Sophos Official Site
Step 1. Create a Custom Category with the keyword list
- Navigate to Protect | Web | Categories and click the Add button.
- Specify a Name, Classification and add the keyword(s). I suggest adding some basic variations such as plurals and common language variations used in your organization.
Step 2. Create a Custom User Activity group
- Navigate to Protect | Web | User Activities and click the Add button.
- Specify a Name and add the custom Category created in the previous step.
Step 3. Create a new Web Policy
- Navigate to Protect | Web | Policies, click the Add Policy button and give the policy a name.
- Click the Add rule button and add a Block HTTP rule for the Custom User Activity created earlier
- Change the Default action rule to Allow HTTP (we will restrict this in the firewall rules)
- Since we are going to apply this rule to search engines, it is a good place to check Enforce Safe Search as an Additional Setting of the web policy.
Step 4. Create a Firewall Rule
To make all of this work we need a Firewall rule that matches Google searches and then applies our web policy.
- Navigate to Protect | Rules and Policies | Firewall Rules and click the Add Firewall Rule button.
- In the Destination Networks section, search for and add the Google domains.
- Under Security Features | Web Filtering section, select your Restricted Search policy that you created earlier as the Web policy.
- Check Block QUIC protocol (Why? See our article on How Google’s QUIC Protocol Impacts Network Security and Reporting).
- Check Use web proxy instead of DPI Engine (You need to use the Web proxy method since enforcing SafeSearch is not possible using the DPI engine).
- Check Decrypt HTTPS during web proxy filtering.
Testing
Now that you’ve created a Custom Category containing your keywords,
used it in Web Policy that also enforces SafeSearch, and applied that
policy to a firewall rule that kicks in for Google domains, it is time
to test!
Open Google in your favorite browser and search for “wallpaper”. You’ll see that you are blocked:
Search for something else such as ‘higher education’ and you will see that it is allowed.
Finally, search for home improvements/wall covering and you will
notice when you click through to those sites, you will be allowed access
to pages that contain the keyword ‘wallpaper’.
Monitoring Search Terms
The key to knowing what keywords to block is to keep an eye on the sort of searches being performed. Fastvue Sophos Reporter makes it easy to report on and be alerted to suspicious searches,
or all searches used in your organization. Since most web journeys
start with a search, it is a good indicator of what a user’s intended
browsing is.
- In Fastvue Sophos Reporter, go to Reports | Overview Report | Internet Usage
- Select your desired date range and click Run Report (or Schedule Report)
- Go to the Safeguarding | Search Terms section. By default, this shows Suspicious Searches, but you can show all of them by clicking the All Searches button.
To get started with Sophos , download the free 30-day trial.
Conclusion
Blocking content using just ‘keywords’ on their own has some
limitations in both application and practicality, but can be extremely
useful in specific circumstances, such as blocking searches, when used
correctly in combination with other Sophos XG filtering mechanisms.
You can now apply the above process with other keywords to prevent
specific situations in your organization, such as searches for ‘VPNs’ or
‘Bypass firewall’ that could potentially result in those pesky students
(or employees!) getting around your Sophos rules and policies
altogether.
Let us know how you’re using keyword blocks in the comments!
My Second Blog Site- Click Here
please like Comment and share to all friends
comment mai bataye aapko hamara notes aapko kaisa laga.notes releted koi bhi inquiry ke liye hamari email id par mail kare..
Mujhe Instagram Aur Facebook par Follow Kare
Thanks for Supporting
MY MOBILE NUMBER - 9990080678
My Email Id :- govind9990080678@gmail.com