ZyXEL Communications P-312 manual Content Filtering, Restrict Web Features, ActiveX, Java

P312 Broadband Security Gateway

Chapter 20

Content Filtering

The Prestige can block web features such as ActiveX controls, Java applets, cookies as well as disable web proxies. The Prestige can also block specific URLs by using the keyword feature.

Please note that content filtering means the ability to block certain web features or specific URLs and should not be confused with packet filtering via SMT menu 21.1.

20.1 Restrict Web Features

20.1.1 ActiveX

ActiveX is Microsoft’s component technology, formerly known as COM (Component Object Model) and can be used as a tool for building dynamic and active Web pages and distributed object applications. When you visit an ActiveX Web site, ActiveX controls are downloaded to your browser, where they remain in case you visit the site again. ActiveX controls may display a moving object or banner, provide a sophisticated program or components that give clients direct access to data servers using protocols that are more sophisticated than the Web’s HTTP (Hypertext Transfer Protocol). Because ActiveX Controls work closely with the operating system, they pose a security risk. It is possible to write controls that can delete files, compromise security, or cause other damage.

20.1.2 Java

Java is a programming language and development environment created by Sun Microsystems for building downloadable Web components or even a sophisticated environment for building Internet and intranet business applications of all kinds.

Java programmers create Java applets, and Java applets run inside what is called a Java VM (Virtual Machine). Think of the VM as a software box where Java applications run. Only the VM must be designed to be compatible with any specific platform (i.e., Windows, UNIX, etc.). Once a VM is available, any Java applet will run inside the VM.

In the Java environment, downloadable Java applets run in a Java VM (Virtual Machine) on the user’s computer. For security reasons, the Java applet does not interact with the native operating system. It runs safely in the VM, where it can’t access the memory of other applications on your computer or execute instructions that might cause damage to data on disk (although such features can be enabled at your discretion). While this prevents Java applets from doing harm to a system, it also limits what can be done with Java. Applets are designed to run in the VM and are prevented from accessing external resources. This adds security, but also restricts functionality. Starting with Java 1.1, the VM’s restrictions were relaxed to allow Java applets to access local resources, but anyone using this feature must ensure that the applets they run are safe.