• United States
by Steve Taylor and Joanie Wexler

Filtering URLs conserves bandwidth

Oct 30, 20033 mins

* Content filtering as a QoS tool

The enterprise network application mix is changing because of convergence and new data applications that have varying behaviors. So, at a minimum, it’s important to monitor your network to find out what’s running on it and whether it is performing well.

Nowadays, you might need to also define a network policy for applying quality of service (QoS) to certain traffic. The reason is that adding bandwidth isn’t always a sufficient solution.

A Gartner Group Research Note issued last month on WAN optimization states the situation well: “In TCP/IP networks, large file transfers will always swamp time-sensitive usage, such as voice and video, on the same path. Mission-critical networks can’t survive without some congestion control and application priority management for critical traffic.”

In addition to the two QoS features Gartner mentions, you might also find it beneficial to use a combination of content filtering, compression and caching at the network edge. This time, we offer a word about filtering.

Data point: Internet content filtering company N2H2 (now owned by Secure Computing) recently said it has identified 260 million Web pages classified in its filtering database as pornography. We’re guessing that most organizations could block access to these sites without handicapping any employees’ ability to do their jobs.

There are a number of ways to deploy such filters. SecureComputing/N2H2, as well as competitors such as Websense, SurfControl and Symantec, for example, offer URL-filtering applications that you run onsite that match your internal filtering policy against URLs stored in N2H2 and Websense database servers. You define keywords that, if found in a URL, identify that URL as a site you want to block.

In addition, you can run the N2H2 or Websense application capabilities directly in the Cisco IOS Firewall – a set of capabilities embedded in Cisco’s router software, as well as in Cisco’s PIX Firewall appliance or in the Cisco Content Engine appliance. Or, if using the Cisco IOS Firewall, you can manually program URLs, URL keywords and partial domain names to filter.

And you can get content-filtering appliances from companies such as Allot Communications. Allot offers the NetPure Content Filter, which matches Web traffic to the corporate network policy to permit access, warn or block traffic.

In addition to potentially eliminating worker distractions that lower their productivity, filtering conserves bandwidth, which provides an application performance benefit. In addition, it can limit legal liabilities. For example, some organizations block access to altogether, because they don’t want any exposure to potential music-copyright infringement liability.