Chapter 9. Content Security

In the last chapter, I talked about restricting access based on the user; in this chapter, I talk about restricting access to certain kinds of content. Such restrictions include not allowing people to access certain kinds of sites (e.g., pornography, news), preventing people from accessing specific types of content (e.g., RealAudio, MP3), and scanning content for viruses. I also discuss the various Security Servers for HTTP, FTP, SMTP, and TCP in some detail.

By the end of this chapter, you should be able to:

Know what CVP and UFP are used for
Restrict content for HTTP, FTP, SMTP, and generic TCP services
Understand the performance issues inherent in Content Security
Understand how to tune your FireWall-1 installation to perform well
Troubleshoot problems with Content Security

Frequently Asked Questions

Chapter 1. Introduction to Firewalls

Chapter 2. Planning Your FireWall-1 Installation

Chapter 3. Installing FireWall-1

Chapter 4. Building Your Rulebase

Chapter 5. Logging and Alerting

Chapter 6. Common Issues

Chapter 7. Remote Management

Chapter 8. User Authentication

Chapter 9. Content Security

The Security Servers

The HTTP Security Server

The FTP Security Server

The SMTP Security Server

The TCP Security Server

General Questions about the Security Servers

Debugging the Security Servers

Sample Configurations

Chapter 10. Network Address Translation

Chapter 11. Site-to-Site VPN

Chapter 12. SecuRemote and SecureClient

Chapter 13. High Availability

Chapter 14. INSPECT

Appendix A. Securing Your Bastion Host

Appendix B. Sample Acceptable Usage Policy

Appendix C. 'firewall-1.conf' File for Use with OpenLDAP v1

Appendix D. 'firewall-1.schema' File for Use with OpenLDAP v2

Appendix E. Performance Tuning

Appendix F. Sample 'defaultfilter.pf' File

Appendix G. Other Resources

Appendix H. Further Reading