What Is the Purpose of the ‘IP Address’ Category?

Tuesday, November 17th, 2009

From time to time we are asked, “What is the purpose of the ‘IP Address’ category used by Wavecrest products?” The short answer is — it’s used to capture and segregate the IP addresses of Web sites that the product was unable to associate with ‘regular’ categories. Customers can then analyze them to identify network security threats, traffic to intranet sites, or other patterns of interest.

Here’s a bit more detail.

First note that our products identify many IP addresses and place them in content categories. The Wavecrest URL (control) list contains many such addresses.

Unfortunately though, initially unidentifiable IP addresses still appear from time to time. Generally speaking, we see three types, i.e., addresses associated with:

  1. Internal (and partner) Web pages
  2. Innocent links on Web sites
  3. Possible malware or virus servers

When the product encounters any of these three types, it places them in a special ‘IP Address’ category. Customers can then run reports on that category the same way they do on any other category. In addition, if the customer runs a Top Non-Categorized report, the uncategorized IP addresses will be listed along with uncategorized domain names.

Because the traffic associated with unidentified IP addresses can be important or even dangerous, it’s obviously desirable to pursue the matter further. So what can be done? Well, with a bit of work—and in some cases with some help from Wavecrest—it is possible to:

  • determine the source and purpose of most of the addresses
  • categorize the legitimate ones
  • isolate/neutralize the malicious ones

Let’s see how this is done. We’ll take it one ‘type’ at a time.

  1. Internal and Partner Web Pages. Some unidentified IP addresses may have resulted from users going to internal (intranet) or partner sites. (These normally would not be in the Wavecrest URL list.) To address this issue, start by running a Top Non-Categorized Sites Report or IP Address Category Report. Using your local knowledge, try to determine the IP addresses of those sites and then enter the information in one or more custom categories. (Instructions on how to create custom categories can be found in our manual.)
  2. Innocent links on Web Sites. These addresses could be associated with image or ad servers. If you want to address this issue, send a copy of a Top Non-Categorized Sites (“OtherWise”) Report to Wavecrest (sites@wavecrest.net). Our categorization team will then research and categorize the unidentified IPs for you the same way they categorize domains. If you would like to identify the IPs yourself, you can use IP address lookup tools such as the one available from http://www.networksolutions.com. This tool will provide you with information about the owner of the IP address(es) of interest. For example, the owner of the IP address could be a marketing company that serves ads, or it could be an image server. Once identified, if you desire, you can add the addresses to one or more custom categories.
  3. Possible Malware or Virus Servers. Some of the unidentified IP addresses could be associated with malware, spyware or virus servers. The clue here is very high around-the-clock traffic. This is an indication that the user’s computer has been infected or attacked. The solution in these cases is to isolate the internal computer(s) and remove the malware/spyware or virus. Here’s an approach you can use to help solve this problem.
  • Using the Dashboard, run a Trend report on the IP Address category and look for any unusual spikes. If you see anything suspicious then …
  • Run a category audit on the IP Address category and look for large amounts of activity coming from a particular PC(s). Make a note of the IP address(es) and then scan for infected files.

Summary. The IP address category was created to be a ‘red flag.’ Its purpose is to alert you that further action may be needed to resolve problems or to simply give you a more complete and comprehensive picture of all Web activity.

Social Networking or Social Not-working?

Tuesday, November 10th, 2009

Social networking in the workplace is a major dilemma for today’s businesses. Does it help or hurt the organization? While some companies block social networking, some say it helps by enhancing collaboration among employees, partners and customers. Others say it hurts by draining productivity and bandwidth and creating legal liability and network security risks.

A survey conducted by Nucleus Research showed that 77 percent of workers who have a Facebook account use it during work hours. Of those who do use Facebook at work, 87% said they could not define a clear business reason for accessing the site and some reported using it as much as two hours per day.

So, in the face of all the countervailing views, just what is the best approach to the issue? Options include banning it altogether, using it with no restrictions, and employing it for business purposes only.

The short answer is, “It depends.”

That is, for any one organization, the answer really depends on management’s views on a number of issues. Among these are the nature and objectives of the business, organizational culture and managerial style, workforce morale factors, workforce demographics and skills, availability of technological solutions, and the need for external communications.

We are often asked about this issue.  So we developed this paper to share our knowledge and views. It explores various aspects of the issue, cites some relevant facts, and provides several recommendations. Our hope is that this information will help organizations that are struggling today with this contemporary and very important issue.

Read the full white paper: Social Networking or Social Not-working?

Don’t Forget to Update Your Web-Use Policy

Wednesday, November 4th, 2009

There has been a lot of buzz surrounding the use of social networks, i.e., Facebook, Twitter, LinkedIn, etc.,  in the workplace recently.  This is a great reminder to all organizations to take a look at their current Web-use policies and update them.

Reuters covered a recent seminar put on by LeClairRyanon covering “Key Issues in Labor & Employment Law,” where the importance of a policy for social networks was discussed.  The speaker, Joseph P. Paranac, a shareholder in LeClairRyan’s Labor and Employment Group, stated, “Inappropriate and unwise use of online social networking sites like Facebook and Twitter is a growing source of liability risk for employers, including discrimination, defamation and retaliation claims.”

He went on to offer some Web-use policy suggestions for employers.

“In order to have a successful policy on the use of social networking sites, Paranac told the audience, employers should stipulate that:

  • Employees may not comment or use any confidential information about the employer or discuss internal matters.
  • Use of online social networks should be limited to non-working hours, unless the use is for legitimate business purposes.
  • Employees’ comments should not be discriminatory or harassing.
  • Similarly, they should not be disparaging or defamatory to the employer’s business.

The veteran attorney also offered the following elements of a successful Internet and e-mail policy:

  • Employees should be trained on electronic communications equipment parameters and prohibitions.
  • All business systems and company-issued electronic communication equipment and data belong to the employer.
  • Systems and equipment must be used for appropriate and lawful business purposes only.
  • Employee use is subject to review/monitoring by the employer and employees who use employer equipment have no expectation of privacy.
  • Use of systems and equipment for harassment, discrimination, or defamation is strictly prohibited.
  • Disclosure of employer confidential information is strictly prohibited.
  • Warn employees of the penalties or policy violations.
  • Obtain a signed acknowledgment of employee receipt of policy.
  • Include a procedure for reporting violations.
  • Enforce the policy!”

Read the full article: TWEET: ‘I’m About to Testify in My Defamation Case!’

Online Holiday Shopping: Here We Go Again

Tuesday, November 3rd, 2009

It’s that time of year again! The big Christmas shopping spree. As in previous years, the online version ‘officially’ starts on Cyber Monday – the day after the big T-Day weekend. And now this year we’ve got Green Monday (December 7) and Brown Monday (December 14). These are days on which, like Cyber Monday, online retailers put on a full court press to draw in ‘surfer-shoppers.’

And the whole circus runs through New Year’s Day.

The volume can be huge and problematical for employers. A survey conducted for ISACA, an association of 86,000 information technology professionals, states in part:

“Employees plan to spend nearly two full working days (14.4 hours) on average shopping online from a work computer this holiday season. One in 10 plans to spend more than 30 hours shopping online at work. Convenience (34%) and boredom (23%) are the biggest motivators.”

“… the second annual “Shopping on the Job: Online Holiday Shopping and Workplace Internet Safety” survey found that half of those surveyed plan to holiday shop online using a work computer.

“Dangers of shopping online include viruses, spam and phishing attacks that invade the workplace, resulting in financial losses due to reduced productivity and destruction or compromise of corporate data.”

In addition to generating network security and performance issues, online holiday shopping is a huge productivity waster for businesses. When workers are shopping, they’re not ‘minding the store.’ Accordingly, this is a good time for all types of organizations to take stock of their Web-use management practices and seek help if needed.

Wavecrest Computing is ready to provide that help.

Wavecrest’s Cyfin and CyBlock products and services help all types of organizations manage and control inappropriate and risky personal surfing of all kinds, including shopping. Cyfin and CyBlock products do this by monitoring and/or filtering employees’ Web use and reporting on the activity by content categories, e.g., shopping, sports, games, and others. Of particular note, with regard to holiday shopping, CyBlock products can be set up to block Web access by categories and by hour so employees can access shopping sites on their lunch break or after hours. This approach can help sustain morale while minimizing the risks associated with online shopping.

For 13 years, Wavecrest Computing has been providing Internet filtering and monitoring solutions to business, government, and educational organizations worldwide.  Wavecrest’s customer base includes well-known names such as the HP, Procter and Gamble, Burlington Northern Santa Fe Railway, Bridgestone, Mazda and many others.