Presentation is loading. Please wait.

Presentation is loading. Please wait.

Module 7: Advanced Application and Web Filtering.

Published byLilian Washington Modified over 9 years ago

Similar presentations

Presentation on theme: "Module 7: Advanced Application and Web Filtering."— Presentation transcript:

1 Module 7: Advanced Application and Web Filtering

2 Overview Advanced Application and Web Filtering Overview Configuring HTTP Web Filters Additional Application and Web Filters

3 Lesson: Advanced Application and Web Filtering Overview What Is an Application Filter? What Is a Web Filter? Why Use Application and Web Filters? Application and Web Filter Architecture

4 What Is an Application Filter? Application filters can: Enable firewall traversal for complex protocols Enable protocol-level intrusion detection Enable protocol-level content filtering Generate alerts and log events ISA Server Application Server

5 What Is a Web Filter? Web filters can: Scan and modify HTTP requests Scan and modify HTTP responses Block specified responses Log and analyze traffic Encrypt and compress data Implement custom authentication schemes ISA Server Web Server

6 Why Use Application and Web Filters? Application and Web filters provide: Protection against malicious code by blocking packets that have worm or virus characteristics Protection against user actions by blocking the download of harmful programs or ensuring that some types of data do not leave the network Protection against specific network connections by blocking connection attempts by specific applications Integration with third-party or custom filters that have been developed using the application filter API or the Web filter API Protection against malicious code by blocking packets that have worm or virus characteristics Protection against user actions by blocking the download of harmful programs or ensuring that some types of data do not leave the network Protection against specific network connections by blocking connection attempts by specific applications Integration with third-party or custom filters that have been developed using the application filter API or the Web filter API

7 Web Proxy Filter Web Filter API Application Filter API Application and Web Filter Architecture Rules Engine Rules Engine 3 3 Application Filters Web Filters Firewall Service Firewall Engine 2 2 1 1 4 4

8 Lesson: Configuring HTTP Web Filters HTTP Web Filtering Overview How to Configure HTTP Web Filter General Properties How to Configure HTTP Web Filter Methods How to Configure HTTP Web Filter Extensions How to Configure HTTP Web Filter Headers How to Configure HTTP Web Filter Signatures How to Identify an HTTP Application Signature Best Practice: HTTP Filter Configuration for Web Publishing

9 HTTP Web Filtering Overview Use HTTP filtering to: HTTP filtering is rule specific so you can configure different filters for each access or publishing rule Use HTTP filtering to: HTTP filtering is rule specific so you can configure different filters for each access or publishing rule Filter traffic from internal clients to other networks Filter traffic from Internet clients to internal Web servers Filter traffic from internal clients to other networks Filter traffic from Internet clients to internal Web servers HTTP filters enable filtering of HTTP packets based on several criteria

10 How to Configure HTTP Web Filter General Properties Configure maximum payload length Configure maximum payload length Configure maximum URL and query length Configure maximum URL and query length Configure maximum header length Configure maximum header length

11 How to Configure HTTP Web Filter Methods Configure allowed or blocked methods Configure allowed or blocked methods

12 How to Configure HTTP Web Filter Extensions Configure allowed or blocked extensions Configure allowed or blocked extensions

13 How to Configure HTTP Web Filter Headers Configure server header settings Configure server header settings Configure Via header settings Configure Via header settings Configure headers that will be blocked Configure headers that will be blocked

14 How to Configure HTTP Web Filter Signatures Configure blocked signatures Configure blocked signatures

15 GET.http://www.contoso.com/.HTTP/1.0..Accept:.image/gif,.image/x-xbitmap,.image/jpeg,.image/pjpeg,.application/vnd.ms-excel,.application/vnd.ms-powerpoint,.application/msword,.*/*..Accept-Language:.en-us..If-Modified-Since:.Fri,.11.Oct.2002.20:30:04.GMT..If-None-Match:."06ee8fa6471c21:428"..User-Agent:.Mozilla/4.0.(compatible;.MSIE.6.0;.Windows.NT.5.1)..Host:.www.contoso.com..Proxy-Connection:.Keep-Alive... GET.http://www.contoso.com/.HTTP/1.0..Accept:.image/gif,.image/x-xbitmap,.image/jpeg,.image/pjpeg,.application/vnd.ms-excel,.application/vnd.ms-powerpoint,.application/msword,.*/*..Accept-Language:.en-us..If-Modified-Since:.Fri,.11.Oct.2002.20:30:04.GMT..If-None-Match:."06ee8fa6471c21:428"..User-Agent:.Mozilla/4.0.(compatible;.MSIE.6.0;.Windows.NT.5.1)..Host:.www.contoso.com..Proxy-Connection:.Keep-Alive... How to Identify an HTTP Application Signature Request Header Request Header HTTP Header HTTP Header Signature HTTP Request

16 Best Practice: HTTP Filter Configuration for Web Publishing To configure a baseline HTTP filter: Configure maximum header, payload, URL and query lengths Verify normalization and do not block high-bit characters Allow only GET, HEAD, and POST Block executable and server side includes extensions Block potentially malicious signatures Configure maximum header, payload, URL and query lengths Verify normalization and do not block high-bit characters Allow only GET, HEAD, and POST Block executable and server side includes extensions Block potentially malicious signatures Use the httpfilterconfig.vbs script from the ISA Server CD to import and export HTTP filter configurations

17 Practice: Configuring HTTP Filtering Testing HTTP Connections with Default HTTP Filter Importing and Testing Sample HTTP Filter Settings Modifying HTTP Filter Settings Den-Web-01 Internet Den-ISA-01 Den-DC-01 Gen-Web-01

18 Lesson: Additional Application and Web Filters About the FTP Application Filter About the SOCKS V4 Application Filter Other Application and Web Filters How to Develop Application and Web Filters

19 About the FTP Application Filter ISA Server Contoso Ltd FTP Site Connect on Port 20 Reply to port 2457 Connect on Port 20 Reply to port 2457 Connect on Port 21 Reply to port 2456 Connect on Port 21 Reply to port 2456 ftp://ftp.contoso.com

20 About the SOCKS Version 4 Application Filter ISA Server Application Server SOCKS Application

21 Other Application and Web Filters ISA Server 2004 includes: Application filters that enable complex and secure client to server connections while hiding the complexity of the firewall configuration from the administrator Web filters to implement features such as special authentication mechanisms and link translation Application filters that enable complex and secure client to server connections while hiding the complexity of the firewall configuration from the administrator Web filters to implement features such as special authentication mechanisms and link translation

22 How to Develop Application and Web Filters ISA Server filters that can be developed include: Protocol-enabling filters Protocol-scanning filters Redirection filters NAT supporting filters Intrusion detection filters Content filtering filters Protocol-enabling filters Protocol-scanning filters Redirection filters NAT supporting filters Intrusion detection filters Content filtering filters Use the ISA Server SDK to create custom filters

23 Lab: Configuring the HTTP Web Filter Exercise 1: Identifying an Application Method and Signature Exercise 2: Modifying the HTTP Web Filter Den-Web-01 Internet Den-ISA-01 Den-DC-01 Gen-Web-01

Download ppt "Module 7: Advanced Application and Web Filtering."

Similar presentations

Enabling Secure Internet Access with ISA Server

Enabling Secure Internet Access with ISA Server
Module 5: Configuring Access to Internal Resources.

Module 5: Configuring Access to Internal Resources.
Module 5: Configuring Access for Remote Clients and Networks.

Module 5: Configuring Access for Remote Clients and Networks.
Working with Proxy Servers and Application-Level Firewalls Chapter 5.

Working with Proxy Servers and Application-Level Firewalls Chapter 5.
Building Your Own Firewall Chapter 10. Learning Objectives List and define the two categories of firewalls Explain why desktop firewalls are used Explain.

Building Your Own Firewall Chapter 10. Learning Objectives List and define the two categories of firewalls Explain why desktop firewalls are used Explain.
Introduction to ISA 2004 Dana Epp Microsoft Security MVP.

Introduction to ISA 2004 Dana Epp Microsoft Security MVP.
Implementing ISA Server Caching. Caching Overview ISA Server supports caching as a way to improve the speed of retrieving information from the Internet.

Implementing ISA Server Caching. Caching Overview ISA Server supports caching as a way to improve the speed of retrieving information from the Internet.
FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. 6 Packet Filtering By Whitman, Mattord, & Austin© 2008 Course Technology.

FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. 6 Packet Filtering By Whitman, Mattord, & Austin© 2008 Course Technology.
Lesson 19: Configuring Windows Firewall

Lesson 19: Configuring Windows Firewall
 Proxy Servers are software that act as intermediaries between client and servers on the Internet.  They help users on private networks get information.

 Proxy Servers are software that act as intermediaries between client and servers on the Internet.  They help users on private networks get information.
1 Integrating ISA Server and Exchange Server. 2 How email works.

1 Integrating ISA Server and Exchange Server. 2 How works.
1 Enabling Secure Internet Access with ISA Server.

1 Enabling Secure Internet Access with ISA Server.
Firewalls Marin Stamov. Introduction Technological barrier designed to prevent unauthorized or unwanted communications between computer networks or hosts.

Firewalls Marin Stamov. Introduction Technological barrier designed to prevent unauthorized or unwanted communications between computer networks or hosts.
1 Advanced Application and Web Filtering. 2 Common security attacks Finding a way into the network Exploiting software bugs, buffer overflows Denial of.

1 Advanced Application and Web Filtering. 2 Common security attacks Finding a way into the network Exploiting software bugs, buffer overflows Denial of.
Managing Client Access

Managing Client Access
Packet Filtering. 2 Objectives Describe packets and packet filtering Explain the approaches to packet filtering Recommend specific filtering rules.

Packet Filtering. 2 Objectives Describe packets and packet filtering Explain the approaches to packet filtering Recommend specific filtering rules.
Configuring a Web Server. Overview Overview of IIS Preparing for an IIS Installation Installing IIS Configuring a Web Site Administering IIS Troubleshooting.

Configuring a Web Server. Overview Overview of IIS Preparing for an IIS Installation Installing IIS Configuring a Web Site Administering IIS Troubleshooting.
Module 8: Configuring Virtual Private Network Access for Remote Clients and Networks.

Module 8: Configuring Virtual Private Network Access for Remote Clients and Networks.
Securing Microsoft® Exchange Server 2010

Securing Microsoft® Exchange Server 2010
Chapter 6: Packet Filtering

Chapter 6: Packet Filtering

Similar presentations

Ads by Google