To answer that query, let me begin by taking you back in history a bit, to catch-up!! Did you understand that WWW as we know it these days, has evolved out of an “Internet”, that was originally conceived significantly differently. Yes, exchange of data and files was often there, nevertheless it occurred rather differently! Actually WWW evolved considerably later than emails. Naturally safety issues and options have also evolved, in the exact same foot-steps. We began utilizing anti virus to verify content of emails, and SPAM filters, and so on. to handle the nuisance produced by undesirable emails, cumulatively we relate to these two as content filtering for emails. Almost comparable situation presents itself right now, as we access the WWW, and we use web-content filtering, to safeguard ourselves.
The complete evolution actually happened on two fronts (or layers as we contact them technically) in fact. The Network along with the Application. Routers were constructed to inter-connect a variety of networks; and Firewalls had been constructed to ensure the connections happened, exactly as desired. Similarly on the application layer, proxy servers have been designed to service the wants of the various applications and content filters have been constructed to ensure that the content was of acceptable nature. And also technically speaking “Firewalls are of two sorts – Network Layer & Application Layer”; is an accurate statement. And from the security perspective these two forms of firewalls are both required and have a different job to do. But we’ll come to that in a moment.
Content Filtering helps to prevent abuse, misuse and any other security breaches when users and their applications access the WWW. Paradoxically “Content Filtering” by itself is a a lot abused term, that has led to a lot of general confusion. Simply speaking, it means defining “what may be allowed or denied accessed”.
A legacy content filter allows you to define – just his “what”, in terms of a set of web-site addresses. Whereas modern Content Filtering Software or an Application Layer Firewall
This definition of “what” therefore requires to be addressed in many more terms, rather than just web-site addresses. This “what” can be defined in terms in the actual nature of the content, as well as the definition is not necessarily restricted just by the web-site’s address.
Every Proxy server is basically an Application Layer Firewall (ALF). Each of the the numerous filters in an ALF are individually governed by a global rule of Allow or Deny, and exceptions to the rule are set within the ALF’s configuration, to precisely reflect the business wants in the implementation. Each of the filters’ addresses one specific aspect from the content. This is quite equivalent in essence to a modern Network Layer Firewall (NLF). Primitive NLFs allowed you to merely allow or deny connections based on the source or target address in terms of I.P. Address and ports, however the more sophisticated developments allow you to even state protocols as parameter, besides other factors such as time on the day, and a more composite safety by analyzing, the content (data packets), for malware, by referring the transported data packets, to an AntiVirus Software, or similar other technologies. However the inspection in the content is primarily the function and responsibility in the ALF. Some NLFs offer these functions as an additional feature, because it makes the NLF more beneficial and interesting from the TCO perspective.
Modern Application Layer Firewalls have a comprehensive set of individual filters or processes that holistically allow you to gain access and content control over the way your resources are used. This is achieved by employing a variety of filters, each serving a specific purpose. Some of these filters, parametrically analyze the content, in real-time and then take appropriate action, whereas some do not require the content to be really downloaded, to take any action. Thus the focus is more around the logic behind an activity, rather than merely the act itself.
Almost all modern ALFs these days minimally provide virus scanning of all the content transferred and thus deliver well as a Gateway Anti Virus. But a typical HTTP application is constituted by a variety of independent or inter-linked factors. A specific filter addresses a specific factor. Some ALFs like SafeSquid allow you to frame rules to define policies in terms of all of these features. The factors that can be commonly applicable are “Profiled” and then they are either subjected to (or immunized against) appropriate filters. These filters are either static or dynamic. Here’s a list of some in the very important filters and their specific functions. Notice that the function is directly related to their conditional parameters.
* Access Restriction Allow or deny access to a user, and create a Profile.
Basic Conditional Parameters: username, I.P. Address.
Offer additional privileges like:
Global Bypass to one or more filters.
Access to Browser based GUI.
Any other privileges a user must usually (uniquely) enjoy.
* URL Filter Allow or Deny access to content from a particular URL.
Basic Conditional Parameters: Hostname, I.P. Address, file name
* URL Blacklists Allow or Deny access to content from a web-sites listed under a specific category
Basic Conditional Parameters: Category
* Mime Filter Allow or Deny access to content of a particular content-type.
Basic Conditional Parameters: Mime-Type, File-name extensions.
* Cookie Filter Allow or deny exchange of cookie to or from a particular Domain.
Basic Conditional Parameters: Cookie’s – Domain Attribute, Path Attribute, Expiry time ( year, month, hour, minute), Direction – Attributes (Inbound, Outbound)
* Keyword Filter Deny Access to web-sites containing unacceptable words or phrases
Basic Conditional Parameters: Patterns of Words and phrases, score
* Document Rewrite Replace or modify unacceptable portions of a web-page.
Basic Conditional parameters: Content Patterns that should be replaced, Pattern of replaced content
* Image Filter Deny Access to pornographic images.
Basic Conditional Parameters: Probability threshold, above which the image may be treated as pornographic
* DNS blocks Blacklist Deny access to content served from malafide servers
Basic Conditional Parameters: The I.P. Address ( as reported for each malafide category)