Essential Concepts

Web Page Classification

Web page classification analyzes the domain, URL, and most importantly, the words and phrases on every page load to tally a numerical score in one or more Categories for that page load.

The filter Action configuration (Allow/Block/Ignore) for the top-scoring Category is then used to handle that particular page request.

Traffic Visibility Prerequisites

Webpage word and phrase analysis is only possible with full SSL/TLS decryption (sslbump), which is the default action for most1 web requests on TCP ports 80 (HTTP) and 443 (HTTPS).

And, for this to work without browser security errors, all endpoint devices connecting through the DrawBridge must have the DrawBridge Certificate Authority certificate installed. See the page SSL Certs under the Devices module for more information.

1Note: for security reasons, banking and financial-related websites are not TLS-decrypted. It is assumed that these sites are safe from inappropriate content. You can verify a site is Not being TLS-decrypted by clicking the shield or padlock in your browser address bar and viewing the certificate. If the certicate is issued by a public Certificate Authority (and not your DrawBridge), you can know that the DrawBridge is Not intercepting the connection.

Also Note: Certain web traffic (for example some cloud backup services and application traffic) that is not specification-compliant or is otherwise incompatible with content filtering are exempted at a firewall level from the traffic inspection on TCP ports 80 and 443.

Example

Visiting https://www.cabelas.com is most likely to score the most points in the Category Hunting and Fishing.

The option to `Ignore` is strongly discouraged except for special situations. If you decide to specify custom Actions for Categories, please only use `Allow` or `Block` to ensure most reliable filtering.

Important Notes

1. About changing default Category Allow/Block settings

The DrawBridge comes with a preset Action for each included (Built-in) Category. When you assign an Action (Allow/Block) to a Category, you're simply applying a change that gets higher priority than the default setting.

2. Default Category settings are Business-focused

The default settings for the Built-in Categories are tightly scoped to business-usage needs. Depending on your usage expectations, you may want to set more categories to Allow in your Company Preferences Access Policy, or in a custom Access Policy.

For more information on Built-In Categories, including how to view default Actions, see Content Filter: Categories: Built-In Categories

Further Reading

For more information on Categories and Actions, including how to change the Action for a Category, see page Overview and Essentials under the Content Filter module.

For more information on Certificates and Certificate Authorities, this Wikipedia article on Public Key Infrastructure may be helpful.

FAQ: Is TLS inspection "bad" or "breaking encryption" or "weakening security"?

In a word, no (if implemented correctly)

Despite much negative press, blog posts by both Cloudflare and US-CERT acknowledge that legitimate use-cases (and secure methods) of TLS inspection exist.

Some of the concerns raised in the two articles linked above are very valid. However, the DrawBridge filter engine is designed to follow industry best-practices to ensure that it doesn't downgrade security or mask upstream security flaws.

Much of this debate boils down to two things:

  1. Intention: Why is the TLS traffic being inspected? (legitimate or malicious?)
  2. Privacy: Are the end-users aware of the inspection? (visible/policy or invisible/spycraft?)

For #1: The DrawBridge employs TLS inspection to ensure content filtering properly classifies page content

For #2: Yes: DrawBridge account holders need to purchase the content filter service and need to install a Certificate Authority for the service to work correctly. (It is the responsibility of account holders to inform any user of the service of the content monitoring and inspection.)

This discussion leads to an even deeper question: Who owns this device? If you truly own a computer, for example, you should have the authority to decide what Certificate Authorities it will be allowed to trust, and with whom it will communicate. Thankfully, most platforms accomodate adding additional Certificate Authorities, enabling you to know and control the network traffic of your device.

The notable exception is Android, because of an alleged "security" decision by Google. While there were threats they were able to prevent by taking a scorched-earth no-user-CA-trust position1, this implementation also conveniently prevents auditing of the traffic of third-party apps and bundled Google apps.

1Exception: browser apps on Android will trust user-installed Certificate Authorities.

Record Model - Tenancy and Hierarchy

Record Tenancy

The DrawBridge records are multi-tenanted.

Tenancy is established by associating a record (such as Device Group, Access Policy, or Report) to a given tenant (see Types, below), and ensuring that other tenants cannot see those records.

Four types of tenants are supported:

Tenancy Type Visibility Permissions
Company Just that Company Contacts assigned to this Company, contacts of the Accountability Policy associated with this Company
Accountability Policy All Member Companies Contacts of the Accountability Policy
Appliance All Companies on that DrawBridge Contacts of the Main Company
Universal All Companies on all DrawBridges System Administrators

In other words, the Tenancy Type of a record can be determined by looking at the association relationship(s):

The Main Company

All Companies on a DrawBridge are tenants, however, for proper record and configuration ownership, it is essential that one Company be the Main Company of a DrawBridge.

The Main Company is the Owner of the DrawBridge, or the owner of the premise on which it is located.

The Contacts on the Main Company are the only ones who can control System-wide settings, such as QoS, Firewall settings, DNS, and so forth.

Record Hierarchy

Certain types of records can have have a "Parent"/"Child" designation:

Permissions and Relationships

Permissions

Permission Groups in the DrawBridge Console are analagous to User Groups in typical operating systems.1

Permissions Groups are a way of assigning a particular Role to a Person: Adding a Person record to the Accountability permission group gives them the access and controls exclusive to Accountability and higher level permission groups.

Person records are given the permissions by being added as a member of a particular Permissions Group.

Permission Groups in the DrawBridge Console:

Permission Group Required Relationship About
Company Owner Company Owner The owner of a Company
Appstore Access Company or Accountability Policy Allows Person to Enable App Store Access on a Company record
Can Submit Autofix Requests Company Allows use of the Autofix reclassification function
Can Submit Sites for Human Review Company Allows submission of a Classification Review support ticket
Media Viewer Company Allows classification of a video in the Media Room
Company Media Room Admin Company Allows administration of a company Media Room
Report Viewer Company or Accountability Policy Allows viewing of web activity Reports
System Owner Company Owner Allows visibility and control of all Tenant Companies on that DrawBridge
ACL Pumpkineer Accountability Policy or Compass Foundation Staff Allows creation and modification of ACLs
Accountablity Accountability Policy Allows visibility and control of member Company configurations and reports
Device Detector Admin (?) (?)
Realtime Log Viewer Company Owner of Main Company Allows access to the system-wide Realtime Log Viewer
Reseller (?) Allows visibility and control of all Tenant Companies on that DrawBridge
Sysadmin (?) (?)

1For further advanced reading, see the POSIX specification documentation by The Open Group and IEEE.

Relationships

Records in the DrawBridge console, particularly Person records, can have one or more relationship associations.

For an analogy, consider how individual people in real life have different relationships to others, depending on their role: Parent-Parent, Parent-Child, Brother-Sister, and so forth.

Relationships in the Console

A Person can have the following relationships to Companies:

A Person can have the following relationships to an Acountability Policy:

A Company can have the following relationship to an Accountability Policy:

Examples

Person fred_smith owns Company Eastwood Trading Co. He therefore is assigned a Company Owner Relationship, and added to the Company Owner Permissions Group.

Company Eastwood Trading Co. has an on-premises DrawBridge, so fred_smith is also added to the System Owner Permissions Group.

Person jack_miller is on the IT staff for Eastwood Trading Co. He is assigned a Tech Support Relationship, and added to the Sysadmin Permissions Group.

Accountability

The DrawBridge supports an Accountability model to facilitate voluntary, centrally-administered, usage report sharing and content filter configuration of Member Companies by specified administrators in a community context.

An Accountabilility Policy provides:

Record Relationships

The following records can be associated with an Accountability Policy Record:

Record Type About
Person Accountability Contact: view reports and set configurations on Member Companies
Company Accountability Member Company: enable features detailed below

Policy Roles

An Accountability Policy can be either type of Role:

Role About
Reviewer Accountability Contacts have read-only access to member Company settings
Administrator Accountability Contacts have read-write access to member Company settings and diagnostic functions

Role Features

Administrator

Designed for Accountability Policies who have members on the Policy with capable IT skills, understand the DrawBridge Console, and commit to remaining up-to-date with ongoing DrawBridge releases.

Reviewer

Designed for Accountability Policies who are primarily responsible for reviewing reports and Access Policies to confirm that settings are as expected.

Company Opt-in

A Company Owner assigned to an Accountability Policy with the Reviewer Role may want his Accountability Contacts to have the Administrator Role on his company. If so, he can add the him as Company Staff to grant the Administrator Role.

Examples

Administrator Role

The people in the Golden Sands Christian Fellowship community want to have a uniform content filter policy across their brotherhood, as well as have specific individuals responsible to administer the policy and review all their web usage.

To answer this need, the Golden Sands Christian Fellowship Accountability Policy is created with Administrator role, and several people are associated with it as Accountability Contacts (see Relationships page for more information).

This Accountability Policy has several associations:

Those Companies using DrawBridge filtering in this context add the Golden Sands Christian Fellowship policy to their Company record. This performs the following:

Reviewer Role

The people in the Salem Christian Fellowship community want to have a uniform content filter policy across their brotherhood. Either outside IT provider or Compass Foundation will administrate the settings and provide technical support.

The Salem Christian Fellowship policy is created with the Reviewer role. They will have Read-Only access to review Reports and Access Policy settings. Any required changes will be channeled by the Company to IT Provider or Compass Foundation.

Preferences

Preferences enable you to:

Preference Tenancy

Preference record tenancy association is available to both Companies and Accountability Policies. Each Preference Record has a field indicating the associated Company or Policy, thus communicating the tenancy association.

If a Preference detailed here is not present on your DrawBridge, simply create it with the + button in the upper right corner of the list view for that Section. Then you can assign the Records to that Preference as desired.

Preferences associated with an Accountablity Policy override any conflicting preferences associated with a Member Company.

Priority Relationship Override lower priority configuration
1 Accountability Policy Yes
2 Company Owner (NA)

To clarify: if there is no Accountability Policy associated with a Company, the notes about Accountability Policy override do not apply.

Preference Record Sections

Heirarchy:

As implemented:

Preferences, in detail

Filter Console

Access Valve Permissions

Record Name Value About
Widen Access Privileges Company Owner / Accountability Contact / Accountability or Filter Admin Set minimum Permission Group required to set a Category to Allow
Restrict Access Privileges Company Owner / Accountability Contact / Accountability or Filter Admin Set minimum Permission Group required to set a Category to Block

App Store Settings

Record Name Value About
Permission Group Company Owner / Accountability Contact / Accountability or Filter Admin Set minimum Permission Group required to "open" an App Store

Safe Search Settings

Record Name Value About
Name of Service eg. Bing, YouTube, etc Yes / No Enable the platform-provided Adult content blocking

Media Room

Viewability

Record Name Value Contents About
Category Actions Always Block Categories / Always Allow Categories List of Categories Configure the Media Room action for specified Categories
Viewability Status Allowed Categories Only / Allowed Category or Unclassified / Viewing Classified Media Disabled (N/A) Configure the "permissiveness" of the Media Room

In detail:

Channels

Record Name Value About
Permission Group Media Admin / Accountability Contact / Accountability or Filter Admin Set minimum Permission Group required to add a Channel for automatic classification

Block Page Overrides

AutoFix Settings

Record Name Value Contents About
Category Actions Always Allow Categories / Always Block Categories List of Categories Always Allow or Block the AutoFix request for specified categories
Level 1 Enabled Yes / No (N/A) Enable AutoFix Level 1 behavior
Level 2 Enabled Yes / No (N/A) Enable AutoFix Level 2 behavior
Level 3 Enabled Yes / No (N/A) Enable AutoFix Level 3 behavior
Skip Owner Confirmation Yes / No (N/A) Specify whether Company Owner contact confirmation is required for an Autofix request.

If Owner Confirmation is required, an AutoFix request will email the Company Owner contact, who will need to sign-in and approve the request before it can proceed.

Human Review Settings

Record Name Value Contents About
Category Actions Always Allow Categories / Always Block Categories List of Categories Always Allow or Block the AutoFix request for specified categories
Skip Owner Confirmation Yes / No (N/A) Specify whether Company Owner contact confirmation is required for an Autofix request.

If Owner Confirmation is required, a Human Review request will email the Company Owner contact, who will need to sign-in and approve the request before it can proceed.

Preference Record View

Create a preference record by clicking the + button in the upper right of the list view in any of the Sections above.

Edit a Preference record by clicking the green pencil Edit button on the relevant line.

View a Preference record by clicking on the blue navigate-symbol View Preference button on the relevant line.

Each Preference record will display:

Parameter About
Company/Policy The tenancy association (Company or Accountability Policy) of the record
Canonical ID The globally-unique identifier for the record
Preference Setting What the record does

Records which contain Category List views have these options: