Network Security - Internet Content Filtering Primer

Although many businesses have some form of Internet firewall in place, schools have a unique responsibility to provide better Internet content filtering for students using their computers. You can use multiple content filtering methods. This can be used for blocking access to pornography or games, shopping or advertising, email/chat, file transfers, and Websites that offer information about hatred/intolerance weapons drugs gambling, etc.

An blacklist provides the easiest method for content filtering. A blacklist can be described as a list containing domains, URLs or filenames that the content filter wants to block. Playboy.com is one example of a blacklist. It would prevent access to all subdomains and folders as well as the entire domain. In the case of a blacklisted URL, such as other pages of the domain might be available, but that specific page would be blocked. Wildcards can often block large sets of URLs and domains. Blacklisting can also help to prevent software installation by blocking files like */setup.exe. Or to prevent changes to your computer by blocking potentially hazardous file types like *.dll. Many content filters also block graphic file types because content filters cannot distinguish art from porn.

A blacklist can be used to block certain resources. However, a whitelist allows for the following resources to pass the content filter: like a bouncer at the velvetrope, the content filtr blocks all resources not included on the whitelist. Blacklists, whitelists, and both can be used together to offer more specific filtering. A blacklist could block all graphic file types. But, the whitelist could allow images to be uploaded from age-appropriate, moderated, or sponsored image hosting sites. Whitelisting and blacklisting are fast and easy methods to determine whether or no Website should be shown. Although it's not time-consuming, checking a Website against the list is quick and easy. There are also many new websites popping up every day, making it difficult to keep track of all the bad ones cisco Colombia.



What do we do with the continuous stream of new Websites that are coming online every day? These are where more sophisticated filtering strategies come in. Search for particular phrases or words in a webpage can be done using parsing . The content filter doesn't rely only on filtering by IP address. It downloads the requested Website (unless blocked by an immediate blacklist) and reviews every line, looking for bad words and phrases. Although it acts as a blacklist, the content filter would download the requested Website and scan for any patterns. This could slow down the process and take up more time. (In fact I'm quite certain that this article is being blocked by content filters because it contains the word "sex" in the first paragraph. However, since Web authors are equally interested in getting their content past filters, it might also be necessary for them to include strange-seeming variants such as b00bies or boob!es. Filtering can be set up to block pages that use any of the negative phrases. The phrases or words may be assigned points and the filter could block any pages which exceed that threshold.

context filtrating is the next type of content filtering. Word and phrase Parsing isn't very smart. It just acts upon any pattern that matches the predefined pattern, regardless of context. It might block pages with the terms "the raw truth" or 'chicken breasts'. Administrators might not care about these contexts but want to block pages which include the words 'naked breasts' if they are combined. Even if point values or thresholds are assigned, legitimate Webpages can be blocked.

One example is that a Webpage about Breast Cancer could easily reference breasts enough times for it to reach a point threshold. Many proprietary algorithms are used for context filtering. They are developed by the different makers of Internet content filters. The key is to balance speed with accuracy. Users must be able to download all requested Webpages and quickly analyze the words to determine whether or not they are acceptable. If they are too quick to judge they might let through undesirable content (known for "misses"), or block acceptable content ("false hits"), while if they are too slow they will be criticized by users for their latency. The time and money required to create a better algorithm is more costly. Often, the faster and more accurate filters are more expensive.

This treatise on Internet Content Filtering is incomplete without mentioning that other methods and configurations may exist. Virtually all Internet Content Filters operate on port80 (http); many ignore other protocols. But, some may be capable to filter out specific ports entirely or apply filtering to other channels. I wonder which port "World of Warcraft", ...) uses?

Internet content filters, like firewalls are also available as software or hardware solutions. Hardware solutions are often referred to as "appliances", while software solutions are more commonly called "applications", and "services". Hardware solutions can be used to centralize administration. They are more costly, but they handle all filter-related processing. This allows you to free your servers from these responsibilities. They come often with subscription services for updates of the blacklist whitelist phrase list and context data. These are similar to antivirus subscriptions that provide updates on lists of virus signatures. They could work as multi-homed passthrough gateways or by redirecting traffic at a designated port or destination IP.

Caching may be added to higher-end models for faster access to frequently-accessed resources. Software-based options may be server-based and/or installed on each workstation. Although server installations have the same centralized administration features as hardware solutions, they use your RAM and processor to filter the information, not being a separate appliance. Servers may be more affordable because they use less RAM and processors. When installing workstation software, you will need to not only install the software but also configure each workstation individually. You might also need periodically to update each workstation.

Microsoft Internet Explorer also has an easy, free-of-cost, built-in Internet filter. You can set it up under Internet Options on the Windows Control Panel. It is perfect for your kid's personal computer or small peer-to–peer network. But it's not ideal as an enterprise solution. Whether hardware- or software-based, best-in-class enterprise solutions are often Active Directory-integrated, simplifying administration and configuration, and permitting filtering settings to follow users anywhere in the network. Teachers might have more flexible settings than students, although they could still be blocked if they try to enter the faculty lounge during recess.

 

Comments

Post a Comment

Popular posts from this blog

A New Kind Of Data Center Power Testing Facility

Image
    Let me tell you about one of my passions: I love visiting data centers. Perhaps it's the power that flows through racks upon racks of servers or the ability to enter the inner sanctum IT after passing through security checks. It could also be the way that all of this gear is wired up. When I received a demo, I was always keen to inspect the equipment's backs and check the cables.   When Schneider Electric asked me to join their open house for a new type of data center, I was confident that I was the right person to ask.   It is a strange place for many reasons. It is constructed like a working data center, but there is one crucial difference: it has nothing. The mostly empty building is filled with HVAC equipment, electrical power and plenty of modeling and monitoring tools. Aaron Davis, chief marketing officer for the subsidiary, says that the goal is to have a facility that provides practical solutions and not hype.   Schneider created its data Fortinet Co
Read more

Network Security - Methods For Controlling Threats

Image
  Firewalls are so common that it's worth learning more about them.   Companies often use firewalls to manage their Internet connections.   A firewall allows a company control how end users can access their network, and what information is sent through other servers. A firewall can control the traffic coming into and leaving the network using a variety of methods.   This is done by firewalls through packet filtering.   A firewall compares small packets against pre-defined  Fortinet Colombia   filters.   All data is transmitted via small packets through filters.   Unsafe information is usually removed and safe information is transmitted. Proxy service is another way firewalls can reduce traffic.   Proxy service is when the firewall retrieves information from the Web and transmits it to the requesting machine.   Stateful inspection is another method firewall uses to control traffic.   This allows the firewall compare data packets from different sources to determine if they are co
Read more

Thumb Drives Or Other USB Connection Devices

Image
  You may have noticed that your computer behaves strangely. It is acting differently from what you instructed. This is usually a sign that your computer has been infected with malicious programs. These unwanted programs are usually infiltrated via other programs downloaded or by connecting to external devices, such as thumb drives or other USB connection devices. What are the dangers of having your computer attacked by malware such as spyware, adware and viruses? 1. Over-Expensive Repair Costs Computer systems that have been attacked with malicious software can be shut down immediately and permanently damaged. It is often too costly to repair a system that has been damaged. There are other risks as well, besides financial loss Broadcom Colombia . 2. Spyware Identity Theft There have been cases where victims have had their bank account numbers, passwords, and credit card numbers stolen. This has allowed them to purchase illegal items from their accounts. The bank then charges
Read more