Filter Traffic in GigaSMART
Because SSL connections can carry sensitive data, not all connections should be inspected. Some of the SSL connections carrying user data such as financial or health care information should be bypassed without inspection, based on a configured policy.
Based on the decryption policies, some connections will not be decrypted and will be passed on as is. The inline SSL decryption solution respects data privacy and supports compliance.
Inline SSL decryption provides different ways to filter traffic, as follows:
| • | Whitelists specify traffic to always pass through. A whitelist policy states that traffic from certain sites should always skip decryption. Refer to Whitelisting Policy. |
| • | Blacklists specify traffic to always decrypt. A blacklist policy states that traffic from certain sites should always be decrypted. Refer to Blacklisting Policy. |
| • | URL categorization categorizes URLs by their type, such as MyBank.com is a financial institution, so as a policy, do not decrypt that traffic. This is also called URL filtering. Typically, banking and health care information are not decrypted. Refer to URL Categorization. |
| • | Policy rules based on network attributes, such as source IP address, destination IP address, VLAN, L4 port, and certificate attributes. |
Whitelisting Policy
The whitelisting policy allows certain classes such as sites, domains, subnets, and host-based IP address of traffic to bypass decryption. By default, traffic that is not to be decrypted is forwarded to the tools unless otherwise configured.
A whitelist file can contain a maximum of 10,000 entries.
Blacklisting Policy
The blacklisting policy allows traffic from certain sites, domains, and host-based IP address to always be decrypted. Blacklisted domains and host names will always be decrypted.
A blacklist file can contain a maximum of 10,000 entries.
URL Categorization
URL categories make it convenient to apply policies on thousands of possible URLs by simplifying the number of policy rules. Categorization is based on the hostname in the TLS Server Name Indication (SNI) or the hostname from the server certificate if there is no SNI. There are 83 categories including one for Uncategorized, which is a default category for URLs that do not match any of the other 82 categories. The categories are fixed meaning that categories cannot be added, deleted or modified.
The URL categorization service is provided by Webroot. GigaSMART ships with a local database of 1M entries and will also perform a cloud lookup for those hosts not found in the local database.
Note: For cloud lookups, the stack port interface on GigaSMART must be configured to provide Internet access. Refer to Configure Stack Port Interface for more information.
URL Lookups and Caching
As part of the ISSL processing, URL lookups are performed against the database. If the URL is not found in the database, then a lookup us performed against the local cache. If the URL is not found in the local cache, then an external lookup to Webroot may be performed if configured. If the URL is found in the external lookup, then it is dynamically saved in the local cache. Future lookups may then find the URL in the local cache instead of requiring the external lookup.
The local cache can hold up to 250k entries (this is in addition to the 1M entry database). It works like a circular buffer – older entries are discarded to make room for newer ones if the cache is full. Each cache entry is valid for 24 hours. If an expired entry is encountered, a new Webroot query is issued to refresh the entry in the cache. Expired entries don’t get actively deleted from the cache.
While Webroot is hosted on AWS and external lookups should occur very quickly, things happen on the Internet. Gigamon provides a timeout option, up to 10 seconds for external URL lookups via the URL cache miss defer option.
Note:
| • | URLs may get recategorized as part of updates from Webroot. This is transparent to Gigamon and customers. |
| • | Gigamon does not provided support for custom categories. However, the customer can add hosts to white or blacks to achieve similar results. |
Inline SSL URL categories
The following are the list of Inline SSL URL categories with examples.
|
Category Name |
Description and Examples |
||||||
|
Abortion |
Abortion topics, either pro-life or pro-choice.
|
||||||
|
Abused Drugs |
Discussion or remedies for illegal, illicit, or abused drugs such as heroin, cocaine, or other street drugs. Information on “legal highs”: glue sniffing, misuse of prescription drugs or abuse of other legal substances.
|
||||||
|
Adult and Pornography |
Sexually explicit material for the purpose of arousing a sexual or prurient interest. Online groups, including newsgroups and forums, that are sexually explicit in nature.
|
||||||
|
Alcohol and Tobacco |
Sites that provide information on, promote, or support the sale of alcoholic beverages or tobacco products and associated paraphernalia.
|
||||||
|
Auctions |
Sites that support the offering and purchasing of goods between individuals as their main purpose. Does not include classified advertisements.
|
||||||
|
Botnets |
These are URLs, typically IP addresses, which are determined to be part of a Bot network, from which network attacks are launched. Attacks may include SPAM messages, DOS, SQL injections, proxy jacking, and other unsolicited contacts. |
||||||
|
Business and Economy |
Business firms, corporate websites, business information, economics, marketing, management, and entrepreneurship.
|
||||||
|
Content Delivery Networks |
Delivery of content and data for third parties, including ads, media, files, images, and video.
|
||||||
|
Cheating |
Sites that support cheating and contain such materials, including free essays, exam copies, plagiarism, etc.
|
||||||
|
Computer and Internet Info |
General computer and Internet sites, technical information. SaaS sites and other URLs that deliver internet services.
|
||||||
|
Computer and Internet Security |
Computer/Internet security, security discussion groups.
|
||||||
|
Confirmed Spam Sources |
Confirmed SPAM sources. |
||||||
|
Cult and Occult |
Methods, means of instruction, or other resources to interpret, affect or influence real events with astrology, spells, curses, magic powers, satanic or supernatural beings including horoscope sites.
|
||||||
|
Dating |
Dating websites focused on establishing personal relationships.
|
||||||
|
Dead Sites |
These are dead sites that do not respond to http queries. Policy engines should usually treat these as “Uncategorized” sites.
|
||||||
|
Dynamic Content |
Domains that generate content dynamically based on arguments to their URL or other information (like geo-location) on the incoming web request.
|
||||||
|
Education Institution |
Pre-school, elementary, secondary, high school, college, university, and vocational school and other educational content and information including enrollment, tuition, and syllabus.
|
||||||
|
Entertainment and Arts |
Motion pictures, videos, television, music and programming guides, books, comics, movie theatres, galleries, artists or reviews on entertainment.
|
||||||
|
Fashion and Beauty |
Fashion or glamour magazines, beauty, clothes, cosmetics, style.
|
||||||
|
Financial Services |
Banking services and other types of financial information, such as loans, accountancy, actuaries, banks, mortgages, and general insurance companies. Does not include sites that offer market information, brokerage or trading services.
|
||||||
|
Gambling |
Gambling or lottery web sites that invite the use of real or virtual money. Information or advice for placing wagers, participating in lotteries, gambling, or running numbers. Virtual casinos and offshore gambling ventures. Sports picks and betting pools.
|
||||||
|
Games |
Playing or downloading, video games, computer games, electronic games, tips, and advice on games or how to obtain cheat codes. Also includes sites dedicated to selling board games as well as journals and magazines dedicated to game playing.
|
||||||
|
Government |
Information on government, government agencies and government services such as taxation, public, and emergency services. Also includes sites that discuss or explain laws of various governmental entities. Includes local, county, state, and national government sites.
|
||||||
|
Gross |
Vomit and other bodily functions, bloody clothing, etc.
|
||||||
|
Hacking |
Illegal or questionable access to or the use of communications equipment/software. Development and distribution of programs that may allow compromise of networks and systems.
|
||||||
|
Hate and Racism |
Sites that contain content and language in support of hate crimes and racism.
|
||||||
|
Health and Medicine |
General health, fitness, well-being, including traditional and non-traditional methods and topics. Medical information on ailments, various conditions, dentistry, psychiatry, optometry, and other specialties.
|
||||||
|
Home and Garden |
Home issues and products, including maintenance, home safety, decor, cooking, gardening, home electronics, design, etc.
|
||||||
|
Hunting and Fishing |
Sport hunting, gun clubs, and fishing.
|
||||||
|
Illegal |
Criminal activity, how not to get caught, copyright and intellectual property violations, etc.
|
||||||
|
Image and Video Search |
Photo and image searches, online photo albums/digital photo exchange, image hosting.
|
||||||
|
Individual Stock Advice and Tools |
Promotion and facilitation of securities trading and management of investment assets. Also includes information on financial investment strategies, quotes, and news.
|
||||||
|
Internet Communications |
Internet telephony, messaging, VoIP services and related businesses.
|
||||||
|
Internet Portals |
Web sites that aggregate a broader set of Internet content and topics, and which typically serve as the starting point for an end user.
|
||||||
|
Job Search |
Assistance in finding employment, and tools for locating prospective employers, or employers looking for employees.
|
||||||
|
Keyloggers and Monitoring |
Downloads and discussion of software agents that track a user's keystrokes or monitor their web surfing habits.
|
||||||
|
Kids |
Sites designed specifically for children and teenagers.
|
||||||
|
Legal |
Legal websites, law firms, discussions and analysis of legal issues.
|
||||||
|
Local Information |
City guides and tourist information, including restaurants, area/regional information, and local points of interest.
|
||||||
|
Malware Sites |
Malicious content including executables, drive-by infection sites, malicious scripts, viruses, trojans, and code. |
||||||
|
Marijuana |
Marijuana use, cultivation, history, culture, legal issues.
|
||||||
|
Military |
Information on military branches, armed services, and military history.
|
||||||
|
Motor Vehicles |
Car reviews, vehicle purchasing or sales tips, parts catalogs. Auto trading, photos, discussion of vehicles including motorcycles, boats, cars, trucks and RVs. Journals and magazines on vehicle modifications.
|
||||||
|
Music |
Music sales, distribution, streaming, information on musical groups and performances, lyrics, and the music business.
|
||||||
|
News and Media |
Current events or contemporary issues of the day. Also includes radio stations, magazines, online newspapers, headline news sites, newswire services, personalized news services, and weather sites.
|
||||||
|
Nudity |
Nude or seminude depictions of the human body. These depictions are not necessarily sexual in intent or effect but may include sites containing nude paintings or photo galleries of artistic nature. |
||||||
|
Online Greeting Cards |
Online Greeting card sites.
|
||||||
|
Online Personal Storage |
Online storage and posting of files, music, pictures, and other data.
|
||||||
|
Open HTTP Proxies |
The proxy servers that are accessible by any Internet user. |
||||||
|
P2P (Peer to Peer) |
Peer to peer clients and access that includes torrents, music download and programs.
|
||||||
|
Parked Sites |
Parked domains are URLs which host limited content or click-through ads which may generate revenue for the hosting entities but generally do not contain content useful to the end user. Also includes Under Construction, folders, and web server default home pages.
|
||||||
|
Pay to Surf |
Sites that pay users in the form of cash or prizes, for clicking on or reading specific links, email, or web pages.
|
||||||
|
Personal Sites and Blogs |
Personal websites posted by individuals or groups, as well as blogs.
|
||||||
|
Philosophy and Political Advocacy |
Politics, philosophy, discussions, promotion of a particular viewpoint or stance in order to further a cause.
|
||||||
|
Phising and Other Frauds |
Phishing, pharming, and other sites that pose as a reputable site, usually to harvest personal information from a user. These sites are typically quite short-lived, so examples may not last long. |
||||||
|
Private IP Addresses |
RFC 1918, Address Allocation for Private Intranets.
|
||||||
|
Proxy Avoid and Anonymizers |
Proxy servers and other methods to gain access to URLs in any way that bypasses URL filtering or monitoring. Web-based translation sites that circumvent filtering.
|
||||||
|
Questionable |
Tasteless humor, “get rich quick” sites, and sites that manipulate the user experience or client in some unusual, unexpected, or suspicious manner.
|
||||||
|
Real Estate |
Information on renting, buying, or selling real estate or properties. Tips on buying or selling a home. Real estate agents, rental or relocation services, and property improvement.
|
||||||
|
Recreation and Hobbies |
Information, associations, forums and publications on recreational pastimes such as collecting, kit airplanes, outdoor activities such as hiking, camping, rock climbing, specific arts, craft, or techniques; animal and pet related information, including breed-specifics, training, shows and humane societies.
|
||||||
|
Reference and Research |
Personal, professional, or educational reference material, including online dictionaries, maps, census, almanacs, library catalogues, genealogy, and scientific information.
|
||||||
|
Religion |
Conventional or unconventional religious or quasi-religious subjects as well as churches, synagogues, or other houses of worship.
|
||||||
|
Search Engines |
Search interfaces using key words or phrases. Returned results may include text, websites, images, videos, and files.
|
||||||
|
Sex Education |
Information on reproduction, sexual development, safe sex practices, sexually transmitted diseases, sexuality, birth control, sexual development, and contraceptives.
|
||||||
|
Shareware and Freeware |
Sites that contains softwares, screensavers, icons, wallpapers, utilities, ringtones including downloads that request a donation on open source projects.
|
||||||
|
Shopping |
Department stores, retail stores, company catalogs and other sites that allow online consumer or business shopping to purchase goods and services.
|
||||||
|
Social Network |
Social networking sites that have user communities where users interact, post messages, pictures, and otherwise communicate.
|
||||||
|
Society |
A variety of topics, groups, and associations relevant to the general populace, broad issues that impact a variety of people, including safety, children, societies, and philanthropic groups.
|
||||||
|
Spam URLs |
URLs contained in SPAM. |
||||||
|
Sports |
Team or conference web sites, international, national, college, professional scores and schedules; sports-related online magazines or newsletters, fantasy sports and virtual sports leagues.
|
||||||
|
Spyware and Adware |
Spyware or Adware sites that provide or promote information gathering or tracking that is unknown to, or without the explicit consent of, the end user or the organization, also unsolicited advertising popups and programs that may be installed on a user's computer. |
||||||
|
Stream Media |
Sales, delivery, or streaming of audio or video content, including sites that provide downloads for such viewers.
|
||||||
|
Swimsuits and Intimate Apparel |
Swimsuits, intimate apparel or other types of suggestive clothing.
|
||||||
|
Training and Tool |
Distance education, trade schools, online courses, vocational training, software training, and skills training.
|
||||||
|
Translation |
Language translation sites that allow users to see URL pages in other languages.
|
||||||
|
Travel |
Airlines and flight booking agencies. Travel planning, reservations, vehicle rentals, car rentals, descriptions of travel destinations, promotions for hotels or casinos.
|
||||||
|
Uncategorized |
Sites that have not been categorized by URL Web Service. |
||||||
|
Unconfirmed Spam Sources |
Unconfirmed SPAM sources. |
||||||
|
Violence |
Sites that advocate violence, depictions and methods, including game/comic violence, and suicide.
|
||||||
|
Weapons |
Sales, reviews, descriptions of weapons such as guns, knives, martial arts accessories.
|
||||||
|
Web Advertisements |
Advertisements, media, content, and banners.
|
||||||
|
Web Based Email |
Sites offering web-based email and email clients.
|
||||||
|
Web Hosting |
Free or paid hosting services for web pages and information concerning their development, publication, and promotion.
|
MORE INFORMATION 
