Information
Apply a secure URL filtering profile to all security policies permitting traffic to the Internet. The URL Filtering profile may be applied to the security policies directly or through a profile group.
Rationale:
URL Filtering policies dramatically reduce the risk of users visiting malicious or inappropriate websites. In addition, a complete URL history log for all devices is invaluable when performing forensic analysis in the event of a security incident. Applying complete and approved URL filtering to outbound traffic is a frequent requirement in corporate policies, legal requirements or regulatory requirements.
Impact:
Not having an effective URL Filtering configuration can leave an organization open to legal action, internal HR issues, non-compliance with regulatory policies or productivity loss.
NOTE: Nessus has provided the target output to assist in reviewing the benchmark to ensure target compliance.
Solution
To Set URL Filtering:
For each Security Profile that transits traffic to the internet, navigate to Policies > Security > Security Profiles > [Policy Name] > Actions.
Set a URL Filtering profile that complies with the policies of the organization is applied to all Security Policies that transit traffic to the public internet.
Default Value:
Not Configured