NGAF 8.0 File Protection

Newbie234888 Lv1Posted 11 May 2024 12:00

Hello Tech Team,

I would like to ask what is the behavior of enabling file protection in content security policy within URL Filter I saw it by default it is not enabled this does mean that all file type is not scanned or if we will enabled fire protection all files that passing through the NGAF will be disabled or will continue?

Thank You in advance.

Prosi has solved this question and earned 20 coins.

Posting a reply earns you 2 coins. An accepted reply earns you 20 coins and another 10 coins for replying within 10 minutes. (Expired) What is Coin?

Enter your mobile phone number and company name for better service. Go

Hi,

Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks, including Cross-Site Scripting (XSS) and data injection attacks. These attacks are used for everything from data theft, to site defacement, to malware distribution.
Is this answer helpful?
Prosi Lv3Posted 11 May 2024 18:20
  
Hi,

Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks, including Cross-Site Scripting (XSS) and data injection attacks. These attacks are used for everything from data theft, to site defacement, to malware distribution.
Rotring Lv2Posted 11 May 2024 19:28
  
Hi,
Enabling file protection in Content Security Policy (CSP) within a URL Filter works differently from what you might expect. Here's a breakdown:

What CSP File Protection Does:

Focuses on Web Content: CSP primarily deals with web content security, not necessarily file scanning within a URL Filter on a Next-Generation Application Firewall (NGAF).
Restricts Downloaded Resources: When enabled in a CSP, file protection directives control which resources (like scripts, images, fonts) a webpage can load from external sources. This helps mitigate vulnerabilities like Cross-Site Scripting (XSS) attacks.
What Enabling Does Not Do:

Direct File Scanning: Enabling CSP file protection does not directly translate to scanning every file that passes through the NGAF. URL filters typically have separate functionalities for virus or malware scanning.
Impact on File Access:

No Disabling Files: Enabling CSP file protection does not disable all file types or prevent files from passing through the NGAF.
What Enabling Might Do:

Blocking Malicious Scripts: If a webpage tries to load a malicious script that violates the CSP rules (e.g., script from an untrusted source), the script might be blocked.
Additional Considerations:

Limited File Control: While CSP offers some control over downloaded resources, it doesn't provide comprehensive file scanning capabilities.
Focus on Web Security: CSP is primarily a web security measure to prevent vulnerabilities in web applications, not a replacement for traditional file scanning on an NGAF.
In Summary:

Enabling file protection in CSP within a URL filter  does not automatically scan all files or disable file transfer through the NGAF. It focuses on web content security by restricting resources loaded by webpages. File scanning for viruses or malware likely happens through a separate process within the NGAF.
B1rd53y3V13w Lv1Posted 11 May 2024 19:53
  
Thank you for enlightening me on this matter.

I thought before that enabling will result to not passing through file type that is included in the rule.
Farina Ahmed Lv5Posted 13 May 2024 13:38
  
When file protection is enabled, all files passing through NGAF undergo scanning, helping to mitigate the risk of malware infiltration or unauthorized access. This proactive measure enhances the security posture of the network by reducing the potential for malicious files to go undetected and cause harm.

I Can Help:

Change

Moderator on This Board

11
7
5

Started Topics

Followers

Follow

1
3
5

Started Topics

Followers

Follow

0
4
5

Started Topics

Followers

Follow

67
20
3

Started Topics

Followers

Follow

3
14
3

Started Topics

Followers

Follow

1
137
3

Started Topics

Followers

Follow

Board Leaders