Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
By rsean at 2007-06-29 11:17
To answer that question, let me begin by taking you back in history a bit, to catch-up!! Did you know that WWW as we know it today, has evolved out of an "Internet", that was originally conceived much differently. Yes, exchange of information and files was always there, but it happened rather differently! In fact WWW evolved much later than emails. Naturally security issues and solutions have also evolved, in the same foot-steps. We started using anti virus to check content of emails, and SPAM filters, etc. to manage the nuisance created by unwanted emails, cumulatively we relate to these two as content filtering for emails. Nearly similar situation presents itself today, as we access the WWW, and we use web-content filtering, to safeguard ourselves.
The entire evolution actually happened on two fronts (or layers as we call them technically) actually. The Network and the Application. Routers were built to inter-connect various networks; and Firewalls were built to ensure the connections happened, exactly as desired. Similarly on the application layer, proxy servers were created to service the needs of the various applications and content filters were built to ensure that the content was of acceptable nature. And even technically speaking "Firewalls are of two types - Network Layer & Application Layer"; is an accurate statement. And from the security perspective these two forms of firewalls are both required and have a different job to do. But we'll come to that in a moment.
Content Filtering helps to prevent abuse, misuse and any other security breaches when users and their applications access the WWW. Paradoxically "Content Filtering" by itself is a much abused term, that has led to a lot of general confusion. Simply speaking, it means defining "what may be allowed or denied accessed".
A legacy content filter allows you to define - just his "what", in terms of a set of web-site addresses. Whereas modern Content Filtering Software or an Application Layer Firewall - like SafeSquid (http://www.safesquid.com/), allows you to define this "what" more holistically and thus comprehensively address, the need to contextually relax or apply rules.
This definition of "what" therefore requires to be addressed in many more terms, rather than just web-site addresses. This "what" can be defined in terms of the actual nature of the content, and the definition is not necessarily restricted just by the web-site's address.
Every Proxy server is basically an Application Layer Firewall (ALF). Each of the the various filters in an ALF are individually governed by a global rule of Allow or Deny, and exceptions to the rule are set in the ALF's configuration, to precisely reflect the business needs of the implementation. Each of the filters' addresses one specific aspect of the content. This is quite similar in essence to a modern Network Layer Firewall (NLF). Primitive NLFs allowed you to merely allow or deny connections based on the source or target address in terms of I.P. Address and ports, however the more sophisticated developments allow you to even state protocols as parameter, besides other factors such as time of the day, and a more composite security by analyzing, the content (data packets), for malware, by referring the transported data packets, to an AntiVirus Software, or similar other technologies. However the inspection of the content is primarily the function and responsibility of the ALF. Some NLFs offer these functions as an additional feature, because it makes the NLF more beneficial and interesting from the TCO perspective.
Modern Application Layer Firewalls have a comprehensive set of individual filters or processes that holistically allow you to gain access and content control over the way your resources are used. This is achieved by employing a variety of filters, each serving a specific purpose. Some of these filters, parametrically analyze the content, in real-time and then take appropriate action, whereas some do not require the content to be actually downloaded, to take any action. Thus the focus is more on the logic behind an activity, rather than merely the act itself.
Almost all modern ALFs today minimally provide virus scanning of all the content transferred and thus deliver well as a Gateway Anti Virus. But a typical HTTP application is constituted by a variety of independent or inter-linked factors. A specific filter addresses a specific factor. Some ALFs like SafeSquid allow you to frame rules to define policies in terms of all of these features. The factors that can be commonly applicable are "Profiled" and then they are either subjected to (or immunized against) appropriate filters. These filters are either static or dynamic. Here's a list of some of the very important filters and their specific functions. Notice that the function is directly related to their conditional parameters.
* Access Restriction Allow or deny access to a user, and create a Profile.