SUPPORT

CIPA Compliance - Web Security

Overview

This document will outline best practices and configuration options to help meet Children's Internet Protection Act, or CIPA, criteria as it relates to accessing the Internet. These settings may need to be adjusted to meet your organizational goals or expectations.

This article is intended to assist educators and administrators in education on CIPA information. eSoft, and this document, does not offer legal advice and you should consult with an attorney whenever you think it necessary concerning questions about CIPA compliance and meeting any requirements outlined within.

Configuration

The majority of the suggestions here are configuration changes to applications which are part of the Web ThreatPak.

Gateway Anti-Virus

Gateway Anti-Virus will detect phishing attempts, malware and data-stealing trojans embedded in websites, preventing these types of malware from infecting your local machines keeping childrens personal information safe.

From the menu on the left select Gateway Anti-virus -> Settings
Enable Gateway Anti-Virus.
Click the Advanced button.
Enable "HTTP" and "FTP".
Click Apply.

Web Security

Web Security protects children's access to the Internet, preventing them from accessing inappropriate or offensive material.

From the menu on the left select Web Security -> Proxy Settings.
Enable Web proxy.
There are two primary configuration options:
- Authentication - None
  It is recommended to enable "Transparently intercept HTTP traffic" to enforce your web policy for all computer on the network. No proxy settings are required in individual browsers.
- Authentication - User
  All web requests are required to be authenticated with a valid user as defined on the eSoft device or the local Active Directory server. Each browser must be configured with proxy settings.
Click the Advanced button.
Enable Enforce Safe Search.
If you wish to have the ability to override the web security policy for a given site, enable Allow administrative override.
Click Apply.
From the menu on the left select Web Security -> Custom Sites.
You can add websites or IP addresses to the Whitelist to exempt them from their normal categorization and allow all users access. You can also create custom categories and add them to your web security policy.

Click the Add button.
Once you've created the category and assigned websites to it, click Apply.
From the menu on the left select Web Security -> Policies.
Web ThreatPak is required to have access to the database and 53+ categories that are displayed in the following image.

Click the Add button.
Suggested Configuration:
- Adult Materials category, including all sub-categories
- Communication category, including all sub-categories
- Criminal Activities category, including all sub-categories
- Gambling sub-category
- Anonymizer sub-category
- Download Sites sub-category
- Spyware / Adware category, including all sub-categories
- Uncategorized sub-category
- Alcohol and Tobacco cub-categories may also be godd items to block but are discretionary
Click Apply.

Intrusion Prevention

Intrusion Prevention blocks IM and Peer-to-Peer applications, as well as attempts to gain unauthorized access to your network. It also protects against known network or application vulnerabilities and exploits.

From the menu on the left select Intrusion Prevention -> Settings.
Enable Intrusion Prevention.
Specify all local and public IP address ranges you wish to be protected. Be sure to include any remote networks connected via VPN and also any secondary IP addresses given to you from your Internet Provider.
If you have local web or email servers enable server protection and specify the IP addresses for theose servers.
Enable "Block Instant Messenger Traffic" and "Block Peer-to-Peer File Sharing Traffic". If you wish to allow a specific application that falls into one of these categories, you can disable the related rules in Intrusion Prevention -> Rule Manager.
Click Apply.