Problems with Internet filters on college networks

Internet filters have being around for a while now, and they can form a vital part of the network security infrastructure. Typically they are used for

  • Blocking access to inappropriate or non-work related sites, sometimes called a blacklist
  • Preventing applications like Bittorrent from operating
  • Blocking malware and viruses from entering and leaving the network

However, many of the filtering systems used by small- to medium-sized organizations are not so good when it comes to managing sites that consume lots of bandwidth. Last week I worked with a school in the northeast who were having intermittent problems with their Internet connection. At regular intervals it would slow down causing problems for teachers, students and administrative staff.

While the Internet filtering system was doing its job and blocking sites on the blacklist, it was not providing visibility as to how bandwidth was being consumed. A lot of Internet filtering systems are like this: good at blocking but poor at reporting. The IT administrator downloaded a network traffic analysis system and we started to look at what was happening on the Internet connection. 

Almost immediately we saw large amounts of video streaming traffic, an easy solution would have being to block access to these sites, but this was not straightforward. Teachers are now using a lot more online resources and this includes video streaming services and social networking sites. Students also want to access this material, but it will eat bandwidth if they are given unfiltered access. Too much filtering can also be bad as it can frustrate people, and the tech savvy will look for ways around them through online anonymizer sites and proxy servers. Filtering systems should also be checked regularly to make sure that the content filtering is working correctly.

The solution chosen by this school was to focus in on the top consumers of bandwidth in order to block specific computers from accessing high bandwidth sites. A dashboard was configured to show the current top consumers of bandwidth, and students and staff were contacted if they breached the fair use policy. Sometimes it came down to staff viewing class material in high definition when standard definition would have being sufficient. Students accessing lots of social networking sites were notified, and access to these sites was blocked from some systems located in public areas. Initially the IT administrators modified the host files on these systems so that some websites would not resolve correctly through DNS.

So far this approach has worked well. Their Internet filter blocks access to the inappropriate and malicious content and, by monitoring what bandwidth is being consumed, students and staff can enjoy an open learning environment with a minimum level of Internet filtering.

Networks that are too open are a nightmare to manage. Lots of issues with bandwidth usage, illegal downloads and malware. I am not a fan of too much filtering and control either.  I recently got back from a trip to the Middle East and Internet filters at some locations there prevented me from reading about the financial issues in Europe.  This big-brother approach was very frustrating for someone like me who is used to fairly open access to the Internet. The balance in my opinion is to block the really bad stuff and keep an eye on the top users of bandwidth and sites associated with things like social networking and video steaming.


Darragh Delaney is head of technical services at NetFort Technologies.  As Director of Technical Services and Customer Support, he interacts on a daily basis with NetFort customers and is responsible for the delivery of a high quality technical and customer support service. Follow Darragh on Twitter @darraghdelaney

Copyright © 2011 IDG Communications, Inc.

7 inconvenient truths about the hybrid work trend
Shop Tech Products at Amazon