NBA application filters can detect data packets transmitted using the following protocols:
IM protocols
All recognized instant message formats.
AOL and ICQ instant messages. Both these protocol options detect the same protocol in the NBA which is called OSCAR. However, AOL instant messages are usually encrypted and the AOL client cannot be configured to trust the NBA master certificate.
Jabber (XMPP) instant messages. Can be decrypted from SSL sessions if the Jabber client is configured to trust the NBA master certificate.
Windows Live Messenger (formerly MSN) instant messages.
Instant messages sent using an application that uses the Session Initiation Protocol (SIP).
Yahoo! instant messages.
Note: Many of these protocols may be encrypted and some cannot currently be detected by the NBA. However, the presence or absence of encryption varies from one IM client version to another and may also depend on account preference settings.
Email and Webmail protocols
Outbound messages sent using AOL Mail.
Outbound messages sent using Windows LiveMail.
To capture all Windows LiveMail messages, you must also use the HOTMAIL protocol.
Note: The NBA cannot block messages received by a Windows LiveMail client. It can only block messages sent from a Windows LiveMail client.
Outbound messages sent using Gmail (or Google Mail). These messages can be decrypted from SSL sessions.
Outbound messages sent using Microsoft Hotmail or Windows LiveMail. These messages can be decrypted from SSL sessions.
To capture all Windows LiveMail messages, you must also use the DELTASYNC protocol.
Messages received using an email client that uses the POP3 protocol (most commonly, Outlook Express).
Note: The NBA cannot block POP3 emails.
Messages sent using SMTP (Simple Mail Transfer Protocol). This typically includes messages sent over the Internet from an Exchange or Domino server, or sent from an email client such as Outlook Express. These messages can be decrypted from SSL sessions.
Messages sent to specified destinations using SMTP. These messages can be decrypted from SSL sessions.
You must list the destination IP addresses in the filter definition.
Messages received from specified destinations using SMTP. These messages can be decrypted from SSL sessions.
You must list the source IP addresses in the filter definition.
Messages sent using a Webmail protocol that is decoded by the NBA. These include AOL Mail, Gmail (or Google Mail), Hotmail, Windows Live Mail and Yahoo! Mail.
Note the NBA can only detect outbound (sent) messages. It cannot detect inbound messages, arriving in a user’s Webmail inbox.
Outbound messages sent using Yahoo! Mail.
File protocols
Files transferred using FTP (File Transfer Protocol).
File transfers over FTP downloaded from a server.
File uploads over FTP.
Files downloaded from a web site. Add ".HTM" to the nbaconfig.xml file's httpgetfiletypes to include web page content. HTTPGET messages can be decrypted from SSL sessions.
Files uploaded to a Web site. HTTPPOST messages can be decrypted from SSL sessions.
Web browsing. The NBA detects HTML Web pages requested from a Web site, including a URL plus page title and other HTML metadata (keywords, author, and description if available). It does not include the actual page content (see HTTPGET). HTTPURL messages can be decrypted from SSL sessions.
Files accessed on a remote server using the SMB protocol.
The NBA can detect and block attempts to browse remote files, but it cannot analyze the contents of those files.
Other protocols
You can configure the NBA to detect all known application protocols.
The NBA can detect the start of Skype sessions, but it cannot analyze their content or block the packets.
Messages read from a news group using the Network News Transfer Protocol (NNTP).
Messages posted to a news group using the Network News Transfer Protocol (NNTP).
|
Copyright © 2014 CA.
All rights reserved.
|
|