What is URL Filtering?
You and other employees in your company carry out a lot web/internet activities on daily basis, e.g., surfing your favorite websites, clicking on the links in the emails, accessing a number of web/cloud-based applications for your personal or business usages, etc. Each time you do any such thing, you are practically inviting a large number of threats to your corporate networks.
It is desirable for security professionals to use URL filtering, to prevent your employees from accessing unproductive websites...
-
How does URL FILTERING actually work?
URL filtering is one of the basic tenant of WEB FILTERING. Another one is DNS-filtering, i.e., domain (website) filtering. It blocks entire domains, which includes all URLs listed within a domain, whereas URL filtering only blocks specific webpages.
The idea behind URL filtering is very simple, i.e., to compare all the web traffic against a database of URLs. You allow or deny access to URLs based on what information is contained in the database of URLs.
URL filtering takes place at the application layer of the OSI model. The web protocols most frequently used at this layer are HTTP, FTP, and SMTP. The URL-filtering solution examines all requests that use these protocols, and if they are directed at a blocked URL, it filters out the request and directs the device that the request originated from, to a block page.
Usually URLs in a database are categorized or grouped in some manner and then you decide about allowing or denying the web-traffic based on those categories. For example, you categorize phishing websites and websites that deliver drive-by-download kind of threats together and name them as 'Dangerous' or 'Red' etc.
-
How Do You Go About It?
You basically create a URL Filtering profile that specifies an action for each URL category and then you attach this profile to a policy.
Second thing you do here is that you actually match the network-traffic based on URL categories, as it aids you in the enforcement of policy. And based upon the identification of specific web-traffic category, some sort of POLICY RULE will come into play, as is decided by you.
Third, you are going to use some sort of 'local database' for matching the network-traffic to categories first. For example, if it is detected that some user has attempted to a URL, say https://www.hallaballa.com/secrettrophy, then the system would first lookup this URL in local database in a local server, if it is found there in any of the previously defined categories, then allow/deny decision will happen very quickly, with almost zero-latency. But if the URL/domain does not exist in any of categories in the local database, then the web-filtering system needs to lookup at cloud-based master database for the identification of URL-category.
-
Category-Types for URL/Website-filtering
These are generally on the following lines:
-
Blocked sites: These are likely social media pages, shopping websites, unnecessary news outlets, or known malware-hosting sites.
-
Allowed sites: Websites relevant to your organization and required by its workflow, such as Software-as-a-Service (SaaS) programs, are usually included in your organization's list of allowed sites.
-
Defined IT policies: Your IT teams can create policies that log site users who visit certain websites at particular times. For example, a payroll website could be restricted to certain people that need access to it in the days leading up to payday.
-
Blocked or allowed URL filters: This means the organization does not determine access to specific websites but defines categories for multiple sites. For example, they could create a category for sites that are innocent but could distract users, sites that are questionable, and sites that are known to contain malware or phishing pages.
-
INTEGRATION is the need of hour
By now, you may have start to sense that any 'stand-alone' web-filtering system will not be sufficient. Suppose you have a sandbox, or you have a separate IPS solution deployed out there in your network. Both of them also can identify malicious URLs/websites, but their databases would be separate too. In such situations, your stand-alone web-filtering system would not be able to communicate or collaborate with those technologies. Right?
You will need an URL/Web-filtering solution which is coherently integrated with other security systems in your platform or ecosystem. It would prevent your employees from visiting websites that could affect your organization from operating as usual, such as, sites containing illegal or inappropriate content, sites not related to work, news websites, sports websites, shopping websites, and sites that could be high-risk, malicious, or related to phishing attacks, etc.
Typically the URL filtering vendor will create the categories and fill them out with groups of URLs that are all related to the same topic or are considered objectionable for similar reasons. For instance, all known URLs used for phishing attacks could be tracked in one "phishing" category, and your company can block all these webpages by using that category. Categorization can be an automatic process: some URL filtering services can use machine learning to identify websites that fit a particular category.
-
Summarizingly, I would say that because URL filtering is more granular than DNS filtering, it may also require more maintenance and customization. Additionally, it needs to be implemented separately for each application protocol. By contrast, DNS filtering is protocol-agnostic: once turned on, it applies to all types of web traffic.
The most relevant feature you need from an integrated solution is that it allows you to create custom-policies, such as, permanently allowing or blocking access to specific sites or groups of websites, such as social networking pages. You can also customize URL filter policies according to the time of day or the user privileges of employees.
Secure web gateways often include a URL-filtering feature. Recently I had published a post on SWGs, if you want to read it, you can.
-
Kindly write your comment on the posts or topics, because when you do that you help me greatly in designing new quality article/post on cybersecurity.
You can also share with all of us if the information shared here helps you in some manner.
This Article Was Written & published by Meena R, Senior Manager - IT, at Luminis Consulting Services Pvt. Ltd, India.
Over the past 16 years, Meena has built a following of IT professionals, particularly in Cybersecurity, Cisco Technologies, and Networking...
She is so obsessed with Cybersecurity domain that she is going out of her way and sharing hugely valuable posts and writings about Cybersecurity on website, and social media platforms.
30,000+ professionals are following her on Facebook and mesmerized by the quality of content of her posts on Facebook.
If you haven't yet been touched by her enthusiastic work of sharing quality info about Cybersecurity, then you can follow her on Facebook:
Click Here to follow her: Cybersecurity PRISM