Jim Black

Configuring an Acceptable Use Policy with Enterprise Threat Protector

Blog Post created by Jim Black Employee on Jan 11, 2018

Now that you have configured the security settings in your policy or policies, another useful feature in Enterprise Threat Protector you may want to try out is the capability to restrict the categories of web content that your users can or cannot access.

 

Just like the other product features, the Acceptable Use Policy (AUP) feature is really simple and can be set up in just a few minutes.

 

Before I cover the steps you need to perform to set up an AUP policy, let me briefly cover why you may want to restrict the types of web content your users can visit.

 

The first benefit is that by blocking objectionable or inappropriate web content, you are minimizing the potential risks to your organization. Ifusers can view any type of content they care to, it’s easy for users to end up accessing content they shouldn't be viewing. Let’s face it the web is a pretty lawless entity. I won’t spell out the specific content categories that present you and your organization with these risks, but blocking the obvious is wise.

 

The second benefit is user productivity. Allowing open access to any web content category can lead to users spending far to much time browsing the web when they should be focused on work.

 

A final benefit that many of our customers tell us about is reduction in lost bandwidth. By blocking specific bandwidth hungry content categories, companies suddenly get back lost bandwidth which, in turn, allows their business applications to run faster.

 

You may already have the ability to control access through a Secure Web Gateway (SWG) or an Enterprise Firewall. The AUP feature in Enterprise Threat Protector is not meant to be a replacement for those more sophisticated solutions. However,even if you have the capability already, blocking content at the DNS stage delivers additional benefits as it reduces the load on your SWG or Firewall.

 

So now let’s look at just how easy it is to configure an AUP policy.

 

Start by selecting  Configuration, then Policies, and select the policy you want to edit by clicking on the edit icon. Then click on the Acceptable Use Policy tab.

 

 

 

The first thing to note is that the default setting for all 16 content categories is Allow. However, Enterprise Threat Protector still logs all of the requests. It’s worth considering leaving the policy configured this way and running it for one or two weeks with live traffic. What this allows you to do is to baseline your current usage, which enables you to accurately determine which AUP categories you need to block. It should also  minimize the risk of overblocking.

 

You can view the top AUP categories by clicking on Monitoring then DNS then selecting Top AUP Category from one of the dashboards if it is not already displayed.

 

 

Once you have determined which AUP categories you want to block, then simply click on the category or categories you want to block as shown below.

 

 

Once you are happy with the AUP configuration, click on Save, then deploy your policy. Remember if you have more than one policy you will need to configure the AUP for each one.

 

ETP AUP Content Category Descriptions

You can get a description of the category on the AUP setup by hovering over the AUP category, but here’s a list of all the AUP categories for reference.

 

ETP AUP Category

Description

Social

Websites that facilitate the development or maintenance of personal or professional relationships across geographic and organizational boundaries.

Dating

Websites that promote or provide the opportunity for establishing romantic relationships.

Weapons

Websites that sell, manufacture, or describe the manufacture of weapons.

Adult

Websites that contain sexually explicit material that is not medical, scientific, or pornographic in nature.

Illegal

Websites that promote or allow users to practice illegal or unauthorized acts with computer programming.

Anonymizers

Websites that provide anonymous access to other websites through a PHP or CGI proxy, allowing users to gain access to content that is typically blocked.

Drugs

Websites that sell, supply, promote, or advocate the recreational or illegal use, cultivation, manufacture, or distribution of drugs, pharmaceuticals, intoxicating plants, chemicals, and related paraphernalia.

Games

Websites related to the development, promotion, review, and overall engagement of online, PC, and console video games.

Cyberbully

Websites that contain targeted, deliberate, slanderous, or offensive content with the intent to torment, threaten, humiliate, or defame an individual. Websites in this category advocate hostility, aggression, inequality, and the denigration of an individual or group based on race, religion, gender, nationality, ethnic origin, or other involuntary characteristics.

Pornography

Websites that contain sexually explicit material meant to incite sexual excitement or interest.

Suicide

Websites that advocate, normalize, or glamorize the repetitive and deliberate ways to inflict harm to oneself. Sites in this category may encourage or glorify suicide.

Sports

Sports: Websites that analyze, promote, or provide information about competitive sports or sports fans.

Gambling

 

Websites that allow users to gamble or place bets.  Sites in this category may also teach, train, or allow users to predict race winners, view lottery numbers, register or view gambling tournaments, and more.

Privacy

Websites that host online advertising to attract web traffic, deliver marketing messages, or record email addresses.

Alcohol

Websites that promote the consumption of alcohol.

Tobacco

Websites that promote the use of tobacco and tobacco-related products.

 

 

Understanding AUP Events

So now you have your AUP policy configured and deployed. When users attempt to access a domain that’s in a blocked category,they will get a customizable block page. You can customize the block page by clicking on Configuration, then Utilities, and then the Error Pages tab.

 

It’s likely that you will want to check on how many access attempts are being blocked in each AUP category. In my experience, in the early days you will see a lot of attempts to access blocked content, but as users start to know that they will be blocked you should expect the access attempts decrease.

 

To view the AUP events, click on Monitoring and the AUP Events By Criteria dashboard is displayed.

 

 

As with the Threat Events dashboard, you can customize the view and drill down to obtain more information. For example, to see what Social domains users are attempting to access, click on Social on the graph or the legend. This opens up all of the AUP events for the Social category as shown below.

 

 

You can drill down further or export the events to a CSV file for further analysis.

 

So that’s just how simple it is to create an Acceptable Use Policy in Enterprise Threat Protector.

Outcomes