CONNECTIONS

IDAHO
ITD HOME
511 TRAVEL SERVICES
IDAHO DMV
ITD NEWS
HIGHWAY SAFETY
IDAHO STATE POLICE

STATE OF IDAHO
NIATT

NATIONAL
AASHTO
AAMVA
AAA of IDAHO
FEDERAL HIGHWAYS
FEDERAL AVIATION
IDAHO STATE POLICE
NHTSA
NTSB
TRB
U.S. DOT

TRANSPORTER
Archives
Milestones
Comments

Idaho Transportation
Department
Office of Communications
P.O. Box 7129
Boise, ID 83707
208.334.8005
Fax: 208.334.8563

 

Making (web) sense of cyber security

By Forrest Anderson
Cyber Security Officer
Second of two parts

The transportation department provides employees with high speed internet access as a business tool to be used primarily for business-related purposes. Access to the Internet places a variety of content at the fingertips of ITD employees.

This content provides employees many potential benefits and opportunities for increased efficiency, collaboration, research, communication, personal and professional development.

There also is a great deal of content on the internet which may not be appropriate for the workplace or which may present a potential security risk. It is expected that ITD employees will use their internet access responsibly and abide by department workplace policies.

Websense is the software tool used at ITD to provide another layer of defense in protecting network resources and employees from potentially inappropriate or dangerous content.

Websense allows us to actively block and/or send an alert when someone attempts to access sites which may contain content that violates computer use policy, or exposes the department to possible legal liability, or that may expose department information assets to a potential security vulnerability or risk.

Websense logs all internet access by all computers on the department’s network. Reports from these logs can then be created to determine trends in usage, bandwidth utilized and inappropriate activity.

Sites that may be blocked for security reasons include containing malicious code like Viruses, Trojans, Worms or Spyware. Some sites do this on purpose and some because they may have been compromised or hacked. Other sites that are blocked for security reasons may try to entice the user into entering information which could result in identity theft or other fraud.

Some sites may be blocked because they represent some legal liability to the department. These sites could include sexually oriented material, racist or violent content or distribution of pirated music or computer programs.

The way Websense works is through a classification system of Web sites by the Websense Corporation which then populates a database of known sites and classifications. This database is continuously updated as new sites are identified and classified. Classifications may change as sites add different content or change ownership or if they have been exploited and now contain malicious content.

The software we use checks this database and based on policies assigned, alerts or blocks certain Web sites or protocols that have been classified in certain categories. It is possible a site that was accessible last week is now being blocked because the classification in the database changed.

Here is a list of the Websense categories blocked at ITD.

Categories blocked by policy:

Categories blocked for security reasons:

ITD also blocks advertising which has been shown to account for 20 to 30 percent of all internet bandwidth used.

What to do if you receive a Websense Block message
If you receive a Websense alert and block message, look at it carefully. It will give you the name of the site which was blocked and the category it was blocked under. Occasionally people will access a site that seems innocent but may have a redirect or active link to another blocked site.

Occasional inadvertent access may be expected and should be considered a good thing because you have probably just been protected from something unpleasant or potentially dangerous. Occasionally you may receive a block for a site you believe has been classified incorrectly.

If this is a site you need to access, you can request to have the site classification reviewed by contacting the Cyber Security Office. You will need to provide the site address (URL) and the reason you need access. A review of the site will be made and, if appropriate, it will be reclassified.

Occasionally you may encounter a site which should be blocked. If you think a site contains inappropriate material you can also request that the site be reviewed for classification under a category which is blocked. If you have accessed a blocked site inadvertently, you should let your supervisor know in case there is any question.

Some things to consider
The department has tried to provide as much internet access freedom as reasonably possible while still protecting the network and ensuring compliance with computer use policies. With that freedom comes the expectation that employees will use this resource responsibly.

Employees should be aware that network bandwidth or capacity is limited and that internet activity may compete with other ITD applications running on the network. Of particular concern is any non-business related activity that is bandwidth intensive, such as:

Employees also should not download programs from the internet that have not been approved because they may conflict with official ITD applications or could even contain some kind of potentially malicious program that could disrupt or compromise network services, applications and data. The ITD Administrative Services Policy A-22-02 for computer, Email and Internet Usage can be found under the Policy Finder on the main Intranet page.

If you have questions related to Cyber Security, or want to make comments or express concerns, you can contact the Cyber Security Officer – Forrest Anderson, 334-8158, or e-mail him at: forrest.anderson@itd.idaho.gov or cybersecurity@itd.idaho.gov

Published 10-12-07