Talk With an Expert

Application Level Content Scrubbers

Application Level Content Scrubbers (PDF, 1.59MB)Published: 22 Aug, 2001
Created by:
Benjamin Sapiro

Firewalls do not excel in the e-business and content delivery environments because firewalls were originally created for express purpose of blocking external access while still allowing internal users out. In the e-commerce or content delivery environments, the firewalls can only ensure that a certain variety of traffic will reach the online assets; however, a firewall has no control over the actual content the traffic carries. A Cisco PIX can block Java or ActiveX and Firewall-1 has content vectoring, but these measures are only designed to prevent internal users from accidentally bringing malicious content back inside the perimeter; they are not designed or implemented to prevent attacks against servers using malicious content that is syntactically correct from a protocol perspective yet semantically dangerous from the perspective of the content providing applications. Over the past year, products and solutions have arrived that allow for application level control of inbound content. For the purposes of this paper, I have classified these products and solutions as 'content scrubbers'. They are not meant as firewall replacements but rather to augment existing network security architecture by providing a capability previously lacking. This paper presents an overview of some of the available content scrubbers.