To answer that query, let me commence by taking you back in history a little, to catch-up!! Did you realize that WWW as we know it today, has evolved out of an “Internet”, that was initially conceived a lot differently. Yes, exchange of details and files was often there, nevertheless it happened rather differently! Actually WWW evolved significantly later than emails. Naturally security troubles and options have also evolved, within the same foot-steps. We began using anti virus to verify content of emails, and SPAM filters, etc. to handle the nuisance developed by undesirable emails, cumulatively we relate to these two as content filtering for emails. Nearly similar circumstance presents itself right now, as we access the WWW, and we use web-content filtering, to safeguard ourselves.
The complete evolution really happened on two fronts (or layers as we get in touch with them technically) truly. The Network along with the Application. Routers had been constructed to inter-connect a variety of networks; and Firewalls were built to ensure the connections occurred, exactly as preferred. Similarly around the application layer, proxy servers have been produced to service the demands on the a variety of applications and content filters have been built to ensure that the content was of acceptable nature. And in some cases technically speaking “Firewalls are of two types – Network Layer & Application Layer”; is an accurate statement. And from the security perspective these two forms of firewalls are both required and have a different job to do. But we’ll come to that in a moment.
Content Filtering helps to prevent abuse, misuse and any other security breaches when users and their applications access the WWW. Paradoxically “Content Filtering” by itself is a a lot abused term, that has led to a lot of general confusion. Simply speaking, it means defining “what may be allowed or denied accessed”.
A legacy content filter allows you to define – just his “what”, in terms of a set of web-site addresses. Whereas modern Content Filtering Software or an Application Layer Firewall
This definition of “what” therefore requires to be addressed in many more terms, rather than just web-site addresses. This “what” can be defined in terms from the actual nature on the content, and the definition is not necessarily restricted just by the web-site’s address.
Every Proxy server is basically an Application Layer Firewall (ALF). Each on the the a variety of filters in an ALF are individually governed by a global rule of Allow or Deny, and exceptions to the rule are set inside the ALF’s configuration, to precisely reflect the business requirements on the implementation. Each from the filters’ addresses one specific aspect on the content. This is quite related in essence to a modern Network Layer Firewall (NLF). Primitive NLFs allowed you to merely allow or deny connections based around the source or target address in terms of I.P. Address and ports, however the more sophisticated developments allow you to even state protocols as parameter, besides other factors such as time of the day, and a more composite security by analyzing, the content (data packets), for malware, by referring the transported data packets, to an AntiVirus Software, or similar other technologies. However the inspection on the content is primarily the function and responsibility of the ALF. Some NLFs offer these functions as an additional feature, because it makes the NLF more beneficial and interesting from the TCO perspective.
Modern Application Layer Firewalls have a comprehensive set of individual filters or processes that holistically allow you to gain access and content control over the way your resources are used. This is achieved by employing a variety of filters, each serving a specific purpose. Some of these filters, parametrically analyze the content, in real-time and then take appropriate action, whereas some do not require the content to be in fact downloaded, to take any action. Thus the focus is more on the logic behind an activity, rather than merely the act itself.
Almost all modern ALFs today minimally provide virus scanning of all the content transferred and thus deliver well as a Gateway Anti Virus. But a typical HTTP application is constituted by a variety of independent or inter-linked factors. A specific filter addresses a specific factor. Some ALFs like SafeSquid allow you to frame rules to define policies in terms of all of these features. The factors that can be commonly applicable are “Profiled” and then they are either subjected to (or immunized against) appropriate filters. These filters are either static or dynamic. Here’s a list of some in the very important filters and their specific functions. Notice that the function is directly related to their conditional parameters.
* Access Restriction Allow or deny access to a user, and create a Profile.
Basic Conditional Parameters: username, I.P. Address.
Offer additional privileges like:
Global Bypass to one or more filters.
Access to Browser based GUI.
Any other privileges a user must always (uniquely) enjoy.
* URL Filter Allow or Deny access to content from a particular URL.
Basic Conditional Parameters: Hostname, I.P. Address, file name
* URL Blacklists Allow or Deny access to content from a web-sites listed under a specific category
Basic Conditional Parameters: Category
* Mime Filter Allow or Deny access to content of a particular content-type.
Basic Conditional Parameters: Mime-Type, File-name extensions.
* Cookie Filter Allow or deny exchange of cookie to or from a particular Domain.
Basic Conditional Parameters: Cookie’s – Domain Attribute, Path Attribute, Expiry time ( year, month, hour, minute), Direction – Attributes (Inbound, Outbound)
* Keyword Filter Deny Access to web-sites containing unacceptable words or phrases
Basic Conditional Parameters: Patterns of Words and phrases, score
* Document Rewrite Replace or modify unacceptable portions of a web-page.
Basic Conditional parameters: Content Patterns that should be replaced, Pattern of replaced content
* Image Filter Deny Access to pornographic images.
Basic Conditional Parameters: Probability threshold, above which the image may be treated as pornographic
* safe DNS Blacklist Deny access to content served from malafide servers
Basic Conditional Parameters: The I.P. Address ( as reported for each malafide category)