Manualshelf

User manual

ManualsBrandsSecure Computing ManualsComputer equipmentSG550
161162163164165166167168169170
Firewall
165
Web lists
Access is be denied to any web address (URL) that contains text Added under URL
Block List, e.g. entering xxx blocks access to any URL containing xxx, e.g.:
http://www.xxx.com, http://xxx.example.com or www.test.com/xxx/index.html
The Allow List also enables access to URLs containing the specified text.
Note
Defining large numbers of URL fragments to match against can result in a significant
slowing down of WWW accesses. Defining overly short URL fragments can result in
many sites matching and being allowed or denied erronously.
Policy
This access control module allows a site's security policy to be partially actively enforced.
Hosts which do not adhere to their defined policy are automatically denied access
through the firewall.
A number of Security Groups can be defined where each group contains a number of
host IP addresses or IP address ranges. Each group is aditionally given a number of
permitted and denied services which they are allowed to offer. Each host in each group
are periodically actively scanned for the services they are not allowed to offer and if a
connection to one of these services is successful, the host is black listed until such time
as the offending service is no longer offered. Scans are never performed against
permitted services. A number of predefined allow and deny service lists are provided,
however, these should really be considered a guideline only as they are not a
replacement for a well thought out and designed security policy.