Using NG Firewall as part of a CIPA Compliance Solution

A lot of organizations are concerned about being CIPA compliant and this article is to show you the tools available to work towards CIPA compliance. 

Four apps are primarily used in this effort:

  • Web Filter
  • Application Control
  • SSL Inspector
  • Reports

These applications are largely used in conjunction with each other; each filling an important role in the requirements for CIPA: https://www.fcc.gov/consumers/guides/childrens-internet-protection-act

 

Web Filter and Application Control

These applications give you a wide range of categories you can block when users try to access certain websites or even use certain applications, including popular VPN's that could get them through a firewall to access restricted content. 

For detailed information on using these applications please consult our wiki pages or YouTube videos:

Wiki:

Web Filter - 

https://wiki.untangle.com/index.php/Web_Filter

Application Control - 

https://wiki.untangle.com/index.php/Application_Control

 

YouTube:

Web Filter - 

https://www.youtube.com/watch?v=rBGQjHOYvZY

Application Control - 

https://www.youtube.com/watch?v=6Wrw2JxmUys

 

SSL Inspector

SSL inspector works with Web Filter and Application Control to provide more granularity and visibility into the traffic that flows through the network. Today most sites on the internet are using SSL to encrypt data end-to-end making it hard for firewalls to see the traffic passing through them. Using SSL inspector provides the ability to decrypt traffic flowing through a firewall by installing our certificate on the end user devices. 

This ability supercharges Web Filter and Application Control to be able to use things like "safe search". So when users go to popular search engines like Google we can enforce the built in safe search method, and always have access to the URL that users are accessing. 

SSL inspector is the most difficult application of the four we are discussing to set up. But once it's done, it gives you a lot of granularity in how you filter which is needed for CIPA compliance. The only other option would be to add mass block rules for sites like Google and YouTube. 

Here is the guide from our Knowledgebase and YouTube video for setting up SSL inspector: 

https://support.untangle.com/hc/en-us/articles/216297238-Use-SSL-Inspector-to-Inspect-SMTPS-and-HTTPS-Traffic

https://www.youtube.com/watch?v=vGzXsJM5H7g

 

Reports

Reports is an extremely powerful tool, whether troubleshooting the network or looking back at a potential violation. Depending on the number of days you have set to keep under Data Retention, you can go back and look at specific days of traffic for specific IP addresses, top sites accessed, bandwidth usage. etc. 

Having a solid understanding of how to use reports is critical for ensuring your CIPA compliance solution is working effectively. Please take a look at our documentation on using reports:

https://wiki.untangle.com/index.php/Reports

https://www.youtube.com/watch?v=G8wg4jxPdbQ

 

For more information regarding CIPA Compliance please reference our main web page: 
https://edge.arista.com/cipa-compliance/

 

 

Follow
Was this article helpful?
0 out of 0 found this helpful
Have more questions? Submit a request

Comments

0 comments

Please sign in to leave a comment.

Powered by Zendesk