Network Blocking Websites

Before addressing the question “how does a network block sites on the web”, it may be useful to some people to consider the question “why does a network block sites on the web” as there are multiple reasons.

• A company network may restrict access to websites on the web to prevent staff engaging in non-work related online activities.
• A school network may restrict access to websites on the web to comply with state and federal laws relating to inappropriate Internet content.
• A WiFi network may block sites to stop users from accessing inappropriate material in sight of other customers, guests or visitors.

However, the most important reason why any network may prevent access to websites on the web is to protect the network – and the users who access it – from malware, ransomware and phishing. This reason alone justifies the configuration of a mechanism to block sites on the web, as the cost of recovering from a successful malware, ransomware or phishing attack can be massive.

In order to prevent access to certain websites on the web, businesses, school and other organizations running a WiFi network use a network website filter. This is typically a software-based or cloud-based “virtual appliance” through which all web traffic moves. As web traffic passes through the network website filter, its content is reviewed to ensure it is malware-free and adheres with user policies.

The security against malware, ransomware and phishing consists of multiple elements. These include blacklists of websites known to harbor malware, antivirus software, malicious URL detection software, and SUBRL filters that review the IP addresses of each website to ensure it is not a known source of spam emails – the same IP address often being used to run ransomware and phishing attacks.

User policies are set by a network administrator. They control what content should be permitted through the network website filter and what should be prevented by the filter. In a company environment, for instance, a system administrator may want their network to block sites relating to pornography and online shopping – subjects estimated to have the biggest negative impact on workplace productivity.

Because user policies will vary massively based on the nature of the network, the mechanisms for setting user policies have to be versatile. Typically they include category filters, keyword filters, and various other tools that control web access by time, by bandwidth or by IP address. A network website filter can also apply a variety of user policies to individual network users or groups of network users.

Category filters are the easiest measures to apply. There are fifty-three categories of website content (abortion, adult entertainment, alternative beliefs, alcohol, etc.) into which more than six billion web pages are categorized. In order for a network to block sites on the web in a certain category, network administrators just select on the name of the category via a web-based management platform.

Keyword filters block access to web pages including a specific word or phrase, and can be used to prevent users visiting certain sorts of online content without blocking access to a whole category of content. The other mechanisms for establishing user policies with a network website filter are fairly self-explanatory, and each can be applied to one or more user policies with a few clicks of a mouse.