Cloud NGFW for Azure Security Services
Table of Contents
Expand all | Collapse all
-
- Cloud NGFW for Azure
- Cloud NGFW Components
- Cloud NGFW for Azure Supported Regions
- Cloud NGFW for Azure Limits and Quotas
- Cloud NGFW for Azure Pricing
- Cloud NGFW for Azure Free Trial
- Cloud NGFW Credit Distribution and Management
- Start with Cloud NGFW for Azure
- Manage Cloud NGFW Roles for Azure Users
- Integrate Single Sign-on
- Monitor Cloud NGFW Health
- Create a Support Case
- Register Your Cloud NGFW Tenant with a Palo Alto Networks Support Account
- Cloud NGFW for Azure Certifications
- Cloud NGFW For Azure Privacy and Data Protection
-
- About Rulestacks and Rules on Cloud NGFW for Azure
- Create a Rulestack on Cloud NGFW for Azure
- Cloud NGFW for Azure Security Rule Objects
- Create a Prefix List on Cloud NGFW for Azure
- Create an FQDN List for Cloud NGFW on Azure
- Add a Certificate to Cloud NGFW for Azure
- Create Security Rules on Cloud NGFW for Azure
- Cloud NGFW for Azure Security Services
- Enable DNS Security on Cloud NGFW for Azure
- Set Up Outbound Decryption on Cloud NGFW for Azure
- Set Up Inbound Decryption on Cloud NGFW for Azure
-
- Panorama Integration
- Panorama Integration Prerequisites
- Link the Cloud NGFW to Palo Alto Networks Management
- Use Panorama for Cloud NGFW Policy Management
- Enable User-ID on the Cloud NGFW for Azure
- Configure Service Routes for On-Prem Services
- Use XFF IP Address Values in Policy
- View Cloud NGFW Logs and Activity in Panorama
- Strata Cloud Manager Policy Management
-
- Configure Logging for Cloud NGFW on Azure
- Cloud NGFW for Azure Traffic Log Fields
- Cloud NGFW for Azure Threat Log Fields
- Cloud NGFW for Azure Decryption Log Fields
- Enable Log Settings
- Disable Log Settings
- Enable Activity Logging on Cloud NGFW for Azure
- Multiple Logging Destinations on Cloud NGFW for Azure
- View the Logs
- View Audit Logs on a Firewall Resource
- View Audit Logs on Resource Groups
- What's New
- Cloud NGFW for Azure Known Issues
- Cloud NGFW for Azure Addressed Issues
Cloud NGFW for Azure Security Services
Cloud NGFW uses your rulestack definitions to protect your Azure Virtual
Network (VNet) traffic by a two-step process. First, it enforces your rules to allow or
deny your traffic. Second, it performs content inspection on the allowed traffic (URLs,
threats, files) based on what you specify on the Security Profiles. Additionally, it
helps you define how Cloud NGFW should scan the allowed traffic and blocks threats such
as viruses, malware, spyware, and DDOS attacks.
IPS and Spyware Threat Protection
- IPS Vulnerability—(enabled by default and preconfigured based on best practices) an Intrusion Prevention System (IPS) vulnerability profile stops attempts to exploit system flaws or gain unauthorized access to systems. While Anti-Spyware profiles help identify infected hosts as traffic leaves the network, IPS Vulnerability profiles protect against threats entering the network. For example, Vulnerability Protection profiles help protect against buffer overflows, illegal code execution, and other attempts to exploit system vulnerabilities. The default Vulnerability Protection profile protects clients and servers from all known critical, high, and medium-severity threats.Best Practice ConfigurationThe following Vulnerability best practice configuration is enabled by default on Cloud NGFW for Azure.
Signature Severity Action Critical Reset both High Reset both Medium Reset both Informational Default Low Default - Anti-Spyware—(enabled by default and preconfigured based on best practices) an anti-spyware profile blocks spyware on compromised hosts from trying to phone-home or beacon out to external command-and-control (C2) servers, allowing you to detect malicious traffic leaving the network from infected clients.
Best Practice Configuration
The following Anti-Spyware best practice configuration is enabled by default on Cloud
NGFW for Azure.
Signature Severity | Action |
---|---|
Critical | Reset both |
High | Reset both |
Medium | Reset both |
Informational | Default |
Low | Default |
IPS Vulnerability and Anti-Spyware Signatures
The following table lists all possible signatures for Vulnerability and Spyware
categories. These signatures are continuously updated on your NGFWs.
Threat Category
|
Description
|
---|---|
Vulnerability Signatures
| |
brute force
|
A brute-force signature detects multiple occurrences of a
condition in a particular time frame. While the activity in
isolation might be benign, the brute-force signature indicates
that the frequency and rate at which the activity occurred is
suspect. For example, a single FTP login failure does not
indicate malicious activity. However, many failed FTP logins in
a short period likely indicate an attacker attempting password
combinations to access an FTP server.
|
code execution
|
Detects a code execution vulnerability that an attacker can
leverage to run code on a system with the privileges of the
logged-in user.
|
code-obfuscation
|
Detects code that has been transformed to conceal certain data
while retaining its function. Obfuscated code is difficult or
impossible to read, so it’s not apparent what commands the code
is executing or with which programs its designed to interact.
Most commonly, malicious actors obfuscate code to conceal
malware. More rarely, legitimate developers might obfuscate code
to protect privacy, intellectual property, or to improve user
experience. For example, certain types of obfuscation (like
minification) reduce file size, which decreases website load
times and bandwidth usage.
|
dos
|
Detects a denial-of-service (DoS) attack, where an attacker
attempts to render a targeted system unavailable, temporarily
disrupting the system and dependent applications and services.
To perform a DoS attack, an attacker might flood a targeted
system with traffic or send information that causes it to fail.
DoS attacks deprive legitimate users (like employees, members,
and account holders) of the service or resource to which they
expect access.
|
exploit-kit
|
Detects an exploit kit landing page. Exploit kit landing pages
often contain several exploits that target one or many common
vulnerabilities and exposures (CVEs), for multiple browsers and
plugins. Because the targeted CVEs change quickly, exploit-kit
signatures trigger based on the exploit kit landing page, and
not the CVEs.
When a user visits a website with an exploit kit, the exploit kit
scans for the targeted CVEs and attempts to silently deliver a
malicious payload to the victim’s computer.
|
info-leak
|
Detects a software vulnerability that an attacker could exploit
to steal sensitive or proprietary information. Often, an
info-leak might exist because comprehensive checks do not exist
to guard the data, and attackers can exploit info-leaks by
sending crafted requests.
|
insecure-credentials
|
Detects the use of weak, compromised, and manufacturer default
passwords for software, network appliances, and IoT devices.
|
overflow
|
Detects an overflow vulnerability, where a lack of proper checks
on requests could be exploited by an attacker. A successful
attack could lead to remote code execution with the privileges
of the application, server or operating system.
|
phishing
|
Detects when a user attempts to connect to a phishing kit landing
page (likely after receiving an email with a link to the
malicious site). A phishing website tricks users into submitting
credentials that an attacker can steal to gain access to the
network.
|
protocol-anomaly
|
Detects protocol anomalies, where a protocol behavior deviates
from standard and compliant usage. For example, a malformed
packet, poorly-written application, or an application running on
a non-standard port would all be considered protocol anomalies,
and could be used as evasion tools.
|
sql-injection
|
Detects a common hacking technique where an attacker inserts SQL
queries into an application’s requests, in order to read from or
modify a database. This type of technique is often used on
websites that do not comprehensively sanitize user input.
|
Spyware Signatures
| |
spyware
|
Detect outbound C2 communication. These signatures are either
auto-generated or are manually created by Palo Alto Networks
researchers.
Spyware and autogen signatures both detect outbound C2
communication; however, autogen signatures are payload-based
and can uniquely detect C2 communications with C2 hosts that
are unknown or change rapidly. |
adware
|
Detects programs that display potentially unwanted
advertisements. Some adware modifies browsers to highlight and
hyperlink the most frequently searched keywords on web
pages-these links redirect users to advertising websites. Adware
can also retrieve updates from a command-and-control (C2) server
and install those updates in a browser or onto a client
system.
|
autogen
|
These payload-based signatures detect command-and-control (C2)
traffic and are automatically-generated. Importantly, autogen
signatures can detect C2 traffic even when the C2 host is
unknown or changes rapidly.
|
backdoor
|
Detects a program that allows an attacker to gain unauthorized
remote access to a system.
|
botnet
|
Indicates botnet activity. A botnet is a network of
malware-infected computers (“bots”) that an attacker
controls. The attacker can centrally command every computer in a
botnet to simultaneously carry out a coordinated action (like
launching a DoS attack, for example).
|
browser-hijack
|
Detects a plugin or software that is modifying browser settings.
A browser hijacker might take over auto search or track users’
web activity and send this information to a C2 server.
|
cryptominer
|
(Sometimes known as cryptojacking or miners) Detects the download
attempt or network traffic generated from malicious programs
designed to use computing resources to mine cryptocurrencies
without the user's knowledge. Cryptominer binaries are
frequently delivered by a shell script downloader that attempts
to determine system architecture and kill other miner processes
on the system. Some miners execute within other processes, such
as a web browser rendering a malicious web page.
|
data-theft
|
Detects a system sending information to a known C2 server.
|
dns
|
Detects DNS requests to connect to malicious domains.
|
downloader
|
(Also known as droppers, stagers, or loaders) Detects programs
that use an internet connection to connect to a remote server to
download and execute malware on the compromised system. The most
common use case is for a downloader to be deployed as the
culmination of stage one of a cyber attack, where the
downloader’s fetched payload execution is considered second
stage. Shell scripts (Bash, PowerShell, etc.), trojans,
and malicious lure documents (also known as maldocs) such as
PDFs and Word files are common downloader types.
|
fraud
|
(Including form-jacking, phishing, and scams) Detects access to
compromised websites that have been determined to be injected
with malicious JavaScript code to collect sensitive user
information. (for example, Name, address, email, credit card
number, CVV, expiration date) from payment forms that are
captured on the checkout pages of e-commerce websites.
|
hacktool
|
Detects traffic generated by software tools that are used by
malicious actors to conduct reconnaissance, attack or gain
access to vulnerable systems, exfiltrate data, or create a
command and control channel to surreptitiously control a
computer system without authorization. These programs are
strongly associated with malware and cyber attacks. Hacking
tools might be deployed in a benign manner when used in Red and
Blue Team operations, penetration tests, and R&D. The use or
possession of these tools may be illegal in some countries,
regardless of intent.
|
networm
|
Detects a program that self-replicates and spreads from system to
system. Net-worms might use shared resources or leverage
security failures to access target systems.
|
phishing-kit
|
Detects when a user attempts to connect to a phishing kit landing
page (likely after receiving an email with a link to the
malicious site). A phishing website tricks users into submitting
credentials that an attacker can steal to gain access to the
network.
|
post-exploitation |
Detects activity that indicates the post-exploitation phase of an
attack, where an attacker attempts to assess the value of a
compromised system. This might include evaluating the
sensitivity of the data stored on the system, and the system’s
usefulness in further compromising the network.
|
webshell |
Detects web shells and web shell traffic, including implant
detection and command and control interaction. Web shells must
first be implanted by a malicious actor onto the compromised
host, most often targeting a web server or framework. Subsequent
communication with the web shell file frequently enables a
malicious actor to establish a foothold in the system, conduct
service and network enumeration, data exfiltration, and remote
code execution in the context of the web server user. The most
common web shell types are PHP, .NET, and Perl markup scripts.
Attackers can also use web shell-infected web servers (the web
servers can be both internet-facing or internal systems) to
target other internal systems.
|
keylogger
|
Detects programs that allow attackers to secretly track user
activity, by logging keystrokes and capturing screenshots.
Keyloggers use various C2 methods to periodically sends logs and
reports to a predefined e-mail address or a C2 server. Through
keylogger surveillance, an attacker could retrieve credentials
that would enable network access.
|
Malware and File-based Threat Protection
- Antivirus—(enabled by default and preconfigured based on best practices) antivirus profiles protect against viruses, worms, and trojans as well as spyware downloads. Using a stream-based malware prevention engine, which inspects traffic the moment the first packet is received, the Palo Alto Networks antivirus solution can provide protection for clients without significantly impacting the performance of the firewall. This profile scans for a wide variety of malware in executables, PDF files, HTML and JavaScript viruses, including support for scanning inside compressed files and data encoding schemes.Best Practice ConfigurationThe following Antivirus best practice configuration is enabled by default on Cloud NGFW for Azure.
Protocol Action FTP Reset both HTTP Reset both HTTP2 Reset both IMAP Reset both POP3 Alert SMB Reset both SMTP Reset both - File Blocking—(enabled by default and preconfigured based on best practices) file blocking profiles allows you to identify specific file types that you want to block or monitor. The firewall uses file blocking profiles to block specific file types over specified applications and in the specified session flow direction (inbound/outbound/both). You can set the profile to alert or block on upload and/or download and you can specify which applications will be subject to the file blocking profile.
- Alert—when the specified file type is detected, a log is generated in the data filtering log.
- Block—when the specified file type is detected, the file is blocked. A log is also generated in the data filtering log.
Best Practice Configuration
The following File Blocking best practice configuration is enabled by default on
Cloud NGFW for Azure.
File Types | Application | Direction | Action |
---|---|---|---|
All risky file types:
| Any | Both (upload and download) | Block |
All remaining file types | Any | Both (upload and download) | Alert |
Antivirus Signatures
The following table lists all possible signatures for Antivirus category. These
signatures are continuously updated on your NGFWs.
Threat Category
|
Description
|
---|---|
Antivirus Signatures
| |
apk
|
Malicious Android Application (APK) files.
|
MacOSX
|
Malicious MacOSX files, including:
|
flash
|
Adobe Flash applets and Flash content embedded in web pages.
|
jar
|
Java applets (JAR/class file types).
|
ms-office
|
Microsoft Office files, including documents (DOC, DOCX, RTF),
workbooks (XLS, XLSX), and PowerPoint presentations (PPT, PPTX).
This also includes Office Open XML (OOXML) 2007+ documents.
|
pdf
|
Portable Document Format (PDF) files.
|
pe
|
Portable executable (PE) files can automatically execute on a
Microsoft Windows system and should be only allowed when
authorized. These files types include:
|
linux
|
Executable and Linkable Format (ELF) files.
|
archive
|
Roshal Archive (RAR) and 7-Zip (7z) archive files.
|
Web-based Threat Protection
URL Categories and Filtering—(enabled by default and preconfigured based on
best practices) URL Filtering profiles
enable you to monitor and control how users access the web over HTTP and HTTPS. The
firewall comes with a default profile that is configured to block websites such as
known malware sites, phishing sites, and adult content sites. URL filtering Profile
is not enabled by default. When you enable URL Filtering profile in your rulestack,
Cloud NGFW enforces the best-practices URL Filtering profile on your traffic. You
have an option to modify the default access option on each of the categories, based
on your needs.
Best Practices Configuration
By default, URL Filtering is enabled and uses security policy based on best
practices.
URL Categories | Site Access | Credential Submissions |
---|---|---|
Malicious and exploitative categories:
| Block | Block |
All other URL categories | Alert | Alert |
Predefined URL Categories for Cloud NGFW for Azure
The following table describes the pre-defined URL categories available
on Cloud NGFW on Azure. You can use these categories in security rules to block or
allows access to websites that fall into them.
URL Category
|
Description
|
---|---|
Risk Categories
| |
High Risk
|
Sites that were previously confirmed to be malicious but have
displayed benign activity for at least 30 days. Sites hosted on
bulletproof ISPs or using an IP from an ASN that has known
malicious content. Sites sharing a domain with a known malicious
site. All sites in the “Unknown” category will be high risk.
|
Medium Risk
|
Sites confirmed to be malicious but have displayed benign
activity for at least 60 days. All sites in the “Online Storage
and Backup” category will be a medium risk by default.
|
Low Risk
|
Any site that is not High Risk or Medium Risk. This includes
sites that were previously confirmed as malicious but have
displayed benign activity for at least 90 days.
|
Threat Categories
| |
Command and Control
|
Command-and-control URLs and domains used by malware and/or
compromised systems to surreptitiously communicate with an
attacker's remote server to receive malicious commands or
exfiltrate data.
|
Malware
|
Sites known to host malware or used for command and control (C2)
traffic. May also exhibit Exploit Kits.
|
Threat Adjacent Categories
| |
Dynamic DNS
|
Hosts and domain names for systems with dynamically assigned IP
addresses and which are oftentimes used to deliver malware
payloads or C2 traffic. Also, dynamic DNS domains do not go
through the same vetting process as domains that are registered
by a reputable domain registration company, and are therefore
less trustworthy.
|
Grayware
|
Web content that does not pose a direct security threat but that
display other obtrusive behavior and tempt the end user to grant
remote access or perform other unauthorized actions. Grayware
includes illegal activities, criminal activities, rogueware,
adware, and other unwanted or unsolicited applications, such as
embedded crypto miners, clickjacking or hijackers that change
the elements of the browser. Typosquatting domains that do not
exhibit maliciousness and are not owned by the targeted domain
will be categorized as grayware.
|
Hacking
|
Sites relating to the illegal or questionable access to or the
use of communications equipment/software. Development and
distribution of programs, how-to-advice and/or tips that may
result in the compromise of networks and systems. Also includes
sites that facilitate the bypass of licensing and digital rights
systems.
|
Phishing
|
Web content that covertly attempts to fool the user in order to
harvest information, including login credentials, credit card
information – voluntarily or involuntarily, account numbers,
PINs, and any information considered to be personally
identifiable information (PII) from victims via social
engineering techniques. Technical support scams and scareware is
also included as phishing.
|
Suspicious
| |
Insufficient Content
|
Websites and services that present test pages, no content,
provide API access not intended for end-user display or require
authentication without displaying any other content suggesting a
different categorization. Should not include websites providing
remote access, such as web based VPN solutions, web based email
services or identified credential phishing pages.
|
Newly Register Domain
|
Newly registered domains are often generated purposely or by
domain generation algorithms and used for malicious
activity.
|
Parked
|
Domains registered by individuals, oftentimes later found to be
used for credential phishing. These domains may be similar to
legitimate domains, for example, pal0alto0netw0rks.com, with the
intent of phishing for credentials or personal identify
information. Or, they may be domains that an individual
purchases rights to in hopes that it may be valuable someday,
such as panw.net.
|
Proxy Avoidance and Anonymizers
|
URLs and services often used to bypass content filtering
products.
|
Unknown
|
Sites that have not yet been identified by Palo Alto Networks. If
availability is critical to your business and you must allow the
traffic, alert on unknown sites, apply the best practice
Security profiles to the traffic, and investigate the
alerts.
|
Legal/Policy
| |
Abortion
|
Sites that pertain to information or groups in favor of or
against abortion, details regarding abortion procedures, help or
support forums for or against abortion, or sites that provide
information regarding the consequences/effects of pursuing (or
not) an abortion.
|
Abused Drugs
|
Sites that promote the abuse of both legal and illegal drugs, use
and sale of drug related paraphernalia, manufacturing and/or
selling of drugs.
|
Adult
|
Sexually explicit material, media (including language), art,
and/or products, online groups or forums that are sexually
explicit in nature. Sites that promote adult services such as
video/telephone conferencing, escort services, strip clubs, etc.
Anything containing adult content (even if it's games or comics)
will be categorized as adult.
|
Alcohol and Tobacco
|
Sites that pertain to the sale, manufacturing, or use of alcohol
and/or tobacco products and related paraphernalia. Includes
sites related to electronic cigarettes.
|
Auctions
|
Sites that promote the sale of goods between individuals.
|
Business and Economy
|
Marketing, management, economics, and sites relating to
entrepreneurship or running a business. Includes advertising and
marketing firms. Should not include corporate websites as they
should be categorized with their technology. Also shipping
sites, such as fedex.com and ups.com.
|
Computer and Internet Info
|
General information regarding computers and the internet. Should
include sites about computer science, engineering, hardware,
software, security, programming, etc. Programming may have some
overlap with reference, but the main category should remain
computer and internet info.
|
Content Delivery Networks
|
Sites whose primary focus is delivering content to 3rd parties
such as advertisements, media, files, etc.Also includes image
servers.
|
Copyright Infringement
|
Domains with illegal content, such as content that allows illegal
download of software or other intellectual property, which poses
a potential liability risk. This category was introduced to
enable adherence to child protection laws required in the
education industry as well as laws in countries that require
internet providers to prevent users from sharing copyrighted
material through their service.
|
Cryptocurrency
| Websites that promote cryptocurrencies, crypto mining websites (but not embedded crypto miners), cryptocurrency exchanges and vendors, and websites that manage cryptocurrency wallets and ledgers. This category does not include traditional financial services websites that reference cryptocurrencies, websites that explain and describe how cryptocurrencies and blockchains work, or websites that contain embedded cryptocurrency miners (grayware). |
Dating
|
Websites offering online dating services, advice, and other
personal ads.
|
Educational Institutions
|
Official websites for schools, colleges, universities, school
districts, online classes, and other academic institutions.
These refer to larger, established educational institutions such
as elementary schools, high schools, universities, etc. Tutoring
academies can go here as well.
|
Entertainment and Arts
|
Sites for movies, television, radio, videos, programming
guides/tools, comics, performing arts, museums, art galleries,
or libraries. Includes sites for entertainment, celebrity and
industry news.
|
Extremism
|
Websites promoting terrorism, racism, fascism, or other extremist
views discriminating against people or groups of different
ethnic backgrounds, religions or other beliefs. This category
was introduced to enable adherence to child protection laws
required in the education industry. In some regions, laws and
regulations may prohibit allowing access to extremist sites, and
allowing access may pose a liability risk.
|
Financial Services
|
Websites pertaining to personal financial information or advice,
such as online banking, loans, mortgages, debt management,
credit card companies, and insurance companies. Does not include
sites relating to stock markets, brokerages or trading services.
Includes sites for foreign currency exchange. Includes sites for
foreign currency exchange.
|
Gambling
|
Lottery or gambling websites that facilitate the exchange of real
and/or virtual money. Related websites that provide information,
tutorials or advice regarding gambling, including betting odds
and pools. Corporate websites for hotels and casinos that do not
enable gambling are categorized under Travel.
|
Games
|
Sites that provide online play or download of video and/or
computer games, game reviews, tips, or cheats, as well as
instructional sites for non-electronic games, sale/trade of
board games, or related publications/media. Includes sites that
support or host online sweepstakes and/or giveaways.
|
Government
|
Official websites for local, state, and national governments, as
well as related agencies, services, or laws.
|
Health and Medicine
|
Sites containing information regarding general health
information, issues, and traditional and non-traditional tips,
remedies, and treatments. Also includes sites for various
medical specialties, practices and facilities (such as gyms and
fitness clubs) as well as professionals. Sites relating to
medical insurance and cosmetic surgery are also included.
|
Home and Garden
|
Information, products, and services regarding home repair and
maintenance, architecture, design, construction, decor, and
gardening.
|
Hunting and Fishing
|
Hunting and fishing tips, instructions, sale of related equipment
and paraphernalia.
|
Internet Communications and Telephony
|
Sites that support or provide services for video chatting,
instant messaging, or telephony capabilities.
|
Internet Portals
|
Sites that serve as a starting point for users, usually by
aggregating a broad set of content and topics.
|
Job Search
|
Sites that provide job listings and employer reviews, interview
advice and tips, or related services for both employers and
prospective candidates.
|
Legal
|
Information, analysis or advice regarding the law, legal
services, legal firms, or other legal related issues
|
Military
|
Information or commentary regarding military branches,
recruitment, current or past operations, or any related
paraphernalia.
|
Motor Vehicles
|
Information relating to reviews, sales and trading,
modifications, parts, and other related discussions for
automobiles, motorcycles, boats, trucks and RVs.
|
Music
|
Music sales, distribution, or information. Includes websites for
music artists, groups, labels, events, lyrics, and other
information regarding the music business. Does not include
streaming music.
|
News
|
Online publications, newswire services, and other websites that
aggregate current events, weather, or other contemporary issues.
Includes newspapers, radio stations, magazines, and
podcasts.
|
Not-Resolved
|
Indicates that the website was not found in the local URL
filtering database and the firewall was unable to connect to the
cloud database to check the category. When a URL category lookup
is performed, the firewall first checks the dataplane cache for
the URL, if no match is found, it will then check the management
plane cache, and if no match is found there, it queries the URL
database in the cloud. When deciding on what action to take for
traffic that is categorized as not-resolved, be aware that
setting the action to block may be very disruptive to users.
|
Nudity
|
Sites that contain nude or semi-nude depictions of the human
body, regardless of context or intent, such as artwork. Includes
nudist or naturist sites containing images of participants.
|
Online Storage and Backup
|
Websites that provide online storage of files for free and as a
service.
|
Peer-to-Peer
|
Sites that provide access to or clients for peer-to-peer sharing
of torrents, download programs, media files, or other software
applications. This is primarily for those sites that provide
bittorrent download capabilities. Does not include shareware or
freeware sites.
|
Personal Sites and Blogs
|
Personal websites and blogs by individuals or groups. Should try
to first categorize based on content. For example, if someone
has a blog just about cars, then the site should be categorized
under "motor vehicles". However, if the site is a pure blog,
then it should remain under "personal sites and blogs".
|
Philosophy and Political Advocacy
|
Sites containing information, viewpoints or campaigns regarding
philosophical or political views.
|
Private IP Addresses
|
This category includes IP addresses defined in RFC 1918, 'Address
Allocation for Private Intranets? It also includes domains not
registered with the public DNS system (*.local and *.onion).
|
Questionable
|
Websites containing tasteless humor, offensive content targeting
specific demographics of individuals or groups of people.
|
Real Estate
|
Information on property rentals, sales and related tips or
information. Includes sites for real estate agents, firms,
rental services, listings (and aggregates), and property
improvement.
|
Recreation and Hobbies
|
Information, forums, associations, groups, and publications on
recreations and hobbies.
|
Reference and Research
|
Personal, professional, or academic reference portals, materials,
or services. Includes online dictionaries, maps, almanacs,
census information, libraries, genealogy and scientific
information.
|
Religion
|
Information regarding various religions, related activities or
events. Includes websites for religious organizations, officials
and places of worship. Includes sites for fortune telling.
|
Search Engines
|
Sites that provide a search interface using keywords, phrases, or
other parameters that may return information, websites, images
or files as results.
|
Sex Education
|
Information on reproduction, sexual development, safe sex
practices, sexually transmitted diseases, birth control, tips
for better sex, as well as any related products or related
paraphernalia. Includes websites for related groups, forums or
organizations.
|
Shareware and Freeware
|
Sites that provide access to software, screensavers, icons,
wallpapers, utilities, ringtones, themes or widgets for free
and/or donations. Also includes open source projects.
|
Shopping
|
Sites that facilitate the purchase of goods and services.
Includes online merchants, websites for department stores,
retail stores, catalogs, as well as sites that aggregate and
monitor prices. Sites listed here should be online merchants
that sell a variety of items (or whose main purpose is online
sales). A webpage for a cosmetics company that also happens to
allow online purchasing should be categorized with cosmetics and
not shopping.
|
Social Networking
|
User communities and sites where users interact with each other,
post messages, pictures, or otherwise communicate with groups of
people. Does not include blogs or personal sites.
|
Society
|
Topics relating to the general population, issues that impact a
large variety of people, such as fashion, beauty, philanthropic
groups, societies, or children. Also includes restaurant
websites.Includes websites designed for children as well as
restaurants.
|
Sports
|
Information about sporting events, athletes, coaches, officials,
teams or organizations, sports scores, schedules and related
news, and any related paraphernalia. Includes websites regarding
fantasy sports and other virtual sports leagues.
|
Stock Advice and Tools
|
Information regarding the stock market, trading of stocks or
options, portfolio management, investment strategies, quotes, or
related news.
|
Streaming Media
|
Sites that stream audio or video content for free and/or
purchase. Includes online radio stations and other streaming
music services.
|
Swimsuits and Intimate Apparel
|
Sites that include information or images concerning swimsuits,
intimate apparel or other suggestive clothing
|
Training and Tools
|
Sites that provide online education and training and related
materials. Can include driving/traffic schools, workplace
training, etc.
|
Translation
|
Sites that provide translation services, including both user
input and URL translations. These sites can also allow users to
circumvent filtering as the target page's content is presented
within the context of the translator's URL.
|
Travel
|
Information regarding travel tips, deals, pricing information,
destination information, tourism, and related services. Includes
websites for hotels, local attractions, casinos, airlines,
cruise lines, travel agencies, vehicle rentals and sites that
provide booking tools such as price monitors.Includes websites
for local points of interest/tourist attractions such as the
Eiffel Tower, the Grand Canyon, etc.
|
Weapons
|
Sales, reviews, descriptions of or instructions regarding weapons
and their use.
|
Web Advertisements
|
Advertisements, media, content, and banners.
|
Web Hosting
|
Free or paid for hosting services for web pages, including
information regarding web development, publication, promotion,
and other methods to increase traffic.
|
Web-based Email
|
Any website that provides access to an email inbox and the
ability to send and receive emails.
|