.

If you really need to implement these types of blocks, depending on your environment, you may want to go with a network-based device or one installed locally on your client computers. Make sure to have a clear policy supported by management so you can justify implementing the best technology for the job. Some devices will allow you to get as granular as allowing particular groups to perform specific actions, like visit approved sites during lunch hour.

There are several multifunction Web proxies or similar devices that will enable the necessary network controls. Some operate inline, through sending TCP resets, and others via client configurations. Many come with other features like antimalware. If you allow unmanaged computers on your network or allow users to install their own software, you will probably need a network-based control to make it more difficult to bypass. Some of these devices also block many of the ways around traditional Web-only proxies.

Client-side software may work in your environment and not increase the complexity of your network infrastructure, but it can be bypassed if you allow unmanaged clients or users with administrative access. This option also requires complete coverage for pushing software out where the install could be missing. If you have a small environment and tight control of the computers, you could even restrict social network access through configuration of the Web browsers, but this may be difficult to do correctly and efficiently.

This was first published in May 2010

There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: