Tip

Filter URLs to reduce information security threats

Get strategies for controlling the URLs that enter and exit your customer's network, and mitigate risks posed by hackers, worms and spyware. Value-added resellers (VARs) and security consultants who follow the guidance in this tip will learn how to filter URLs to increase network security without creating annoying obstacles. This tip originally appeared on

    Requires Free Membership to View

SearchSecurity.com.

The role of the lowly URL has really grown over the past few years. Originally, URLs (Uniform Resource Locators) were simple tools to help point your Web browser at the Web page of your choice. Today, they are a highly extensible meta language allowing remote computers to exchange executable content and commands, and a conduit for client/server data. Therefore, controlling the URLs that enter and leave your customer's network is an important way to reduce risks posed by hackers, worms and spyware.

Here are three ways filtering URLs on their way out of your customer's network can make them safer:

  1. Require users to access the Internet via a proxy server. A Web proxy gives you a single point for monitoring and controlling your outbound traffic. If you configure the proxy to cache frequently used pages and graphics, it can also help make the most of your bandwidth. Proxy servers are available from the open source community (http://www.squid-cache.org is one very popular option), as well as a variety of commercial vendors.

     

  2. Consider filtering outbound URLs to enforce compliance with corporate Internet acceptable usage policies. By checking URLs against lists of known "inappropriate" sites, you reduce the risk of HR problems due to non-work-related Web content.

     

  3. URL filters can also be valuable tools in the fight against spyware, worms and Trojan horse software. In addition to allowing you to block access to sites harboring harmful code, they can help you eliminate the use of Web-based email services, file sharing sites and other Web resources that allow files into your network without the proper virus scanning.

Filtering inbound URLs can really ruin a hacker's day -- and we security professionals just love to ruin hackers' days. Here are two ways to control the URLs entering your network:

  1. Many attacks on Web-based applications rely on the attacker's ability to feed programs unexpected input from parameters passed in URLs. The first line of defense is having well-written Web applications that validate inputs and protect themselves against attack. If you are responsible for Web applications, make it a point to get to know the Open Web Application Security Project (OWASP), their tools and their documents. OWASP has excellent information on URL attacks and the best practices you can apply to protect against them.

     

  2. Add an application-level firewall to create "defense in-depth". When packets try to enter your network, subject them to rules that insure they should be admitted. Attackers have moved up the stack, targeting applications, and so should you. If you are running the Apache http server, consider adding the open source ModSecurity application firewall, or one of the commercial alternatives, to your defense plan.

Whether you filter inbound URLs, outbound URLs or both, there will be times when the filter blocks legitimate traffic and your users are going to get upset. Make sure you have a plan for the exceptions. You should also have a process that allows users to report filtering problems, and resolve them quickly and consistently, so the business manager will not see security as a business obstacle.

While URL filtering is not a complete solution to the problems posed by malware and inappropriate content, when properly used, it is a key component of a "defense in-depth" strategy for corporate networks.

About the author
Al Berg, CISSP, CISM, is the Director of Information Security for Liquidnet (http://www.liquidnet.com), the #1 electronic marketplace for block trading and the fifth fastest growing private company in America according to
Inc. Magazine's 23rd annual Inc. 500 list of the fastest growing privately held companies in America.

This tip originally appeared on SearchSecurityChannel.com sister site SearchSecurity.com.


This was first published in March 2007

There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

Disclaimer: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.