Problem solve Get help with specific problems with your technologies, process and projects.

How to improve Web access controls

Wish your enterprise provided more granular Web access to specific users? Learn how to do so by augmenting proxy servers or firewall with a Web filtering appliance, in this identity management and access control Ask the Expert Q&A.

I need to control user access to different Web sites. For example, permit user1 to access www.yahoo.com after providing a username and password, but deny access for user2 (or require an admin password). In other words, I need software that stores different users' profiles and what they can and cannot access. What proxy server or firewall would give me such facility?
To provide granular access to specific Internet sites for specific users, you need to augment your existing proxy server, or firewall, with a Web filtering appliance. While you can tune proxies and firewalls to block certain kinds of traffic and Web sites, they don't work as well for individual user profiles.

Web filtering products, such as Websense, Blue Coat and 8e6, operate as appliances meshed into your firewall system, but unlike firewalls, they are deployed to block specific content. You can tailor Web filters to your company's particular policies for employee Internet use. They can use white and black lists to control what users can and cannot access.

The obvious targets, like pornography and gambling sites, would most likely be on most companies' hit list for the deployment of Web filtering proxies. However, if your company has a policy against employees accessing personal email accounts on company time, these products can do the job.

Again, unlike firewall rules, which are based on traffic, these products can be adjusted to allow selective access to individual employees or groups of employees that may need special access for business reasons. Websense, for example, has a User Service software component that calls your directory service, whether Active Directory (AD) or LDAP, to filter users based on any size and type of organizational unit from domains down to individual users. Blue Coat and 8e6 both offer similar user authentication schemes in their products that work with AD and LDAP, as well.

Although these filtering products don't store profiles, they do work with the profiles in your existing authentication systems to allow or block individual and group access. That's why it's important to check how these products work with your directory services, before purchasing one.

For More Information

  • Visit our resource center and learn how to improve your enterprise Web access controls.
  • .
    This was last published in June 2006

    Dig Deeper on Web authentication and access control

    Have a question for an expert?

    Please add a title for your question

    Get answers from a TechTarget expert on whatever's puzzling you.

    You will be able to add details on the next page.

    Start the conversation

    Send me notifications when other members comment.

    Please create a username to comment.