I'm assuming you're running a network at a university or school of some kind and are using McAfee Inc.'s SmartFilter to control outbound Web access and protect against Web-based threats. SmartFilter is certainly a comprehensive Web-filtering product for controlling, filtering and monitoring Internet use. It allows customized policies by user, group, IP and IP range. Filters can be set by time of day, day the of week, file type and URL, using block and allow lists.
If students use their own iPhone and iPod Touch devices, however, to bypass Web filters, it's impossible to mandate what they can and can't install on their devices or which sites they can and can't visit. I'm sure, though, that you will have an acceptable usage policy covering what is and isn't permissible when students access and use the campus network. In this policy, you can state that accessing Facebook from any device via the campus network is not allowed. I accept that it is harder to dictate such a policy when users have their own devices, but if they are using your Wi-Fi to reach the Facebook site, then you have a legitimate case for expecting compliance with your usage guidelines.
The reason students want to use the campus Wi-Fi to access Facebook is because it's so much faster than using AT&T's EDGE network and much cheaper. If you use SmartFilter's reports, you can not only identify and document any inappropriate Web activity to enforce your Web-usage policies, but you can also use SmartFilter to control Web access via Wi-Fi, as well as conventional desktop/Ethernet access. You should explain why you're taking this step, though, such as to preserve bandwidth for work-related activities and reduce legal liability. Students will, of course, still be able to access Facebook from their own iPhones using EDGE, but that's not your problem.
It's worth taking steps to instill an understanding of the security threats and effects that certain activities can have on bandwidth, because you will have to contend with the next big thing: Skype, which has quickly become the most popular download at Apple's iPhone software store. Interestingly, mobile carriers in the U.S., Canada and Germany, such as AT&T, Rogers and T-Mobile, have blocked Skype from their networks so that it can be run only over a local Wi-Fi connection. These organizations defend what they see as their right to determine how their networks are used. You must do the same.
Dig Deeper on Web application and API security best practices
Related Q&A from Michael Cobb
Pirated software is still a major concern nowadays. Uncover how to prevent software piracy and protect your organization's intellectual property. Continue Reading
Shellcode is a set of instructions that executes a command in software to take control of or exploit a compromised machine. Read up on the malware ... Continue Reading
The popular port scan is a hacking tool that enables attackers to gather information about how corporate networks operate. Learn how to detect and ... Continue Reading