Nokia IP45 Router Manual PDF (Setup & Configuration Guide)

Page 136 / 342 Scroll up to view Page 131 - 135

8

Setting Up the Nokia IP45 Security Platform Security Policy

136

Nokia IP45 Security Platform User’s Guide v4.0

Features Overview

VStream offers several advantages over traditional proxy-based network antivirus solutions

based on Check Point Stateful Inspection and Application Intelligence technologies:

±

Lightweight Streaming

—scans files for malicious content on the fly, without downloading

them into intermediate storage, resulting in minimal added latency and support for unlimited

file sizes. Able to scan thousands of concurrent connections by storing only minimal state

information per connection.

±

Comprehensive Protocol Support

—offers comprehensive protocol support, including

HTTP, FTP, NBT, file sharing, POP3, SMTP and IMAP, as well as arbitrary, user-defined

TCP and UDP ports.

±

Granular Scanning Policy

—a customizable scanning policy allows specifying with very

fine granularity exactly which connections should be scanned for viruses.

±

On-the-fly Decompression

—supports on-the-fly, real-time decompression and scanning of

ZIP, TAR, and GZ archive files. Archive files can be scanned with no file size limitation and

with support for nested archive files.

In addition to blocking computer viruses and Trojan Horses, VStream also includes Anti-

Phishing, blocking fraudulent emails that try to entice users to fake Web sites in attempt to steal

sensitive data, such as passwords or credit card details.

You can use VStream as a second layer of antivirus to complement the capabilities and address

the weaknesses of desktop antivirus software.

By offering a gateway-based antivirus solution, IP45 blocks security threats before they reach

your network. The antivirus signatures are automatically updated, keeping the security up-to-

date with no need for user or network administrator intervention.

VStream Antivirus Actions

When it detects malicious content, VStream Antivirus takes action based on the protocol in

which the virus was found. For more information, see Table 24.

Table 24

VStream Antivirus Actions

Protocol in which

the virus was found

Protocol is detected on

this port

Antivirus Action

HTTP

•

Port 80

•

All ports on which

VStream is enabled by

the policy

•

Terminates the connection

FTP

Port 21

•

Terminates the data connection

•

Sends a

Virus detected

message to the FTP

client

POP3

Port 110

•

Terminates the connection

•

Deletes the virus-infected email from the

server

Page 137 / 342

VStream Embedded Antivirus

Nokia IP45 Security Platform User’s Guide v4.0

137

Note

VStream uses a

best effort

approach to detect viruses for all other protocols that are not

listed in the table. In such cases, detection of viruses depends on the specific encoding used

by the protocol.

In each case, VStream Antivirus blocks the file and writes a log to the Event Log.

Enabling and Disabling VStream Antivirus

VStream Antivirus differs from the Email Antivirus subscription service (part of the Email

Filtering service) in the following ways:

±

VStream Antivirus scans for viruses in the IP45 gateway itself while Email Antivirus is

centralized, redirecting traffic through the Service Center for scanning.

±

VStream Antivirus supports additional protocols while Email Antivirus is specific to email,

scanning incoming POP3 and outgoing SMTP connections only.

You can use either antivirus solution or both in conjunction.

To enable and disable VStream antivirus

1.

From the main menu, choose Antivirus.

The VStream Antivirus page opens.

SMTP

Port 25

•

Rejects the virus-infected email with 554 error

code

•

Sends a

Virus detected

message to the

sender

IMAP

Port 143

•

Terminates the connection

•

Replaces the virus-infected email with a

virus

found

message

TCP and UDP

Generic TCP and UDP

ports other than the ones

listed above.

•

Terminates the connection

Table 24

VStream Antivirus Actions (

continued

)

Protocol in which

the virus was found

Protocol is detected on

this port

Antivirus Action

Page 138 / 342

8

Setting Up the Nokia IP45 Security Platform Security Policy

138

Nokia IP45 Security Platform User’s Guide v4.0

2.

To set the antivirus, move the On-Off lever.

Viewing VStream Signature Database Information

VStream Antivirus maintains two databases: a daily database and a main database. The daily

database is updated frequently with the newest virus signatures. Periodically, the contents of the

daily database are moved to the main database, leaving the daily database empty. This system of

incremental updates to the main database allows for quicker updates and saves on network

bandwidth.

You can view information about the VStream signature databases currently in use, in the

VStream Antivirus page.

Table 25

VStream Antivirus page fields

Field

Description

Main Database

Displays the date and time at which the main database was last

updated, followed by the version number.

Daily Database

Displays the date and time at which the daily database was last

updated, followed by the version number.

Next Update

Displays the next date and time at which the IP45 appliance will

check for updates.

Status

Displays the current status of the database.

Options:

•

Database Not Installed

•

OK

Page 139 / 342

VStream Embedded Antivirus

Nokia IP45 Security Platform User’s Guide v4.0

139

Configuring VStream Antivirus

You can configure the VStream Antivirus in the following ways:

±

Configuring the antivirus policy

±

Configuring the advanced settings

Configuring the antivirus policy

VStream Antivirus policy:

±

Allows you to define exactly which traffic should be scanned, by specifying the protocol,

ports, and source and destination IP addresses.

±

Enables you to define exceptions to rules by processing the rules in the order they appear in

the Antivirus Policy table.

To scan all outgoing SMTP traffic, except traffic from a specific IP address

1.

Create a rule scanning all outgoing SMTP traffic

2.

Move the rule Configuring VStream Antivirus down in the Antivirus Policy table.

3.

Create another rule passing SMTP traffic from the desired IP address

4.

Move this rule to a higher location in the Antivirus Policy table than the first rule.

The IP45 appliance will process rule 1 first, passing outgoing SMTP traffic from the specified IP

address and then it will process rule 2, scanning all outgoing SMTP traffic.

To set antivirus policy

1.

From the main menu, choose Antivirus.

The VStream Antivirus page opens.

2.

You can view a list of antivirus rules that are set.

Page 140 / 342

8

Setting Up the Nokia IP45 Security Platform Security Policy

140

Nokia IP45 Security Platform User’s Guide v4.0

3.

For details on the options of this page, see

Table 26

.

To add a new rule

1.

From the main menu, choose AntiVirus.

The VStream Antivirus page opens.

2.

Select Policy.

The Antivirus Policy page opens.

3.

Click Add Rule.

The VStream Policy Wizard opens.

Table 26

Fields of Antivirus policy page

Field

Description

Rule Type

Defines the policy whether to scan, block the viruses or to pass the

messages without scanning.

Options:

•

Scan: scans the email messages and files matching the rule

•

Pass: does not scan the email messages and files

Source

The source of the messages from which they are sent

Destination

The destination to which the messages are sent

Direction

Specifies the direction of data.

Options:

•

Download and Upload

•

Download

•

Upload

Default value: Download and Upload

Enabled

Specifies whether the rule is enabled or not.

Rate

Popular Nokia Models

Famous Router IPs

Famous Router Companies

Bookmark Our Site

Share