Occasionally I get requests for Internet Filtering. My answer is always the same. "If you need to filter the Internet you have an HR problem, not an IT problem." Once I get that out I back peddle a bit and let them know that we can create a list of allowed websites provided it isn't too long. If you would like to know how to do this then download the instructions under Amy's How To Articles at ISAinSBS. Then I back up a little bit further and let the client know that they can subscribe to a service like Surf Control or Web Sense and they'll let you slice, dice and filter the Internet in a huge variety of ways; but they're not cheap. The Internet landscape is constantly changing and these companies have poor souls whose job it is to view possible objectionable websites and assign them a filter category.
Then there's Steve. Some people make a hobby out of creating destination sets for ISA. Steve either is one of these people or he knows a lot of them. The destination sets can be had for free over at Steve's site.
Now if you decide to use one of these destination sets be sure to place the deny rule in position just above your SBS Internet Access rule. Why not put it at the top of your firewall policy? Well think about what you're asking ISA to do. For example, the sex site destination set contains 169,299 URL's, the porn URL set 214,835; the porn domains 469,759. Every time a request hits that rule, ISA will look through each of those URL's and/or Domain names to see if the request should be blocked. The potential to bog down your Internet access is real.