Filter
Top Products
App Control Use Cases
684
SonicOS 5.8.1 Administrator Guide
Hosted Email Environments
A hosted email environment is one in which email is available on a user’s Internet Service
Provider (ISP). Typically, POP3 is the protocol used for email transfer in this environment. Many
small-business owners use this model, and would like to control email content as well as email
attachments. Running Application Control on the gateway provides a solution for controlling
POP3-based as well as SMTP-based email.
Application Control can also scan HTTP, which is useful for email hosted by sites such as Yahoo
or Hotmail. Note that when an attachment is blocked while using HTTP, Application Control
does not provide the file name of the blocked file. You can also use Application Control to
control FTP when accessing database servers.
If you want a dedicated SMTP solution, you can use SonicWALL Email Security. Email Security
is used by many larger businesses for controlling SMTP-based email, but it does not support
POP3. For controlling multiple email protocols, Application Control provides an excellent
solution.
Email Control
Application Control can be very effective for certain types of email control, especially when a
blanket policy is desired. For example, you can prevent sending attachments of a given type,
such as .exe, on a per-user basis, or for an entire domain. Because the file name extension is
being matched in this case, changing the extension before sending the attachment will bypass
filtering. Note that you can also prevent attachments in this way on your email server if you have
one. If not, then Application Control provides the functionality.
You can create a match object that scans for file content matching strings such as
“confidential”, “internal use only” and “proprietary” to implement basic controls over the transfer
of proprietary data.
You can also create a policy that prevents email to or from a specific domain or a specific user.
You can use Application Control to limit email file size, but not to limit the number of
attachments. Application Control can block files based on MIME type. It cannot block encrypted
SSL or TLS traffic, nor can it block “all encrypted files”. To block encrypted email from a site
that is using HTTPS, you can create a custom match object that matches the certificate sent
before the HTTPS session begins. This is part of the SSL session before it gets encrypted.
Then you would create a custom policy that blocks that certificate.
Application Control can scan email attachments that are text-based or are compressed to one
level, but not encrypted. The following table lists file formats that Application Control can scan
for keywords. Other formats should be tested before you use them in a policy.
File Type Common Extension
C source code c
C+ source code cpp
Comma-separated values csv
HQX archives hqx
HTML htm
Lotus 1-2-3 wks
Microsoft Access mdb
Microsoft Excel xls
Microsoft PowerPoint ppt