ZyXEL Communications P-312 Chapter 20 Content Filtering

P312 Broadband Security Gateway

Content Filtering 20-1

Chapter 20Content Filtering

The Prestige can block web features such as ActiveX controls, Java applets, cookies as well as disable web

proxies. The Prestige can also block specific URLs by using the keyword feature.

Please note that content filtering means the ability to block certain web features or

specific URLs and should not be confused with packet filtering via SMT menu 21.1.

ActiveX is Microsoft’s component technology, formerly known as COM (Component Object Model) and can

be used as a tool for building dynamic and active Web pages and distributed object applications. When you

visit an ActiveX Web site, ActiveX controls are downloaded to your browser, where they remain in case you

visit the site again. ActiveX controls may display a moving object or banner, provide a sophisticated program

or components that give clients direct access to data servers using protocols that are more sophisticated than

the Web’s HTTP (Hypertext Transfer Protocol). Because ActiveX Controls work closely with the operating

system, they pose a security risk. It is possible to write controls that can delete files, compromise security, or

cause other damage.

Java is a programming language and development environment created by Sun Microsystems for building

downloadable Web components or even a sophisticated environment for building Internet and intranet

business applications of all kinds.

Java programmers create Java applets, and Java applets run inside what is called a Java VM (Virtual

Machine). Think of the VM as a software box where Java applications run. Only the VM must be designed to

be compatible with any specific platform (i.e., Windows, UNIX, etc.). Once a VM is available, any Java

applet will run inside the VM.

In the Java environment, downloadable Java applets run in a Java VM (Virtual Machine) on the user’s

computer. For security reasons, the Java applet does not interact with the native operating system. It runs

safely in the VM, where it can’t access the memory of other applications on your computer or execute

instructions that might cause damage to data on disk (although such features can be enabled at your

discretion). While this prevents Java applets from doing harm to a system, it also limits what can be done

with Java. Applets are designed to run in the VM and are prevented from accessing external resources. This

adds security, but also restricts functionality. Starting with Java 1.1, the VM’s restrictions were relaxed to

allow Java applets to access local resources, but anyone using this feature must ensure that the applets they

run are safe.