| To answer that question, let me begin by taking you | | | | the ALF. Some NLFs offer these functions as an |
| back in history a bit, to catch-up!! Did you know that | | | | additional feature, because it makes the NLF more |
| WWW as we know it today, has evolved out of an | | | | beneficial and interesting from the TCO perspective. |
| "Internet", that was originally conceived much | | | | Modern Application Layer Firewalls have a |
| differently. Yes, exchange of information and files | | | | comprehensive set of individual filters or processes |
| was always there, but it happened rather differently! | | | | that holistically allow you to gain access and content |
| In fact WWW evolved much later than emails. | | | | control over the way your resources are used. This |
| Naturally security issues and solutions have also | | | | is achieved by employing a variety of filters, each |
| evolved, in the same foot-steps. We started using | | | | serving a specific purpose. Some of these filters, |
| anti virus to check content of emails, and SPAM | | | | parametrically analyze the content, in real-time and |
| filters, etc. to manage the nuisance created by | | | | then take appropriate action, whereas some do not |
| unwanted emails, cumulatively we relate to these | | | | require the content to be actually downloaded, to |
| two as content filtering for emails. Nearly similar | | | | take any action. Thus the focus is more on the logic |
| situation presents itself today, as we access the | | | | behind an activity, rather than merely the act itself. |
| WWW, and we use web-content filtering, to | | | | Almost all modern ALFs today minimally provide virus |
| safeguard ourselves. | | | | scanning of all the content transferred and thus |
| The entire evolution actually happened on two fronts | | | | deliver well as a Gateway Anti Virus. But a typical |
| (or layers as we call them technically) actually. The | | | | HTTP application is constituted by a variety of |
| Network and the Application. Routers were built to | | | | independent or inter-linked factors. A specific filter |
| inter-connect various networks; and Firewalls were | | | | addresses a specific factor. Some ALFs like |
| built to ensure the connections happened, exactly as | | | | SafeSquid allow you to frame rules to define policies |
| desired. Similarly on the application layer, proxy | | | | in terms of all of these features. The factors that |
| servers were created to service the needs of the | | | | can be commonly applicable are "Profiled" and then |
| various applications and content filters were built to | | | | they are either subjected to (or immunized against) |
| ensure that the content was of acceptable nature. | | | | appropriate filters. These filters are either static or |
| And even technically speaking "Firewalls are of two | | | | dynamic. Here's a list of some of the very important |
| types - Network Layer & Application Layer"; is | | | | filters and their specific functions. Notice that the |
| an accurate statement. And from the security | | | | function is directly related to their conditional |
| perspective these two forms of firewalls are both | | | | parameters. |
| required and have a different job to do. But we'll | | | | * Access Restriction Allow or deny access to a user, |
| come to that in a moment. | | | | and create a Profile. |
| Content Filtering helps to prevent abuse, misuse and | | | | Basic Conditional Parameters: username, I.P. Address. |
| any other security breaches when users and their | | | | - Offer additional privileges like: |
| applications access the WWW. Paradoxically "Content | | | | - Global Bypass to one or more filters. |
| Filtering" by itself is a much abused term, that has led | | | | - Access to Browser based GUI. |
| to a lot of general confusion. Simply speaking, it | | | | - Any other privileges a user must always (uniquely) |
| means defining "what may be allowed or denied | | | | enjoy. |
| accessed". | | | | * URL Filter Allow or Deny access to content from a |
| A legacy content filter allows you to define - just his | | | | particular URL. |
| "what", in terms of a set of web-site addresses. | | | | Basic Conditional Parameters: Hostname, I.P. Address, |
| Whereas modern Content Filtering Software or an | | | | file name |
| Application Layer Firewall - like SafeSquid ( allows you | | | | * URL Blacklists Allow or Deny access to content |
| to define this "what" more holistically and thus | | | | from a web-sites listed under a specific category |
| comprehensively address, the need to contextually | | | | Basic Conditional Parameters: Category |
| relax or apply rules. | | | | * Mime Filter Allow or Deny access to content of a |
| This definition of "what" therefore requires to be | | | | particular content-type. |
| addressed in many more terms, rather than just | | | | Basic Conditional Parameters: Mime-Type, File-name |
| web-site addresses. This "what" can be defined in | | | | extensions. |
| terms of the actual nature of the content, and the | | | | * Cookie Filter Allow or deny exchange of cookie to |
| definition is not necessarily restricted just by the | | | | or from a particular Domain. |
| web-site's address. | | | | Basic Conditional Parameters: Cookie's - Domain |
| Every Proxy server is basically an Application Layer | | | | Attribute, Path Attribute, Expiry time ( year, month, |
| Firewall (ALF). Each of the the various filters in an | | | | hour, minute), Direction - Attributes (Inbound, |
| ALF are individually governed by a global rule of Allow | | | | Outbound) |
| or Deny, and exceptions to the rule are set in the | | | | * Keyword Filter Deny Access to web-sites |
| ALF's configuration, to precisely reflect the business | | | | containing unacceptable words or phrases |
| needs of the implementation. Each of the filters' | | | | Basic Conditional Parameters: Patterns of Words and |
| addresses one specific aspect of the content. This is | | | | phrases, score |
| quite similar in essence to a modern Network Layer | | | | * Document Rewrite Replace or modify unacceptable |
| Firewall (NLF). Primitive NLFs allowed you to merely | | | | portions of a web-page. |
| allow or deny connections based on the source or | | | | Basic Conditional parameters: Content Patterns that |
| target address in terms of I.P. Address and ports, | | | | should be replaced, Pattern of replaced content |
| however the more sophisticated developments allow | | | | * Image Filter Deny Access to pornographic images. |
| you to even state protocols as parameter, besides | | | | Basic Conditional Parameters: Probability threshold, |
| other factors such as time of the day, and a more | | | | above which the image may be treated as |
| composite security by analyzing, the content (data | | | | pornographic |
| packets), for malware, by referring the transported | | | | * DNS Blacklist Deny access to content served from |
| data packets, to an AntiVirus Software, or similar | | | | malafide servers |
| other technologies. However the inspection of the | | | | Basic Conditional Parameters: The I.P. |
| content is primarily the function and responsibility of | | | | |