There may be plenty of choice for SMBs looking for a low-cost web-content filtering solution, but in most cases what you gain in value you lose in features. This is seen most often in the number and variety of web content categories provided, as these can be cut back due to a reduced database being used.
Websense aims to change all that by taking a number of key features from its well-established Enterprise software and using it as the foundation for its latest Websense Express (WSX). Essentially, you get the same category database for both products, which currently comprises some 24 million websites organised into more than 90 categories. With most of the SMB filtering solutions we’ve reviewed, you’re lucky to get more than 40 categories. There’s much more to WSX, since its category database also protects against websites harbouring malicious content, plus it includes extensive protocol-filtering capabilities.
Whereas Enterprise is designed to be distributed across multiple systems, WSX sits on a single server. For testing, we installed WSX on a Supermicro dual 3GHz Xeon 5160 server running Windows Server 2003 R2. Your chosen donor system will require two NICs, one that acts as a sniffer to monitor all net traffic, and another that provides blocking and notification functions. The blocking NIC uses packet spoofing to stop a client system from accessing a website or application that’s been blocked.
To access all internet traffic, we configured our HP ProCurve Gigabit switch to mirror the data from its WAN connections to the WSX server’s monitoring port. Installation has been streamlined and we had WSX running inside 30 minutes. All you need to do is decide which roles the NICs will play and provide a Windows domain account, after which the routine loads an Apache server, MSDE and the WSX software. To ensure the Websense blocking port can see all your LAN systems, Websense provides a handy monitoring tool that lists all systems on the selected subnet.
The management console is well designed, and its homepage provides plenty of information on web activity, along with a handy traffic light for the server status. As with Websense Enterprise, you need to license WSX first, after which you can download the master database.
WSX uses policies that each contain content and application-filtering categories, plus approved website lists. This makes it highly versatile, since you can create a range of policies containing different web category and application controls. Furthermore, any changes to a category will be propagated immediately across all policies that include it. Support for Windows directory services means policies can be applied to selected users, groups and domains, but WSX also works happily in sites without these facilities, as you can apply policies to selected system IP addresses or network address ranges.
WSX fires up with a default policy that stops all systems on the LAN from running IM apps and protects them against malicious websites. With this now running in the background, your first task is to create content categories where you select an entry in the tree and block or allow it. A continue option allows users to access the category for a limited time, and you can apply URL keyword-matching and file-extension blocks as well. Lists of approved websites can be applied and on their own provide a very strict filtering policy that blocks access to anything not in the guest list. We found protocol filters just as easy to create, where you select an app or category and decide whether to allow, block or log its use. We could easily stop our test systems logging on to their Windows Messenger accounts and block them from accessing services such as FTP.
Disclaimer: Some pages on this site may include an affiliate link. This does not effect our editorial in any way.
