On proxies and network performance there are obviously many components which can be an influencing factor.  One of those is content filtering, which in most networks form an important part of perimeter and internal security.  Nowadays most employees enjoy access to the internet from their corporate PCs which in itself necessitates the need for some content filtering.  URL filtering is one such process, the impact of intense checking against patterns to block.

There are huge risks with allowing access to the internet, so it is essential that these risks are mitigated in some way.  Users obviously can be made aware of code of conducts and a robust internet usage policy is essential.  However there will always be some users who will ignore these issues and even some who will actively seek to bypass them.  It is not uncommon to analyse outbound connections and see many people with constant media streams of UK TV from abroad which obviously is not good for your network.

Other examples of content filtering are things like HTML tag filtering and screening for viruses and malware. HTML tag filtering allows certain tags to be removed from transferred HTML documents usually for security purposes. Many organisations for example will routinely screen out all Java or Active X controls from content. Blocking any content which contains viruses or malware is of course a sensible option in today’s security environment.

When these objects are being transferred and cachesd through a proxy server, there is an opportunity to filter this content. It is the logical place for example to implement virus screening plugins. The problems are that most of these plugin will require the whole object to be retrieved before it can be scanned. This leads to the undesirable situation where the proxy server is caching a potentially dangerous file. Also this can lead to a large amount of latency from the user perspective as the entire content is first downloaded and cached before the user sees anything on their computer screens.

There have been some technological developments which are improving this situation with more sophisticated scanners which can operate on streaming files and content. Other filtering applications can deal with HTML tag filtering in this way so that the data can be sent almost immediately and prevent that large data lag at the client’s side.

John ITV Stevens

Leave a Reply

Your email address will not be published. Required fields are marked *