New Categories: Fantasy Sports, Botnets, Web 2.0 stuff
by Rich SuttonOctober 12th, 2007
We added seven new categories to the 8e6 Database (aka “the Library”) in the update that went out last night. I’d like to explain the rationale behind these categories as well as talk about some things you might want to take into consideration as you decide how to update your filtering policies. Note: Only customers running version 2.0 and later of the R3000 will see these new categories.
The categories are:
Fantasy Sports
Botnets/Malicious Code Command & Control
Web-based Productivity Apps
Video Sharing
Dynamic DNS Services
Bad Reputation Domains
Edge Content Servers
It almost goes without saying that the web is an ever evolving place and we are continually examining how our customers will want to manage new types of web content. We attempt to be conservative in adding new categories, so that we don’t force customers to reexamine their web filtering policies too often.
Here are some notes on each category, including how the sites in each new category relate to previous categories, as well as my advice on issues that will drive your policy decisions. I’m not going to repeat the category definitions or provide example sites, which can be found here on the 8e6 website.
Fantasy Sports
Fantasy sports sites are a notorious productivity killer, worse than regular old sports sites like espn.go.com. And it’s big business: they have their own trade association! Fantasy football is by far the biggest fantasy sport, so we’re smack in the middle of the height of fantasy activity (my team is 4-1).
My advice is to run a report on this category in about a week to see if you have a problem, then make a policy decision. Clearly, there is no business or educational need to obsess over your fantasy team during work or school hours; if you block this category, you are unlikely to hear many complaints. However, your users will certainly grumble about it, which is something to consider (seriously). For less stringent policies, it may simply be most effective to remind everybody that it’s frowned upon, then crack down on a few big offenders.
All of the sites in this category are also still in the Sports category. On or around Dec 1, we will remove them from Sports. However, some will remain as a natural consequence of site structure: *.espn.go.com will still be in Sports, while *.games.espn.go.com will be in Fantasy Sports.
Botnet/Malicious Code Command & Control
This is a long way of saying “outbound traffic from malware”. We split it out from Malcode so that you can report on it separately. A report on malicious code downloads blocked at the gateway (Malcode, infections prevented) is something you send your CIO every couple of weeks. A report on traffic emanating from infected computers on your network (Botnet/Malcode Outbound, infections detected) is something you send your desktop support folks every day.
Like the other Security categories, your default position should be to block this category.
Web-based Productivity Apps
This is Web 2.0 come to the enterprise. We think it’s going to be a huge issue for enterprises, because of the potential for data leakage. If your project implementation plans are up on basecamphq.com or your intellectual property documents are on Google docs, you are not in control on your data. You might trust Google to securely manage your corporate data, but that’s a decision best made organization-wide, not ad hoc by individual users.
Video Sharing
The Web 2.0 phenomenon that has had the biggest impact on bandwidth consumption and productivity is video sharing. What we’ve found in talking to customers is that C-Net might be a tool that their end users need for business, but YouTube provides no redeeming business value. One of our largest customers (> 150K users) recently blacklisted all of the major video sharing sites, including YouTube, and received one, count ‘em one, user request to open them back up. Your users are simply not going to call the Help Desk to argue that they absolutely must see the latest 2 minute clip of some skateboarder breaking his arm while attempting slide a handrail.
This category is a subset of the Streaming Media category; every one of these sites will also be in Streaming Media. They may also be in the R-Rated or Pornography categories, depending on whether or not they have adult filters, enforce an acceptable use policy, or are used primarily (even inadvertently) for explicit video.
Dynamic DNS Services
These services are typically used by individual users looking to create an easy to remember alias for their home computers that don’t have static IPs. If you’re unfamiliar with how these work, here’s a definition. The most common case that were giving you a way to address is the student or employee aliasing a proxy he installed on his home computer. This is one of those “block if you’re conservative, monitor if you’re not” categories.
Previously, these sites were typically lumped into the Info Tech or Free Hosting categories.
Bad Reputation Domains
This is a security category specifically for free hosting sites that have a reputation for ignoring or assisting spammers and attackers in hosting phishing sites or malicious code. Think of it as a broader umbrella over the top of our other security categories. A bad reputation domain is a site that has repeatedly showed up in our security research or the research of one of our partners.
The key thing to consider here is that these sites almost always host legitimate content. We say they have a bad reputation because they also consistently host bad stuff and show no sign of cleaning up their act. This is another “block if you’re conservative, monitor if you’re not” category.
Edge Content Servers
This category is a bucket for the Akamai-like servers that serve static, secondary content like images for other websites. Previously we didn’t have a good place for them — sometimes they went into Reviewed/Miscellaneous or Info Tech. I don’t really foresee any reason to block this category; mainly, it will reduce clutter in your reports.
Tags: 8e6 Database, Bots, fantasy sports, productivity, video sharing, Web 2.0
