Content Filtering companies have gained quite a bit of traction in the Computer Network Defense (CND) industry. The goal of content filtering is to attempt to stem the carnage that malicious sites can wreak on unsuspecting individuals and companies by blocking access to malware and other forms of ransomware.
The filtering engines work by way of proxying requests between the end user and the destination site. They are performing a “man in the middle” attack between the user and the destination by a number of different ways such as DNS cache poisoning (Cisco’s Umbrella), and content interception (Symantec’s Bluecoat). Filtering engines use a combination of human control and machine learning to differentiate safe sites from malicious sites. Even more than static understanding of sites, filtering engines can identify when a safe site is hijacked and will block traffic when that known safe site is compromised.
Identifying safe sites is not precise nor exact — the task is all a best effort. The beginning of the best effort is listing your site in the filtering engines. If you don’t have your site listed as “safe” by the content filter company, you will likely be blocked!
- 1. Goals of the bad guy
- 2. Content Filter sites to consider
- Virus Total
- Symantec Bluecoat WebPulse
- Norton SafeWeb
- Cymon Open Threat Intelligence
- Talos real time check
- Site checker
- McAfee TrustedSource
- BrightCloud Threat Intelligence
- TrendMicro Site Safety Checker
- Cyren URL Category Check
- Palo Alto Test a Site
- zVelo Web Categorization
- 3. References
1. Goals of the bad guy
To understand the goals of the bad guy, and more importantly why your site might be blocked by a content filtering service, consider this: The goal of having a web site is to have folks be able to visit the site. At the same time, the goal of bad guys is also to have visitors land on their sites.
Now that we understand the simple goal, why are these “man in the middle” attacks being performed by the good guy? The reason is fairly straight forward: Content filters are a technical control to prevent employees from inadvertently clicking on “bad” links.
In the case of content filtering, the goal is to prevent or at least reduce the opportunity of an unaware user landing on the malicious web site, and at the same time allow traffic to “known good” sites. This is where your site comes in.
Be sure to submit your site for review to as many of the content filtering and reputation sites as you can identify. Many companies that deploy proxy content filter systems will deny access to sites that have no reputation, and this will prevent potential users of your site from even accessing your site in the first place.
2. Content Filter sites to consider
Consider submitting your site to at least the following content filter companies. Where possible, the links point back to the reputation for marksatterfield.com . This way you have an idea of what to expect when you submit your site to the filtering engine.