Table of Contents
Advertisement
i. Block Selected
The filetypes marked in the list will be dropped as downloads. To make sure that this is
not circumvented by renaming a file, NetDefendOS looks at the file's contents (in a way
similar to MIME checking) to confirm the file is what it claims to be.
If, for example, .exe files are blocked and a file with a filetype of .jpg (which is not
blocked) is found to contain .exe data then it will be blocked. If blocking is selected but
nothing in the list is marked, no blocking is done.
ii. Allow Selected
Only those filetypes marked will be allowed in downloads and other will be dropped. As
with blocking, file contents are also examined to verify the file's contents. If, for example,
.jpg files are allowed and a file with a filetype of .jpg is found to contain .exe data then
the download will be dropped. If nothing is marked in this mode then no files can be
downloaded.
Additional filetypes not included by default can be added to the Allow/Block list
however these cannot be subject to content checking meaning that the file extension
will be trusted as being correct for the contents of the file.
Note: Similarities with other NetDefendOS ALGs
The Verify MIME type and Allow/Block Selected Types options work in the
same way for the FTP, POP3 and SMTP ALGs.
iv.
Verify MIME Type
This option enables checking that the filetype of a file download agrees with the
contents of the file (the term filetype here is also known as the filename extension).
All filetypes that are checked in this way by NetDefendOS are listed in Appendix C,
Verified MIME filetypes. When enabled, any file download that fails MIME verification, in
other words its filetype does not match its contents, is dropped by NetDefendOS on the
assumption that it can be a security threat.
•
Web Content Filtering
Access to specific URLs can be allowed or blocked according to policies for certain types of
web content. Access to news sites might be allowed whereas access to gaming sites might be
blocked. This feature is described in depth in Section 6.3.4, "Dynamic Web Content Filtering".
•
Anti-Virus Scanning
The contents of HTTP file downloads can be scanned for viruses. Suspect files can be dropped
or just logged. This feature is common to a number of ALGs and is described fully in
Section 6.5, "Anti-Virus Scanning".
•
URL Filtering
The administrator can define the blacklisting and whitelisting of specific URLs. This is done by
adding one or more HTTP ALG URL objects as children of a single parent HTTP ALG object.
When doing this with an IP Policy, object, one or more URL Filter objects are added as children
to a Web Profile object that is then assigned to the IP Policy.
i.
URL Blacklisting
429
Chapter 6: Security Mechanisms
- Quick Links:
- User Manual
Hide quick links:
Advertisement
Table of Contents
Troubleshooting
