Beruflich Dokumente
Kultur Dokumente
TheCustomURLCategoryfeatureallowsforthecreationofcustomlistsofURLsthatcanbeselected
inanyURLFilteringprofile.Eachcustomcategorycanbecontrolledindependentlyandhasan
actionassociatedwithitineachURLFilteringprofile(allow,block,continue,override,oralert).
InthistaskyouwillconfigureaCustomURLFilteringCategory
GototheWebUIandselectObjects>CustomObjects>URLCategory.
ClickAddtocreateacustomURLcategory.
NameEnterEngineerSites
SitesClickAddandaddeachoftheseURLs:
www.cisco.com
www.networkworld.com
www.information-age.com
ClickOKtoclosetheCustomURLCategorywindow.
SelectObjects>SecurityProfiles>URLFiltering.
ClickAddtodefineaURLfilteringprofile.
NameEnterelabstudenturlfiltering
Category/ActionClicktherightsideoftheActionheadertoaccessthepulldownmenu.ClickSet
AllActions>Alert
SearchtheCategoryfieldforthesesixcategoriesandsetthe
Actiontoblockforeachexceptfortheunknowncategory.Settheunknowncategorytocontinue.
adult(oradultandpornography):[Action=block]
government:[Action=block]
hacking:[Action=block]
questionable:[Action=block]
EngineerSites:[Action=block]
unknown:[Action=continue]
ClickOKtoclosetheURLfilteringprofilewindow.
SelectObjects>SecurityProfiles>Antivirus.
ClickAddtocreateanantivirusprofile.
NameEnterelabstudentantivirus
FromtheAntivirustab
PacketCaptureCheckthePacketCapturebox
DecodersSettheActioncolumntoAlertforalldecoders
ClickOKtoclosetheAntivirusProfilewindow.
SelectObjects>SecurityProfiles>AntiSpyware.
ClickAddtocreateanantispywareprofile.
NameEnterelabstudentantispyware
RulestabClickAddandcreatearulewiththese
parameters:
RuleName:Enterrule1
Action:SelectAllow
Severity:SelectMedium,Low,andInformational
ClickOKtosavetherule
ClickAddandcreateanotherrulewiththeseparameters
RuleName:Enterrule2
Action:SelectAlert
Severity:ChecktheboxesforCriticalandHighonly
ClickOKtosavetherule
ClickOKtoclosetheAntiSpywareProfilewindow.
SelectPolicies>Security.
Click'InternetConnectivity'inthelistofpolicynames.IntheActionstab,editthepolicyruleto
includethenewlycreatedprofiles.
FromActionstab
ProfileTypeSelectProfiles
AntivirusSelectelabstudentantivirus
AntiSpywareSelectelabstudentantispyware
URLFilteringSelectelabstudenturlfiltering
Click the Commit link at the top-right of the WebUl. Click Commit again, wait until the
commit process is complete, then continue.
Onyourdesktop,openabrowsertohttp://www.eicar.org
ClicktheAntiMalwareTestfilelink.
ClicktheDownloadlink.
WithintheDownloadarea,clickeithertheeicar.comortheeicar.com.txtfiletodownloadthefile
usingthestandardprotocolhttp.(DonotusetheSSLencrypteddownloads.Thefirewallwillnotbeableto
detectthevirusesinanhttpsconnectionuntildecryptionisconfigured.)
Ifprompted,Savethefile.Donotopenorrunthefile.(Thefirewallissettoalertbutnotblock
thevirus,butyoumayfindthatthebrowserblocksthefile.)
Closethebrowser.
IntheWebUl,selectMonitor>Logs>Threattoviewthethreatlog.
FindthelogmessagethatdetectedtheEicarfile.Noticethattheactionforthefileisalert.
ClickthegreendownarrowatontheleftsideofthelinefortheEicarfiledetectiontoviewthe
packetcapture(PCAP).
AfterviewingthePCAPclickClose.
SelectObjects>SecurityProfiles>Antivirus.
Opentheelabstudentantivirusprofile.
ChangetheActioncolumnfortheftp,http,andsmbdecoderstodefault(blockordrop).
ClickOK.
ClicktheCommitlinkatthetoprightoftheWebUl.ClickCommitagain.waituntilthecommit
processiscomplete,thencontinue.
IntheDesktop,openanewbrowserwindowtowww.eicar.org/850download.html.
Attempttodownloadavirusfileusinghttpagain.TheAntivirusprofileisnowsettoBlock,soa
responsepageshouldappear.
SelectMonitor>Logs>ThreatandnotethatthelogentriesstatingthattheEicarviruswas
detectedanddenied.
After15minutes,thethreatsthatyoujustgeneratedwillappearontheACCtabunderthe
ThreatsActivityandtheBlockedActivitytabs.
Inthedesktop,openabrowserandbrowsetovariouswebsitessuchasGoogle,Yahoo,orBing.The
URLfilteringprofilerecordseachwebsitethatyouvisit.
IntheWebUI,selectMonitor>Logs>URLFiltering.Verifythatthelogentriestrackthesitesthat
youvisitedduringyourtests.
NowtesttheblockconditionthatyoucreatedbyvisitingasitethatispartoftheEngineerSites,
hacking,orgovernmentcategories.OntheDesktop,attempttobrowsetoantechnologysitelikethesites
thatyoulistedintheEngineerSitesgroupi.ewww.cisco.com
Theprofilewillblockthisactionandyouwillseeablockpagesimilartothisone:
SecurityGroupsarerecommendedforsetsofprofilesthatarecommonlyassignedtogether.Thefirewall
supportstheabilitytocreatesecurityprofilegroups,whichspecifysetsofsecurityprofilesthatcanbe
treatedasaunitandthenaddedtosecuritypolicies.Forexample,youcancreateasecurityprofilegroupthat
includesprofilesforantivirus,antispyware,andvulnerability,andthencreateasecuritypolicythatincludes
thecustomprofile.
IntheWebUI,selectObjects>SecurityProfileGroups.
ClickAddtodefineasecurityprofilegroup.
NameEnterelabstudentprofilegroup
AntivirusProfileSelectelabstudentantivirus
AntiSpywareProfileSelectelabstudentantispyware
URLFilteringProfileSelectelabstudenturlfiltering
ClickOKtoclosetheSecurityProfileGroupwindow.
Profilescanbeassignedindividuallyorasasecurityprofilegroup.SecurityGroupsarerecommendedfor
setsofprofilesthatarecommonlyassignedtogether.
SelectPolicies>Security.
ClickInternetConnectivityinthelistofpolicynames.
Editthepolicytoreplacetheprofileswiththeprofilegroup.
FromActionstab
ProfileTypeSelectGroup
GroupProfileSelectelabstudentprofilegroup
ClickOKtoclosethePolicywindow.
ClicktheCommitlinkatthetoprightoftheWebUl.ClickCommitagain,waituntilthecommit
processiscomplete,thencontinue.