Advanced Application and Web Filtering
description
Transcript of Advanced Application and Web Filtering
![Page 1: Advanced Application and Web Filtering](https://reader035.fdocuments.us/reader035/viewer/2022062422/56813aeb550346895da355e9/html5/thumbnails/1.jpg)
1
Advanced Application and Web Filtering
![Page 2: Advanced Application and Web Filtering](https://reader035.fdocuments.us/reader035/viewer/2022062422/56813aeb550346895da355e9/html5/thumbnails/2.jpg)
2
Common security attacks
• Finding a way into the network• Exploiting software bugs, buffer overflows• Denial of Service• TCP hijacking• Packet sniffing• Social problems
![Page 3: Advanced Application and Web Filtering](https://reader035.fdocuments.us/reader035/viewer/2022062422/56813aeb550346895da355e9/html5/thumbnails/3.jpg)
3
Common security attacks
• Finding a way into the network• Exploiting software bugs, buffer overflows• Denial of Service• TCP hijacking• Packet sniffing• Social problems
FirewallsFirewalls
Intrusion Detection SystemsIntrusion Detection Systems
Ingress filtering, IDSIngress filtering, IDS
IPSecIPSec
Encryption (SSH, SSL, HTTPS)Encryption (SSH, SSL, HTTPS)
EducationEducation
![Page 4: Advanced Application and Web Filtering](https://reader035.fdocuments.us/reader035/viewer/2022062422/56813aeb550346895da355e9/html5/thumbnails/4.jpg)
4
Types of Firewalls
• Packet Filtering• Stateful Inspection• Application-Layer Inspection
InternetInternet
![Page 5: Advanced Application and Web Filtering](https://reader035.fdocuments.us/reader035/viewer/2022062422/56813aeb550346895da355e9/html5/thumbnails/5.jpg)
5
Application filter and Web Filter
• Application filters work with the firewall service in ISA Server to intercept and process network packets as they pass through ISA Server
• Application filters examine the application-level
• Web filters are used to mediate HTTP, HTTPS, and FTP tunneled
![Page 6: Advanced Application and Web Filtering](https://reader035.fdocuments.us/reader035/viewer/2022062422/56813aeb550346895da355e9/html5/thumbnails/6.jpg)
6
Application Filters• SMTP filter• DNS filter• POP Intrusion Detection filter• SOCKS V4 filter• FTP Access filter• H.323 filter• MMS filter• PNM filter• PPTP filter• RPC filter• RTSP filter
![Page 7: Advanced Application and Web Filtering](https://reader035.fdocuments.us/reader035/viewer/2022062422/56813aeb550346895da355e9/html5/thumbnails/7.jpg)
7
The SMTP Filter
if a command that is sent over the SMTP channel is
not on this list, it is dropped
if a command that is sent over the SMTP channel is
not on this list, it is dropped
![Page 8: Advanced Application and Web Filtering](https://reader035.fdocuments.us/reader035/viewer/2022062422/56813aeb550346895da355e9/html5/thumbnails/8.jpg)
8
The DNS Filter
Three attacks:• DNS host name overflow• DNS length overflow• DNS zone transfer
![Page 9: Advanced Application and Web Filtering](https://reader035.fdocuments.us/reader035/viewer/2022062422/56813aeb550346895da355e9/html5/thumbnails/9.jpg)
9
The SOCKS V4 Filter
![Page 10: Advanced Application and Web Filtering](https://reader035.fdocuments.us/reader035/viewer/2022062422/56813aeb550346895da355e9/html5/thumbnails/10.jpg)
10
Web Filters
• HTTP Security filter• ISA Server Link Translator• Web Proxy filter• SecurID filter• OWA Forms-based Authentication filter
![Page 11: Advanced Application and Web Filtering](https://reader035.fdocuments.us/reader035/viewer/2022062422/56813aeb550346895da355e9/html5/thumbnails/11.jpg)
11
The HTTP Security Filter (HTTP Filter)
• HTTP Security Filter Settings• HTTP Security Filter Logging• Disabling the HTTP Security Filter for Web Requests• Exporting and Importing HTTP Security Filter Settings• Investigating HTTP Headers for Potentially Dangerous
Applications• Example HTTP Security Filter Policies• Commonly Blocked Application Signatures• The Dangers of SSL Tunneling
![Page 12: Advanced Application and Web Filtering](https://reader035.fdocuments.us/reader035/viewer/2022062422/56813aeb550346895da355e9/html5/thumbnails/12.jpg)
12
The HTTP Security Filter (HTTP Filter)
![Page 13: Advanced Application and Web Filtering](https://reader035.fdocuments.us/reader035/viewer/2022062422/56813aeb550346895da355e9/html5/thumbnails/13.jpg)
13
Overview of HTTP Security Filter Settings
General Tab can configure the following options:•Maximum header length•Payload length•Maximum URL length•Verify normalization• Block high bit characters• Block responses containing Windows executable content
![Page 14: Advanced Application and Web Filtering](https://reader035.fdocuments.us/reader035/viewer/2022062422/56813aeb550346895da355e9/html5/thumbnails/14.jpg)
14
Overview of HTTP Security Filter Settings
• Methods tab control what HTTP methods are used through an Access Rule or Web Publishing Rule
• Three options:– Allow all methods– Allow only specified
methods– Block specified methods
(allow all others)
![Page 15: Advanced Application and Web Filtering](https://reader035.fdocuments.us/reader035/viewer/2022062422/56813aeb550346895da355e9/html5/thumbnails/15.jpg)
15
Overview of HTTP Security Filter Settings
• Add new method
![Page 16: Advanced Application and Web Filtering](https://reader035.fdocuments.us/reader035/viewer/2022062422/56813aeb550346895da355e9/html5/thumbnails/16.jpg)
16
Overview of HTTP Security Filter Settings
• The Extensions Tab control what file extensions are allowed to be requested through the ISA firewall
• Option:– Allow all extensions– Allow only specified
extensions– Block specified extensions
(allow all others)– Block requests containing
ambiguous extensions
![Page 17: Advanced Application and Web Filtering](https://reader035.fdocuments.us/reader035/viewer/2022062422/56813aeb550346895da355e9/html5/thumbnails/17.jpg)
17
Overview of HTTP Security Filter Settings
• Add file extensions
![Page 18: Advanced Application and Web Filtering](https://reader035.fdocuments.us/reader035/viewer/2022062422/56813aeb550346895da355e9/html5/thumbnails/18.jpg)
18
Overview of HTTP Security Filter Settings
• An HTTP header contains HTTP communication specific information that is included in HTTP requests made from a Web client and HTTP responses sent back to the Web client from a Web server.
• Option on Header Tab:– Allow all headers except the
following– Server header– Via header
![Page 19: Advanced Application and Web Filtering](https://reader035.fdocuments.us/reader035/viewer/2022062422/56813aeb550346895da355e9/html5/thumbnails/19.jpg)
19
Overview of HTTP Security Filter Settings
Common HTTP headers:• Content-length• Pragma• User-Agent• Accept-Encoding
![Page 20: Advanced Application and Web Filtering](https://reader035.fdocuments.us/reader035/viewer/2022062422/56813aeb550346895da355e9/html5/thumbnails/20.jpg)
20
Overview of HTTP Security Filter Settings
The Via Header The Server Header Option
![Page 21: Advanced Application and Web Filtering](https://reader035.fdocuments.us/reader035/viewer/2022062422/56813aeb550346895da355e9/html5/thumbnails/21.jpg)
21
Overview of HTTP Security Filter Settings
• The Signatures tab allows you to control access through the ISA firewall based on HTTP signatures you create
• These signatures are based on strings contained components of an HTTP communication:– Request UR L– Request headers– Request body– Response headers– Response body
![Page 22: Advanced Application and Web Filtering](https://reader035.fdocuments.us/reader035/viewer/2022062422/56813aeb550346895da355e9/html5/thumbnails/22.jpg)
22
The ISA Server Link Translator
• Link Translation solves a number of issues that may arise for external users connecting through the ISA firewall to an internal Web site
Link Translation Tab in Web Publishing Rule Properties
![Page 23: Advanced Application and Web Filtering](https://reader035.fdocuments.us/reader035/viewer/2022062422/56813aeb550346895da355e9/html5/thumbnails/23.jpg)
23
The Web Proxy Filter
• The Web Proxy filter allows connections from hosts not configured as Web Proxy clients to be forwarded to the ISA firewall’s Cache and Web Proxy components
![Page 24: Advanced Application and Web Filtering](https://reader035.fdocuments.us/reader035/viewer/2022062422/56813aeb550346895da355e9/html5/thumbnails/24.jpg)
24
The OWA Forms-Based Authentication Filter
• Used to mediate Forms-based authentication to OWA Web sites that are made accessible via ISA firewall Web Publishing Rules.
![Page 25: Advanced Application and Web Filtering](https://reader035.fdocuments.us/reader035/viewer/2022062422/56813aeb550346895da355e9/html5/thumbnails/25.jpg)
25
IP Filtering and Intrusion Detection/IntrusionPrevention
• Common Attacks Detection and Prevention• DNS Attacks Detection and Prevention• IP Options and IP Fragment Filtering
![Page 26: Advanced Application and Web Filtering](https://reader035.fdocuments.us/reader035/viewer/2022062422/56813aeb550346895da355e9/html5/thumbnails/26.jpg)
26
Common Attacks Detection and Prevention
![Page 27: Advanced Application and Web Filtering](https://reader035.fdocuments.us/reader035/viewer/2022062422/56813aeb550346895da355e9/html5/thumbnails/27.jpg)
27
DNS Attacks Detection and Prevention
• DNS host name overflow• DNS length overflow• DNS zone transfer
![Page 28: Advanced Application and Web Filtering](https://reader035.fdocuments.us/reader035/viewer/2022062422/56813aeb550346895da355e9/html5/thumbnails/28.jpg)
28
IP Options and IP Fragment Filtering
The IP Options Tab The IP Fragments Tab