Using ContentKeeper Web© as an External Classification System for Content Filtering with Cisco SCE©

Content filtering engages web access management based on policies that determine allowed and forbidden URL categories (such as adult content, education, sports, news, etc.). Classification of specific URLs is a task for specialized systems that create and maintain relevant databases of classified URLs (mostly offline).

This complex solution includes two components:

- Cisco SCE, a Deep Packet Inspection (DPI) system that directly controls access to URLs, and

- ContentKeeper Web system that delivers a URL category to Cisco SCE, as requested.

ContentKeeper Web is a hardware and software solution locally storing a URL database where each URL is assigned to one or several of 32 fixed categories. The local category database is updated from the ContentKeeper data center every hour, providing an up-to-date website classification.

The ContentKeeper data center constantly monitors websites worldwide and classifies them (as well as re-classifies them if new updates are found) using an artificial intelligence system. In its turn,ContentKeeper Web informs the ContentKeeper data center about all encountered URLs that do not fall under any category (i.e. unclassified), so that they can be classified and included into the updated URL database. This would ensure prompt response to changes in the World Wide Web.

Fig. 1 shows a diagram of connection between ContentKeeper Web system and Cisco SCE. ContentKeeper Web functions as an external classification server for Cisco SCE. It receives a flow of unclassified URLs and returns a category for each of them.

Figure 1. A diagram of connection between Cisco SCE and ContentKeeper Web

Fig. 2 shows a detailed diagram of web access control.

Figure 2. A diagram of interaction between Cisco SCE and ContentKeeper Web

According to Fig. 2, in case when no categories are found in Cisco SCE cache (with user request history) for the URLs requested by subscribers, Cisco SCE sends such URLs to ContentKeeper Web. ContentKeeper Web searches through its database and returns category identifiers for the requested URLs to Cisco SCE, which stores these data in its cache. Cisco SCE uses the cache data to control HTTP traffic according to defined policies and subscriber profiles.

Cisco SCA BB — a special software solution — is used as a management console to configure content filtering within Cisco SCE. Filtering policies can be set from this console based on ContentKeeper categories. If Cisco SCE is integrated in an access management system used by ISP, other tools can be used to manage Cisco SCE settings.

This solution as compared to other Cisco SCE-based systems with external classification:

1. ContentKeeper Web shares the database of classified URLs locally, thus providing short response time for Cisco SCE requests.
2. Hourly database updates, as well as feedback from the ContentKeeper data center keeps URL database up-to-date and ensures highly efficient content filtering.
3. ContentKeeper Web system has high workload capacity. By estimates, one dedicated two-socket server (based on Intel architecture) with ContentKeeper Web can maintain the highest bandwidth of advanced Cisco SCE models.
4. High quality of classification, including the Russian Web segment, which fact is in particular confirmed by independent tests of CK Express (a system with the same classification database).
5. Low cost of ContentKeeper licenses.

Author: Dmitry Komov ( www.softbcom.com )