130 likes | 142 Views
Learn how to configure and apply application filters for advanced firewall protection at the application layer, using examples with Alcatel-Lucent products.
E N D
Applying Application Filters Configuration Example Alcatel-Lucent Security Products Configuration Example Series
Configuring Application Filters • Application Filters are an advanced firewall technique used to filter at the application layer (7) in protocols that allow application layer commands. • Most firewall work is done at layer 3 & 4 of the OSI Model. Most of your rules will be making decisions based on IP addresses (layer 3) and port numbers (layer 4). • Consider the FTP protocol. We know that FTP operates on port 21, but we also know that there are many commands in this protocol like; Put, Get and Ls. If you make a firewall rule allowing port 21 to a certain group of hosts you are allowing all of these commands to be used. In other words, people can “Put” things on those hosts. For finer granularity you may want to use the FTP Application filter to allow things like; Bin, Get, LS, Bye…. But you might want to block things like Md and Put. That’s where an application filter will come in handy. • Think of an application filter as an application specific firewall attached to a rule.
Configuring Application Filters • Application filters will also allow you to work within the protocol that you are filtering using the commands of that protocol to further secure your network. • The HTTP application filter will allow us to filter on URL’s, URI’s as well as on Keywords. • If for instance you wanted to block a series of sites from your users you could create a list of URL’s, URI’s or Keywords to block or “black list”. You could also block everything except a list of sites that you want to allow or “white list” • Note: there may still be cases where you will want to use a third party, external URL Filtering appliances as well, you have the option of doing that in combination with the application filter running on your firewall. • In fact you can route from the Brick to any third party scanning devices by protocol using the “Rules Based Routing” feature. See the configuration example on “Rules Based Routing” if you would like more detail on that.
Configuring Application Filters • These are the default Application Filters that come with the ALSMS as of release 9.1. • This Configuration Example will walk you through configuring and testing the HTTP Application Filter. • Other application filters are applied in the same manner. • For details on configuring specific application filters see the ALSMS Policy Guide. • Applying application filters is a simple 3 step process. Which will be covered in this example.
Configuring Application Filters • Let’s go ahead and configure a simple HTTP application filter and test it. • Click on the Application Filters Folder • Right click and select New Application Filter.
Configuring Application Filters • Fill in the name HTTP-Application-Filter. • Fill in a description • Accept the default Type HTTP. • Accept the defaults and click on the Keyword Tab. • Right click and select New.
Configuring Application Filters • In our example let’s say that we want to block a site who’s URL is www.music.com • From your PC on the web go to that site now and make sure it works. • Fill in the keyword pattern matching editor as follows. • You can block as many sites as you want using this application filter. • When you are done click OK. Then click File>Save and Close.
Configuring Application Filters • Next we are going to attach the application filter to one of our service groups. You may have already used this service group in a rule, if not you can and will now have the application filter applied to it. This simple test assumes that you have already applied an HTTP rule. • Double click on the Service Groups folder. • Double click on the HTTP service. • Double click on the actual service to open this window. • Attach your HTTP-Application-Filter by using the pull down menu at the bottom.
Configuring Application Filters • Click OK • Click File>Save and Close • See if you can still go to the site www.music.com , You should be able to. • We have created a simple filter and attached it to a service that is used in our rule set. What we need to do now is open that rule set and do a Save and Apply. Click Clear Cache when you do this save and apply just in case you have a session already open with www.music.com • Now try the site www.music.com and you should get a 403 Forbidden warning.
Configuring Application Filters • The “music.com” example was a very simplistic example of blocking one URL. You can block as many as you would like. • Let’s go add a keyword block to our application filter to see how that works. • Double click on the Application Filters folder. • Double click on your HTTP-Application-Filter. • Click on the URI Tab. • Right click and select New. • Fill out the window as seen on the following slide.
Configuring Application Filters • Note: The asterisks (**) are acting as wild cards for the characters before and after the word *truck* • Click OK, File>Save and Close. • Remember to go back and reapply yourFirewall rule set.
Configuring Application Filters • From the PC that you are surfing the web on, surf to your favorite car manufacturer. Click on their trucks and see if you can look at anything that has the word “truck” in the URI string. You should be blocked from seeing the trucks, but should be able to see their cars. Try www.ford.com • In real life you may want to block on keywords such as; *MP3*, *Gambling*, *Games* and others. • This is a great way to block categories. If you are using a third party appliance for URL filtering as a secondary appliance, you will be filtering out a lot of traffic and making the job of that appliance easier by using this application filter. • Try filtering on other things or try some of the other application filters.
Configuring Application Filters • For more detailed information on configuring this feature click Help>On Line Product Manuals>Policy Guide • See the section on Application Filters. • The Product Manuals can also be found on your ALSMS CD. Lucent Technologies – ProprietaryUse pursuant to company instruction