Content FilterContent-filter: Company defined security policies.

The Content Filter prevents potentially dangerous content from entering the network. The risks can differ from one company to another depending on many factors, including:

  • Sector to which they belong.
  • Size
  • Governmental restrictions affecting the company
  • Arbitrary decisions of IT administrators
  • Etc.

The Content Filter protection in Panda GateDefender is both robust and flexible:

  • Robust: to prevent all types of possible threats regardless of the type of traffic.
  • Flexible: to enable application of corporate security policies adapted to every type of company.

Content filter protection in operation

The filtering of potentially dangerous content takes place on two levels.

  • At file level (HTTP, HTTPS, FTP). Scanning the types of files that could represent a danger and filtering according to different criteria:
    • Nested compressed files – The maximum level of nesting can be defined.
    • Large compressed files – The maximum file size can be defined
    • Compressed files containing a large number of files – Configurable by the administrator.
    • Dangerous MIME types – Defined in an importable and exportable list.
    • Files whose MIME type does not match its extension.
    • ActiveX and Applets – White lists and blacklists of senders and domains with controls
    • Files with macros or embedded information – Office files, Flash…
    • Password protected files – ZIP files, PDF files and Microsoft Office files.
    • Files with truncated extensions – CLSID, space, illegal characters…
    • Encrypted files in HTTP – Encrypted through PGP.
    • Scripts in HTML – embedded or referenced in the code.
    • External references in the body or attachments to HTML messages – Referenced files.
  • At message level (SMTP, POP3, IMAP4 and NNTP). Scanning the bodies, subjects and structure of messages and filtering according to different criteria:
    • By textual content. Lets you define the filtering rules for messages and attachments, by text content for SMTP, POP3, IMAP and NNTP. Messages can be filtered by:
      • Subject
      • Attachment name
      • Message body (text and HTML)
    • By no. of recipients. The maximum number of recipients can be defined for inbound, outbound or inbound and outbound mail.
    • Nested messages. Nested messages are filtered, as well as attachments to the main messages and the attachments to nested messages.
    • Encrypted messages. Files received encrypted with PGP will be filtered.
    • Malformed messages. Messages whose content cannot be scanned will be filtered.
    • Fragmented messages: Fragmented messages received, which pose a security risk as they cannot be scanned in full, will be filtered

The actions that can be taken on filtered items are:

  • Messages
    • Delete the message The message will be completely deleted.
    • Redirect or move the message. It will be sent to the Content Filter quarantine area.
    • Just notify. No action will be taken on the content or the item filtered.
  • Attachments
    • Delete attachment. The attached file will be deleted.
    • Delete the message. The message will be completely deleted.
    • Redirect or move the message. It will be sent to the Content Filter quarantine area.
    • Just notify. The event will be logged, if configured.
  • HTTP and FTP file transfers
    • Block/delete. The file transfer will be blocked or the filtered file will be deleted.
    • Just notify. The event will be logged, if configured.

Benefits

  • Improved corporate security: Based on the specific criteria of each company.
  • Prevents data loss: Control over the documents that can be transmitted outside the internal network.