Content Filters Should Be Used for Security

November 7, 2007 by PatB | 2 comments

By PatB
Contributing Writer, [GAS]

Most workplaces use a proxy server or a content filter between the end user and the Internet. Such filters usually enforce a company’s web surfing policies by blocking access to pornography, social networking sites, daytrading sites, online dating, etc. As a grown adult, I don’t much care for web filtering products that block content based on objectionable material. I don’t need a net nanny.

Not that I want to surf porn or anything, but as a security analyst such filters sometimes make my job difficult when handling an incident or investigating a policy violation. For instance, how do I know something objectionable was downloaded if I can’t tell myself? Or how do I know malware was blocked if I can’t see the attack work in a lab environment?

But there are definite advantages to blocking content, especially if you know which URLs are malicious. SANS reports today about a massive web defacement that exploited weaknesses in SQL to inject malicious java script on over 40,000 websites across dozens of domains. The java script silently downloads password stealers and other trojans. This particular mass-defacement is targeting gamers and their passwords to their online accounts. The next such defacement will likely install botnet software. But if you know the malicious strings in the content, you can employ a content filter to block those pages.

According to SANS, the mass defacement injects a string that calls to the following URL- yl18.net/0.js . If you have a content filter, it would be prudent to block that string, and in fact, it wouldn’t hurt to block all calls to “0.js”. Experience has proven that malware hosted at a single site has a very short shelf life. The exploits will likely cease to work within 24 hours. But the script kiddies will strike again and use a different server somewhere else, and will likely recycle the same scripts, changing only the domain name. Blocking calls to this script could stop some exploits.

And if you can’t block malicious content? Well, patch everything, cross your fingers, and surf carefully.

Sharing is Sexy!
  • Digg
  • StumbleUpon
  • Reddit
  • Facebook
  • MySpace
  • FriendFeed
  • del.icio.us
  • Google Bookmarks
  • email
Related Posts:
  1. Half Million Microsoft Servers Hacked
  2. IE7 0-Day Exploit Compromising Thousands of Hosts
  3. Airlines decide to block naughty websites from in-flight internet
  4. Perspectives extension for Firefox gives second opinion on security
Cool posts on other blogs:

Posted in Security, Software, Web | 2 Comments »

Did you enjoy this post? If so, subscribe to the geeksaresexy RSS feed.

2 Responses to “Content Filters Should Be Used for Security”

  1. BelchSpeak » Post Topic » Content Filters for Security says:
    November 7, 2007 at 10:42 am

    [...] at [GAS] Geeks Are Sexy has invited me to guest bog at his site! You can check out how to use content filtering for blocking malware over at that site here. Be sure to check it [...]

    Reply
  2. Andrew Mitry says:
    November 7, 2007 at 11:25 am

    OpenDNS is a fast and easy option for content filtering that blocks malicious/phishing sites as well as the usual stuff.

    http://www.opendns.com

    Reply

Leave a Reply


| [Geeks are Sexy] Privacy Policy | Legal Disclaimer |