System administrators have the ability to tune content filtering programs or software to specify character strings at the packet level of the proxy server and set the filter to allow/deny categorical traffic. The filters can be applied to control the amount of time employees spend on given websites; block suspicious URLs altogether; identify unsafe domains and/or text strings; and deny attachments, redirects, viruses, cookies, pop-ups, certain media types, etc. In addition, admins can set content filters to send alerts, auto archive/sandbox information, or record screenshots. Some commercial offerings can aggregate security warnings from across the web and send alerts or block/deny based on known threats.
Content filtering is sometimes confused with URL blocking, though URL blocking is more of an “all or nothing” approach to allow/deny URLs from an identified set in a database. Content filtering, on the other hand, can block a piece of information without knowing anything about the server.
Get the DeMISTIfying InfoSec newsletter every Tuesday!