beautypg.com

Amer Networks E5Web GUI User Manual

Page 386

background image

The opposite to blacklisting, this makes sure certain URLs are always allowed.
Wildcarding can also be used for these URLs, as described below.

It is important to note that whitelisting a URL means that it cannot be blacklisted and it
also cannot be dropped by web content filtering (if that is enabled, although it will be
logged). Anti-Virus scanning, if it is enabled, is always applied to the HTTP traffic even if
it is whitelisted.

These features are described in depth in Section 6.3.3, “Static Content Filtering”.

Dynamic Content Filtering

Access to specific URLs can be allowed or blocked according to policies for certain types of
web content. Access to news sites might be allowed whereas access to gaming sites might be
blocked. This feature is described in depth in Section 6.3.4, “Dynamic Web Content Filtering”.

Anti-Virus Scanning

The contents of HTTP file downloads can be scanned for viruses. Suspect files can be dropped
or just logged. This feature is common to a number of ALGs and is described fully in
Section 6.4, “Anti-Virus Scanning”.

Verify File Integrity

This part of the ALG deals with checking the filetype of downloaded files. There are two
separate optional features with filetype verification: Verify MIME type and Allow/Block
Selected Types, and these are described below:

1.

Verify MIME type

This option enables checking that the filetype of a file download agrees with the
contents of the file (the term filetype here is also known as the filename extension).

All filetypes that are checked in this way by cOS Core are listed in Appendix C, Verified
MIME filetypes. When enabled, any file download that fails MIME verification, in other
words its filetype does not match its contents, is dropped by cOS Core on the
assumption that it can be a security threat.

2.

Allow/Block Selected Types

This option operates independently of the MIME verification option described above but
is based on the predefined filetypes listed in Appendix C, Verified MIME filetypes. When
enabled, the feature operates in either a Block Selected or an Allow Selected mode. These
two modes function as follows:

i. Block Selected

The filetypes marked in the list will be dropped as downloads. To make sure that this is
not circumvented by renaming a file, cOS Core looks at the file's contents (in a way
similar to MIME checking) to confirm the file is what it claims to be.

If, for example, .exe files are blocked and a file with a filetype of .jpg (which is not
blocked) is found to contain .exe data then it will be blocked. If blocking is selected but
nothing in the list is marked, no blocking is done.

ii. Allow Selected

Only those filetypes marked will be allowed in downloads and other will be dropped. As
with blocking, file contents are also examined to verify the file's contents. If, for example,
.jpg files are allowed and a file with a filetype of .jpg is found to contain .exe data then

Chapter 6: Security Mechanisms

386

This manual is related to the following products:
See also other documents in the category Amer Networks Computer Accessories: