Anti-Virus scanning, if it is enabled, is always applied to the HTTP traffic even if it is
whitelisted.
These features are described in depth in Section 6.3.3, “Static Content Filtering”.
•
Dynamic Content Filtering - Access to specific URLs can be allowed or blocked according to
policies for certain types of web content. Access to news sites might be allowed whereas access
to gaming sites might be blocked.
This feature is described in depth in Section 6.3.4, “Dynamic Web Content Filtering”.
•
Anti-Virus Scanning - The contents of HTTP file downloads can be scanned for viruses.
Suspect files can be dropped or just logged.
This feature is common to a number of ALGs and is described fully in Section 6.4, “Anti-Virus
Scanning”.
•
Verify File Integrity - This part of the ALG deals with checking the filetype of downloaded
files. There are two separate optional features with filetype verification: Verify MIME type and
Allow/Block Selected Types, and these are described below:
1.
Verify MIME type
This option enables checking that the filetype of a file download agrees with the contents of
the file (the term filetype here is also known as the filename extension).
All filetypes that are checked in this way by NetDefendOS are listed in Appendix C,
Verified MIME filetypes. When enabled, any file download that fails MIME verification, in
other words its filetype does not match its contents, is dropped by NetDefendOS on the
assumption that it can be a security threat.
2.
Allow/Block Selected Types
This option operates independently of the MIME verification option described above but is
based on the predefined filetypes listed in Appendix C, Verified MIME filetypes. When
enabled, the feature operates in either a Block Selected or an Allow Selected mode. These
two modes function as follows:
i. Block Selected
The filetypes marked in the list will be dropped as downloads. To make sure that this is not
circumvented by renaming a file, NetDefendOS looks at the file's contents (in a way similar
to MIME checking) to confirm the file is what it claims to be.
If, for example, .exe files are blocked and a file with a filetype of .jpg (which is not
blocked) is found to contain .exe data then it will be blocked. If blocking is selected but
nothing in the list is marked, no blocking is done.
ii. Allow Selected
Only those filetypes marked will be allowed in downloads and other will be dropped. As
with blocking, file contents are also examined to verify the file's contents. If, for example,
.jpg files are allowed and a file with a filetype of .jpg is found to contain .exe data then the
download will be dropped. If nothing is marked in this mode then no files can be
downloaded.
Additional filetypes not included by default can be added to the Allow/Block list however
these cannot be subject to content checking meaning that the file extension will be trusted
as being correct for the contents of the file.
6.2.2. The HTTP ALG
Chapter 6. Security Mechanisms
247
Summary of Contents for NetDefend DFL-260E
Page 27: ...1 3 NetDefendOS State Engine Packet Flow Chapter 1 NetDefendOS Overview 27...
Page 79: ...2 7 3 Restore to Factory Defaults Chapter 2 Management and Maintenance 79...
Page 146: ...3 9 DNS Chapter 3 Fundamentals 146...
Page 227: ...4 7 5 Advanced Settings for Transparent Mode Chapter 4 Routing 227...
Page 241: ...5 4 IP Pools Chapter 5 DHCP Services 241...
Page 339: ...6 7 Blacklisting Hosts and Networks Chapter 6 Security Mechanisms 339...
Page 360: ...7 4 7 SAT and FwdFast Rules Chapter 7 Address Translation 360...
Page 382: ...8 3 Customizing HTML Pages Chapter 8 User Authentication 382...
Page 386: ...The TLS ALG 9 1 5 The TLS Alternative for VPN Chapter 9 VPN 386...
Page 439: ...Figure 9 3 PPTP Client Usage 9 5 4 PPTP L2TP Clients Chapter 9 VPN 439...
Page 450: ...9 7 6 Specific Symptoms Chapter 9 VPN 450...
Page 488: ...10 4 6 Setting Up SLB_SAT Rules Chapter 10 Traffic Management 488...
Page 503: ...11 6 HA Advanced Settings Chapter 11 High Availability 503...
Page 510: ...12 3 5 Limitations Chapter 12 ZoneDefense 510...
Page 533: ...13 9 Miscellaneous Settings Chapter 13 Advanced Settings 533...