The Pop3 Alg; The Sip Alg - D-Link NetDefend DFL-210 User Manual

6.2.7. The SIP ALG

6.2.6. The POP3 ALG

POP3 is a mail transfer protocol that differs from SMTP in that the transfer of mail is directly from a
server to a user's client software.
POP3 ALG Options
Key features of the POP3 ALG are:
Block Clear Text Authentication
Hide User
Allow Unknown Commands
Fail Mode
Verify MIME type
Block/Allow filetype
Anti-Virus Scanning
6.2.7. The SIP ALG
Session Initiation Protocol (SIP) is an ASCII (UTF-8) text based signalling protocol used to
establish sessions between clients in an IP network. It is a request-response protocol that resembles
HTTP and SMTP. The session which SIP sets up might consist of a Voice-Over-IP (VoIP)
telephone call or it could be a collaborative multi-media conference. Using SIP with VoIP means
that telephony can become another IP application which can integrate into other services.
SIP does not know about the details of a session's content and is only responsible for initiating,
terminating and modifying sessions. Sessions set up by SIP are typically used for the streaming of
audio and video over the Internet using the RTP/RTCP protocol (which is based on UDP) but they
might also involve traffic based on the TCP protocol. A RTP/RTCP based sessions might also
involve TCP or TLS based traffic in the same session.
SIP is defined by IETF RFC 3261 and is considered an important standard for VoIP communication.
It is comparable to H.323 but a design goal with SIP was to make it more scalable than H.323. (For
VoIP see also Section 6.2.8, "The H.323 ALG".)
Block connections between client and server that send the
username/password combination as clear text which can be
easily read (some servers may not support other methods than
this).
This option prevents the POP3 server from revealing that a
username does not exist. This prevents users from trying
different usernames until they find a valid one.
Non-standard POP3 commands not recognized by the ALG
can be allowed or disallowed.
When content scanning find bad file integrity then the file can
be allowed or disallowed.
The content of an attached file can be checked to see if it
agrees with its stated filetype. A list of all filetypes that are
verified in this way can be found in Appendix C, Verified
MIME filetypes. This same option is also available in the
HTTP ALG and a fuller description of how it works can be
found in Section 6.2.2, "The HTTP ALG".
Filetypes from a predefined list can optionally be blocked or
allowed as mail attachments and new filetypes can be added
to the list. This same option is also available in the HTTP
ALG and a fuller description of how it works can be found in
Section 6.2.2, "The HTTP ALG".
The NetDefendOS Anti-Virus subsystem can optionally scan
email attachments searching for malicious code. Suspect files
can be dropped or just logged. This feature is common to a
number of ALGs and is described fully in Section 6.4,
"Anti-Virus Scanning".
216
Chapter 6. Security Mechanisms