Support User Manuals

D-Link 260 Network Router User Manual

Open as PDF

of 545

6.3. Web Content Filtering

6.3.1. Overview

Web traffic is one of the biggest sources for security issues and misuse of the Internet. Inappropriate

surfing habits can expose a network to many security threats as well as legal and regulatory

liabilities. Productivity and Internet bandwidth can also be impaired.

Filtering Mechanisms

Through the HTTP ALG, NetDefendOS provides the following mechanisms for filtering out web

content that is deemed inappropriate for an organization or group of users:

• Active Content Handling can be used to "scrub" web pages of content that the administrator

considers a potential threat, such as ActiveX objects and Java Applets.

• Static Content Filtering provides a means for manually classifying web sites as "good" or "bad".

This is also known as URL blacklisting and whitelisting.

• Dynamic Content Filtering is a powerful feature that enables the administrator to allow or block

access to web sites depending on the category they have been classified into by an automatic

classification service. Dynamic content filtering requires a minimum of administration effort and

has very high accuracy.

Note: Enabling WCF

All Web Content Filtering is enabled via the HTTP ALG which is described in

Section 6.2.2, “The HTTP ALG”.

6.3.2. Active Content Handling

Some web content can contain malicious code designed to harm the workstation or the network

from where the user is surfing. Typically, such code is embedded into various types of objects or

files which are embedded into web pages.

NetDefendOS includes support for removing the following types of objects from web page content:

• ActiveX objects (including Flash)

• Java applets

• Javascript/VBScript code

• Cookies

• Invalidly formatted UTF-8 Characters (invalid URL formatting can be used to attack

webservers)

The object types to be removed can be selected individually by configuring the corresponding HTTP

Application Layer Gateway accordingly.

Caution: Consider the consequences of removing objects

Careful consideration should be given before enabling removal any object types from

web content. Many web sites use Javascript and other types of client-side code and in

most cases, the code is non-malicious. Common examples of this is the scripting used

to implement drop-down menus as well as hiding and showing elements on web pages.

6.3. Web Content Filtering Chapter 6. Security Mechanisms

292

previous next