DeepNines CIPA Whitepaper


Published on

DeepNines CIPA Whitepaper. For further information visit

Published in: Technology
  • Be the first to comment

  • Be the first to like this

DeepNines CIPA Whitepaper

  1. 1. Whitepaper Children’s Internet Protection Act Real-time Network Defense
  2. 2. Table of Contents 4 Overview 4 Web of Risks 4 Web of Risks Facts 4 Web Security Paradigm Shift 6 Dynamic Inspection 6 Accuracy 7 Scalability 7 Multilingual Filtering 8 Security vs. Productivity 8 Acceptable Use 8 Web Management 9 Summary Real-tim e Netwo rk Defen se 3
  3. 3. Childrens’ Internet Protection Act CIPA Guide Background The Children’s Internet Protection Act (CIPA) is a federal law enacted by Congress to address concerns about access to offensive content over the Internet on school and library computers. CIPA imposes certain types of requirements on any school or library that receives funding for Internet access or internal connections from the E-rate program – a program that makes certain communications technology more affordable for eligible schools and libraries. The Schools and Libraries Program of the Universal Service Fund, commonly known as "E-Rate," is administered by the Universal Service Administrative Company (USAC) under the direction of the Federal Communications Commission (FCC), and provides discounts to assist most schools and libraries in the United States to obtain affordable telecommunications and Internet access. It is one of four support programs funded through a Universal Service fee charged to companies that provide interstate and/or international telecommunications services. The Schools and Libraries Program supports connectivity - the conduit or pipeline for communications using telecommunications services and/or the Internet. Funding is requested under four categories of service: telecommunications services, Internet access, internal connections, and basic maintenance of internal connections. Discounts for support depend on the level of poverty and the urban/rural status of the population served and range from 20% to 90% of the costs of eligible services. Eligible schools, school districts and libraries may apply individually or as part of a consortium. Applicants must provide additional resources including end-user equipment (e.g., computers, telephones, etc.), software, professional development, and the other elements that are necessary to utilize the connectivity funded by the Schools and Libraries Program. Executive Summary In homes, schools, and libraries across the nation, the Internet has become a valuable and even critical tool for our children's success. Access to the Internet furnishes children with new resources with which to learn, new avenues for expression, and new skills to obtain quality jobs. Our children's access to the Internet, however, can put them in contact with inappropriate and potentially harmful material. Some children inadvertently confront pornography, indecent material, hate sites, and sites promoting violence, while other children actively seek out inappropriate content. Additionally, through participation in chat rooms and other interactive dialogues over the Internet, children can be vulnerable to online predators. Real-time Netwo rk Defense 4
  4. 4. Parents and educators have access to a variety of tools that can help protect children from these dangers. In October 2000, Congress passed the Children's Internet Protection Act (CIPA), which requires schools and libraries that receive federal funds for discounted telecommunications, Internet access, or internal connections services to adopt an Internet safety policy and employ technological protections that block or filter certain visual depictions deemed obscene, pornographic, or harmful to minors. Congress also requested the Department of Commerce's National Telecommunications and Information Administration (NTIA) to (1) evaluate whether the technology measures currently available adequately address the needs of educational institutions, and (2) evaluate the development and effectiveness of local Internet safety policies. Congress also invited any recommendations from NTIA as to how to foster the development of measures that meet these needs. This report sets forth NTIA's public outreach, including comments received through a Request for Comment, its evaluation, and recommendations. With respect to whether the technology measures currently available address the needs of educational institutions, the commenters identified the following needs of educational institutions: • balancing the importance of allowing children to use the Internet with the importance of protecting children from inappropriate material; • accessing online educational materials with a minimum level of relevant content being blocked; • deciding on the local level how best to protect children from Internet dangers; • understanding how to fully utilize Internet protection technology measures; • considering a variety of technical, educational, and economic factors when selecting technology protection measures; and • adopting an Internet safety strategy that includes technology, human monitoring, and education. Accordingly, NTIA makes the following two recommendations to Congress on how to foster the use of technology protection measures to better meet the needs of educational institutions: • Technology vendors should offer training services to educational institutions on the specific features of their products. • CIPA's definition of "technology protection measure" should be expanded to include more than just blocking and filtering technology in order to encompass a vast array of current technological measures that protect children from inappropriate content. Real-tim e Netwo rk Defen se 5
  5. 5. What CIPA Requires • Schools and libraries subject to CIPA may not receive the discounts offered by the E-rate program unless they certify that they have an Internet safety policy that includes technology protection measures. The protection measures must block or filter Internet access to pictures that are: (a) obscene, (b) child pornography, or (c) harmful to minors (for computers that are accessed by minors). Before adopting this Internet safety policy, schools and libraries must provide reasonable notice and hold at least one public hearing or meeting to address the proposal. • Schools subject to CIPA are required to adopt and enforce a policy to monitor online activities of minors. • Schools and libraries subject to CIPA are required to adopt and implement an Internet safety policy addressing: (a) access by minors to inappropriate matter on the Internet; (b) the safety and security of minors when using electronic mail, chat rooms, and other forms of direct electronic communications; (c) unauthorized access, including so-called “hacking,” and other unlawful activities by minors online; (d) unauthorized disclosure, use, and dissemination of personal information regarding minors; and (e) measures restricting minors’ access to materials harmful to them. • Schools and libraries are required to certify that they have their safety policies and technology in place before receiving E-rate funding. • CIPA does not affect E-rate funding for schools and libraries receiving discounts only for telecommunications, such as telephone service. • An authorized person may disable the blocking or filtering measure during any use by an adult to enable access for bona fide research or other lawful purposes. • CIPA does not require the tracking of Internet use by minors or adults. Technology Protection Measure The term “technology protection measure'' means a specific technology that blocks or filters Internet access to visual depictions that; A obscene, as that term is defined in section 1460 of title 18, United States Code; B child pornography, as that term is defined in section 2256 of title 18, United States Code; or B harmful to minors(for computers that are accessed by minors, under 17 years of age). a. Defined as any picture, image, graphic image file, or other visual depiction that i. taken as a whole and with respect to minors, appeals to a prurient interest in nudity, sex, or excretion; ii. depicts, describes, or represents, in a patently offensive way with respect to what is suitable for minors, an actual or simulated sexual act or sexual contact, actual or simulated normal or perverted sexual acts, or a lewd exhibition of the genitals; and iii. taken as a whole, lacks serious literary, artistic, political, or scientific value as to minors. Real-time Netwo rk Defense 6
  6. 6. Internet Safety Policy The adoption of an “Internet Safety Policy” that addresses obscene, as that term is defined in section 1460 of title 18, United States Code; A Technology protection measures (mentioned above.) B Access by minors to inappropriate matter, as determined by the school board, library board or administration. C The safety and security of minors when using electronic mail, chat rooms, and other forms of direct electronic communications. D Unauthorized access, including so-called “hacking,” and other unlawful activities by minors online. E Unauthorized disclosure, use, and dissemination of personal information regarding minors. F Restricting minors’ access to materials harmful to them (as defined above in Technology Protection Measure.) G Educating minors of appropriate online behavior, including cyberbullying awareness and response and interacting with other individuals on social networking sites and in chat rooms. H For schools only, a policy to monitor online activities of minors. This does not include the actual online tracking of Internet use by minors or adults. CIPA Requirements Enabled by DeepNines Secure Web Gateway DeepNines Secure Web Gateway enables organizations to easily protect, control and manage Web applications and traffic with complete in-line visibility across all ports, protocols and user identities. By unifying patented firewall, intrusion prevention, unified threat prevention, and identity-based Web content and application security in a single product, Secure Web Gateway solves the challenges of the Web by providing both best-in-class security and performance. The Secure Web Gateway appliance uniquely provides identity-based application control, proxy blocking, threat prevention, intrusion prevention, bandwidth management, content filtering and data loss prevention across all ports and protocols that performs at gigabit speeds. With all-inclusive and high- performance Web security, Secure Web Gateway customers enjoy the lowest total cost of ownership (TCO) in the industry by reducing hardware sprawl, point security products, and bandwidth overhead. The Secure Web Gateway appliance provides powerful and advanced administrative, monitoring and reporting tools in an easy-to-use user interface that includes complete visibility of the entire network. Real-tim e Netwo rk Defen se 7
  7. 7. CIPA Requirement Description Secure Web Gateway Solution 1 (a)(b)(c), 3(a)(c)(e) Content filtering database of millions of URLs broken into categories 2 Identification of where threats are coming from, both internally and externally 1(a)(b)(c), 3(a)(c)(e) URL Whitelisting and Blacklisting options 1(c), 2, 3(a)(c)(e) File Type blocking 3 (b) Spam and Content filtering of email traffic 3(c)(d) Prevents keystroke logging and identity theft 1 (a)(b)(c), 3(a)(d)(e) Monitoring Web traffic for malware and spyware 1 (a)(b)(c), 3(a)(d)(e) Inspect traffic for malicious spyware activity 3 (c)(e) Examine inbound and outbound Spyware and Web browsing activities 3 (c)(e) Prevent new Spyware infections 3 (c)(e) Desktop/Server cleanup of Spyware /Malware infections 3 (c)(e) Block hacked, hijacked or otherwise compromised systems Real-time Network Defense 8
  8. 8. DeepNines Secure Web Gateway Key Features and Benefits Feature Benefit Identity-based Complete visibility and control of all Web users and Web usage management Virus and malware Protection from today’s Web-based threats of viruses, phishing protection attacks, and all forms of malicious code Content filtering Granular policy enforcement for all websites and users with over 60 URL categories that enables organizations to allow or block access to websites for individuals, user groups, or globally Integrated intrusion Real-time identification and protection from complex attacks prevention by uniting behavioral and signature-based intrusion prevention (IPS) with deep packet inspection (DPI) across all ports and protocols Web application Identifies and classifies all Web applications for granular control of control Web-based tools and applications by user and policy to allow, block, limit or prioritize access to any Web application by user and/or group Network bandwidth Monitors and manages network traffic across all ports and management protocols enabling you to make informed decisions on access and control through traffic shaping, regulating applications, and consumption prioritization Proxy blocking Detects and prevents Web proxies and anonymizers that circumvent filtering and security solutions and make Web activity untraceable and vulnerable to attacks in real-time Data loss prevention Power to identify and protect against data leakage regardless of application, port or protocol in real-time with near-zero latency ensuring sensitive information, confidential assets, and inappropriate content remains private to eliminate violations with compliancy regulations, security practices and privacy policies Centralized reporting Comprehensive, easy-to-use console for the DeepNines Secure and administration Web Gateway product that enables administrators to report and manage the system Seamless integration Effortlessly incorporate directory services including eDirectory, with other solutions Active Directory and Open Directory for the identification and management of users within the DeepNines Secure Web Gateway Real-tim e Netwo rk Defen se 9
  9. 9. References • FCC - Children’s Internet Protection Act • You can find out more about CIPA or apply for E-rate funding by contacting the Universal Service Administrative Company’s (USAC) Schools and Libraries Division (SLD) at • CIPA Authorizing Legislation, CIPA Sec. 1703, page 457. Federal Register Notice. • Report to Congress, CIPA: Study of Technology Protection Measures in Section 1703, NTIA (Aug. 2003) • FCC Consumer Fact Sheet on CIPA • USAC Discussion of CIPA Requirement • USAC CIPA FAQ • Full CIPA Text Disclaimer This document is intended to assist educators and administrators in education on CIPA information. DeepNines Technologies, Inc. does not offer legal advice and cannot guarantee the accuracy of this document. You should consult with an attorney whenever you think it necessary. Real-time Network Defense 10
  10. 10. DeepNines_ProBlock_0909 14 6 4 3 Da lla s P ar k wa y , S ui te 15 0 | D all as , T X 7 5 2 5 4 - 8 8 0 1 | t e l 2 1 4 .2 7 3 .6 996 | e m ai l s al es @d e e p ni ne s . co m | we b d ee p n ine s. c om Copyright © 2009 DeepNines Technologies, Inc. All rights reserved. DeepNines, the DeepNines logo and DeepNines products of DeepNines Secure Web Gateway and DeepNines features, technologies and product-lines are registered trademarks of DeepNines Technologies, Inc. All other trademarks are the property of DeepNines Technologies, Inc. or their respective owners. While every effort is made to ensure the information given is accurate, DeepNines does not accept liability for any errors or mistakes which may arise. Specifications and other information in this document may be subject to change without notice. DeepNines Data Sheet released 09, 2009. DeepNines is protected by US Patents 6,930,978, 7,058,976 and 7,380,272.