Task 1: Configure a Custom URL Filtering Category

TheCustomURLCategoryfeatureallowsforthecreationofcustomlistsofURLsthatcanbeselected
inanyURLFilteringprofile.Eachcustomcategorycanbecontrolledindependentlyandhasan
actionassociatedwithitineachURLFilteringprofile(allow,block,continue,override,oralert).
InthistaskyouwillconfigureaCustomURLFilteringCategory

GototheWebUIandselectObjects>CustomObjects>URLCategory.

ClickAddtocreateacustomURLcategory.

NameEnterEngineerSites

SitesClickAddandaddeachoftheseURLs:

 www.cisco.com
www.networkworld.com
www.information-age.com

ClickOKtoclosetheCustomURLCategorywindow.

Task 2: Configure a URL Filtering Profile

URLFilteringsecurityprofilesenableyoutomonitorandcontrolhowusersaccesstheweboverHTTPand
HTTPS.Thefirewallcomeswithadefaultprofilethatisconfiguredtoblockwebsitessuchas
knownmalwaresites,phishingsites,andadultcontentsites.TheURLFilteringsecurityprofileprovides
granularcontrolfortrafficallowedbyasecuritypolicy.Aswithotherprofiles,theURLFilteringprofileis
appliedonlyiftheassociatedpolicyallowstraffic.

SelectObjects>SecurityProfiles>URLFiltering.

ClickAddtodefineaURLfilteringprofile.

NameEnterelabstudenturlfiltering

Category/ActionClicktherightsideoftheActionheadertoaccessthepulldownmenu.ClickSet
AllActions>Alert

SearchtheCategoryfieldforthesesixcategoriesandsetthe

Actiontoblockforeachexceptfortheunknowncategory.Settheunknowncategorytocontinue.
adult(oradultandpornography):[Action=block]
government:[Action=block]
hacking:[Action=block]
questionable:[Action=block]
EngineerSites:[Action=block]
unknown:[Action=continue]

ClickOKtoclosetheURLfilteringprofilewindow.

Task 3: Configure an Antivirus Profile

TheAntivirussecurityprofiledefinesactionstobetakenifaninfectedfileisdetectedaspartof
anapplication.Thelistedapplicationsrepresentthewidevarietyofvectorsthatmodernvirusescantakein
infectingasystem.Foreachapplicationtypeanactioncanbedefined.Ifavirusisdetected,thedefault
actionisto"resetboth",whichequalsadropactionifUDP.IfTCP,theactionresetstheserverandthe
client
.

SelectObjects>SecurityProfiles>Antivirus.

ClickAddtocreateanantivirusprofile.

NameEnterelabstudentantivirus

FromtheAntivirustab

PacketCaptureCheckthePacketCapturebox
DecodersSettheActioncolumntoAlertforalldecoders

ClickOKtoclosetheAntivirusProfilewindow.

Task 4: Configure an Anti-Spyware Profile

Asecuritypolicycanincludespecificationofanantispywareprofilefor"phonehome"detection(detection
oftrafficfrominstalledspyware).Eachantispywaresecurityprofilecancontainmultiplerulestohandle
differenttypesofthreats.Eachruleisconfiguredwithanaction,aspecificcategoryofspywaretotarget,
andseveritylevels.Ruleswithdifferentactionscanbecombinedinthesameprofile.

SelectObjects>SecurityProfiles>AntiSpyware.

ClickAddtocreateanantispywareprofile.

NameEnterelabstudentantispyware

RulestabClickAddandcreatearulewiththese

parameters:
RuleName:Enterrule1
Action:SelectAllow
Severity:SelectMedium,Low,andInformational

ClickOKtosavetherule

ClickAddandcreateanotherrulewiththeseparameters

RuleName:Enterrule2
Action:SelectAlert
Severity:ChecktheboxesforCriticalandHighonly

ClickOKtosavetherule

ClickOKtoclosetheAntiSpywareProfilewindow.

Task 5: Assign Profiles to a Policy

Securityprofilesareenabledonindividualsecuritypolicies.Asecuritypolicycanbeassigned
profilesappropriateforthetypeoftrafficexpectedinthatpolicy.Profilesareonlyusedwhentraffic
matchesapolicywiththeactionofallow.Profilescanbeassignedindividuallyorasasecurityprofile
group.

SelectPolicies>Security.

Click'InternetConnectivity'inthelistofpolicynames.IntheActionstab,editthepolicyruleto
includethenewlycreatedprofiles.

FromActionstab

ProfileTypeSelectProfiles

AntivirusSelectelabstudentantivirus

AntiSpywareSelectelabstudentantispyware

URLFilteringSelectelabstudenturlfiltering

Click OK to close the Security Policy Rule window.

Click the Commit link at the top-right of the WebUl. Click Commit again, wait until the
commit process is complete, then continue.

Task 6: Test the Antivirus Profile

Onyourdesktop,openabrowsertohttp://www.eicar.org

ClicktheAntiMalwareTestfilelink.

ClicktheDownloadlink.

WithintheDownloadarea,clickeithertheeicar.comortheeicar.com.txtfiletodownloadthefile
usingthestandardprotocolhttp.(DonotusetheSSLencrypteddownloads.Thefirewallwillnotbeableto
detectthevirusesinanhttpsconnectionuntildecryptionisconfigured.)

Ifprompted,Savethefile.Donotopenorrunthefile.(Thefirewallissettoalertbutnotblock
thevirus,butyoumayfindthatthebrowserblocksthefile.)

Closethebrowser.

IntheWebUl,selectMonitor>Logs>Threattoviewthethreatlog.

FindthelogmessagethatdetectedtheEicarfile.Noticethattheactionforthefileisalert.

ClickthegreendownarrowatontheleftsideofthelinefortheEicarfiledetectiontoviewthe
packetcapture(PCAP).

AfterviewingthePCAPclickClose.

SelectObjects>SecurityProfiles>Antivirus.

Opentheelabstudentantivirusprofile.

ChangetheActioncolumnfortheftp,http,andsmbdecoderstodefault(blockordrop).

ClickOK.

ClicktheCommitlinkatthetoprightoftheWebUl.ClickCommitagain.waituntilthecommit
processiscomplete,thencontinue.

IntheDesktop,openanewbrowserwindowtowww.eicar.org/850download.html.

Attempttodownloadavirusfileusinghttpagain.TheAntivirusprofileisnowsettoBlock,soa
responsepageshouldappear.

SelectMonitor>Logs>ThreatandnotethatthelogentriesstatingthattheEicarviruswas
detectedanddenied.

After15minutes,thethreatsthatyoujustgeneratedwillappearontheACCtabunderthe
ThreatsActivityandtheBlockedActivitytabs.

Task 7: Test the URL Filtering Profile

Inthedesktop,openabrowserandbrowsetovariouswebsitessuchasGoogle,Yahoo,orBing.The
URLfilteringprofilerecordseachwebsitethatyouvisit.

IntheWebUI,selectMonitor>Logs>URLFiltering.Verifythatthelogentriestrackthesitesthat
youvisitedduringyourtests.

NowtesttheblockconditionthatyoucreatedbyvisitingasitethatispartoftheEngineerSites,
hacking,orgovernmentcategories.OntheDesktop,attempttobrowsetoantechnologysitelikethesites
thatyoulistedintheEngineerSitesgroupi.ewww.cisco.com

Theprofilewillblockthisactionandyouwillseeablockpagesimilartothisone:

Task 8: Configure a Security Profile Group

SecurityGroupsarerecommendedforsetsofprofilesthatarecommonlyassignedtogether.Thefirewall
supportstheabilitytocreatesecurityprofilegroups,whichspecifysetsofsecurityprofilesthatcanbe
treatedasaunitandthenaddedtosecuritypolicies.Forexample,youcancreateasecurityprofilegroupthat
includesprofilesforantivirus,antispyware,andvulnerability,andthencreateasecuritypolicythatincludes
thecustomprofile.

IntheWebUI,selectObjects>SecurityProfileGroups.

ClickAddtodefineasecurityprofilegroup.

NameEnterelabstudentprofilegroup

AntivirusProfileSelectelabstudentantivirus

AntiSpywareProfileSelectelabstudentantispyware

URLFilteringProfileSelectelabstudenturlfiltering

ClickOKtoclosetheSecurityProfileGroupwindow.

Task 9: Assign the Security Profile Group to a Policy

Profilescanbeassignedindividuallyorasasecurityprofilegroup.SecurityGroupsarerecommendedfor
setsofprofilesthatarecommonlyassignedtogether.

SelectPolicies>Security.

ClickInternetConnectivityinthelistofpolicynames.

Editthepolicytoreplacetheprofileswiththeprofilegroup.

FromActionstab

ProfileTypeSelectGroup

GroupProfileSelectelabstudentprofilegroup

ClickOKtoclosethePolicywindow.

ClicktheCommitlinkatthetoprightoftheWebUl.ClickCommitagain,waituntilthecommit
processiscomplete,thencontinue.

You have successfully completed Module 4: Basic Content-ID