RtoDto.net
Network/Security/Programming

JNCIS-SEC [ Content Filtering ]

rtoodtoo jncis-sec May 8, 2011

Content filtering blocks or permits certain types of traffic based on the MIME type, file extension and protocol command. The content filter controls file transfers across the gateway.

The content filter module evaluates traffic before all other UTM modules except Web Filtering.

There are three types of content filters:

1) MIME Pattern Filter: It is used to identify traffic in HTTP and MAIL protocols. There are block and exception lists of MIME patterns. Exception list takes precedence over block list. If the same entry exists on  both block and exception list, that type of traffic won’t be blocked because it is in the exception list.

2) Block Extension List: Blocking based on the extension of the file

3) Protocol command block/permit lists: By blocking or allowing certain commands, traffic can also be controlled on the protocol command level.

Configuration of Custom Objects

[edit security utm]
root@host# show
custom-objects {
    mime-pattern {
        mime-list {
            value [ video/quicktime image/jpeg ];
        }
        ex-mime-list {
            value video/testmime;
        }
    }
    filename-extension {
        extlist1 {
            value [ zip rar vbs ];
        }
    }
    protocol-command {
        ftpproto1 {
            value [ user pass port ];
        }
    }
}

Configuration of Feature Profile

[edit security utm]
root@host# show feature-profile
content-filtering {
    profile confilter1 {
        block-command ftpproto1;
        block-extension extlist1;
        block-mime {
            list mime-list;
            exception ex-mime-list;
        }
        block-content-type {
            java-applet;
            exe;
            http-cookie;
        }
        notification-options {
            type message;
            notify-mail-sender;
            custom-message ” operation failed “;
        }
    }
} Configuration of utm policy

[edit security utm]
root@host# show | find utm-policy
utm-policy utm-con {
    content-filtering {
        http-profile confilter1;
    }
} Applying utm policy to security policy

[edit security policies from-zone trust to-zone untrust]
root@host# show
policy cont-filtering {
    match {
        source-address any;
        destination-address any;
        application junos-http;
    }
    then {
        permit {
            application-services {
                utm-policy utm-con;
            }
        }
    }
}

Monitoring Content Filtering

root@host> show security utm content-filtering statistics
 Content-filtering-statistic:         Blocked
     Base on command list:                    0
     Base on mime list:                       0
     Base on extension list:                  0
     ActiveX plugin:                          0
     Java applet:                             0
     EXE files:                               0
     ZIP files:                               0
     HTTP cookie:                             0

About: rtoodtoo

Worked for more than 10 years as a Network/Support Engineer and also interested in Python, Linux, Security and SD-WAN // JNCIE-SEC #223 / RHCE / PCNSE

You have a feedback?

Discover more from RtoDto.net

Subscribe now to keep reading and get access to the full archive.

Continue reading