Content Filters & Application Gateways
An increasingly powerful pairing on the security perimeter comes from the combination of firewalls and high-level add-on servers or software. By examining the contents of communications associated with higher level protocols—like the HyperText Transfer Protocol, or HTTP, associated with Web access, or the Simple Mail Transfer Protocol, or SMTP, associated with e-mail transmission—these add-ons can provide additional levels of screening and control for organizations that move lots of data across their network boundaries, to and from the Internet.
Recently, I got involved in a product review for an information security magazine, and had an opportunity to look fairly closely at such a product, e-Safe v4, which offers Web content, anti-spam, and anti-virus filtering capabilities. What makes the product particularly interesting is that it’s tightly integrated to work with the CheckPoint Firewall-1 and the Cisco PIX firewall. In fact, it’s set up so as to make installation and configuration with those products both easy and straightforward (eSafe also works with other firewalls, of course, but also requires a great deal more manual configuration and setup effort to make things work).
In the Web content area, eSafe can work with a URL watch list to block access to suspect, inappropriate, or unwanted sites, using the products URL add-on. The product’s anti-vandalism features include blocks for malicious scripts, Java, and ActiveX components and other questionable active content in e-mail and Web pages, along with controls for Office Macro scripts. The product’s anti-virus controls include two anti-virus engines (Aladdin’s own and a “second opinion” engine from Kaspersky Labs that particularly adept at detecting and blocking Trojans), plus regularly updates signatures and checks against known viruses and threats, and built-in protection against polymorphic, encrypted, or stealth viruses. E-mails controls include anti-spam protection for incoming mail, and content screening (to avoid unwanted leakage or disclosure of proprietary or confidential information via e-mail) for outgoing mail.
For more information on this topic search on content filter in your favorite search engine, or check out the tutorial at http://www.firewall-servers.com/content_filtering.html (from the makers of the iSentry content filter product).