CSOL500 Module 4 Assignment 1: Reference Monitor Marc Leeka

The following is an example of a firewall content filtering subscription that could be utilized at a
small company with approximately 50 computer users. Content filtering can be classified as a
reference model. Firewall content filtering restrictions are automatically updated many times
daily. Subscription plans average about $35 monthly for the common firewalls used in small
businesses.

All computers in the company allow internet access because employees must visit multiple
websites frequently in the course of their duties. Accounting personnel use banking websites for
financial transactions. The Repairs department uses the internet to purchase parts, accesses
manufacturer catalogs and training, and post video findings. The Human Resources department
posts attendance on an internet payroll site and posts job listings at multiple sites. The Dispatch
department maps repair locations and real-time traffic conditions that affect response time.

The company has security policies. Examples: employees may not download freeware or
software that has not been approved by the IT department; employees may not visit websites that
contain images that might be offensive to coworkers; etc. Network Group Policies restrict the
ability of the employees to modify the browser configuration to set up, for example, proxies.

Prior to installing the firewall content filtering, employees would browse the internet freely.
Employees easily violated company policies with little chance of being caught. Because of the
vast range of internet sites that employees legitimately use every day, it was impossible to create
a white list-black list and keep it up to date. The company had one close call when an employee
threatened a sexual harassment lawsuit because a coworker would view pornographic images.

The firewall content filtering is a Reference Monitor. It follows these principles:

Non-bypassable: It is impossible to bypass the firewall if you want to browse the internet.
Evaluable: Subsequent to purchase and configuration, the firewall implementation was
reviewed and approved by the technical support from the manufacturer. The configuration is
reviewed periodically and the unit firmware is updated regularly.

1
CSOL500 Module 4 Assignment 1: Reference Monitor Marc Leeka

Always: The firewall is always invoked.

Tamper-proof: The unit is secured in a locked room and no employee has access. Only the
IT Department Manager has the username and password to manage the firewall.

The Subjects in my organization are internet users and the Objects are internet sites.

The firewall acts independently but is configured to grant additional internet access based on the
role of the user. The content filtering is grouped into 56 categories. The firewall uniformly
restricts all employees from websites that may contain inappropriate images, text and malware.
Almost all employees are blocked from popular websites that distract from business activities
(eBay, Facebook, etc.), but there is a small role group that includes the owners wife and the
website publicity developer that have access to the social media sites. The owner has exclusive
permission to view sites in the sports category.

The firewall authenticates the wider-category access users based on their workstation address
(the Authorization Database that is stored in the units RAM). Those users have locked offices
and they use their workstation exclusively. The business owner is the only manager who can
approve or disapprove broader internet access.

The firewall content filtering subscription is updated hourly and is provided by the manufacturer.

The firewall audit is on and reviewed periodically. When the firewall blocks access to an
unapproved site, it records and time stamps the incident. If the periodic review shows an
employee to repeatedly attempt access to unapproved sites, the business owner will speak to the
employee and remind them of the company policies.

Differences

The definition of inappropriate content is not a scientific model. The company relies on the
manufacturer to determine what is appropriate or inappropriate. The Evaluable/Verifiability
reference monitor property is the weak link in my analogy but the principle still holds that the
reference monitor maintains a security kernel database. I cannot use a No read up/no read down
analogy because the firewall database is flat (more like an ACL). Those differences are slight. If
the goal of the firewall is to independently protect employees from data, the solution works great,
is inexpensive and requires little maintenance or supervision.

References

Heckman, M. (2015, July). Every Secure System Wants To Be a Reference Model. ISSA Journal, 13(7), 26-30.

D. Brinkley and R. Schell, Essay 2. Concepts and Terminology for Computer Security, in Information Security:
An Integrated Collection of Essays, M. D. Abrams, S. Jajodia and H.J. Podell, Eds., Los Alamitos, California, IEEE
Computer Society Press, 1994, pp. 45-48.