What Is an Application Filter?Application filters can: Enable firewall traversal for complex protocols Enable protocol-level intrusion detection Enable protocol-level content filtering G
Trang 1Module 7:
Advanced Application and
Web Filtering
Trang 3Lesson: Advanced Application and Web Filtering Overview
What Is an Application Filter?
What Is a Web Filter?
Why Use Application and Web Filters?
Application and Web Filter Architecture
Trang 4What Is an Application Filter?
Application filters can:
Enable firewall traversal for complex protocols
Enable protocol-level intrusion detection
Enable protocol-level content filtering
Generate alerts and log events
ISA Server Application
Server
Trang 5What Is a Web Filter?
Web filters can:
Scan and modify HTTP requests
Scan and modify HTTP responses
Block specified responses Log and analyze traffic Encrypt and compress data Implement custom
authentication schemes
ISA Server Web
Server
Trang 6Why Use Application and Web Filters?
Application and Web filters provide:
Protection against malicious code by blocking packets that have worm or virus characteristics
Protection against user actions by blocking the
download of harmful programs or ensuring that some types of data do not leave the network
Protection against specific network connections by blocking connection attempts by specific applications Integration with third-party or custom filters that have been developed using the application filter API or the Web filter API
Protection against malicious code by blocking packets that have worm or virus characteristics
Protection against user actions by blocking the
download of harmful programs or ensuring that some types of data do not leave the network
Protection against specific network connections by blocking connection attempts by specific applications Integration with third-party or custom filters that have been developed using the application filter API or the Web filter API
Trang 7Web Proxy Filter
Web Filter API
Application Filter API
Application and Web Filter Architecture
Rules Engine Rules
Firewall Service
Firewall Engine
2
1 4
Trang 8Lesson: Configuring HTTP Web Filters
HTTP Web Filtering Overview
How to Configure HTTP Web Filter General Properties How to Configure HTTP Web Filter Methods
How to Configure HTTP Web Filter Extensions
How to Configure HTTP Web Filter Headers
How to Configure HTTP Web Filter Signatures
How to Identify an HTTP Application Signature
Best Practice: HTTP Filter Configuration for
Web Publishing
Trang 9HTTP Web Filtering Overview
Use HTTP filtering to:
HTTP filtering is rule specific so you can configure different filters for each access or publishing rule
Use HTTP filtering to:
HTTP filtering is rule specific so you can configure different filters for each access or publishing rule
Filter traffic from internal clients to other networks
Filter traffic from Internet clients to internal
Web servers
Filter traffic from internal clients to other networks
Filter traffic from Internet clients to internal
Trang 10How to Configure HTTP Web Filter General Properties
Trang 11How to Configure HTTP Web Filter Methods
Trang 12How to Configure HTTP Web Filter Extensions
Trang 13How to Configure HTTP Web Filter Headers
Configure Via header settings
Trang 14How to Configure HTTP Web Filter Signatures
Configure blocked signatures
Configure blocked signatures
Trang 15Request Header
Trang 16Best Practice: HTTP Filter Configuration for Web Publishing
To configure a baseline HTTP filter:
Configure maximum header, payload, URL and
query lengths
Verify normalization and do not block high-bit
characters
Allow only GET, HEAD, and POST
Block executable and server side includes extensions
Block potentially malicious signatures
Configure maximum header, payload, URL and
query lengths
Verify normalization and do not block high-bit
characters
Allow only GET, HEAD, and POST
Block executable and server side includes extensions
Block potentially malicious signatures
Use the httpfilterconfig.vbs script from the ISA Server
CD to import and export HTTP filter configurations
Use the httpfilterconfig.vbs script from the ISA Server
CD to import and export HTTP filter configurations
Trang 17Practice: Configuring HTTP Filtering
Testing HTTP Connections with Default HTTP Filter
Importing and Testing Sample HTTP Filter Settings
Modifying HTTP Filter Settings
Trang 18Lesson: Additional Application and Web Filters
About the FTP Application Filter
About the SOCKS V4 Application Filter
Other Application and Web Filters
How to Develop Application and Web Filters
Trang 19About the FTP Application Filter
ISA Server
ISA Server
Contoso Ltd FTP Site
Contoso Ltd FTP Site
Connect on Port 20 Reply to port 2457
Connect on Port 20 Reply to port 2457
Connect on Port 21 Reply to port 2456
Connect on Port 21 Reply to port 2456
ftp://ftp.contoso.com
Trang 20About the SOCKS Version 4 Application Filter
ISA Server
ISA Server
Application Server
SOCKS Application
Trang 21Other Application and Web Filters
ISA Server 2004 includes:
Application filters that enable complex and
secure client to server connections while hiding the complexity of the firewall configuration from
the administrator
Web filters to implement features such as special authentication mechanisms and link translation
Application filters that enable complex and
secure client to server connections while hiding the complexity of the firewall configuration from
the administrator
Web filters to implement features such as special authentication mechanisms and link translation
Trang 22How to Develop Application and Web Filters
ISA Server filters that can be developed include:
Protocol-enabling filters
Protocol-scanning filters
Redirection filters
NAT supporting filters
Intrusion detection filters
Content filtering filters
Protocol-enabling filters
Protocol-scanning filters
Redirection filters
NAT supporting filters
Intrusion detection filters
Content filtering filters
Use the ISA Server SDK to create custom filters
Trang 23Lab: Configuring the HTTP Web Filter
Exercise 1: Identifying an Application Method and Signature
Exercise 2: Modifying the HTTP Web Filter