What is content filtering?
On the internet, content filtering -- also known as information filtering -- is the use of a program to screen and exclude from access or availability webpages or email that is deemed objectionable. Companies use content filtering as part of internet firewalls, and home computer owners, especially parents, use it to screen the content their children have access to from a computer.
Filtering software can screen content for anything that is objectionable or criminal, including online porn, hate sites, illegal content and social media. One drawback of content filtering programs is that it is easy to unintentionally block access to content that should not be blocked.
How does content filtering work?
Enterprise networks incorporate content filters in various ways. Network admins can configure firewalls, email servers, routers and domain name system (DNS) servers to filter unwanted or malicious content. They can install filtering software on dedicated servers or incorporate hardware appliances on the network. Cloud-based content filtering is also an option.
Content filters usually specify character strings that, if matched, indicate undesirable content that should be screened out. The following types of content filtering products are available:
- Web filtering is the screening of websites or webpages.
- Email filtering is the screening of email for spam and other objectionable content.
- Executable filtering is the screening out of executable files that threat actors use to install unwanted or malicious software.
- DNS filtering blocks content or network access from potentially harmful sources, using a special kind of DNS resolver or recursive DNS server. The resolver has a blocklist or an allowlist to filter unwanted or harmful content.
These filters can be configured to exclude undesirable types of content or content that violates a company's acceptable use policies.
Benefits of content filtering
Content filtering is important because it protects individuals and organizations against potentially damaging content. In particular, content filtering does the following:
- protects individuals, whether children or employees, from accessing content that is not appropriate for their age or function;
- reduces potential malware exposures by restricting access to malicious websites and email messages with malicious content;
- cuts down on potential legal liabilities as it prevents the spread of malicious content;
- improves network bandwidth use by restricting users from accessing unauthorized social media and streaming services -- it also limits attacks that can consume bandwidth; and
- protects organizations against attacks that use exploit kits hidden in other types of content and delivered in email or over the web.
Content filtering is one component of enterprise network security, rather than a complete network security strategy. It works best when combined with other security measures, such as firewalls, multifactor authentication and strong authentication mechanisms, like Kerberos.
Types of content filtering
Content filters work in tandem with allowlists or blocklists:
- Allowlists block all content except that which is explicitly permitted. This approach enables the strictest level of content filtering.
- Blocklists or denylists allow all content except content that is explicitly forbidden. This approach is more permissive since it blocks only content that is specified.
Content filters use different mechanisms to restrict inbound content, including the following:
- Scanning for restricted phrases or data types. Inbound content can be scanned and rejected for objectionable phrases or words.
- Excluding executable files. These files may be malware or other potentially unwanted programs. Filters can screen out other types of content, like images, videos and audio files.
- Screening based on origin. Inbound content filtering products may include options for screening content from certain IP addresses, IP networks or domains that are known to host malicious, illegal or otherwise objectionable content.
- Filtering email content. This can include the option to reject outgoing messages that are being sent to restricted addresses or domains or messages that contain text flagging their contents as proprietary or confidential.
Hardware vs. software vs. cloud-based content filtering solutions
There are several ways to enable content filtering, including the following:
- Configure existing systems, like various types of firewalls, email servers, routers and DNS servers, to screen out excluded content.
- Install dedicated content filtering software on existing or dedicated enterprise servers.
- Integrate hardware appliances for content filtering with enterprise network infrastructure.
- Use cloud-based content filtering systems that enable content filtering without requiring new hardware or software.
Content filtering in enterprises can use a single approach, or it may combine two or more of the mechanisms listed above.
Existing network security systems, like firewalls, may already be configured to block content. Other software systems can enhance that function, as can dedicated appliances and cloud-based content filtering systems for different departments, locations and business units.
For network security, firewalls are considered a bare minimum to protect enterprises from attack. Find out how inbound and outbound firewall rules can help keep unwanted content and intruders out of the network.