Zyxel ZyWALL-USG50 Router Manual PDF (Setup & Configuration Guide)

Page 531 / 944 Scroll up to view Page 526 - 530

Chapter 31 ADP

ZyWALL USG 50 User’s Guide

531

WEBROOT-DIRECTORY-

TRAVERSAL ATTACK

This is when a directory traversal traverses past the web

server root directory. This generates much fewer false

positives than the directory option, because it doesn’t alert

on directory traversals that stay within the web server

directory structure. It only alerts when the directory

traversals go past the web server root directory, which is

associated with certain web attacks.

TCP Decoder

BAD-LENGTH-OPTIONS

ATTACK

This is when a TCP packet is sent where the TCP option

length field is not the same as what it actually is or is 0.

This may cause some applications to crash.

EXPERIMENTAL-

OPTIONS ATTACK

This is when a TCP packet is sent which contains non-RFC-

complaint options. This may cause some applications to

crash.

OBSOLETE-OPTIONS

ATTACK

This is when a TCP packet is sent which contains obsolete

RFC options.

OVERSIZE-OFFSET

ATTACK

This is when a TCP packet is sent where the TCP data offset

is larger than the payload.

TRUNCATED-OPTIONS

ATTACK

This is when a TCP packet is sent which doesn’t have

enough data to read. This could mean the packet was

truncated.

TTCP-DETECTED ATTACK

T/TCP provides a way of bypassing the standard three-way

handshake found in TCP, thus speeding up transactions.

However, this could lead to unauthorized access to the

system by spoofing connections.

UNDERSIZE-LEN ATTACK

This is when a TCP packet is sent which has a TCP datagram

length of less than 20 bytes. This may cause some

applications to crash.

UNDERSIZE-OFFSET

ATTACK

This is when a TCP packet is sent which has a TCP header

length of less than 20 bytes.This may cause some

applications to crash.

UDP Decoder

OVERSIZE-LEN ATTACK

This is when a UDP packet is sent which has a UDP length

field of greater than the actual packet length. This may

cause some applications to crash.

TRUNCATED-HEADER

ATTACK

This is when a UDP packet is sent which has a UDP

datagram length of less the UDP header length. This may

cause some applications to crash.

UNDERSIZE-LEN ATTACK

This is when a UDP packet is sent which has a UDP length

field of less than 8 bytes. This may cause some applications

to crash.

ICMP Decoder

TRUNCATED-ADDRESS-

HEADER ATTACK

This is when an ICMP packet is sent which has an ICMP

datagram length of less than the ICMP address header

length. This may cause some applications to crash.

Table 158

HTTP Inspection and TCP/UDP/ICMP Decoders (continued)

LABEL

DESCRIPTION

Page 532 / 944

Chapter 31 ADP

ZyWALL USG 50 User’s Guide

532

TRUNCATED-HEADER

ATTACK

This is when an ICMP packet is sent which has an ICMP

datagram length of less than the ICMP header length. This

may cause some applications to crash.

TRUNCATED-

TIMESTAMP-HEADER

ATTACK

This is when an ICMP packet is sent which has an ICMP

datagram length of less than the ICMP Time Stamp header

length. This may cause some applications to crash.

Table 158

HTTP Inspection and TCP/UDP/ICMP Decoders (continued)

LABEL

DESCRIPTION

Page 533 / 944

ZyWALL USG 50 User’s Guide

533

C

HAPTER

32

Content Filtering

32.1

Overview

Use the content filtering feature to control access to specific web sites or web

content.

32.1.1

What You Can Do in this Chapter

•

Use the

General

screens (

Section 32.2 on page 535

) to configure global

content filtering settings, configure content filtering policies, and check the

content filtering license status.

•

Use the

Filter Profile

screens (

Section 32.4 on page 540

) to set up content

filtering profiles.

32.1.2

What You Need to Know

Content Filtering

Content filtering allows you to block certain web features, such as cookies, and/or

block access to specific web sites. It can also block access to specific categories of

web site content. You can create different content filter policies for different

addresses, schedules, users or groups and content filter profiles. For example, you

can configure one policy that blocks John Doe’s access to arts and entertainment

web pages during the workday and another policy that lets him access them after

work.

Content Filtering Policies

A content filtering policy allows you to do the following.

•

Use schedule objects to define when to apply a content filter profile.

•

Use address and/or user/group objects to define to whose web access to apply

the content filter profile.

•

Apply a content filter profile that you have custom-tailored.

Page 534 / 944

Chapter 32 Content Filtering

ZyWALL USG 50 User’s Guide

534

Content Filtering Profiles

A content filtering profile conveniently stores your custom settings for the

following features.

•

Category-based Blocking

The ZyWALL can block access to particular categories of web site content, such

as pornography or racial intolerance.

•

Restrict Web Features

The ZyWALL can disable web proxies and block web features such as ActiveX

controls, Java applets and cookies.

•

Customize Web Site Access

You can specify URLs to which the ZyWALL blocks access. You can alternatively

block access to all URLs except ones that you specify. You can also have the

ZyWALL block access to URLs that contain particular keywords.

Content Filtering Configuration Guidelines

When the ZyWALL receives an HTTP request, the content filter searches for a

policy that matches the source address and time (schedule). The content filter

checks the policies in order (based on the policy numbers). When a matching

policy is found, the content filter allows or blocks the request depending on the

settings of the filtering profile specified by the policy. Some requests may not

match any policy. The ZyWALL allows the request if the default policy is not set to

block. The ZyWALL blocks the request if the default policy is set to block.

External Web Filtering Service

When you register for and enable the external web filtering service, your ZyWALL

accesses an external database that has millions of web sites categorized based on

content. You can have the ZyWALL block, block and/or log access to web sites

based on these categories.

Keyword Blocking URL Checking

The ZyWALL checks the URL’s domain name (or IP address) and file path

separately when performing keyword blocking.

The URL’s domain name or IP address is the characters that come before the first

slash in the URL. For example, with the URL

www.zyxel.com.tw/news/

pressroom.php

, the domain name is

www.zyxel.com.tw

.

The file path is the characters that come after the first slash in the URL. For

example, with the URL

www.zyxel.com.tw/news/pressroom.php

, the file path is

news/pressroom.php

.

Page 535 / 944

Chapter 32 Content Filtering

ZyWALL USG 50 User’s Guide

535

Since the ZyWALL checks the URL’s domain name (or IP address) and file path

separately, it will not find items that go across the two. For example, with the URL

www.zyxel.com.tw/news/pressroom.php

, the ZyWALL would find “tw” in the

domain name (

www.zyxel.com.tw)

. It would also find “news” in the file path

(

news/pressroom.php

) but it would not find “tw/news”.

Finding Out More

•

See

Section 6.5.21 on page 104

for related information on these screens.

•

See

Section 32.7 on page 555

for content filtering background/technical

information.

32.1.3

Before You Begin

•

You must configure an address object, a schedule object and a filtering profile

before you can set up a content filter policy.

•

You must subscribe to use the external database content filtering (see the

Licensing

>

Registration

screens).

32.2

Content Filter General Screen

Click

Configuration > Anti-X > Content Filter > General

to open the

Content

Filter General

screen. Use this screen to enable content filtering, view and order

Rate

Popular Zyxel Models

Famous Router IPs

Famous Router Companies

Bookmark Our Site

Share