6.3. Web Content Filtering
6.3.1. Overview
Web traffic is one of the biggest sources for security issues and misuse of the Internet. Inappropriate
surfing habits can expose a network to many security threats as well as legal and regulatory
liabilities. Productivity and Internet bandwidth can also be impaired.
Filtering Mechanisms
Through the HTTP ALG, NetDefendOS provides the following mechanisms for filtering out web
content that is deemed inappropriate for an organization or group of users:
•
Active Content Handling can be used to "scrub" web pages of content that the administrator
considers a potential threat, such as ActiveX objects and Java Applets.
•
Static Content Filtering provides a means for manually classifying web sites as "good" or "bad".
This is also known as URL blacklisting and whitelisting.
•
Dynamic Content Filtering is a powerful feature that enables the administrator to allow or block
access to web sites depending on the category they have been classified into by an automatic
classification service. Dynamic content filtering requires a minimum of administration effort and
has very high accuracy.
Note
All Web Content Filtering is enabled via the HTTP ALG which is described in
Section 6.2.2, “The HTTP ALG”.
6.3.2. Active Content Handling
Some web content can contain malicious code designed to harm the workstation or the network
from where the user is surfing. Typically, such code is embedded into various types of objects or
files which are embedded into web pages.
NetDefendOS includes support for removing the following types of objects from web page content:
•
ActiveX objects (including Flash)
•
Java applets
•
Javascript/VBScript code
•
Cookies
•
Invalidly formatted UTF-8 Characters (invalid URL formatting can be used to attack
webservers)
The object types to be removed can be selected individually by configuring the corresponding HTTP
Application Layer Gateway accordingly.
Caution
Care should be taken before enabling removal of objects from web content.
Many web sites use Javascript and other types of client-side code and in most cases,
the code is non-malicious. Common examples of this is the scripting used to implement
drop-down menus as well as hiding and showing elements on web pages.
6.3. Web Content Filtering
Chapter 6. Security Mechanisms
242
Содержание 800 - DFL 800 - Security Appliance
Страница 24: ...1 3 NetDefendOS State Engine Packet Flow Chapter 1 NetDefendOS Overview 24 ...
Страница 69: ...2 6 4 Restore to Factory Defaults Chapter 2 Management and Maintenance 69 ...
Страница 121: ...3 9 DNS Chapter 3 Fundamentals 121 ...
Страница 166: ...interfaces without an overriding IGMP Setting Default 1 000 4 6 4 Advanced IGMP Settings Chapter 4 Routing 166 ...
Страница 181: ...4 7 5 Advanced Settings for Transparent Mode Chapter 4 Routing 181 ...
Страница 192: ...5 5 IP Pools Chapter 5 DHCP Services 192 ...
Страница 282: ...6 7 Blacklisting Hosts and Networks Chapter 6 Security Mechanisms 282 ...
Страница 300: ...mechanism 7 3 7 SAT and FwdFast Rules Chapter 7 Address Translation 300 ...
Страница 301: ...7 3 7 SAT and FwdFast Rules Chapter 7 Address Translation 301 ...
Страница 303: ... Changed on a regular basis such as every three months 8 1 Overview Chapter 8 User Authentication 303 ...
Страница 318: ...8 3 Customizing HTML Pages Chapter 8 User Authentication 318 ...
Страница 322: ...ALG 9 1 5 The TLS Alternative for VPN Chapter 9 VPN 322 ...
Страница 377: ...Management Interface Failure with VPN Chapter 9 VPN 377 ...
Страница 408: ...10 4 6 SLB_SAT Rules Chapter 10 Traffic Management 408 ...
Страница 419: ...11 5 HA Advanced Settings Chapter 11 High Availability 419 ...
Страница 426: ...12 3 5 Limitations Chapter 12 ZoneDefense 426 ...
Страница 449: ...13 9 Miscellaneous Settings Chapter 13 Advanced Settings 449 ...