While not always understood as such, content filtering is a critical security component of technology environments in churches, ministries, schools, and almost every other organization as well. While your church has probably implemented some content filtering by now, you may not understand the breadth of security benefits it can provide.
What is Content Filtering, and how can it Increase my Church’s Security?
Most people familiar with the concept of content filtering think of it as (1) a means of restricting access to websites providing inappropriate or objectionable material, or (2) controlling access to sites that, while not morally questionable, are time wasters that distract staff and destroy productivity – such as social media, news and sports sites, shopping sites, etc. In deciding how to set up filters to restrict certain types of content and activity, individual churches balance their specific ministry and church standards, goals, and values against freedom for and their trust in their staff members. Also important in any discussion regarding church and related school activity is the protection of any children in the environment from harmful content or sites that may connect them to persons who may want to hurt them.
In addition to these more commonly understood benefits, content filtering can provide other critical security benefits as well. In 2018, there were approximately 1,200 reported significant data breaches, and over 400 million estimated confidential records exposed. Malicious cybercrime activity has only increased in 2019. Accordingly, to be responsible stewards of the information and data entrusted to them, churches must inspect all traffic coming and going across their networks to restrict connectivity to and from known “bad actors” whenever possible. A robust content filtering system can restrict connectivity to known dangerous locations and agents such as “botnets” or sites and files known to contain various types of malware.
What Are Some of the Aims of Content Filtering?
In some cases, specific industries may be required to implement content filtering to meet specialized requirements. For example, the Children’s Internet Protection Act (CIPA) requires content filtering for any educational institution or library receiving FCC E-Rate funding. While the requirements mandated under this act are focused on minors in school situations and do not apply to churches, they can serve as helpful guides and goals for responsible churches seeking to provide a safe network environment.
Schools and libraries subject to CIPA are required to adopt and implement an Internet safety policy addressing:
- Access by minors to inappropriate matter on the Internet
- The safety and security of minors when using electronic mail, chat rooms and other forms of direct electronic communications
- Unauthorized access, including so-called “hacking,” and other unlawful activities by minors online
- Unauthorized disclosure, use, and dissemination of personal information regarding minors
- Measures restricting minors’ access to materials harmful to them
Churches can implement content filtering (and other security mechanisms discussed in this blog series) to protect not only the minors in their congregation but also staff, members, visitors, and anyone else utilizing church network resources. The CIPA policies outlined above are a great place to start.
How Do I Implement Content Filtering?
Firewall Based Filtering
Firewall-based content filtering is the most comprehensive and cost-effective way to provide a general level of filtering for your network. Most UTM firewalls have sufficient capabilities to restrict access to inappropriate websites and parts of the Internet that are known to be malicious.
This traditional firewall-based type of filtering does have a weakness when it comes to inspecting the ever-growing amount of encrypted or SSL/TLS traffic on the Internet. Due to the increasing number of security breaches occurring every day, industry leaders have pushed for stronger encryption methods. Stronger encryption methods are a beneficial development when implemented for legitimate websites. However, cybercriminals have found that they can also utilize these same stronger encryption methods to more effectively conceal their malware payloads and sometimes bypass traditional network-level content filters.
These stronger encryption methods can bypass these filters because encryption is designed to prevent a “man-in-the-middle” (i.e., your UTM firewall, another device, or any person) from inspecting content in transit in the first place. To combat this problem, churches may want to implement additional software: agent-based content filters. Agent-based filters of this type are applications that can run independently from the UTM firewall on every Windows, Mac, and Chromebook system. These applications can inspect traffic to and from the device even when it is encrypted, and they offer protection for these same devices when they connect to the Internet at home, a coffee shop, and anywhere else away from your enterprise network. As with all technology options available, churches must analyze the advisability of implementing this additional protection by weighing specific risks to the organization against the cost of implementing and maintaining such agent-based filtering.
DNS, or domain naming system is the mechanism that allows for the translation of domain names into IP Addresses, which computers can understand. For example, DNS enables easy-to-remember domain names to be used – such as Wikipedia.com – rather than typing in a very- difficult-to-remember IP addresses – such as 220.127.116.11. DNS maps IP addresses to domain names. DNS filtering provides a different approach to content filtering than firewall-based filtering.
Much like the traditional firewall-based content filtering and agent-based solutions, DNS filtering can deny access to certain websites, webpages, or IP addresses. DNS filtering is sufficient for a network with simple content filtering requirements. In most cases, churches should not use DNS filtering alone but should pair it with firewall-based or agent-based filtering.
If you haven’t already implemented a content filtering solution, or don’t know if you have, or have any doubts about the level of content filtering security on your network, Enable would love to chat with you. Enable can help you implement a content filtering solution custom-tailored to fit your church’s specific situation and needs. Contact us today at [email protected] to get started!
Written by: Cody Baird, Senior Engineer, Enable Ministry Partners