TABLE OF CONTENTS The PIX firewall can filter and block potentially harmful Web traffic, including Java and ActiveX applications. In this chapter, we look at how the PIX firewall can integrate with virus-filtering, spam-blocking, and adware mechanisms. The PIX firewall provides integrated intrusion detection for common information-gathering stacks and network attacks. We also look at how to use IDS signatures in the PIX firewall to detect common network attacks.
Often, more resources are allocated to protecting internal networks from external malicious attempts, yet equal care and attention needs to be devoted to monitoring and filtering outbound connections initiated from internal networks. Such content inspection allows the firewall to enforce security policies such as an Acceptable Use Policy, which might be used to limit browsing to certain sets and types of Web sites. URL filtering is one such mechanism where the firewall is configured to pass each HTTP or HTTPS request to a filter server for a permit or deny decision. The firewall then acts accordingly: if the request is approved, it is forwarded to the outside server and the client receives the asked-for content. If the request is denied, it is silently dropped or the user is informed that the request violates policy.
Another reason for filtering is active content such as ActiveX or Java applets, which could be malicious. The PIX can protect your users from malicious sites that embed these executable applets (viruses or Trojan horses) in their pages. Content filtering can scan incoming applets...
