2. Table of Contents
4 Overview
4 Web of Risks
4 Web of Risks Facts
4 Web Security Paradigm Shift
6 Dynamic Inspection
6 Accuracy
7 Scalability
7 Multilingual Filtering
8 Security vs. Productivity
8 Acceptable Use
8 Web Management
9 Summary
Real-tim e Netwo rk Defen se 3
3. Childrens’ Internet Protection Act
CIPA Guide
Background
The Children’s Internet Protection Act (CIPA) is a federal law enacted by Congress to
address concerns about access to offensive content over the Internet on school and library
computers. CIPA imposes certain types of requirements on any school or library that
receives funding for Internet access or internal connections from the E-rate program –
a program that makes certain communications technology more affordable for eligible
schools and libraries.
The Schools and Libraries Program of the Universal Service Fund, commonly known as
"E-Rate," is administered by the Universal Service Administrative Company (USAC) under
the direction of the Federal Communications Commission (FCC), and provides discounts
to assist most schools and libraries in the United States to obtain affordable
telecommunications and Internet access. It is one of four support programs funded
through a Universal Service fee charged to companies that provide interstate and/or
international telecommunications services.
The Schools and Libraries Program supports connectivity - the conduit or pipeline for
communications using telecommunications services and/or the Internet. Funding is
requested under four categories of service: telecommunications services, Internet access,
internal connections, and basic maintenance of internal connections. Discounts for support
depend on the level of poverty and the urban/rural status of the population served and
range from 20% to 90% of the costs of eligible services. Eligible schools, school districts and
libraries may apply individually or as part of a consortium.
Applicants must provide additional resources including end-user equipment (e.g.,
computers, telephones, etc.), software, professional development, and the other elements
that are necessary to utilize the connectivity funded by the Schools and Libraries Program.
Executive Summary
In homes, schools, and libraries across the nation, the Internet has become a valuable and
even critical tool for our children's success. Access to the Internet furnishes children with
new resources with which to learn, new avenues for expression, and new skills to obtain
quality jobs. Our children's access to the Internet, however, can put them in contact with
inappropriate and potentially harmful material. Some children inadvertently confront
pornography, indecent material, hate sites, and sites promoting violence, while other
children actively seek out inappropriate content. Additionally, through participation in chat
rooms and other interactive dialogues over the Internet, children can be vulnerable to online
predators.
Real-time Netwo rk Defense 4
4. Parents and educators have access to a variety of tools that can help protect children from
these dangers. In October 2000, Congress passed the Children's Internet Protection Act
(CIPA), which requires schools and libraries that receive federal funds for discounted
telecommunications, Internet access, or internal connections services to adopt an Internet
safety policy and employ technological protections that block or filter certain visual
depictions deemed obscene, pornographic, or harmful to minors. Congress also requested
the Department of Commerce's National Telecommunications and Information
Administration (NTIA) to (1) evaluate whether the technology measures currently available
adequately address the needs of educational institutions, and (2) evaluate the development
and effectiveness of local Internet safety policies. Congress also invited any
recommendations from NTIA as to how to foster the development of measures that meet
these needs. This report sets forth NTIA's public outreach, including comments received
through a Request for Comment, its evaluation, and recommendations.
With respect to whether the technology measures currently available address the needs of
educational institutions, the commenters identified the following needs of educational
institutions:
• balancing the importance of allowing children to use the Internet with the
importance of protecting children from inappropriate material;
• accessing online educational materials with a minimum level of relevant content
being blocked;
• deciding on the local level how best to protect children from Internet dangers;
• understanding how to fully utilize Internet protection technology measures;
• considering a variety of technical, educational, and economic factors when
selecting technology protection measures; and
• adopting an Internet safety strategy that includes technology, human
monitoring, and education.
Accordingly, NTIA makes the following two recommendations to Congress on how to foster
the use of technology protection measures to better meet the needs of educational
institutions:
• Technology vendors should offer training services to educational institutions on
the specific features of their products.
• CIPA's definition of "technology protection measure" should be expanded to
include more than just blocking and filtering technology in order to encompass
a vast array of current technological measures that protect children from
inappropriate content.
Real-tim e Netwo rk Defen se 5
5. What CIPA Requires
• Schools and libraries subject to CIPA may not receive the discounts offered by
the E-rate program unless they certify that they have an Internet safety policy
that includes technology protection measures. The protection measures must
block or filter Internet access to pictures that are: (a) obscene, (b) child
pornography, or (c) harmful to minors (for computers that are accessed by
minors). Before adopting this Internet safety policy, schools and libraries must
provide reasonable notice and hold at least one public hearing or meeting to
address the proposal.
• Schools subject to CIPA are required to adopt and enforce a policy to monitor
online activities of minors.
• Schools and libraries subject to CIPA are required to adopt and implement an
Internet safety policy addressing: (a) access by minors to inappropriate matter
on the Internet; (b) the safety and security of minors when using electronic
mail, chat rooms, and other forms of direct electronic communications; (c)
unauthorized access, including so-called “hacking,” and other unlawful activities
by minors online; (d) unauthorized disclosure, use, and dissemination of
personal information regarding minors; and (e) measures restricting minors’
access to materials harmful to them.
• Schools and libraries are required to certify that they have their safety policies
and technology in place before receiving E-rate funding.
• CIPA does not affect E-rate funding for schools and libraries receiving
discounts only for telecommunications, such as telephone service.
• An authorized person may disable the blocking or filtering measure during any
use by an adult to enable access for bona fide research or other lawful
purposes.
• CIPA does not require the tracking of Internet use by minors or adults.
Technology Protection Measure
The term “technology protection measure'' means a specific technology that blocks or
filters Internet access to visual depictions that;
A obscene, as that term is defined in section 1460 of title 18, United States Code;
http://www.fcc.gov/cgb/consumerfacts/cipa.html
B child pornography, as that term is defined in section 2256 of title 18, United
States Code; or
B harmful to minors(for computers that are accessed by minors, under 17
years of age).
a. Defined as any picture, image, graphic image file, or other visual depiction that
i. taken as a whole and with respect to minors, appeals to a prurient
interest in nudity, sex, or excretion;
ii. depicts, describes, or represents, in a patently offensive way with
respect to what is suitable for minors, an actual or simulated sexual act
or sexual contact, actual or simulated normal or perverted sexual acts,
or a lewd exhibition of the genitals; and
iii. taken as a whole, lacks serious literary, artistic, political, or scientific
value as to minors.
Real-time Netwo rk Defense 6
6. Internet Safety Policy
The adoption of an “Internet Safety Policy” that addresses obscene, as that term is defined
in section 1460 of title 18, United States Code;
A Technology protection measures (mentioned above.)
B Access by minors to inappropriate matter, as determined by the school board,
library board or administration.
C The safety and security of minors when using electronic mail, chat rooms, and
other forms of direct electronic communications.
D Unauthorized access, including so-called “hacking,” and other unlawful activities
by minors online.
E Unauthorized disclosure, use, and dissemination of personal information
regarding minors.
F Restricting minors’ access to materials harmful to them (as defined above in
Technology Protection Measure.)
G Educating minors of appropriate online behavior, including cyberbullying
awareness and response and interacting with other individuals on social
networking sites and in chat rooms.
H For schools only, a policy to monitor online activities of minors. This does not
include the actual online tracking of Internet use by minors or adults.
CIPA Requirements Enabled by DeepNines Secure Web Gateway
DeepNines Secure Web Gateway enables organizations to easily protect, control and
manage Web applications and traffic with complete in-line visibility across all ports,
protocols and user identities. By unifying patented firewall, intrusion prevention, unified
threat prevention, and identity-based Web content and application security in a single
product, Secure Web Gateway solves the challenges of the Web by providing both
best-in-class security and performance. The Secure Web Gateway appliance uniquely
provides identity-based application control, proxy blocking, threat prevention, intrusion
prevention, bandwidth management, content filtering and data loss prevention across all
ports and protocols that performs at gigabit speeds. With all-inclusive and high-
performance Web security, Secure Web Gateway customers enjoy the lowest total cost of
ownership (TCO) in the industry by reducing hardware sprawl, point security products,
and bandwidth overhead. The Secure Web Gateway appliance provides powerful and
advanced administrative, monitoring and reporting tools in an easy-to-use user interface
that includes complete visibility of the entire network.
Real-tim e Netwo rk Defen se 7
7. CIPA Requirement Description Secure Web Gateway Solution
1 (a)(b)(c), 3(a)(c)(e) Content filtering database of millions
of URLs broken into categories
2 Identification of where threats are
coming from, both internally
and externally
1(a)(b)(c), 3(a)(c)(e) URL Whitelisting and Blacklisting
options
1(c), 2, 3(a)(c)(e) File Type blocking
3 (b) Spam and Content filtering of
email traffic
3(c)(d) Prevents keystroke logging and
identity theft
1 (a)(b)(c), 3(a)(d)(e) Monitoring Web traffic for malware
and spyware
1 (a)(b)(c), 3(a)(d)(e) Inspect traffic for malicious
spyware activity
3 (c)(e) Examine inbound and outbound
Spyware and Web browsing activities
3 (c)(e) Prevent new Spyware infections
3 (c)(e) Desktop/Server cleanup of Spyware
/Malware infections
3 (c)(e) Block hacked, hijacked or otherwise
compromised systems
Real-time Network Defense 8
8. DeepNines Secure Web Gateway Key Features and Benefits
Feature Benefit
Identity-based Complete visibility and control of all Web users and Web usage
management
Virus and malware Protection from today’s Web-based threats of viruses, phishing
protection attacks, and all forms of malicious code
Content filtering Granular policy enforcement for all websites and users with
over 60 URL categories that enables organizations to allow or
block access to websites for individuals, user groups, or globally
Integrated intrusion Real-time identification and protection from complex attacks
prevention by uniting behavioral and signature-based intrusion prevention
(IPS) with deep packet inspection (DPI) across all ports and
protocols
Web application Identifies and classifies all Web applications for granular control of
control Web-based tools and applications by user and policy to allow,
block, limit or prioritize access to any Web application by user
and/or group
Network bandwidth Monitors and manages network traffic across all ports and
management protocols enabling you to make informed decisions on access and
control through traffic shaping, regulating applications, and
consumption prioritization
Proxy blocking Detects and prevents Web proxies and anonymizers that
circumvent filtering and security solutions and make Web activity
untraceable and vulnerable to attacks in real-time
Data loss prevention Power to identify and protect against data leakage regardless of
application, port or protocol in real-time with near-zero latency
ensuring sensitive information, confidential assets, and
inappropriate content remains private to eliminate violations with
compliancy regulations, security practices and privacy policies
Centralized reporting Comprehensive, easy-to-use console for the DeepNines Secure and
administration Web Gateway product that enables administrators to report and
manage the system
Seamless integration Effortlessly incorporate directory services including eDirectory, with
other solutions Active Directory and Open Directory for the identification and
management of users within the DeepNines Secure Web Gateway
Real-tim e Netwo rk Defen se 9
9. References
• FCC - Children’s Internet Protection Act
http://www.fcc.gov/cgb/consumerfacts/cipa.html
• You can find out more about CIPA or apply for E-rate funding by contacting
the Universal Service Administrative Company’s (USAC) Schools and
Libraries Division (SLD) at www.sl.universalservice.org.
• CIPA Authorizing Legislation, CIPA Sec. 1703, page 457.
Federal Register Notice.
• Report to Congress, CIPA: Study of Technology Protection Measures in
Section 1703, NTIA (Aug. 2003)
• FCC Consumer Fact Sheet on CIPA
http://www.fcc.gov/cgb/consumerfacts/cipa.html
• USAC Discussion of CIPA Requirement
http://www.usac.org/sl/applicants/step10/cipa.aspx
• USAC CIPA FAQ http://www.sl.universalservice.org/reference/CIPAfaq.asp
• Full CIPA Text http://ifea.net/cipa.html
Disclaimer
This document is intended to assist educators and administrators in education on CIPA
information. DeepNines Technologies, Inc. does not offer legal advice and cannot
guarantee the accuracy of this document. You should consult with an attorney
whenever you think it necessary.
Real-time Network Defense 10