Presentation is loading. Please wait.

Presentation is loading. Please wait.

1 Advanced Application and Web Filtering. 2 Common security attacks Finding a way into the network Exploiting software bugs, buffer overflows Denial of.

Published byBarry Gardner Modified over 8 years ago

Similar presentations

Presentation on theme: "1 Advanced Application and Web Filtering. 2 Common security attacks Finding a way into the network Exploiting software bugs, buffer overflows Denial of."— Presentation transcript:

1 1 Advanced Application and Web Filtering

2 2 Common security attacks Finding a way into the network Exploiting software bugs, buffer overflows Denial of Service TCP hijacking Packet sniffing Social problems

3 3 Common security attacks Finding a way into the network Exploiting software bugs, buffer overflows Denial of Service TCP hijacking Packet sniffing Social problems Firewalls Intrusion Detection Systems Ingress filtering, IDS IPSec Encryption (SSH, SSL, HTTPS) Education

4 4 Types of Firewalls Packet Filtering Stateful Inspection Application-Layer Inspection Internet

5 5 Application filter and Web Filter Application filters work with the firewall service in ISA Server to intercept and process network packets as they pass through ISA Server Application filters examine the application- level Web filters are used to mediate HTTP, HTTPS, and FTP tunneled

6 6 Application Filters SMTP filter DNS filter POP Intrusion Detection filter SOCKS V4 filter FTP Access filter H.323 filter MMS filter PNM filter PPTP filter RPC filter RTSP filter

7 7 The SMTP Filter if a command that is sent over the SMTP channel is not on this list, it is dropped

8 8 The DNS Filter Three attacks: DNS host name overflow DNS length overflow DNS zone transfer

9 9 The SOCKS V4 Filter

10 10 Web Filters HTTP Security filter ISA Server Link Translator Web Proxy filter SecurID filter OWA Forms-based Authentication filter

11 11 The HTTP Security Filter (HTTP Filter) HTTP Security Filter Settings HTTP Security Filter Logging Disabling the HTTP Security Filter for Web Requests Exporting and Importing HTTP Security Filter Settings Investigating HTTP Headers for Potentially Dangerous Applications Example HTTP Security Filter Policies Commonly Blocked Application Signatures The Dangers of SSL Tunneling

12 12 The HTTP Security Filter (HTTP Filter)

13 13 Overview of HTTP Security Filter Settings General Tab can configure the following options: Maximum header length Payload length Maximum URL length Verify normalization Block high bit characters Block responses containing Windows executable content

14 14 Overview of HTTP Security Filter Settings Methods tab control what HTTP methods are used through an Access Rule or Web Publishing Rule Three options: – Allow all methods – Allow only specified methods – Block specified methods (allow all others)

15 15 Overview of HTTP Security Filter Settings Add new method

16 16 Overview of HTTP Security Filter Settings The Extensions Tab control what file extensions are allowed to be requested through the ISA firewall Option: – Allow all extensions – Allow only specified extensions – Block specified extensions (allow all others) – Block requests containing ambiguous extensions

17 17 Overview of HTTP Security Filter Settings Add file extensions

18 18 Overview of HTTP Security Filter Settings An HTTP header contains HTTP communication specific information that is included in HTTP requests made from a Web client and HTTP responses sent back to the Web client from a Web server. Option on Header Tab: – Allow all headers except the following – Server header – Via header

19 19 Overview of HTTP Security Filter Settings Common HTTP headers: Content-length Pragma User-Agent Accept-Encoding

20 20 Overview of HTTP Security Filter Settings The Via HeaderThe Server Header Option

21 21 Overview of HTTP Security Filter Settings The Signatures tab allows you to control access through the ISA firewall based on HTTP signatures you create These signatures are based on strings contained components of an HTTP communication: – Request UR L – Request headers – Request body – Response headers – Response body

22 22 The ISA Server Link Translator Link Translation solves a number of issues that may arise for external users connecting through the ISA firewall to an internal Web site Link Translation Tab in Web Publishing Rule Properties

23 23 The Web Proxy Filter The Web Proxy filter allows connections from hosts not configured as Web Proxy clients to be forwarded to the ISA firewall’s Cache and Web Proxy components

24 24 The OWA Forms-Based Authentication Filter Used to mediate Forms- based authentication to OWA Web sites that are made accessible via ISA firewall Web Publishing Rules.

25 25 IP Filtering and Intrusion Detection/Intrusion Prevention Common Attacks Detection and Prevention DNS Attacks Detection and Prevention IP Options and IP Fragment Filtering

26 26 Common Attacks Detection and Prevention

27 27 DNS Attacks Detection and Prevention DNS host name overflow DNS length overflow DNS zone transfer

28 28 IP Options and IP Fragment Filtering The IP Options TabThe IP Fragments Tab

Download ppt "1 Advanced Application and Web Filtering. 2 Common security attacks Finding a way into the network Exploiting software bugs, buffer overflows Denial of."

Similar presentations

Enabling Secure Internet Access with ISA Server

Enabling Secure Internet Access with ISA Server
Module 7: Configuring Access to Internal Resources.

Module 7: Configuring Access to Internal Resources.
BASIC CRYPTOGRAPHY CONCEPT. Secure Socket Layer (SSL)  SSL was first used by Netscape.  To ensure security of data sent through HTTP, LDAP or POP3.

BASIC CRYPTOGRAPHY CONCEPT. Secure Socket Layer (SSL)  SSL was first used by Netscape.  To ensure security of data sent through HTTP, LDAP or POP3.
Module 5: Configuring Access to Internal Resources.

Module 5: Configuring Access to Internal Resources.
FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. 7 Working with Proxy Servers & Application-Level Firewalls By Whitman, Mattord,

FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. 7 Working with Proxy Servers & Application-Level Firewalls By Whitman, Mattord,
Working with Proxy Servers and Application-Level Firewalls Chapter 5.

Working with Proxy Servers and Application-Level Firewalls Chapter 5.
Building Your Own Firewall Chapter 10. Learning Objectives List and define the two categories of firewalls Explain why desktop firewalls are used Explain.

Building Your Own Firewall Chapter 10. Learning Objectives List and define the two categories of firewalls Explain why desktop firewalls are used Explain.
Introduction to ISA 2004 Dana Epp Microsoft Security MVP.

Introduction to ISA 2004 Dana Epp Microsoft Security MVP.
Firewalls and Intrusion Detection Systems

Firewalls and Intrusion Detection Systems
Securing the Perimeter – Exchange and VPN Access with ISA Server 2004 Jamie Sharp CISSP Security Advisor Amit Pawar National Technology Specialist Microsoft.

Securing the Perimeter – Exchange and VPN Access with ISA Server 2004 Jamie Sharp CISSP Security Advisor Amit Pawar National Technology Specialist Microsoft.
FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. 6 Packet Filtering By Whitman, Mattord, & Austin© 2008 Course Technology.

FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. 6 Packet Filtering By Whitman, Mattord, & Austin© 2008 Course Technology.
Lesson 19: Configuring Windows Firewall

Lesson 19: Configuring Windows Firewall
 Proxy Servers are software that act as intermediaries between client and servers on the Internet.  They help users on private networks get information.

 Proxy Servers are software that act as intermediaries between client and servers on the Internet.  They help users on private networks get information.
Chapter 7: Working with Proxy Servers & Application-Level Firewalls

Chapter 7: Working with Proxy Servers & Application-Level Firewalls
Installing and Maintaining ISA Server. Planning an ISA Server Deployment Understand the current network infrastructure Review company security policies.

Installing and Maintaining ISA Server. Planning an ISA Server Deployment Understand the current network infrastructure Review company security policies.
1 Enabling Secure Internet Access with ISA Server.

1 Enabling Secure Internet Access with ISA Server.
1 Chapter 6 Network Security Threats. 2 Objectives In this chapter, you will: Learn how to defend against packet sniffers Understand the TCP, UDP, and.

1 Chapter 6 Network Security Threats. 2 Objectives In this chapter, you will: Learn how to defend against packet sniffers Understand the TCP, UDP, and.
CS426Fall 2010/Lecture 361 Computer Security CS 426 Lecture 36 Perimeter Defense and Firewalls.

CS426Fall 2010/Lecture 361 Computer Security CS 426 Lecture 36 Perimeter Defense and Firewalls.
Packet Filtering. 2 Objectives Describe packets and packet filtering Explain the approaches to packet filtering Recommend specific filtering rules.

Packet Filtering. 2 Objectives Describe packets and packet filtering Explain the approaches to packet filtering Recommend specific filtering rules.
FIREWALL Mạng máy tính nâng cao-V1.

FIREWALL Mạng máy tính nâng cao-V1.

Similar presentations

Ads by Google