A common way to filter traffic is to examine information that is transferred between applications. In this video, you’ll learn about content filtering using email information and URLs.
<< Previous: Intrusion Detection and Prevention SystemsNext: Load Balancers >>
Many of the network devices that we’ve been talking about have been focused on security. But there may be a reason to filter out content that’s not even related to a security issue. In this video, we’ll talk about content filtering and the ways that organizations are allowing or disallowing content onto their networks.
Content filtering is the idea of allowing or blocking traffic based on the data that’s inside of the packets. And in this particular case, we’re talking about data that’s really in the application section of the packet itself.
For example, if you’re an organization that has very sensitive data, you may want to allow or disallow access to certain websites. For example, you may want to restrict people who have access to the sensitive data from accessing file sharing websites to keep all of that data inside of your organization.
Another way of implementing any type of content filtering might be to allow or disallow access to certain types of content. This is more of a philosophical conversation. But some organizations will not allow people to access certain types of websites based on the content that’s contained on that website. This is very commonly done in the home for parental controls to allow or disallow access for your children to visit certain websites.
And another type of content control might be to prevent access to sites, because there’s known malware or viruses that might exist on those locations. And you want to prevent anybody from visiting that site and infecting the devices inside of your organization.
One of the most common ways of content filtering is through email filtering. We have so much email that’s going in and out of our organizations. And usually it’s traversing this single point to get in and out of our organization. So that makes a perfect place to put some type of monitoring tool or content filter to allow or disallow certain types of traffic.
One very common filter is something like a spam filter. We’re looking for unsolicited advertising coming in. We want to block that from ever getting to anyone’s inbox.
A more security focused content filter with email would be around phishing attempts. This is when someone from the outside is trying to get someone from the inside of your organization to give up personal information, like their username, their password, or other personal details.
Since email is very often used to start these phishing attempts and gain this information, it makes sense to filter it right at the email content filter. And of course, antivirus anti-malware is a great place of the content filter, since email is often used to bring all of those viruses and vulnerabilities directly into your network.
Another common place to filter is right in your browser, through the URL. This is the uniform resource locator. It’s that browser address that we put in for google.com or yahoo.com.
You might also hear this referred to as a uniform resource identifier, or URI. Very commonly, organizations will have an allow list or a block list of sites where they want to either make sure people can access or completely block access to certain URLs.
This is often done by category. It would be very tedious to have individual URLs listed. So instead, there’s usually a third party that creates a massive database and then rolls that database up into very common categories.
So you might allow certain auction sites to be accessed from your network but disallow access to any sites that are categorized as hacking or malware. The organization generally has rules and policies associated with what is allowed and what is allowed. And it generally varies from organization to organization.
URL filtering is a very good way to block what’s in the browser. But there are other ways to browse. And perhaps, it’s not just a browser you need to worry about.
So although this is a very good way of content filtering, this is not the only way to filter out content or prevent people from visiting certain websites. Many of these URL filters are oblivious to anything that’s encrypted. As long as the communication is in the clear, it’s able to identify the URL and block it based on these categories.
But if you’re connecting to a site and you’re connecting over an SSL connection, then the encrypted connection is invisible to many of these URL filters. Some the newer URL filters can do SSL decryption, where the communication is effectively proxied, which allows these to then see into that communication and understand the exact URL you might be visiting. In those particular cases, the URL filter sees all traffic, whether it’s encrypted or not going over your network.