GRAND RAPIDS ? Our Security Ask the Expert Question in April came from a business owner who asked how he can stop employees from using the Internet for non appropriate sites. The answer came from Tim Whitmer, CISM, CISSP of Computer Associates.

Question: As a business owner, how can I stop employees from using the Internet for non appropriate sites? Will a fire wall do this, who can install this and what is the cost? I recently had an employee visit numerous porno sites. Also, how can I monitor employees? e-mails?

Answer: Businesses of all sizes should deploy firewall technology as part of their overall information security infrastructure. A firewall gives you the ability to mask your internal IP addresses (internal to your organization) from the outside world (a.k.a., the Internet) and (to a certain extent) prevents unwelcome barrages of e-mails or other threats overwhelming your internal e-mail system.

However, firewalls are generally not used to restrict access to particular sites. Using a firewall to address the problem of employees visiting inappropriate sites would require you to configure the firewall to shut down or restrict access to port 80 (HTTP) traffic. The problem with this approach is that nobody in the organization would have the ability to access the Internet for legitimate business purposes.

Since most organizations need Internet access, additional technology is typically deployed to provide filtering (blocking) of access to sites that are unproductive or don?t adhere to corporate policy for web usage. This is generally referred to as URL filtering. It is common that technology solutions used to address URL filtering also provide content filtering for e-mail, spam filtering and anti-virus protection as well. Using filters can ensure that e-mails containing specified information or wording can be blocked from coming into or going out of the organization. Many businesses also do this to address legal and/or regulatory requirements. Spam filters prevent the flood of undesired e-mail entering the organization. This has become increasingly important because malicious code (a.k.a.: ?malware?) is often attached to e-mail. Once these attachments are downloaded and opened, they can be very destructive.

These technologies can also be available to an organization through Managed Services Providers. These organizations provide external management of firewalls, URL filtering, spam filtering, etc., allowing the business owner to concentrate on his/her core business. Managed Services Providers act on your behalf to prevent unauthorized access to your network; and they can monitor activities consistently according to your organization?s policies, using a variety of technologies.

To see how Computer Associates International can help you in addressing these questions, or for additional information, CA.Com