攻撃防御セーフガードとブロックされる攻撃

アプリケーション層

境界、内部、およびウェブを防御するチェック・ポイントのセキュリティ・ゲートウェイ・ソリューションは、数多くの攻撃を防御し、またそれら攻撃へのセーフガードを提供します。下記一覧表はそれらの防御のうちの一部を、プロトコルと OSI モデル・レイヤ別にリストアップしてまとめたものです。

備考：チェック・ポイントは、今後も防御の幅を継続的に拡張します。この一覧表は現時点でのスナップショットで、全てを網羅したものではありません。

防御リストのダウンロード [PDF]

アプリケーション層
Attack Prevention Safeguards	Attacks Blocked
HTTP Client (browser and other client machine components)
Limit maximum response header length Prohibit binary characters in HTTP response headers Validate HTTP response protocol compliance Block user-defined URLs URL filtering Restrict download of user-defined files Restrict peer-to-peer (P2P) connections Restrict P2P connections for non-HTTP ports Block Java code Strip script tags Strip applet tags Strip FTP links Strip port strings Strip ActiveX tags	Code Red worm & Mutations Nimda worm & Mutations HTR Overflow Worm & Mutations MDAC Buffer Overflow & Mutations Malicious URLs User-Defined worms & mutations Cross-Site Scripting Attacks
HTTP Server
Limit maximum URL length Limit maximum number of response headers allowed Limit maximum request header length Limit maximum response header length Specify header length, using regular expressions for header name and value Reject HTTP headers that contain specific header names or values Prohibit binary characters in HTTP response headers Prohibit binary characters in HTTP requests Block user-defined URLs Restrict non-RFC HTTP methods Enforce HTTP security on non-standard ports (ports other than 80) Compare transmission to user-approved SOAP scheme/template Restrict download of user-defined files ASN.1 buffer overflow Distinguish between different HTTP v1.1 requests over same connection Restrict unsafe HTTP commands Fingerprint scrambling (spoofing) to hide server information SOAP Scheme validation SSL overflow attacks SSL v3 version enforcement Restrict header values Malicious Code Protector (Prohibit malicious executable code against web servers) SQL Injection Command Injection Restrict Binary data in forms Restrict HTTP methods Block HTTP traffic featuring negative content-length HTTP headers Blocks Trojan by identifying attempts to receive SCRIPT traffic containing HTML tags Block content disposition in http header Define specific network objects as Web servers Perform strict HTTP protocol enforcement Reject HTTP requests that contain illegal SWAT header Strip files extensions in Web traffic Block network access to files with certain extensions (to prevent worm infection) Block HTML Tags from http request header Block shell commands from http request header Block http requests containing scripting code using POST command Block non-ASCII characters in http request/response header LDAP injection protection	Encoding Attacks User-Defined Worms & Mutations Code Red Worm & Mutations Nimda Worm & Mutations HTR Overflow Worm & Mutations Directory Traversal Attacks MDAC Buffer Overflow & Mutations Malicious URLs Chunked Transfer Encoding Attacks Cross-Site Scripting Attacks HTTP-based attacks spanning multiple packets WebDAV Attacks PCT Worms & Mutations HTTP header spoofing attacks IIS Server Buffer Overflow Santy worm & Mutations Spyware and Adware Attacks LDAP injection attacks
SMTP
Block multiple "content-type" headers Block multiple "encoding headers" Camouflage default banner Restrict unsafe SMTP commands Header forwarding verification Restrict unknown encoding Restrict mail messages not containing sender/recipient domain name Restrict MIME attachments of specified type Strip file attachments with specified names Strict enforcement of RFC 821 & 822 Monitor and enforce restrictions on ESMTP commands Hide internal mail user names and addresses Perform reverse DNS lookup Strict enforcement of MAIL and RCPT syntax Restrict mail from user-defined sender or domain Restrict mail to user-defined recipients Restrict mail to unknown domains Enforce limits on the number of RCPT commands allowed per transaction Restrict mail relay usage Enforce ASN.1 standard Strip script tags Strip ActiveX tags Block malicious filenames Block the X-LINK2STATE SMTP extended verb	SMTP Mail Flooding SMTP worm & Mutations Extended Relay Attacks Message/ Partial MIME Attack SPAM Attack (large number of emails) Command Verification Attack SMTP Payload worm & Mutations Worm Encoding Firewall Traversal Attack SMTP Error Denial-of-Service Attack Mailbox Denial-of-Service Attack (excessive email size) Address Spoofing SMTP Buffer Overflow Attacks MyDoom worm & Mutations Bagle worm & Mutations Sober worm & Mutations Zafi worm & Mutations Bagz.C worm and Mutations
POP3
Restrict connections with passwords identical to user name Enforce max characters in user name (buffer overflow protection) Enforce max password length (buffer overflow protection) Restrict binary characters in user name (buffer overflow protection) Restrict binary characters in passwords (buffer overflow protection) Restrict binary characters in POP3 commands (buffer overflow protection) Limit number of NOOP commands, freeing POP3 daemon resources (DoS protection)	POP3 Buffer Overflow attacks
IMAP4
Restrict connections with passwords identical to user name Enforce max characters in user name (buffer overflow protection) Enforce max password length (buffer overflow protection) Restrict binary characters in user name (buffer overflow protection) Restrict binary characters in passwords (buffer overflow protection) Restrict binary characters in POP3 commands (buffer overflow protection) Limit number of NOOP commands, freeing POP3 daemon resources (DOS protection)	IMAP4 Buffer Overflow attacks
RSH
Auxiliary port monitoring Restrict reverse injection
RTSP
Auxiliary port monitoring.
IIOP
Auxiliary port monitoring
FTP
Analyze and restrict hazardous FTP commands Block custom file types Camouflage default banner Strip FTP references	FTP Bounce Attack Passive FTP Attacks Client and Server Bounce Attacks FTP Port Injection Attacks Directory Traversal Attack Firewall Traversal Attack TCP Segmentation Attack
DNS
Restrict DNS zone transfers Restrict usage of DNS server as a public server Provide separate DNS service for private vs. public domains Enforce DNS over TCP protocol Restrict domains on "not allowed" list Provide cache protection Restrict inbound requests Restrict mismatched replies Enforce DNS query format Enforce DNS response format	Protect against DNS Cache poisioning attacks DNS Query Malformed Packet Attacks DNS Answer Malformed Packet Attacks DNS Query-Length Buffer Overflow DNS Query Buffer Overflow - Unknown Request/Response Man-in-the-Middle Attack
Microsoft Networking
CIFS filename filtering (protect against worms utilizing CIFS protocol) Restrict remote access to registry Restrict remote null sessions Restrict pop-up messages Enforce ASN.1 standard	Bugbear Worm Nimda Worm Liotan Worm Sasser Worm Opaserv Worm MS05-003 Indexing Service MS05-010 License Logging Service
SSH
Enforce SSH v2 protocol	SSH v1 Buffer Overflow Attack
SNMP
Restrict SNMP get/put commands Restrict known dangerous communities Enforce or require SNMPv3 protocol	SNMP Flooding Attack Default Community Attacks Brute Force Attacks SNMP Put Attack
MS SQL
Block remote command execution Restrict potentially dangerous commands (Information Leakage) Restrict usage of default system administrator password	SQL Resolver Buffer Overflow SQL Slammer Worm Buffer Overflow (various attack variations) MS SQL networking DOS (various DOS attack variations) Heap Overflow Attack
Oracle SQL
Verify dynamic port allocation and initiation	SQLNet v2 Man-in-the-Middle Attack
SSL
Enforce SSL V3 protocol	SSL V2 Buffer Overflow
H.323
Verify protocol fields and values Identification and restriction of the PORT command Enforce existence of mandatory fields Enforce user registration Prevent VoIP firewall holes Disable H.323 audio and video transmissions Enforce H.323 call duration limits For H.323, Allow only traffic associated with a specific call For H.323, Restrict blank source in calls	Buffer Overflow Attacks Man-in-the-Middle Attack
MGCP
Verify protocol fields and values Identification and restriction of the PORT command Enforce existence of mandatory fields Enforce user registration Prevent VoIP firewall holes Enforce MGCP protocol Verify state of MGCP commands Restrict unknown and unsafe MGCP commands	Buffer Overflow Attacks Man-in-the-Middle Attack
SCCP (Cisco VoIP)
Enforce SCCP protocol Secure SCCP dynamic ports Verify state of SCCP commands Verify protocol fields and values Identification and restriction of the PORT command Enforce existence of mandatory fields Enforce user registration Prevent VoIP firewall holes	Buffer Overflow Attacks Man-in-the-Middle Attack
SIP
Limit number of invite commands (DOS protection) Restrict SIP-based instant messaging Verify protocol fields and values Identification and restriction of the PORT command Enforce existence of mandatory fields Enforce user registration Prevent VoIP firewall holes Restrict MSN Messenger file transfers Restrict MSN Messenger application sharing Restrict MSN Messenger whiteboard sharing Restrict MSN Messenger remote assistance	Buffer Overflow Attacks Man-in-the-Middle Attack
X11
Restrict reverse injection Block special clients
DHCP
Perform Strict DHCP options enforcement Block BOOTP clients Block non-Ethernet DHCP clients
Peer-to-Peer
Block IRC protocol on all TCP high ports Restrict P2P connections Restrict P2P connections on on-HTTP ports
SOCKS
Drop SOCKS versions other than Version 5 Block unauthenticated SOCKS connections
Routing Protocols
Enforce MD5 routing authentication on various routing protocols (OSPF, BGP, RIP) Enforce the validity of IGMP packets
Content Protection
Block Malformed JPEG Block Malformed ANI file Block Malformed GIF
Instant Messengers
Block invalid MSN Messenger over MSNMS patterns (prevent worm infection) Block file transfer in Instant Messages via MSN/Windows Messenger Block the MSN_Messenger group	Bropia.E Worm Kelvir.B Worm
Remote Control Applications
Block VNC connections on the VNC port and on other ports Block Remote Administrator connection attempts made both on the Remote Administrator well-known port and on other ports Enforce authentication scheme on Radmin connections