Web Filter installed 360 miles north of Arctic Circle
CensorNet Secure Web Gateway (SWG) has built-in Cloud Application Control capability and the power to extend web access policies to Bring-Your-Own-Device (BYOD) initiatives.
Web access for employees is business critical and cannot be avoided. However, IT departments also face the challenge of how to accommodate trends like the rise of cloud applications and BYOD initiatives without compromising network security and bandwidth. CensorNet SWG provides organisations with enterprise-class web access control, filtering and reporting whilst safely enabling the adoption of cloud applications.
The demand for cloud applications is unprecedented and the binary ‘allow’ or ‘block’ approach of traditional web security proxies either restricts cloud adoption or opens the flood gates to potential data breaches or misuse; in both cases having a negative impact.
CensorNet SWG allows organisations to embrace the cloud application revolution by implementing discovery, analysis and control functionality across all devices used on the corporate network.
In addition, the solution provides a wide range of web access control functionality such as real-time anti-malware scanning, URL reputation analysis of billions of web pages, real-time image content scanning and a robust and sophisticated policy and reporting engine.
Security – Provides robust web security and cloud application control capabilities including malware and web-borne threat protection and URL reputation and image scanning technology.
Management – Allows flexible policy engine, time and quota setting by user, groups or device groups and includes user authentication, cloud application discovery and allows policies to be applied to individual users, user groups or device groups.
Reporting – Offers real-time reporting including visibility of productivity and compliance by user, domain and actions, cloud application analysis, top trends and bandwidth as well as a customised report builder.
Deployment – The software can be deployed on a virtual server or physical server in less than 30 minutes and it is optimised for the most demanding networks.
Increase network security – Prevents accidental or intentional access to malware, inappropriate and illegal web-based content.
Shine the light on Shadow IT – Discovers what cloud applications are in use even if they have not been authorised (beta).
Safe cloud application adoption – Embraces cloud applications safe in the knowledge that activity within them is visible and can be audited (beta).
Enable BYOD – Allows employees to use their own devices and extends their web access policy to those devices for a consistent web-browsing experience.
Increase productivity – Embraces cloud applications, BYOD initiatives and limits access to time wasting websites during working hours.
Improve bandwidth availability – Blocks or restricts access to bandwidth intensive downloads or applications.
Achieve compliance – Helps compliance with BECTA , CIPA and other regulatory compliance related to web activity.
Rapid return on investment – Prevents malware outbreak and associated down-time and costs and delivers instant return on investment.
Low total cost of ownership – A simple licensing model based on actual usage, easy deployment and no hardware or 3rd party software licensing requirements.
Reduce legal risk exposure – Blocks known illegal content, inappropriate images and web content and creates an audit trail of activity for every user on the network should evidence be required.
Deployment & Network Diagram
The following diagram illustrates a typical network deployment for the CensorNet Professional proxy.
There are a number of ways the proxy server can be deployed to devices on the network:
- The proxy server address is configured in the web browser proxy settings explicitly, either manually or via Group Policy. This is best practice for domain based devices.
- The proxy server address is configured in the web browser via Web Proxy Auto-Detection (WPAD) over DHCP or DNS. This is best practice for devices which roam in and out of the network and you do not want the proxy settings to stay present when off-site. It is also useful if you wish to chain multiple proxy servers for simple fail over.
- The proxy server address is configured (usually via DHCP) as the default gateway for the device joining the network, which forces transparent proxying. This is best practice for BYOD. Authentication can be achieved via the Captive Portal.
- A combination of all the above is also possible, the methods aren’t mutually exclusive.
Out of the box, the proxy server is configured with a default policy and lightweight SSL filtering therefore it is possible to “install and go” however most customers will want to fine tune the policies and filter rules. The proxy server will listen on all available network interfaces and therefore if you want to use one proxy server for multiple subnets or VLAN’s you can simply add additional virtual or physical NIC’s to the server. These will appear in the Network settings page.
Best practice tips
- Wherever possible configure the browser proxy settings. This tells the browser it is using a proxy and therefore it will guarantee the best compatibility with web servers and web applications.
- Use your firewall to prevent proxy bypass by ensuring direct access to the Web (port 80 and 443) is only available from the proxy server.
- For BYOD devices, always set their default gateway to be the proxy IP address. This is much easier than configuring proxy server settings on the device.
What is Secure Web Gateway?
CensorNet Secure Web Gateway is designed to allow you to quickly and affordably implement an effective Internet Usage Policy for your network(s). This will increase productivity, make your network more secure, reduce bandwidth wastage, improve compliance and limit exposure to Internet borne threats.
The technical bits…
CensorNet Secure Web Gateway is a versatile web proxy server (HTTP/HTTPS) that filters web content using a number of techniques. These include a part-cloud based database of hundreds of millions of web sites, real-time and human inspection of content in multiple languages, sophisticated image analysis, anti-virus URL reputation and more. If you can see it in your web browser, it can be controlled by Secure Web Gateway.
The product itself is managed via an easy to use web interface and although Linux based, it integrates seamlessly with Active Directory for single sign on authentication. The product supports granular filter rules using group based policies, scheduling, multiple administrator roles, computer and user identification, bandwidth limiting, comprehensive reporting and more. For a full list of features please see the product features page.
Is this a software or a hardware product?
This is a software product which is available as a “software appliance” for use in a physical or virtual machine. This means you can download a CD image (.iso), burn it to a CD and install onto your own hardware by booting the machine with the CensorNet CD in the drive. Installation takes approx 30 minutes.
The same CD image can also be installed into a Virtual Machine, such as VMware ESX/i, Hyper-V, VirtualBox, XenServer, etc.
Please note that in both cases the machine must be 64-bit and all data on the hard drive will be overwritten by the software during installation.
How is the initial cost of my requirements calculated and are there any ongoing costs?
The software license fee is based on the number of concurrent devices that will use the proxy server and is billed in advance based on a minimum 12 month term. We think this is the fairest way for our customers and allows them to only pay for what they need. For some types of organisation, the number of concurrent users will exactly match the number of devices (e.g. desktop, laptops, etc in a normal office environment) whereas for others it may not (e.g. a school environment, where there may be 100 computers but may not all be in use at once). We cater for both scenarios with our concurrent user model. There are price breaks which determine the cost per license that you will pay. The product includes a Licence Usage monitor which provides a graph of usage so after your 30 day trial period you can see your device concurrency.
At the end of the 12 month period you have the option to renew again and the price will be based once again on the number of concurrent device licenses you require – which may have increased or decreased.
We also take into consideration the type of organisation (business, government, education, charity) and the geographic location. There are special discounts for purchasing multiple years in advance.
The license is all inclusive – there are no extra costs for technical support or product updates. Please contact our sales team for a personalised quote.
Is CensorNet Secure Web Gateway suitable for schools?
Yes. CensorNet has a long history working with schools around the world to provide a safe Internet experience for pupils and students. In the UK, Secure Web Gateway has been accredited by the government advisors for education, BECTA, to ensure it is suitable for use within schools. The product also complies with CIPA and CensorNet are members of the Internet Watch Foundation, who campaign against illegal child abuse images online.
Do you provide discounts for education or not-for-profit organisations?
Yes, we discount our normal retail price by as much as 50% for education and charity customers. Please contact our sales team for a personalised quote.
Is there a “try before you buy” evaluation version?
Yes, you can try the software for 30 days before purchasing. The only limitation is time. If you require more time, there is the option to extend this to 30 days by clicking a button. If you decide to purchase, we simply issue a new license key by e-mail and you can continue to use the product for the term of your license.
How scalable is CensorNet Secure Web Gateway?
This depends on many factors and therefore it is impossible to say for certain, however the proxy server is 64-bit and has been highly optimised. We estimate the proxy should be able to handle 1,000 concurrent devices on a mid-range server (Xeon CPU, 8GB RAM). This could be considerably higher depending on the user authentication method in use, user browsing habits and so forth.
CensorNet used to be open source. What happened to that version?
The open source project finished in 2005 and the software is no longer recommended for production environments. The reason the project finished was purely commercial. To be able to address the demands for new features from the community, CensorNet Ltd was incorporated and privately funded to develop a proprietary, closed source version of the product. If you are a user of a version of CensorNet open source and would like to upgrade, please contact our sales team for a special discount.
Is CensorNet suitable for home users?
Whilst there is no reason you could not use CensorNet at home, the licensing is probably cost prohibitive. We recommend the solution from PureSight, who are CensorNet partners.
Does CensorNet Secure Web Gateway filter e-mail as well as web ?
No, please see our CensorNet Email Security solution for e-mail management, security and compliance.
Schools have a duty of care to provide a safe Internet experience for all their pupils and staff and need to demonstrate reasonable and effective measures to control access to the Internet.