P312 Broadband Security Gateway
Content Filtering 20-1
Chapter 20Content Filtering
The Prestige can block web features such as ActiveX controls, Java applets, cookies as well as disable web
proxies. The Prestige can also block specific URLs by using the keyword feature.
Please note that content filtering means the ability to block certain web features or
specific URLs and should not be confused with packet filtering via SMT menu 21.1.

20.1 Restrict Web Features

20.1.1 ActiveX

ActiveX is Microsoft’s component technology, formerly known as COM (Component Object Model) and can
be used as a tool for building dynamic and active Web pages and distributed object applications. When you
visit an ActiveX Web site, ActiveX controls are downloaded to your browser, where they remain in case you
visit the site again. ActiveX controls may display a moving object or banner, provide a sophisticated program
or components that give clients direct access to data servers using protocols that are more sophisticated than
the Web’s HTTP (Hypertext Transfer Protocol). Because ActiveX Controls work closely with the operating
system, they pose a security risk. It is possible to write controls that can delete files, compromise security, or
cause other damage.

20.1.2 Java

Java is a programming language and development environment created by Sun Microsystems for building
downloadable Web components or even a sophisticated environment for building Internet and intranet
business applications of all kinds.
Java programmers create Java applets, and Java applets run inside what is called a Java VM (Virtual
Machine). Think of the VM as a software box where Java applications run. Only the VM must be designed to
be compatible with any specific platform (i.e., Windows, UNIX, etc.). Once a VM is available, any Java
applet will run inside the VM.
In the Java environment, downloadable Java applets run in a Java VM (Virtual Machine) on the user’s
computer. For security reasons, the Java applet does not interact with the native operating system. It runs
safely in the VM, where it can’t access the memory of other applications on your computer or execute
instructions that might cause damage to data on disk (although such features can be enabled at your
discretion). While this prevents Java applets from doing harm to a system, it also limits what can be done
with Java. Applets are designed to run in the VM and are prevented from accessing external resources. This
adds security, but also restricts functionality. Starting with Java 1.1, the VM’s restrictions were relaxed to
allow Java applets to access local resources, but anyone using this feature must ensure that the applets they
run are safe.