Web Filtering. Module Objectives By the end of this module participants will be able to: Identify...
-
Upload
lucinda-mcdaniel -
Category
Documents
-
view
223 -
download
0
Transcript of Web Filtering. Module Objectives By the end of this module participants will be able to: Identify...
![Page 1: Web Filtering. Module Objectives By the end of this module participants will be able to: Identify the web filtering mechanisms used on the FortiGate device.](https://reader030.fdocuments.net/reader030/viewer/2022020921/56649d9c5503460f94a85650/html5/thumbnails/1.jpg)
Web Filtering
![Page 2: Web Filtering. Module Objectives By the end of this module participants will be able to: Identify the web filtering mechanisms used on the FortiGate device.](https://reader030.fdocuments.net/reader030/viewer/2022020921/56649d9c5503460f94a85650/html5/thumbnails/2.jpg)
Module Objectives
• By the end of this module participants will be able to:• Identify the web filtering mechanisms used on the
FortiGate device
• Create web content and URL filters
• Configure FortiGuard Web Filtering
• Configure FortiGuard Web filtering overrides
• Define firewall policies using web filter profiles
![Page 3: Web Filtering. Module Objectives By the end of this module participants will be able to: Identify the web filtering mechanisms used on the FortiGate device.](https://reader030.fdocuments.net/reader030/viewer/2022020921/56649d9c5503460f94a85650/html5/thumbnails/3.jpg)
Web Filtering
•Means of controlling the web content that a user is able to view• Preserve employee productivity
• Prevent network congestion where valuable bandwidth is used for non-business purposes
• Prevent loss or exposure of confidential information
• Decrease exposure to web-based threats
• Limit legal liability when employees access or download inappropriate or offensive material
• Prevent copyright infringement caused by employees downloading or distributing copyrighted materials
• Prevent children from viewing inappropriate material
![Page 4: Web Filtering. Module Objectives By the end of this module participants will be able to: Identify the web filtering mechanisms used on the FortiGate device.](https://reader030.fdocuments.net/reader030/viewer/2022020921/56649d9c5503460f94a85650/html5/thumbnails/4.jpg)
Web Content Filtering Create Pattern list in the CLI
DrugsScore=10
PharmacyScore=5
PrescriptionScore=5
Threshold=18
10 +5 +5 =20
Block or Exempt
www.acme.com
![Page 5: Web Filtering. Module Objectives By the end of this module participants will be able to: Identify the web filtering mechanisms used on the FortiGate device.](https://reader030.fdocuments.net/reader030/viewer/2022020921/56649d9c5503460f94a85650/html5/thumbnails/5.jpg)
Web Content Filtering
DrugsScore=10
PharmacyScore=5
PrescriptionScore=5
Threshold=18
10 +5 +5 =20
Block or Exempt
www.acme.com
• Control web access by allowing or blocking web pages containing specific words or patterns• Wildcards or regular expressions can be
used to define patterns
• The scores assigned to matched patterns are added• If higher than the threshold, the FortiGate
unit performs the configured action
• Score for matched patterns is counted once even if it appears multiple times on the web page
Create Pattern list in the CLI
![Page 6: Web Filtering. Module Objectives By the end of this module participants will be able to: Identify the web filtering mechanisms used on the FortiGate device.](https://reader030.fdocuments.net/reader030/viewer/2022020921/56649d9c5503460f94a85650/html5/thumbnails/6.jpg)
Flow-based Web Filtering
•Non-proxy solution that uses IPS engine to perform inspection• FortiGuard web filtering override will not apply when flow-based inspection is enabled• Example: • Block IT category and allow override for www.fortinet.com
• If user attempts to access www.fortinet.com (IT category), user will receive Page Not Found error
![Page 7: Web Filtering. Module Objectives By the end of this module participants will be able to: Identify the web filtering mechanisms used on the FortiGate device.](https://reader030.fdocuments.net/reader030/viewer/2022020921/56649d9c5503460f94a85650/html5/thumbnails/7.jpg)
Flow-based Web Filtering
• Select inspection mode in web filter profile
• In the CLI:config webfilter profile
edit “default”
set flow-based enable
![Page 8: Web Filtering. Module Objectives By the end of this module participants will be able to: Identify the web filtering mechanisms used on the FortiGate device.](https://reader030.fdocuments.net/reader030/viewer/2022020921/56649d9c5503460f94a85650/html5/thumbnails/8.jpg)
URL: www.mypage.com
www.example.com
www.abc.com
www.mypage.com
Web URL FilteringURL Filter list
www.mypage.com
BlockAllow
MonitorExempt
![Page 9: Web Filtering. Module Objectives By the end of this module participants will be able to: Identify the web filtering mechanisms used on the FortiGate device.](https://reader030.fdocuments.net/reader030/viewer/2022020921/56649d9c5503460f94a85650/html5/thumbnails/9.jpg)
URL: www.mypage.com
www.example.com
www.abc.com
www.mypage.com
Web URL FilteringURL Filter list
www.mypage.com
BlockAllow
MonitorExempt
• Control web access by allowing or blocking specific URLs• Text, wildcards or regular expressions
can be used to define the URL patterns
• Possible actions include:• Block
• Allow
• Monitor
• Exempt
![Page 10: Web Filtering. Module Objectives By the end of this module participants will be able to: Identify the web filtering mechanisms used on the FortiGate device.](https://reader030.fdocuments.net/reader030/viewer/2022020921/56649d9c5503460f94a85650/html5/thumbnails/10.jpg)
SafeSearch
Search: chicken
Search: chicken&safe=on
Safe Search:GoogleBingYahoo!
![Page 11: Web Filtering. Module Objectives By the end of this module participants will be able to: Identify the web filtering mechanisms used on the FortiGate device.](https://reader030.fdocuments.net/reader030/viewer/2022020921/56649d9c5503460f94a85650/html5/thumbnails/11.jpg)
SafeSearch
Search: chicken
Search: chicken&safe=on
Safe Search:GoogleBingYahoo!
• SafeSearch is used by search sites to prevent explicit web sites and images from appearing in search results• FortiGate unit rewrites the search URL to include the required codes to enable SafeSearch• Supported on Google, Bing and Yahoo!
![Page 12: Web Filtering. Module Objectives By the end of this module participants will be able to: Identify the web filtering mechanisms used on the FortiGate device.](https://reader030.fdocuments.net/reader030/viewer/2022020921/56649d9c5503460f94a85650/html5/thumbnails/12.jpg)
FortiGuard Web Filter
URL: www.mypage.com
Block
Allow
Monitor
Authenticate
Categories
Warning
www.mypage.com
![Page 13: Web Filtering. Module Objectives By the end of this module participants will be able to: Identify the web filtering mechanisms used on the FortiGate device.](https://reader030.fdocuments.net/reader030/viewer/2022020921/56649d9c5503460f94a85650/html5/thumbnails/13.jpg)
FortiGuard Web Filter
URL: www.mypage.com Categories
www.mypage.com
Block
Allow
Monitor
Authenticate
Warning
• The FortiGate unit accesses the FortiGuard distribution server to determine the category of a requested page• Action is taken based on selection in
web filtering profile
•Web filter rating determined by:• Human rater
• Text analysis
• Exploitation of web structure
![Page 14: Web Filtering. Module Objectives By the end of this module participants will be able to: Identify the web filtering mechanisms used on the FortiGate device.](https://reader030.fdocuments.net/reader030/viewer/2022020921/56649d9c5503460f94a85650/html5/thumbnails/14.jpg)
FortiGuard Web Filter Categories
Click here to read more FortiGuard Web Filtering categories
![Page 15: Web Filtering. Module Objectives By the end of this module participants will be able to: Identify the web filtering mechanisms used on the FortiGate device.](https://reader030.fdocuments.net/reader030/viewer/2022020921/56649d9c5503460f94a85650/html5/thumbnails/15.jpg)
FortiGuard Web Filter Categories
Click here to read more FortiGuard Web Filtering categories
![Page 16: Web Filtering. Module Objectives By the end of this module participants will be able to: Identify the web filtering mechanisms used on the FortiGate device.](https://reader030.fdocuments.net/reader030/viewer/2022020921/56649d9c5503460f94a85650/html5/thumbnails/16.jpg)
FortiGuard Web Filtering CachingCache
URL: Category www.acme.com Phishingwww.today.ca News/Media www.poker.net Gambling
www.xyz.com
![Page 17: Web Filtering. Module Objectives By the end of this module participants will be able to: Identify the web filtering mechanisms used on the FortiGate device.](https://reader030.fdocuments.net/reader030/viewer/2022020921/56649d9c5503460f94a85650/html5/thumbnails/17.jpg)
FortiGuard Web Filtering CachingCache
URL: Category www.acme.com Phishingwww.today.ca News/Media www.poker.net Gambling
www.xyz.com
• Caching improves performance by reducing FortiGate unit requests to FortiGuard servers• Cache checked before sending request
to FortiGuard server
• TTL settings controls the number of second query results are cached
• Small amount of FortiGate unit system memory dedicated to the cache• Alternate port number of 8888 can be configured for access to FortiGuard servers
![Page 18: Web Filtering. Module Objectives By the end of this module participants will be able to: Identify the web filtering mechanisms used on the FortiGate device.](https://reader030.fdocuments.net/reader030/viewer/2022020921/56649d9c5503460f94a85650/html5/thumbnails/18.jpg)
FortiGuard Web Filtering Usage Quotas
Category:Games“Games” Quota
“Games” Quota
“Games” Quota
Category:GamesCategory:GamesCategory:GamesCategory:Games
![Page 19: Web Filtering. Module Objectives By the end of this module participants will be able to: Identify the web filtering mechanisms used on the FortiGate device.](https://reader030.fdocuments.net/reader030/viewer/2022020921/56649d9c5503460f94a85650/html5/thumbnails/19.jpg)
FortiGuard Web Filtering Usage Quotas
Category:Games“Games” Quota
“Games” Quota
“Games” Quota
Category:GamesCategory:GamesCategory:GamesCategory:Games
• Quotas allow access to specific categories for a specific length of time• Calculated separately for each user and
for each category
• User must authenticate
![Page 20: Web Filtering. Module Objectives By the end of this module participants will be able to: Identify the web filtering mechanisms used on the FortiGate device.](https://reader030.fdocuments.net/reader030/viewer/2022020921/56649d9c5503460f94a85650/html5/thumbnails/20.jpg)
Local Ratings
www.acme.com
Category:General Organizations
Sub-Category: Information and Computer Security
Local ratings
![Page 21: Web Filtering. Module Objectives By the end of this module participants will be able to: Identify the web filtering mechanisms used on the FortiGate device.](https://reader030.fdocuments.net/reader030/viewer/2022020921/56649d9c5503460f94a85650/html5/thumbnails/21.jpg)
Local Ratings
www.acme.com
Category:General Organizations
Sub-Category: Information and Computer Security
Local ratings
• Can override the rating applied to a URL by FortiGuard Subscription Services• URL reassigned to a completely
different category
•Override applies to FortiGate unit only• Changes not submitted to FortiGuard
Subscription Services
![Page 22: Web Filtering. Module Objectives By the end of this module participants will be able to: Identify the web filtering mechanisms used on the FortiGate device.](https://reader030.fdocuments.net/reader030/viewer/2022020921/56649d9c5503460f94a85650/html5/thumbnails/22.jpg)
Local Categories
Create NewLocal Category
config webfilter ftgd-local-cat
edit "Research“
set id 145
next
end
![Page 23: Web Filtering. Module Objectives By the end of this module participants will be able to: Identify the web filtering mechanisms used on the FortiGate device.](https://reader030.fdocuments.net/reader030/viewer/2022020921/56649d9c5503460f94a85650/html5/thumbnails/23.jpg)
Local Categories
Create NewLocal Category
config webfilter ftgd-local-cat
edit "Research“
set id 145
next
end
• Local categories allow logging of web traffic to a category created by an administrator• Appears under Local Categories section
in FortiGuard Categories listing
![Page 24: Web Filtering. Module Objectives By the end of this module participants will be able to: Identify the web filtering mechanisms used on the FortiGate device.](https://reader030.fdocuments.net/reader030/viewer/2022020921/56649d9c5503460f94a85650/html5/thumbnails/24.jpg)
FortiGuard Web Filtering Overrides
Authenticate
Category:Spyware and Malware
Log
Block
www.acme.com
![Page 25: Web Filtering. Module Objectives By the end of this module participants will be able to: Identify the web filtering mechanisms used on the FortiGate device.](https://reader030.fdocuments.net/reader030/viewer/2022020921/56649d9c5503460f94a85650/html5/thumbnails/25.jpg)
FortiGuard Web Filtering Overrides
Authenticate
Category:Spyware and Malware
Log
Block
www.acme.com
• Allows access to web sites blocked by FortiGuard Web Filtering• Two methods:• Warning• Allows user to proceed to
blocked web site• Authenticate• User must authenticate to
override web site block
![Page 26: Web Filtering. Module Objectives By the end of this module participants will be able to: Identify the web filtering mechanisms used on the FortiGate device.](https://reader030.fdocuments.net/reader030/viewer/2022020921/56649d9c5503460f94a85650/html5/thumbnails/26.jpg)
Web Filtering Override Page
Action = Warning
Web Filtering Block Override Page
![Page 27: Web Filtering. Module Objectives By the end of this module participants will be able to: Identify the web filtering mechanisms used on the FortiGate device.](https://reader030.fdocuments.net/reader030/viewer/2022020921/56649d9c5503460f94a85650/html5/thumbnails/27.jpg)
Web Filtering Override Page
Action = Authenticate
Web Filtering Block Override Page
![Page 28: Web Filtering. Module Objectives By the end of this module participants will be able to: Identify the web filtering mechanisms used on the FortiGate device.](https://reader030.fdocuments.net/reader030/viewer/2022020921/56649d9c5503460f94a85650/html5/thumbnails/28.jpg)
Web Filtering Overrides
www.hackthissite.org
Marketing
Filter Override
![Page 29: Web Filtering. Module Objectives By the end of this module participants will be able to: Identify the web filtering mechanisms used on the FortiGate device.](https://reader030.fdocuments.net/reader030/viewer/2022020921/56649d9c5503460f94a85650/html5/thumbnails/29.jpg)
Web Filtering Overrides
www.hackthissite.org
Marketing
• Allows access to web sites blocked through URL or web content filtering•Override page presented, user must authenticate
![Page 30: Web Filtering. Module Objectives By the end of this module participants will be able to: Identify the web filtering mechanisms used on the FortiGate device.](https://reader030.fdocuments.net/reader030/viewer/2022020921/56649d9c5503460f94a85650/html5/thumbnails/30.jpg)
Order of Web Filtering
URL Filter
FortiGuard Web Filter
Web Content Filter
Advanced Filter Options
![Page 31: Web Filtering. Module Objectives By the end of this module participants will be able to: Identify the web filtering mechanisms used on the FortiGate device.](https://reader030.fdocuments.net/reader030/viewer/2022020921/56649d9c5503460f94a85650/html5/thumbnails/31.jpg)
Web Filter Profiles
Web filter profile:
Firewall policy
![Page 32: Web Filtering. Module Objectives By the end of this module participants will be able to: Identify the web filtering mechanisms used on the FortiGate device.](https://reader030.fdocuments.net/reader030/viewer/2022020921/56649d9c5503460f94a85650/html5/thumbnails/32.jpg)
Web Filter Profiles
Web filter profile:
Firewall policy
•Web filtering, FortiGuard web filtering and advanced filtering options enabled through web filtering profiles• Profile in turn applied to firewall policy• Any traffic being examined by the
policy will have the web filtering operations applied to it
![Page 33: Web Filtering. Module Objectives By the end of this module participants will be able to: Identify the web filtering mechanisms used on the FortiGate device.](https://reader030.fdocuments.net/reader030/viewer/2022020921/56649d9c5503460f94a85650/html5/thumbnails/33.jpg)
Labs
• Lab - Web Filtering• Testing Web Category Filtering
• Configuring Web Filtering Warnings
• Configuring Web Filtering Quotas
Click here for step-by-step instructions on completing this lab
![Page 34: Web Filtering. Module Objectives By the end of this module participants will be able to: Identify the web filtering mechanisms used on the FortiGate device.](https://reader030.fdocuments.net/reader030/viewer/2022020921/56649d9c5503460f94a85650/html5/thumbnails/34.jpg)
Student Resources
Click here to view the list of resources used in this module