Module 7 Advanced Application and Web Filtering Overview
Module 7: Advanced Application and Web Filtering
Overview Advanced Application and Web Filtering Overview Configuring HTTP Web Filters Additional Application and Web Filters
Lesson: Advanced Application and Web Filtering Overview What Is an Application Filter? What Is a Web Filter? Why Use Application and Web Filters? Application and Web Filter Architecture
What Is an Application Filter? Application filters can: Enable firewall traversal for complex protocols Enable protocol-level intrusion detection Application Server ISA Server Enable protocol-level content filtering Generate alerts and log events
What Is a Web Filter? Web filters can: Scan and modify HTTP requests Scan and modify HTTP responses Block specified responses Log and analyze traffic Encrypt and compress data Implement custom authentication schemes Web Server ISA Server
Why Use Application and Web Filters? Application Webmalicious filters provide: Protectionand against code by blocking packets that have worm or virus characteristics Protection against user actions by blocking the download of harmful programs or ensuring that some types of data do not leave the network Protection against specific network connections by blocking connection attempts by specific applications Integration with third-party or custom filters that have been developed using the application filter API or the Web filter API
Application and Web Filter Architecture Web 3 Filters Web Filter API Web Proxy Filter Application Filter API 4 2 1 Applicati on Filters Firewa ll Servic e Firewa ll Engine Rules Engine
Lesson: Configuring HTTP Web Filters HTTP Web Filtering Overview How to Configure HTTP Web Filter General Properties How to Configure HTTP Web Filter Methods How to Configure HTTP Web Filter Extensions How to Configure HTTP Web Filter Headers How to Configure HTTP Web Filter Signatures How to Identify an HTTP Application Signature Best Practice: HTTP Filter Configuration for Web Publishing
HTTP Web Filtering Overview Use HTTP filtering to: Filter traffic from internal clients to other networks Filter traffic from Internet clients to internal Web servers HTTP filtering is rule specific so you can configure different filters for each access or publishing rule HTTP filters enable filtering of HTTP packets based on several criteria
How to Configure HTTP Web Filter General Properties Configure maximum header length Configure maximum payload length Configure maximum URL and query length
How to Configure HTTP Web Filter Methods Configure allowed or blocked methods
How to Configure HTTP Web Filter Extensions Configure allowed or blocked extensions
How to Configure HTTP Web Filter Headers Configure headers that will be blocked Configure server header settings Configure Via header settings
How to Configure HTTP Web Filter Signatures Configure blocked signatures
How to Identify an HTTP Application Signature HTTP Reque st Request GET. http: //www. contoso. com/. HTTP/1. 0. Header. Accept: . image/gif, . image/x-xbitmap, . image/jpeg, . image/pjpeg, . application/vnd. ms-excel, . application/vnd. ms-powerpoint, . application/msword, . */*. . Accept-Language: . en-us. . If-Modified-Since: . Fri, . 11. Oct. 2002. 20: 30: 04. GMT. . If-None-Match: . "06 ee 8 fa 6471 c 21: 428". . User-Agent: . Mozilla/4. 0. (compatible; . MSIE. 6. 0; . Windows. NT. 5. 1). . Host: . www. contoso. com. . Proxy-Connection: . Keep-Alive. . . HTTP Header Signatu re
Best Practice: HTTP Filter Configuration for Web Publishing To configure a baseline HTTP filter: Configure maximum header, payload, URL and query lengths Verify normalization and do not block highbit characters Allow only GET, HEAD, and POST Block executable and server side includes extensions Block potentially malicious signatures Use the httpfilterconfig. vbs script from the ISA Server CD to import and export HTTP filter configurations
Practice: Configuring HTTP Filtering Testing HTTP Connections with Default HTTP Filter Importing and Testing Sample HTTP Filter Settings Modifying HTTP Filter Settings Den-Web-01 Gen-Web-01 Den-ISA-01 Den-DC-01 Internet
Lesson: Additional Application and Web Filters About the FTP Application Filter About the SOCKS V 4 Application Filter Other Application and Web Filters How to Develop Application and Web Filters
About the FTP Application Filter Contoso Ltd FTP Site Connect on Port 21 Reply to port 2456 ISA Serve r ftp: //ftp. contoso. c om Connect on Port 20 Reply to port 2457
About the SOCKS Version 4 Application Filter Application Server ISA Serve r SOCKS Application
Other Application and Web Filters ISA Server 2004 includes: Application filters that enable complex and secure client to server connections while hiding the complexity of the firewall configuration from the administrator Web filters to implement features such as special authentication mechanisms and link translation
How to Develop Application and Web Filters ISA Server filters that can be developed include: Protocol-enabling filters Protocol-scanning filters Redirection filters NAT supporting filters Intrusion detection filters Content filtering filters Use the ISA Server SDK to create custom filters
Lab: Configuring the HTTP Web Filter Exercise 1: Identifying an Application Method and Signature Exercise 2: Modifying the HTTP Web Filter Den-Web-01 Gen-Web-01 Den-ISA-01 Den-DC-01 Internet
- Slides: 23