Sprint Education

Welcome | Sprint TekNet IP^SM | Sprint TekNet IP^SM for Higher Education | Network Consolidation | Safety & Security | Education Specialists | E-Rate | Classroom Connections Newsletter | ParentLink Suite | Free Planning Tools | Financing Program | Discounts

August 2001

<< Return to Index

August 24, 2001

Meeting the challenges of complying with the Children's Internet Protection Act (CIPA)

Prepared by Mark Uhart, Sprint Education Markets Group

Schools and libraries seeking to comply with the Children's Internet Protection Act (CIPA) have several options. Unfortunately, there are costs associated with each - both in capital expenditures and in human resources. The CIPA requires recipients of E-Rate discounts for Internet access and internal connections to enforce "a policy of Internet safety that includes the use of filtering or blocking technology." The "…Technology Protection Measure is a specific measure that blocks or filters Internet access. It must protect against access by adults and minors to visual depictions that are obscene, child pornography or, with respect to use of computers with Internet access by minors - (are) harmful to minors. (The filter) may be disabled for adults engaged in bona fide research or other lawful purposes. For schools, the policy must also include monitoring the online activities of minors."

Controlling costs while meeting federal guidelines can be a daunting task. However, there are a number of actions schools and libraries can take to meet both objectives.

Controlling access can be done by "blocking," a technology to limit access to specific sites, through filtering or a combination of the two. Through blocking, the institution creates an access gateway that either establishes a list of sites that may be accessed (allow list) or a list of sites where access is not allowed (disallow list). These are achieved through an access control list (ACL) programmed into the Internet router. The least expensive option, blocking requires extensive review of Internet material by district staff to develop the "allow list." However, for organizations with a very defined curriculum and limited budget, this might be a good starting point.

The second method is through filtering. Access to the Worldwide Web is controlled through filtering protocols on proxy or firewall servers. Most K-12 commercial filtering vendors use Microsoft® or Netscape® Proxy Servers to filter HTTP (Web) sites, chat and free e-mail sites like Hotmail® and Yahoo®. Commercial filtering application vendors and their products include: Aladdin®'s eSafe®, SurfControl®'s Cyber Patrol®, N2H2's Bess® Internet Filtering Service, Palisade®'s ScreenDoor® Internet Management Server, Symantec™'s I-Gear™ and others.* The October 2000 edition of eSN Special Report† provided a matrix of "The Top Filtering Solutions in K-12 Schools."

As with any software, it is important to understand the business behind the product. For your convenience, we have listed their Web sites.

Aladdin's eSafe at http://www.ealaddin.com

SurfControl's Cyber Patrol at http://www.cyberpatrol.com

N2H2's Bess Filtering System at http://www.n2h2.com

Palisade's ScreenDoor Internet Management Server at http://www.screendoor.com

Symantec's I-Gear at http://www.symantec.com

Websense at http://www.websense.com

8e6 Technologies' X-Stop at http://www.8e6technologies.com

*The list of products shown above is provided for information purposes only and does not constitute a recommendation by Sprint.

How to define the right system
Price alone should not define what system you decide to purchase. Total cost of ownership (TCO), ease of use, ease of management and reporting, compatibility with existing hardware and software, and scalability should affect the purchasing decision. In addition to the matrix in the eSN Special Report, additional criteria you might consider in your purchasing decision may include:

1. Does the vendor conduct commercial advertising via their filtering software using banners, or other media, that distracts from Web browsing or home page access?

2. What are the protocols supported? As a minimum, HTML, FTP and SMTP should be supported.

1. What server platforms are supported? (e.g., Windows NT®, Windows® 2000, Sun® Solaris™, Linux or Novell®)

4. What filtering methods are used?

Keyword filtering systems are the most widely deployed. They monitor the Internet connection for words or phrases that the organization finds objectionable. Filtering categories and subcategories contain lists of objectionable keywords. This provides a major advantage because it doesn't require constant updating of a database of Internet sites/URLs. Web pages, search engines, newsgroups and chat room conversations are all filtered. The disadvantage is that it cannot block sites that don't have any of the forbidden words or phrases, like sites with offensive photos. In addition, poorly designed filtering lists can block access to legitimate sites.

Database filtering is the other most common method and should be used to supplement keyword filtering. Most Internet content filters rely on a database of pre-defined URLs and IP addresses to filter out obscene or inappropriate information on the Internet. The database is updated frequently and included in the master database file.

There are two advantages to employing database filtering. First, it blocks attempts to access sites that are on the blocked list. If a site on this list has thousands of offensive words or phrases, it makes sense to block access on the front end rather than on the back end. Traffic is blocked when it flows from the user/student to the filtering software rather than denying access of objectionable material into the filter server from the objectionable site. This saves both valuable filtering server memory, and the users' time on the filtered network.

Second, it screens out sites specifically designed with objectionable material, text or graphics. A good way to compare vendors would be to find out how many sites are blocked under a specific category, e.g. online auction sites, adult/sexually explicit, gambling, hacking, drugs/alcohol/tobacco, firearms and explosives or cults/gangs/racism.

5. How long does it take for the filtering software to make an authorized connection or block a site? It should not take more than a few seconds for it to perform either function.

6. What are the options for caching the master filtering database? Can the database be cached locally on a cache server as well as from the vendor's off-site server?

7. How complete and updated is the master database of Internet sites/URLs? Consider the:

size of the master database (total number of URLs screened);

number of categories and subcategories. (A greater number of categories and subcategories allows for greater customization.);

frequency of database updates and the method of updating;

method of filtering, (e.g., key words, URL database or combination of the two);

ability to adjust built-in caching services; and

capability for automatic master database maintenance.

8. For ease of installation, set-up and management, consider:
· the window and menu format: HTML, JAVA or proprietary;

if there is an install wizard and/or configuration wizard for quick set-up and customization;

the method of establishing access rules (e.g., drag-and-drop, find-and-add/remove, import from other proxy server or filtering application);

if there are on-line help files and a printable user's guide;

if there is automatic scheduling and administration, and if changes can be made remotely;

if the system's administrator can have remote access (HTML format is preferred)

if additional sites can be added to the blocked list;

whether you have the ability to block, permit or limit access to sites by user, user group, network or workstation;

if it can log and report all blocked sites by site, category, user, network, workstation or any combination of these;

if it can log and report hits of permitted accesses by category, user, network, workstation or any combination of these;

if the site categories and users can be easily distinguishable (e.g., by color or icon);

if customized report formats can be prepared to suit various needs (e.g., acceptable use policy evaluations or curriculum reviews);

if there is automatic report generation and distribution via e-mail;

if there are a variety of export formats (e.g., plain text, Microsoft Excel, Microsoft Word or HTML); and

if there are methods for limiting or controlling e-mail, downloads (like freeware, MP3 and WAV files), instant messaging, Internet chat, online radio and streaming video for permitted sites.

9. What other content management services are included? Are there services like antivirus (Java/ActiveX), antispam, antispoof, inspection of compressed and MIME file types, etc.? Some Internet filtering companies offer these services as well - at a price of course.

10. Will it integrate with an existing or planned firewall? Your Internet filtering or blocking software should complement your firewall, not replace it.

11. What are the up-front and annual costs per user or network? Will it include customer service and support?

Back to top

† October 2000 edition of "eSN Special Report: The Top Filtering Solutions in K-12 Schools," eSchool News, October 2000, p. 31.