Content Filters

Content filtering is a subject so vast that its implications and possible solutions have spawned entire businesses dedicated to providing the right solution for you, regardless of whether you are a home user or a large business. Everyone seems to be faced with the need to filter some sort of content at every aspect of how they connect. Consider some of the challenges that have recently emerged in politics and the media:

• Public libraries and pornography: For some reason, there is a group of people who think people have the right to surf pornography on computers that tax dollars pay for. Making this issue worse is that they do this in the middle of libraries—the same place where children go to read. Content filters could be used in libraries to disallow access to this type of content. Businesses are also using content filters to filter out user attempts at going to sites on the Internet.

Unfortunately, the problem is not only about pornographic websites—there are also those sites dedicated to drug use, criminal activity, terrorism, violence, threats to the safety of children, and hate speech.

• Spam: If you have email, you have spam—of that there can be no doubt. All types of businesses are fighting back against spam, and it has always been a fight to detect and stop spam. Every time a solution is discovered, spammers get more creative and do something different. For example, many people spell out their email addresses now—tom dot thomas at netcerts dot com—in hopes of fooling the programs that search for email addresses. It might for a little while, but it will not last long. In the arena of spam prevention, content filters can identify those annoying ads for low mortgage rates. They are so silly; who would want to get a mortgage with a company that had to spam to get your business? Trust me, you have not lost money in Nigeria either that was found by some mysterious individual who is emailing you; if any of these things were true, you would not be contacted via email. But you knew this; if only the gullible people who didn’t would buy this book!

• Viruses and Trojan horses (malicious code): Many of the ways viruses are spread follow the growth patterns of the Internet. Virtually everyone who connects to the Internet has email—thus sending a malicious attachment in an email has become commonplace. Content filters would examine the content of such attachments and filter them before any damage was done.

• Malicious web pages: Attackers can now code into web pages ways to learn more about you when you visit those pages, and they can do this in many ways. Content filters would examine the actual HTML code that makes the website and filter it as needed. This happens more frequently than you imagine; users didn’t do anything or go someplace they shouldn’t. A normal website can be hacked with bogus content in place with the end results that every visitor gets infected.

• Increased organization success: You might wonder how content filtering can increase a corporation’s overall success. Companies and government agencies can face significant risk because of their employees’ behavior. Consider the implications to any organization if an employee were to access offensive or illegal material via that organization’s network. For example, employees visiting websites with offensive content can create a hostile work environment and negatively affect morale or productivity, which might lead to potentially costly legal fees with the resulting negative bad press. Do you recall the concept of downstream liability discussed in Chapter 1, “There Be Hackers Here.” If an employee were to access child pornography, the organization could be held liable, have assets seized (network), and suffer additional negative publicity.

Internet access has become critical to businesses, and the rewards to many organizations can be high. However, issues arise where employees have unmanaged access to the Internet, as just discussed. None of the technologies discussed thus far address the potential security risks just listed. You might be correctly thinking that not all these risks are applicable to your organization, and that might be true. The goal of this chapter is to discuss the technology surrounding content filtering, which could clearly be applied to many different problems, depending on your need. Benefits of content filtering include the following:

• Reduce the legal liability by not letting your organization’s resources be used in a compromising manner or through the inadvertent disclosure of confidential information.

• Optimize employee productivity; who wants to pay people’s salaries while they are surfing the Internet for pleasure?

• Improve reporting on employee Internet usage. This is critical because you might feel protected or safe. There is no way to know for sure unless you also watch what happens on your network.

• Enforce company Internet access policies that would be documented in the Acceptable Use Security Policy, as discussed in Chapter 2:

• Disallow the accessing of illegal or offensive material.

• Prevent the downloading of unauthorized software.

• Sorry, no holiday shopping during work hours.

You can filter the content of packets in a variety of ways as they flow through your network. Entire companies and many products provide any type of filtering service for you from spam to content. To do them justice by explaining them all is beyond the scope of this chapter. There are some common fundamental similarities, regardless of the product selected.

The key to content filtering solutions is the ability to monitor and filter content from the Internet, chat rooms, instant messaging, email, email attachments, Word, PowerPoint, PDFs, and from web browsers. There are several ways to filter traffic, which can be classified into two main categories:

• Client-based filtering: This filtering solution involves loading software onto individual PCs that check content and filter it according to a defined set of rules. In the case of home users, this is the most common type of solution and usually comes in the form of a subscription to a server that contains updates.

• Server-based filtering: In this filtering solution, individual client PCs do not require specialized software to be loaded because everything is loaded and controlled by a server that the client PCs in turn access. This type of filtering is commonly used for email spam and virus detection; all email comes into a central server, which is the most logical place to filter it.

For content filtering, a device such as a proxy server, content engine, or WAN optimization device forces all web traffic through it so that the user requests to view web pages. Users can be inspected to determine whether the request should be permitted or denied. Content filtering is accomplished using a library or database of terminology, words, and phrases as the set of rules defining what is not allowed.

In many cases, requests are regarded as the replies; for example, some attempts to access a website might be classified via the database or library when the client makes a request (such as www.showmeporno.com), whereas other requests might require the filtering device to analyze the content of the web page before making a filtering decision.

These same examples of browsing the Internet using content filtering is extremely similar to how spam and virus filtering is accomplished. Ultimately, a database contains ways of identifying what should be filtered and what should not. As traffic enters the network, it is verified against this database. For example, many products and tools can be used at the server level to identify and stop spam. Although nothing is ever 100 percent accurate; so many email clients also have some sort of built-in way of allowing users to further identify spam email.

Limitations of Content Filtering

Content filtering can play a large role in protecting your network and ensuring the proper use of network resources. However, it does have some disadvantages that, if you are aware of them, allow for the filtering to operate better:

• An estimated 3 to 5 million websites are introduced to the Internet as new or renamed every week. This makes the tracking of good or bad sites extremely difficult to do and requires dedicated service to ensure that your filters are always up to date.

• Content is always changing; in addition to new websites, new ways to spam, new viruses, and other threats make it difficult to keep on top of the changes.

• Nothing is perfect, so you can expect to see false positives to a certain degree. Therefore, retaining some sort of control of the system is important, and blind reliance on outside classifications is probably not a good idea—for example, www.msexchange.com being seen by content or URL filters as “m sexchange” rather than “ms exchange.”

• In the higher education environment, a balance between security and freedom of academia is often a balance that must be struck. RIAA also comes into play here from a compliance-related perspective on downloads and sharing protected music through open programs riddled with security threats.

Content filtering is probably in use in your network in some form or another. The extent of its implementation varies widely depending on the size and sensitivity of your business. The following section looks at ways to completely secure your network: PKI.