D-Link DFL-800-AV-12 User Manual - Page 169
Web Content Filtering, 6.3.1. Overview, 6.3.2. Active Content Handling
View all D-Link DFL-800-AV-12 manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 169 highlights
6.3. Web Content Filtering Chapter 6. Security Mechanisms 6.3. Web Content Filtering 6.3.1. Overview Web traffic is one of the biggest sources for security issues and misuse of the Internet. Inappropriate surfing habits can expose a network to many security threats as well as legal and regulatory liabilities. Productivity and Internet bandwidth can also be impaired. NetDefendOS provides three mechanisms for filtering out web content that is deemed inappropriate for an organization or group of users: • Active Content Handling can be used to "scrub" web pages of content that the administrator considers a potential threat, such as ActiveX objects and Java Applets. • Static Content Filtering provides a means for manually classifying web sites as "good" or "bad". This is also known as URL blacklisting and whitelisting. • Dynamic Content Filtering is a powerful feature that enables the administrator to allow or block access to web sites depending on the category they have been classified into by an automatic classification service. Dynamic content filtering requires a minimum of administration effort and has very high accuracy. All Web Content Filtering is enabled via the HTTP Application Layer Gateway (see Section 6.2.2, "HTTP"). 6.3.2. Active Content Handling Some web content can contain malicious code designed to harm the workstation or the network from where the user is surfing. Typically, such code is embedded into various types of objects or files which are embedded into web pages. NetDefendOS includes support for removing the following types of objects from web page content: • ActiveX objects (including Flash) • Java applets • Javascript/VBScript code • Cookies • Invalidly formatted UTF-8 Characters (invalid URL formatting can be used to attack webservers) The object types to be removed can be selected individually by configuring the corresponding HTTP Application Layer Gateway accordingly. Caution Care should be taken before enabling removal of objects from web content. Many web sites use Javascript and other types of client-side code and in most cases, the code is non-malicous. Common examples of this is the scripting used to implement drop-down menus as well as hiding and showing elements on web pages. Removing such legitimate code could, at best, cause the web site to look distorted, at worst, cause it to not work in a browser at all. Active Content Handling should therefore only be used when the consequences are well understood. 169