The Content Filter prevents potentially dangerous content from entering the network. The risks can differ from one company to another depending on many factors, including:
- Sector to which they belong.
- Size
- Governmental restrictions affecting the company
- Arbitrary decisions of IT administrators
- Etc.
The Content Filter protection in Panda GateDefender is both robust and flexible:
- Robust: to prevent all types of possible threats regardless of the type of traffic.
- Flexible: to enable application of corporate security policies adapted to every type of company.
Content filter protection in operation
The filtering of potentially dangerous content takes place on two levels.
- At file level (HTTP, FTP). Scanning the types of files that could represent a danger and filtering according to different criteria:
- Nested compressed files – The maximum level of nesting can be defined.
- Large compressed files – The maximum file size can be defined
- Compressed files containing a large number of files – Configurable by the administrator.
- Dangerous MIME types – Defined in an importable and exportable list.
- Files whose MIME type does not match its extension.
- ActiveX and Applets - White lists and blacklists of senders and domains with controls
- Files with macros or embedded information – Office files, Flash…
- Password protected files – ZIP files, PDF files and Microsoft Office files.
- Files with truncated extensions – CLSID, space, illegal characters…
- Encrypted files in HTTP – Encrypted through PGP.
- Scripts in HTML – embedded or referenced in the code.
- External references in the body or attachments to HTML messages – Referenced files.
- At message level (SMTP, POP3, IMAP4 and NNTP). Scanning the bodies, subjects and structure of messages and filtering according to different criteria:
- By textual content. Lets you define the filtering rules for messages and attachments, by text content for SMTP, POP3, IMAP and NNTP. Messages can be filtered by:
- Subject
- Attachment name
- Message body (text and HTML)
- By no. of recipients. The maximum number of recipients can be defined for inbound, outbound or inbound and outbound mail.
- Nested messages. Nested messages are filtered, as well as attachments to the main messages and the attachments to nested messages.
- Encrypted messages. Files received encrypted with PGP will be filtered.
- Malformed messages. Messages whose content cannot be scanned will be filtered.
- Fragmented messages: Fragmented messages received, which pose a security risk as they cannot be scanned in full, will be filtered
The actions that can be taken on filtered items are:
- Messages:
- Delete the message: The message will be completely deleted.
- Redirect or move the message: It will be sent to the Content Filter quarantine area.
- Just notify: No action will be taken on the content or the item filtered.
- Attachments
- Delete attachment. The attached file will be deleted.
- Delete the message: The message will be completely deleted.
- Redirect or move the message. It will be sent to the Content Filter quarantine area.
- Just notify. The event will be logged, if configured.
- HTTP and FTP file transfers
- Block/delete. The file transfer will be blocked or the filtered file will be deleted.
- Just notify. The event will be logged, if configured.
Benefits
- Improved corporate security: Based on the specific criteria of each company.
- Prevents data loss: Control over the documents that can be transmitted outside the internal network.