|
|
|
NBA application filters can detect data packets transmitted using the following protocols:
IM protocols
All recognized instant message formats.
AOL and ICQ instant messages.
Both these protocol options detect the same protocol in the NBA because AOL instant messages use the ICQ protocol. AOL instant messages are usually encrypted.
Jabber (XMPP) instant messages. Can be decrypted from SSL sessions.
MSN instant messages.
Instant messages sent using an application that uses the Session Initiation Protocol (SIP).
Yahoo! instant messages.
Note: Many of these protocols may be encrypted and some cannot currently be detected by the NBA. However, the presence or absence of encryption varies from one IM client version to another and may also depend on account preference settings.
Email and Webmail protocols
Outbound messages sent using AOL Mail.
Outbound messages sent using Windows LiveMail.
To capture all Windows LiveMail messages, you must also use the HOTMAIL protocol.
Outbound messages sent using Gmail (or Google Mail). These messages can be decrypted from SSL sessions.
Outbound messages sent using Microsoft Hotmail or Windows LiveMail. These messages can be decrypted from SSL sessions.
To capture all Windows LiveMail messages, you must also use the DELTASYNC protocol.
Messages received using an email client that uses the POP3 protocol (most commonly, Outlook Express).
Messages sent using SMTP (Simple Mail Transfer Protocol). This typically includes messages sent over the Internet from an Exchange or Domino server, or sent from an email client such as Outlook Express. These messages can be decrypted from SSL sessions.
Messages sent to specified destinations using SMTP. These messages can be decrypted from SSL sessions.
You must list the destination IP addresses in the filter definition.
Messages received from specified destinations using SMTP. These messages can be decrypted from SSL sessions.
You must list the source IP addresses in the filter definition.
Messages sent using a Webmail protocol that is decoded by the NBA. These include AOL Mail, Gmail (or Google Mail), Hotmail, Windows Live Mail and Yahoo! Mail.
Note the NBA can only detect outbound (sent) messages. It cannot detect inbound messages, arriving in a user’s Webmail inbox.
Outbound messages sent using Yahoo! Mail.
File protocols
Files transferred using FTP (File Transfer Protocol).
File transfers over FTP downloaded from a server.
File uploads over FTP.
Files downloaded from a Web site. These messages can be decrypted from SSL sessions.
Files uploaded to a Web site. These messages can be decrypted from SSL sessions.
Web browsing. The NBA detects HTML Web pages requested from a Web site, including a URL plus the first HTML packet downloaded. These messages can be decrypted from SSL sessions.
Files accessed on a remote server using the SMB protocol.
The NBA can detect and block attempts to browse remote files, but it cannot analyze the contents of those files.
Other protocols
You can configure the NBA to detect all known application protocols.
Instant messages, file transfers, SMS messages and streamed audio or video transmitted using Skype software.
The NBA can detect the start of Skype sessions, but it cannot analyze their content or block the packets.
Messages read from a news group using the Network News Transfer Protocol (NNTP).
Messages posted to a news group using the Network News Transfer Protocol (NNTP).
| Copyright © 2011 CA. All rights reserved. | Email CA Technologies about this topic |