Understanding and Configuring ISA content groups

By /

Understanding and Configuring ISA content groups

In this tutorial I focus on Content groups and how they function.  I will also show you how to configure content groups. This will enable you to restrict certain objects on the internet specific to webpage’s that you might want to limit either for security reasons or bandwidth limitations that your organization may have.  You also may want to limit access to a specific file types or scripts that may be potentially dangerous to your organization.

What are content groups?

 

 

Content groups can be found under the Policy elements object within the ISA server’s MMC console.

Content groups applies to HTTP and tunneled FTP and can be represented as file extensions or MIME types (Multipurpose Internet Mail Extensions), that you can use when creating a site and content rules or a bandwidth rules.  Content groups allow you to restrict specific content that is available on a specific website.  When using HTTP to browse the web, any inbound HTTP traffic will be identified by its mime type, but when tunneled FTP mode is used the traffic is identified by  the file extensions, bear this in mind when using content groups as it can play an important role when creating rules that incorporate HTTP or FTP content groups.

How do content groups work?

Content groups work in the following manner.

  1. An ISA client requests HTTP/FTP content from ISA (not HTTPS content).
  2. ISA then checks the file or objects extension.
  3. The ISA Server then checks if a rule is bound to a content group and if that content group has the file name extension or mime type prescribed within it.
  4. IF ISA finds the prescribed mime type or file extension ISA will ether allow or deny the object retrieval depending on what you have configured the ISA server rule to do.
    The figure below depicts the content group’s communication behavior when Http method is used.

The figure below depicts the content group’s communication behavior when Http method is used.

Configuring ISA content groups.

1.

To create content groups locate the content group ISA server object under Policy elements then right click on the content group object, then click on new, and then click on content group.

2.

Now you should be presented with the screen above. In the name text field type the name below that type the description.  For the purposes of this exercise you can select the audio and then the x-pn-realaudio plugin object. Then click add and the audio type will be displayed in the right hand screen under selected types.  You have just added a MIME type if you wanted to add a file type you could just type in the extension or you could look for the file extention towards the bottom of the list.

Remember that MIME types are for HTTP and file types or extensions are used for FTP.

Below is a list of the default file associations and extensions that I have gathered together and sorted into four groups.

File Name Extension

Application MIME Types

File Name Extension

Application MIME Types

 .hta

hta

.ai

postscript

.isp

x-internet-signup

.xls

vnd.ms-excel

.crd

x-mscardfile

.wks

vnd.ms-works

.pmc

x-perfmon

.ins

x-internet-signup

.spc

x-pkcs7-certificates

.pub

x-mspublisher

.sv4crc

x-sv4crc

.wri

x-mswrite

.bin

octet-stream

.spl

futuresplash

.clp

x-msclip

.hqx

mac-binhex40

.mny

x-msmoney

.p10

pkcs10

.p7r

x-pkcs7-certreqresp

.xlc

vnd.ms-excel

.evy

envoy

.xlt

vnd.ms-excel

.p7s

pkcs7-signature

.dxr

x-director

.eps

postscript

.js

x-javascript

.setreg

set-registration-initiation

.m13

x-msmediaview

.xlm

vnd.ms-excel

.trm

x-msterminal

.cpio

x-cpio

.pml

x-perfmon

.dvi

x-dvi

.me

x-troff-me

.p7b

x-pkcs7-certificates

.wcm

vnd.ms-works

.doc

msword

.latex

x-latex

.dot

msword

.m14

x-msmediaview

.p7c

pkcs7-mime

.wmf

x-msmetafile

.ps

postscript

.cer

x-x509-ca-cert

.wps

vnd.ms-works

.zip

x-zip-compressed

.csh

x-csh

.p12

x-pkcs12

.iii

x-iphone

.pfx

x-pkcs12

.pmw

x-perfmon

.der

x-x509-ca-cert

.man

x-troff-man

.pdf

pdf

.hdf

x-hdf

.xlw

vnd.ms-excel

.mvb

x-msmediaview

.texinfo

x-texinfo

.texi

x-texinfo

.p7m

pkcs7-mime

.setpay

set-payment-initiation

.pps

vnd.ms-powerpoint

.stl

vndms-pkistl

.dcr

x-director

.mdb

x-msaccess

.gtar

x-gtar

.oda

oda

.sct

text/scriptlet

.hlp

winhlp

.fif

fractals

.nc

x-netcdf

.exe

octet-stream

.sh

x-sh

.ppt

vnd.ms-powerpoint

.shar

x-shar

.sst

vndms-pkicertstore

.tcl

x-tcl

.pko

vndms-pkipko

.ms

x-troff-ms

.scd

x-msschedule

.ods

oleobject

.tar

x-tar

.axs

olescript

.roff

x-troff

.xla

vnd.ms-excel

.t

x-troff

.mpp

vnd.ms-project

.prf

pics-rules

.dir

x-director

.rtf

rtf

.sit

x-stuffit

.pot

vnd.ms-powerpoint

.*

octet-stream

.cat

vndms-pkiseccat

.bcpio

x-bcpio

.cdf

application/x-cdf

.dll

x-msdownload

.tgz

x-compressed

.pma

x-perfmon

.sv4cpio

x-sv4cpio

.pmr

x-perfmon

.tex

x-tex

.tr

x-troff

.ustar

x-ustar

.src

x-wais-source

.crt

x-x509-ca-cert

.acx

internet-property-stream

.wbd

vnd.ms-works

.crl

pkix-crl

.z

application/x-compress

.gz

application/x-gzip

File Name Extension

Audio MIME Types

File Name Extension

Audio MIME Types

.ra

audio/x-pn-realaudio

.m3u

audio/x-mpegurl

.mid

audio/mid

.ram

audio/x-pn-realaudio

.au

audio/basic

.aiff

audio/aiff

.snd

audio/basic

.rmi

audio/mid

.wav

audio/wav

.aif

audio/x-aiff

.aifc

audio/aiff

.mp3

audio/mpeg

File Name Extension

Text MIME Types

File Name Extension

Text MIME Types

.tsv

text/tab-separated-values

.stm

text/html

.xml

text/xml

.html

text/html

.323

text/h323

.xsl

text/xml

.htt

text/webviewhtml

.htm

text/html

File Name Extension

Image MIME Types

File Name Extension

Image MIME Types

.cod

image/cis-cod

.pnm

image/x-portable-anymap

.ief

image/ief

.jpe

image/jpeg

.pbm

image/x-portable-bitmap

.jfif

image/pjpeg

.tiff

image/tiff

.tif

image/tiff

.ppm

image/x-portable-pixmap

.jpg

image/jpeg

.rgb

image/x-rgb

.xbm

image/x-xbitmap

.dib

image/bmp

.ras

image/x-cmu-raster

.jpeg

image/jpeg

.gif

image/gif

.cmx

image/x-cmx

Summary: In this tutorial I have highlighted and shown you the importance of being able to restrict uses of certain objects or file extensions on the internet.  I have also made you more aware of the different file types that can occur and informed you about them to make it easier when deciding what file types may pose a bandwidth bottleneck or security risk.  Understanding content groups within ISA can prove to be a powerful tool if used as intended.

About The Author

Ricky Magalhaes is a cyber-security expert and strategist for the past 17 + years working with the world’s leading brands. Ricky is on multiple advisory boards for vendors, customers and cyber security industry bodies and periodically works with leading analyst firms to help device strategy and advise on cyber security. Ricky Magalhaes is a seasoned cyber security strategist, architect and cyber expert, Ricky has trained government agencies and a myriad of governmental agencies on various information security disciplines and has speaks at national and international embassies, conferences on behalf of cyber software vendors.

Read Next

Static vs Dynamic IP Address

Static vs Dynamic IP Address

Most people are familiar with Internet Protocol (IP) Addresses, but many people don’t know you have 2 types. In this article, you’ll learn about static…

Read More »

Leave a Comment

Your email address will not be published. Required fields are marked *

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Scroll to Top