SmartfFilter XL enables your organization to understand, filter and monitor internet use, while providing effective control over outbound web access and protection against the web-based threats you're likely to encounter, today and tomorrow.

 

Using a combination of real-time reputation scoring and category filtering, McAfee SmartFilter XL proactively and reliably detects and enables you to block spyware, phishing, malware and other ubiquitous security threats in today's Web 2.0 environment.

 

One important feature available in SmartFilter XL is the ability to identify and filter embedded URLs.

 

What are Embedded URL's

URL filtering is performed to prevent web traffic from inappropriate web use (as defined by the organization) as well as to prevent exposure to security threats.  An embedded URL (a url that is contained within another URL) can evade URL filtering rules and allow access to a  web site that should have been blocked.

 

Examples of embedded URL's are as follows:

  • URL in a path node:

http://www.domain.com/path/path/www.baddomain.com

 

  • URL as a cgi parameter:

http://www.domain.com/cgiparam?http://baddomain.com/path

 

  • Proxy with a redirect

http://proxyIP_address/d=www.badurl.net/path

 

  • Search result cached URLs

http://ipaddress/search?g=cash:regrJNMCw7vE:www.url.com/searchterm&cd=2&h1=en&ct =cink&gl=us

 

  • Multiple embedded URLs

http://www.domain.com/imgres?imgurl=http://embeddedurl.com&imgrefurl=http://www. embeddedurlalso.com/path

 

Why Embedded URL support is important

URL filtering should recognize and utilize embedded urls.  If the URL is only filtered based on the base domain, there is potential for allowing access to an inappropriate site, or worse, to a known malware site.  As the above examples show, the base domain will appear harmless, but the request is redirected to any of the embedded urls, completely undetected by the filtering process, unless embedded URL's are recognized by the URL parser.

 

The popularity of anonymizer sites increases embedded URL exposure.  Anonymizer sites are popular because it allows the user to surf the web without leaving traces of personal information or usage. The target web site becomes an embedded URL with the anonymizer domain as a base domain.  For example:  http://someanonymizer.com/brose.php?u=%3A%2Fwww.newwebsite.comb=60

 

How does McAfee protect against these threats

In SmartFilter XL, the URL shown above would return the base domain category (anonymizer) as well as the categories from the www.newwebsite.comand the worst web reputation of the two URLs.  The categories for www.newwebsite.com could be malicious or some other category that violates the organization's security policy, or they may be harmless.

 

Using SmartFilter XL, embedded URLs are correctly recognized and filtered against the organization's security policy, providing better overall web protection.

 

In some cases, it is not appropriate to let an embedded URL influence the base domain categorization.  For example, phishing URLs often change the base domain of a URL and include an embedded URL to a legitimate site.  The base domain will most likely be uncategorized, and the legitimate embedded URL categorization returns a legitimate category, thus allowing access.

 

SmartFilter XL can recognize some cases where it is not appropriate to let an embedded URL influence the base domain categorization.

 

Using SmartFilter XL with embedded URL processing activated provides state of the art URL filtering protection.