Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
5821
Views
5
Helpful
4
Replies

URL Category Filtering

keithcclark71
Level 3
Level 3

‎05-04-2017 06:16 AM - edited ‎03-12-2019 06:23 AM

Does anyone have any reccomendation on which categories they filter on and by reputation level? The problem I am having as a consultant is defining which categories the business should have in place. I wish it was as simple as adding all categories high risk but that may cause some issues.

Labels:
0 Helpful
4 Replies 4

Joshua Edwards
Level 1
Level 1

‎05-05-2017 01:56 PM

Hey Keith,

We just set this up in our office and with a bit of trial and error we using the following categories with any reputation:

  1. Adult and Pornography
  2. Abused Drugs
  3. Bot Nets
  4. Cheating
  5. Confirmed Spam Sources
  6. Cult and Occult
  7. Gambling
  8. Games
  9. Gross
  10. Hate and Racism
  11. Hacking
  12. Illegal
  13. Keyloggers and Monitoring
  14. Malware Sites
  15. Nudity
  16. Phishing and Other Frauds
  17. Proxy Avoid and Anonymizers
  18. Questionable
  19. SPAM URLs
  20. Marijuana
  21. Spyware and Adware
  22. Parked Domains
  23. Online Greeting Cards
  24. Social Network
  25. Personal Storage
  26. Auctions
  27. Dating
  28. Dead Sites
  29. Music
  30. P2P
  31. Streaming Media
  32. Swimsuits and Intimate Apparel
  33. Web Based Email

From here, we allow sites on an exception basis. We have a link to our internal ticketing system in our HTTP Response block page and request users provide a business need from that point. The main reasons for the categories are productivity and risk based while trying to strike a balance for "incidental" usage. This is still a work in progress, there are other categories we are still considering. If I was using categories, I would probably set most to block anything with a rating of 1, 2, or 3.

If the business has a defined Rules of Behavior or Acceptable Use Policy that would be a great launching point for you to start defining categories that match the business' needs and are enforceable through policy.


As a side note. be very careful with the Web Advertisements category, if it is set to any reputation, it can end up blocking pretty much every site you try to visit.

Hope that helps.

Marvin Rhoads
Hall of Fame
Hall of Fame
In response to Joshua Edwards

‎05-05-2017 08:01 PM

That's a great approach.

I would only add that the Personal storage category may not always be appropriate - it includes things like Dropbox, OneDrive and Box.com which may be approved for use in many enterprises.

If in doubt about a particular site, you can always check the category via the Brightcloud lookup tool:

http://www.brightcloud.com/tools/url-ip-lookup.php

That's what FirePOWER currently uses for URL categories.

0 Helpful

keithcclark71
Level 3
Level 3
In response to Marvin Rhoads

‎05-08-2017 06:28 AM

This is great info guys. Very much appreciated!!! It is nice to be able to lean on those who have the knowledge. I just don't have enough yet to share and help others out like you guys have. It really has been a pleasure to read through replies such as Marvin's as without people like him to share it would be very hard on someone as myself to take on Firepower alone. 

0 Helpful

TobiasHilbert
Level 1
Level 1
In response to Marvin Rhoads

‎07-10-2018 08:36 AM

Hi Marvin

 

Does FirePower still uses brightcloud?

 

I currently have a example where the category differs:

 

http://www.emp-leipzig.de/

 

Cisco SFR: Adult and Pornography

BrightCloud: Business and Economy

 

kind regards

Tobias

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card