Advanced Application and Web Filtering PowerPoint PPT Presentation

presentation player overlay
About This Presentation
Transcript and Presenter's Notes

Title: Advanced Application and Web Filtering


1
Advanced Application and Web Filtering
2
Common security attacks
  • Finding a way into the network
  • Exploiting software bugs, buffer overflows
  • Denial of Service
  • TCP hijacking
  • Packet sniffing
  • Social problems

3
Common security attacks
  • Finding a way into the network
  • Exploiting software bugs, buffer overflows
  • Denial of Service
  • TCP hijacking
  • Packet sniffing
  • Social problems

Firewalls
Intrusion Detection Systems
Ingress filtering, IDS
IPSec
Encryption (SSH, SSL, HTTPS)
Education
4
Types of Firewalls
  • Packet Filtering
  • Stateful Inspection
  • Application-Layer Inspection

5
Application filter and Web Filter
  • Application filters work with the firewall
    service in ISA Server to intercept and process
    network packets as they pass through ISA Server
  • Application filters examine the application-level
  • Web filters are used to mediate HTTP, HTTPS, and
    FTP tunneled

6
Application Filters
  • SMTP filter
  • DNS filter
  • POP Intrusion Detection filter
  • SOCKS V4 filter
  • FTP Access filter
  • H.323 filter
  • MMS filter
  • PNM filter
  • PPTP filter
  • RPC filter
  • RTSP filter

7
The SMTP Filter
if a command that is sent over the SMTP channel
is not on this list, it is dropped
8
The DNS Filter
  • Three attacks
  • DNS host name overflow
  • DNS length overflow
  • DNS zone transfer

9
The SOCKS V4 Filter
10
Web Filters
  • HTTP Security filter
  • ISA Server Link Translator
  • Web Proxy filter
  • SecurID filter
  • OWA Forms-based Authentication filter

11
The HTTP Security Filter (HTTP Filter)
  • HTTP Security Filter Settings
  • HTTP Security Filter Logging
  • Disabling the HTTP Security Filter for Web
    Requests
  • Exporting and Importing HTTP Security Filter
    Settings
  • Investigating HTTP Headers for Potentially
    Dangerous Applications
  • Example HTTP Security Filter Policies
  • Commonly Blocked Application Signatures
  • The Dangers of SSL Tunneling

12
The HTTP Security Filter (HTTP Filter)
13
Overview of HTTP Security Filter Settings
  • General Tab can configure the following options
  • Maximum header length
  • Payload length
  • Maximum URL length
  • Verify normalization
  • Block high bit characters
  • Block responses containing Windows executable
    content

14
Overview of HTTP Security Filter Settings
  • Methods tab control what HTTP methods are used
    through an Access Rule or Web Publishing Rule
  • Three options
  • Allow all methods
  • Allow only specified methods
  • Block specified methods (allow all others)

15
Overview of HTTP Security Filter Settings
  • Add new method

16
Overview of HTTP Security Filter Settings
  • The Extensions Tab control what file extensions
    are allowed to be requested through the ISA
    firewall
  • Option
  • Allow all extensions
  • Allow only specified extensions
  • Block specified extensions (allow all others)
  • Block requests containing ambiguous extensions

17
Overview of HTTP Security Filter Settings
  • Add file extensions

18
Overview of HTTP Security Filter Settings
  • An HTTP header contains HTTP communication
    specific information that is included in HTTP
    requests made from a Web client and HTTP
    responses sent back to the Web client from a Web
    server.
  • Option on Header Tab
  • Allow all headers except the following
  • Server header
  • Via header

19
Overview of HTTP Security Filter Settings
  • Common HTTP headers
  • Content-length
  • Pragma
  • User-Agent
  • Accept-Encoding

20
Overview of HTTP Security Filter Settings
  • The Via Header
  • The Server Header Option

21
Overview of HTTP Security Filter Settings
  • The Signatures tab allows you to control access
    through the ISA firewall based on HTTP signatures
    you create
  • These signatures are based on strings contained
    components of an HTTP communication
  • Request UR L
  • Request headers
  • Request body
  • Response headers
  • Response body

22
The ISA Server Link Translator
  • Link Translation solves a number of issues that
    may arise for external users connecting through
    the ISA firewall to an internal Web site

Link Translation Tab in Web Publishing Rule
Properties
23
The Web Proxy Filter
  • The Web Proxy filter allows connections from
    hosts not configured as Web Proxy clients to be
    forwarded to the ISA firewalls Cache and Web
    Proxy components

24
The OWA Forms-Based Authentication Filter
  • Used to mediate Forms-based authentication to OWA
    Web sites that are made accessible via ISA
    firewall Web Publishing Rules.

25
IP Filtering and Intrusion Detection/IntrusionPre
vention
  • Common Attacks Detection and Prevention
  • DNS Attacks Detection and Prevention
  • IP Options and IP Fragment Filtering

26
Common Attacks Detection and Prevention
27
DNS Attacks Detection and Prevention
  • DNS host name overflow
  • DNS length overflow
  • DNS zone transfer

28
IP Options and IP Fragment Filtering
  • The IP Options Tab
  • The IP Fragments Tab
Write a Comment
User Comments (0)
About PowerShow.com
Home About Us Terms and Conditions Privacy Policy Presentation Removal Request Contact Us
Copyright 2025 CrystalGraphics, Inc. — All rights Reserved. PowerShow.com is a trademark of CrystalGraphics, Inc.
The : "Advanced Application and Web Filtering" is the property of its rightful owner.
Do you have PowerPoint slides to share? If so, share your PPT presentation slides online with PowerShow.com. It's FREE!