Does anyone have a best practice security/configuration/management/administration checklist/baseline for auditing the security/configuration/management/administration of a corporate web filter? Are web filters prtetty easy to manage/admin or quite admin intensive? And how do they update? As I assume theres hundreds of new "bad sites" introduced each week that need adding to restricted sites? Also naive question but what is the difference between a proxy and a web filter? is the web filter just the tool that is installed on the proxy? or can they be 2 seperate systems?