FQDN / URL Filtering Categories¶
Valtix uses threat intelligence from WebRootTM BrightCloud to categorize web sites based on their risk score. This includes fully qualified domain names (FQDNs), sometimes referred to as domain names, and URLs. This provides sites across 84 categories when traffic from your public cloud environment makes outbound connections (egress) to these sites:
- FQDN / Domains - 842+ Million domains
- URL - 37+ Billion URLs
Tech Notes
FQDN Filtering with Categories happens for: 1) SNI in TLS Client Hello 2) DNS queries for FQDN lookups 3) HTTP hostname header (for cleartext HTTP traffic)
Malicious Categories¶
Valtix considers the following categories to be particularly malicious:
| Category Name | Category Description |
|---|---|
| Malware Sites | Sites hosting malicious content including executables, drive-by infection sites, malicious scripts, viruses, trojans, and code. |
| Phishing and Other Frauds | Phishing, pharming, and other sites that pose as a reputable site, usually to harvest personal information from a user. These sites are typically quite short-lived, so they don’t last long in terms of uptime. |
| Proxy Avoidance and Anonymizers | Proxy servers and other methods to gain access to URLs in any way that bypasses URL filtering or monitoring. Web-based translation sites that circumvent filtering. |
| Keyloggers and Monitoring | Software agents that track a user's keystrokes or monitor their web surfing habits. Often used for collecting sensitive data such as usernames and passwords. |
| SPAM URLs | Sites known to distribute unsolicited email (spam) messages. |
| Spyware and Adware | Spyware or Adware sites that provide or promote information gathering or tracking that is unknown to, or without the explicit consent of, the end user or the organization, also unsolicited advertising popups and programs that may be installed on a user's computer. |
| Bot Nets | These are URLs, often IP addresses, which are determined to be part of a Bot network, from which network attacks are launched. Attacks may include SPAM messages, DOS, SQL injections, proxy jacking, and other unsolicited contacts. |
Valtix offers traffic analysis when viewing traffic via Discover -> Traffic -> DNS and Investigate -> Flow Analytics -> Traffic Summary, where a pre-defined Malicious Categories filter can be selected to show instances and VPCs communicating with these Malicious Category FQDNs and URLs.
The full list of categories is shown below.
Full List of Categories¶
| Category Name | Category Name | Category Name | Category Name |
|---|---|---|---|
| Abortion | Games | Motor Vehicles | Sex Education |
| Abused Drugs | Government | Music | Shareware and Freeware |
| Adult and Pornography | Gross | News and Media | Shopping |
| Alcohol and Tobacco | Hacking | Nudity | Social Networking |
| Auctions | Hate and Racism | Online Greeting Cards | Society |
| Bot Nets | Health and Medicine | Open HTTP Proxies | SPAM URLs |
| Business and Economy | Home and Garden | Parked Domains | Sports |
| Cheating | Hunting and Fishing | Pay to Surf | Spyware and Adware |
| Computer and Internet Info | Illegal | Peer to Peer | Streaming Media |
| Computer and Internet Security | Image and Video Search | Personal sites and Blogs | Swimsuits and Intimate Apparel |
| Confirmed SPAM Sources | Individual Stock Advice and Tools | Personal Storage | Training and Tools |
| Content Delivery Networks | Internet Communications | Philosophy and Political Advocacy | Translation |
| Cult and Occult | Internet Portals | Phishing and Other Frauds | Travel |
| Dating | Job Search | Private IP Addresses | Uncategorized |
| Dead Sites | Keyloggers and Monitoring | Proxy Avoidance and Anonymizers | Unconfirmed SPAM Sources |
| Dynamically Generated Content | Kids | Questionable | Violence |
| Educational Institutions | Legal | Real Estate | Weapons |
| Entertainment and Arts | Local Information | Recreation and Hobbies | Web Advertisements |
| Fashion and Beauty | Malware Sites | Reference and Research | Web Hosting |
| Financial Services | Marijuana | Religion | Web-based Email |
| Gambling | Military Search Engines | Services |
Associating a Filtering Profile with a Policy Ruleset Rule¶
- Refer to FQDN Filtering to create/edit FQDN Filtering Profiles
- Refer to URL Filtering to create/edit URL Filtering Profiles
BrightCloud URL / IP Lookup Tool¶
BrightCloud offers an online URL / IP Lookup Tool that can be used to understand what category a particular FQDN / URL is classified as along with its Web Reputation.