How to reduce risks with URL filtering

Learn how to protect your network from threats by controlling the URLs that enter and leave it.

Al Berg, CISSP, CISM

What you will learn from this tip: How to reduce risks posed by hackers, worms and spyware by controlling the URLs that enter and leave your network.

The role of the lowly URL has really grown over the past few years. Originally, URLs (Uniform Resource Locators) were simple tools to help point your Web browser at the Web page of your choice. Today, they are a highly extensible 'meta language' allowing remote computers to exchange executable content and commands as well as a conduit for client/server data. Therefore, controlling the URLs that enter and leave your network is an important way to reduce risks posed by hackers, worms and spyware.

Here are three ways filtering URLs on their way out of your network can make you safer:

Step 2 of 2:

You forgot to provide an Email Address.

This email address doesn’t appear to be valid.

This email address is already registered. Please login.

You have exceeded the maximum character limit.

Please provide a Corporate E-mail Address.
- I agree to TechTarget’s Terms of Use, Privacy Policy, and the transfer of my information to the United States for processing to provide me with relevant information as described in our Privacy Policy.
Please check the box if you want to proceed.
- I agree to my information being processed by TechTarget and its Partners to contact me via phone, email, or other means regarding information relevant to my professional interests. I may unsubscribe at any time.
Please check the box if you want to proceed.

Require users to access the Internet via a proxy server. A Web proxy gives you a single point for monitoring and controlling your outbound traffic. If you configure the proxy to cache frequently used pages and graphics, it can also help make the most of your bandwidth. Proxy servers are available from the open source community (http://www.squid-cache.org/ is one very popular option), as well as a variety of commercial vendors.
Consider filtering outbound URLs to enforce compliance with corporate Internet acceptable usage policies. By checking URLs against lists of known "inappropriate" sites, you reduce the risk of HR problems due to non-work-related Web content.
URL filters can also be valuable tools in the fight against spyware, worms and Trojan horse software. In addition to allowing you to block access to sites harboring harmful code, they can help you eliminate the use of Web-based e-mail services, file sharing sites and other Web resources that allow files into your network without the proper virus scanning.

Filtering inbound URLs can really ruin a hacker's day -- and we security professionals just love to ruin hackers' days. Here are two ways to control the URLs entering your network:

Many attacks on Web-based applications rely on the attacker's ability to feed programs unexpected input from parameters passed in URLs. The first line of defense is having well-written Web applications that validate inputs and protect themselves against attack. If you are responsible for Web applications, make it a point to get to know the Open Web Application Security Project (www.owasp.org) and their tools and documents. OWASP has excellent information on URL attacks and the best practices you can apply to protect against them.
Add an application level firewall to create defense in-depth. When packets try to enter your network, subject them to rules that insure they should be admitted. Attackers have moved up the stack, targeting applications, and so should you. If you are running the Apache http server, consider adding the open source 'mod_security' application firewall (www.modsecurity.org), or one of the commercial alternatives, to your defense plan.

Whether you filter inbound URLs, outbound URLs or both, there will be times when the filter blocks legitimate traffic and your users are going to get upset. Make sure you have a plan for the exceptions. You should also have a process that allows users to report filtering problems, and resolve them quickly and consistently, so the business manager will not see security as a business obstacle.

While URL filtering is not a complete solution to the problems posed by malware and inappropriate content, when properly used, it is a key component of a "defense in-depth" strategy for corporate networks.

MORE INFORMATION

Are your Web servers secure? Take this quiz to find out.
Learn more about combating spyware and Trojan threats in our resource center
Protect your organization from insider threats with five simple measures.

About the author
Al Berg, CISSP, CISM is the Director of Information Security for Liquidnet (http://www.liquidnet.com), the #1 electronic marketplace for block trading and the fifth fastest growing private company in America according to Inc. Magazine's 23^rd annual Inc. 500 list of the fastest growing privately held companies in America.

This was last published in June 2005

Dig Deeper on Malware, virus, Trojan and spyware protection and removal

SafeSquid SafeSquid is an HTTP 1.1 content filtering proxy server.

Open source Web content control options Setting up Web filters to control the content employees and customers using your Linux network can access is an important part of securing your Linux system. Learn about some open source solutions for network and desktop Linux content control.

Infosec 2009: IT and Web 2.0 – the next generation gap Networking sites Twitter and Facebook are two of the fastest growing Web 2.0 collaboration applications in the world. And, where they once kept a younger...

Fighting spyware with unified threat management Too many organizations make the mistake of not aggressively mitigating spyware at all levels -- the desktop, server and network edge. According to network security expert Lisa Phifer, a unified threat management appliance can strengthen enterprise spyware defenses while reducing the operational and productivity burdens.

New FireWall-1/VPN-1 features in Check Point NGX R65 Learn about the new firewall features included in Check Point's NGX R65.

Glasgow school tackles anonymous proxies with new web filtering system The High School of Glasgow has installed a web filtering solution to combat the threat of anonymous proxies.

Please create a username to comment.

How to implement zero-trust cloud security

AWS Access Analyzer aims to limit S3 bucket exposures

How to evaluate CASB tools for multi-cloud deployments

Consider these 5 FAQs for network monitoring best practices

Cisco's Silicon One networking chip targets cloud data centers

7 factors to consider in network redundancy design

Transforming operations for successful cloud adoption

IT workforce skews younger, says analysis of US data

Top edge computing trends to watch in 2020

How to shut down and restart a remote computer

Setting up Windows 10 kiosk mode with 4 different methods

Microsoft extends Office 365 benefit to nonprofit volunteers

Evaluate general and niche cloud service use cases

Compare niche cloud services to the hyperscale offerings

Get started with Azure tags

Women in tech still feel there’s a ‘glass ceiling’ in the sector

How software can support public involvement with democracy

Cisco unveils plans for internet for the future

Dig Deeper on Malware, virus, Trojan and spyware protection and removal

Start the conversation

0 comments

Register

Login

Forgot your password?

Your password has been sent to:

Please create a username to comment.