Content Filtering: Sifting Through the Mess
NASA SEWP Security Center
Aaron Powell
Christopher Vincent
July 20, 2006
DISCLAIMER: This document is intended for informational purposes only and is no
substitute for performing one’s own analysis of the products and
solutions discussed herein. It represents the NASA SEWP Security
Center’s analysis and opinions. There are no express or implied
warranties regarding the veracity of the information provided. When
implementing any content filtering solution, it would be wise for one to
seek legal counsel beforehand.
Introduction
As business, government, and non-profit organizations continue to combat information
insecurity, they have made some headway against common problems that once plagued
network administrators. Regular anti-virus scans, locked-down firewall rule-sets,
persistent log monitoring and strong password policies have reduced some of the more
egregious offenses against information technology infrastructures. As a result, browser-
based vulnerabilities have received increased scrutiny as a possible avenue for improving
security.
In response to these threats and others, vendors are marketing numerous suites of
products claiming to protect end-hosts from attacks via the web and web-related services.
Their products, both hardware and software, are usually referred to as “content-filtering”
products. Web filters have existed for some time, primarily as a means to prevent
children from viewing material deemed inappropriate and to prevent users on public
machines from accessing illegal material, but this new generation of products hopes to
address newly identified problems as well.
Currently, organizations face several different problems that they hope to address via
"content-filtering." First, organizations hope to prevent authorized users from
transporting and storing illegal materials via their networks and machines, possibly
creating liabilities on the part of the company. Second, orga