Table of Contents
Advertisement
•
Block clients from sending USER and PASS command
Block connections between client and server that send the username/password combination
as clear text which can be easily read (some servers may not support other methods than
this).
•
Hide User
This option prevents the POP3 server from revealing that a username does not exist. This
prevents users from trying different usernames until they find a valid one.
•
Allow Unknown Commands
Non-standard POP3 commands not recognized by the ALG can be allowed or disallowed.
•
Fail Mode
When content scanning detects bad file integrity, the file can be allowed or disallowed.
•
Verify MIME type
The content of an attached file can be checked to see if it agrees with its stated filetype. A list
of all filetypes that are verified in this way can be found in Appendix C, Verified MIME filetypes.
This same option is also available in the HTTP ALG and a fuller description of how it works can
be found in Section 6.2.2, "The HTTP ALG".
•
Block/Allow filetype
Filetypes from a predefined list can optionally be blocked or allowed as mail attachments and
new filetypes can be added to the list. This same option is also available in the HTTP ALG and
a fuller description of how it works can be found in Section 6.2.2, "The HTTP ALG".
•
Anti-Virus Scanning
The NetDefendOS Anti-Virus subsystem can optionally scan email attachments searching for
malicious code. Suspect files can be dropped or just logged. This feature is common to a
number of ALGs and is described fully in Section 6.5, "Anti-Virus Scanning".
Virus scanning by the POP3 ALG is redundant is scanning is already performed on mail traffic
before it reaches the mail server. This scanning could be done by the NetDefendOS SMTP
ALG.
Example 6.6. POP3 ALG Setup
This example will assume the network topology illustrated in the diagram at the beginning of
this section. POP3 traffic is to be allowed between a mail server on the dmz_net network and
protected clients on the lan_net network. It is assumed that the mail server has a private IPv4
address which is defined by the address book object mail_server_ip.
The POP3 ALG will perform the following actions:
•
Prevent the mail server revealing if the email address exists.
•
Deny any email that fails scanning by the ALG.
•
Block all attached exe or msifiles.
•
Block any attachments where the file extension differs from the file's MIME type.
459
Chapter 6: Security Mechanisms
- Quick Links:
- User Manual
Hide quick links:
Advertisement
Table of Contents
Troubleshooting
