Manage Learn to apply best practices and optimize your operations.

Is there a way to block iPhone widgets that bypass Web filters?

If students are using your Wi-Fi to reach unapproved websites, you have the ability to take greater control of your network. Michael Cobb reviews the important aspects of a Web usage policy.

Our school's Web-filtering product (McAfee Inc.'s SmartFilter) blocks Facebook, but students can access it by using a Facebook iPhone widget. Is there a way to block the widget use on our network other than blocking their use of our Wi-Fi?
Smartphones are fast becoming a must-have device, particularly amongst the younger generation. Their popularity has not only created a whole new category of applications and widgets, but also a new set of problems for the IT administrator trying to maintain a safe and secure network. You're certainly not alone in trying to control how smartphones are used on your network, but your situation is slightly different to most enterprises, in that you have a mainly student user base.

I'm assuming you're running a network at a university or school of some kind and are using McAfee Inc.'s SmartFilter to control outbound Web access and protect against Web-based threats. SmartFilter is certainly a comprehensive Web-filtering product for controlling, filtering and monitoring Internet use. It allows customized policies by user, group, IP and IP range. Filters can be set by time of day, day the of week, file type and URL, using block and allow lists.

If students use their own iPhone and iPod Touch devices, however, to bypass Web filters, it's impossible to mandate what they can and can't install on their devices or which sites they can and can't visit. I'm sure, though, that you will have an acceptable usage policy covering what is and isn't permissible when students access and use the campus network. In this policy, you can state that accessing Facebook from any device via the campus network is not allowed. I accept that it is harder to dictate such a policy when users have their own devices, but if they are using your Wi-Fi to reach the Facebook site, then you have a legitimate case for expecting compliance with your usage guidelines.

The reason students want to use the campus Wi-Fi to access Facebook is because it's so much faster than using AT&T's EDGE network and much cheaper. If you use SmartFilter's reports, you can not only identify and document any inappropriate Web activity to enforce your Web-usage policies, but you can also use SmartFilter to control Web access via Wi-Fi, as well as conventional desktop/Ethernet access. You should explain why you're taking this step, though, such as to preserve bandwidth for work-related activities and reduce legal liability. Students will, of course, still be able to access Facebook from their own iPhones using EDGE, but that's not your problem.

It's worth taking steps to instill an understanding of the security threats and effects that certain activities can have on bandwidth, because you will have to contend with the next big thing: Skype, which has quickly become the most popular download at Apple's iPhone software store. Interestingly, mobile carriers in the U.S., Canada and Germany, such as AT&T, Rogers and T-Mobile, have blocked Skype from their networks so that it can be run only over a local Wi-Fi connection. These organizations defend what they see as their right to determine how their networks are used. You must do the same.

This was last published in August 2009

Dig Deeper on Web application and API security best practices

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.