Ask the Expert

How well do content filtering tools limit network traffic?

How do content monitoring and filtering tools work? How well do they monitor outbound traffic?

    Requires Free Membership to View

Content filters are an evolving area of security technology. Essentially, they monitor all traffic on a network and compare it to a set of rules that define unacceptable activity. Content monitors alert administrators to the unwanted activity, while content filters block the objectionable traffic from entering the network.

The technology behind content filtering is fairly simple. If the device is set up to be a monitor, technicians can attach it to the network by using a network tap, span port or similar replication technology, ensuring that the network has a copy of all traffic. If it is designed to serve as a filter, it can be placed at a choke point in the network.

The important criteria to evaluate when deciding if a content filter meets your business requirements is how the filter decides which traffic is allowed and which is denied. Most of the current generation of content filters use whitelist/blacklist technology to build lists of acceptable and unacceptable content. Depending upon the organization's security requirements, either a default "allow" or "deny" rule is applied. This approach is often seen in Web content filtering, where users are blocked from accessing inappropriate Web sites. While maintaining these lists can be quite a chore, filter manufacturers often provide a subscription service that offers access to a centrally maintained site categorization scheme.

Some companies are experimenting with newer content-filtering technologies. Using document signatures, traffic profiles and other techniques, these approaches seek to identify leaks of confidential information and other inappropriate content. While they hold promise, they're probably only useful if you have extremely high security requirements or a desire to be on the cutting edge of security technology. Otherwise, I'd recommend waiting a couple of years until these technologies mature.

More information:

  • Use IPsec rules to filter network traffic.
  • A content filtering tool is only one of the important intrusion defense technologies. Learn about the others in SearchSecurity.com's Intrusion Defense School.
  • This was first published in February 2007

    There are Comments. Add yours.

     
    TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

    REGISTER or login:

    Forgot Password?
    By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
    Sort by: OldestNewest

    Forgot Password?

    No problem! Submit your e-mail address below. We'll send you an email containing your password.

    Your password has been sent to: