1 / 28

Advanced Application and Web Filtering

Advanced Application and Web Filtering. Common security attacks. Finding a way into the network Exploiting software bugs, buffer overflows Denial of Service TCP hijacking Packet sniffing Social problems. Common security attacks. Finding a way into the network

Télécharger la présentation

Advanced Application and Web Filtering

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Advanced Application and Web Filtering

  2. Common security attacks • Finding a way into the network • Exploiting software bugs, buffer overflows • Denial of Service • TCP hijacking • Packet sniffing • Social problems

  3. Common security attacks • Finding a way into the network • Exploiting software bugs, buffer overflows • Denial of Service • TCP hijacking • Packet sniffing • Social problems • Firewalls • Intrusion Detection Systems Ingress filtering, IDS • IPSec • Encryption (SSH, SSL, HTTPS) • Education

  4. Internet Types of Firewalls • Packet Filtering • Stateful Inspection • Application-Layer Inspection

  5. Application filter and Web Filter • Application filters work with the firewall service in ISA Server to intercept and processnetwork packets as they pass through ISA Server • Application filters examine the application-level • Web filters are used to mediate HTTP, HTTPS, and FTP tunneled

  6. Application Filters • SMTP filter • DNS filter • POP Intrusion Detection filter • SOCKS V4 filter • FTP Access filter • H.323 filter • MMS filter • PNM filter • PPTP filter • RPC filter • RTSP filter

  7. The SMTP Filter if a command that is sent over the SMTP channel is not on this list, it is dropped

  8. The DNS Filter Three attacks: • DNS host name overflow • DNS length overflow • DNS zone transfer

  9. The SOCKS V4 Filter

  10. Web Filters • HTTP Security filter • ISA Server Link Translator • Web Proxy filter • SecurID filter • OWA Forms-based Authentication filter

  11. The HTTP Security Filter (HTTP Filter) • HTTP Security Filter Settings • HTTP Security Filter Logging • Disabling the HTTP Security Filter for Web Requests • Exporting and Importing HTTP Security Filter Settings • Investigating HTTP Headers for Potentially Dangerous Applications • Example HTTP Security Filter Policies • Commonly Blocked Application Signatures • The Dangers of SSL Tunneling

  12. The HTTP Security Filter (HTTP Filter)

  13. Overview of HTTP Security Filter Settings • General Tab can configure the following options: • Maximum header length • Payload length • Maximum URL length • Verify normalization • Block high bit characters • Block responses containing Windows executable content

  14. Overview of HTTP Security Filter Settings • Methods tab control what HTTP methods are used through an Access Rule or Web Publishing Rule • Three options: • Allow all methods • Allow only specified methods • Block specified methods (allow all others)

  15. Overview of HTTP Security Filter Settings • Add new method

  16. Overview of HTTP Security Filter Settings • The Extensions Tab control what file extensions are allowed to be requested through the ISA firewall • Option: • Allow all extensions • Allow only specified extensions • Block specified extensions (allow all others) • Block requests containing ambiguous extensions

  17. Overview of HTTP Security Filter Settings • Add file extensions

  18. Overview of HTTP Security Filter Settings • An HTTP header contains HTTP communication specific information that is included in HTTP requests made from a Web client and HTTP responses sent back to the Web client from a Web server. • Option on Header Tab: • Allow all headers except the following • Server header • Via header

  19. Overview of HTTP Security Filter Settings Common HTTP headers: • Content-length • Pragma • User-Agent • Accept-Encoding

  20. Overview of HTTP Security Filter Settings The Via Header The Server Header Option

  21. Overview of HTTP Security Filter Settings • The Signatures tab allows you to control access through the ISA firewall based on HTTP signatures you create • These signatures are based on strings contained components of an HTTP communication: • Request UR L • Request headers • Request body • Response headers • Response body

  22. The ISA Server Link Translator • Link Translation solves a number of issues that may arise for external users connecting through the ISA firewall to an internal Web site Link Translation Tab in Web Publishing Rule Properties

  23. The Web Proxy Filter • The Web Proxy filter allows connections from hosts not configured as Web Proxy clients to be forwarded to the ISA firewall’s Cache and Web Proxy components

  24. The OWA Forms-Based Authentication Filter • Used to mediate Forms-based authentication to OWA Web sites that are made accessible via ISA firewall Web Publishing Rules.

  25. IP Filtering and Intrusion Detection/IntrusionPrevention • Common Attacks Detection and Prevention • DNS Attacks Detection and Prevention • IP Options and IP Fragment Filtering

  26. Common Attacks Detection and Prevention

  27. DNS Attacks Detection and Prevention • DNS host name overflow • DNS length overflow • DNS zone transfer

  28. IP Options and IP Fragment Filtering The IP Options Tab The IP Fragments Tab

More Related