Upload
others
View
7
Download
0
Embed Size (px)
Citation preview
managing connections smarter
6/10/2020 GreeNet - Proprietary and Confidential 1
GCMC Content Filtering Solutions
October 06, 2020
BackGround
The world is facing the challenge of Internet content security and legal compliance. Governments and ISPs need to filter content through DPI technology and to address the challenges they face.
• With the aid of advanced DPI and Content Management Controller(GCMC), GreeNet provides a flexible carrier grade internet content filtering solution, which is mainly targeted for:ü Illegal Information Supervision (Porno, Drugs, Hated, Violence, Criminal Activities)ü Anti-Malware(Zombie, Trojan and Virus)ü Anti-Phishing, Abuse and Cheatü Anti-DDoS and Other Attackü VPN and DarkNet
Typical Deployment Topology
6/10/2020 GreeNet - Proprietary and Confidential 3
Monitoring & Enforcement
Network
Network
GreeNet BypassGreeNet DPI GCMC Engine(File/mal/spam…)
Suspected illegal http/email… mirror traffic
Traffic Analytics
Cotent Databse
NMSSec Analytics
Database Cluster
App/Dashboard Server
Analytics & Management
ETL Server
Query
SecDR
CDR/SecDR
Load
Policy dispatch
Content Detection Method
• Packet and Flow Detection• The raw Traffic is monitored, the traffic is deeply identified, analyzed and
classified by DPI and DFI technology, the traffic features are matched with preset filtering policies, so as to intervene the flow.
• File Detection• Through TCP packets restructuring, to achieve the original file for recovery of
traffic (such as HTML, images, video files, Emails and software), through the semantic/image recognition engine based on AI, or to scan file by file scan engine, identify the illegal content in the file content, so as to realize the illegal information filtering.
6/10/2020 GreeNet - Proprietary and Confidential 4
GreeNet DPI/DFI Engine
6/10/2020 GreeNet - Proprietary and Confidential 5
VER HLEN TOS Total LenthIdentification Fla
g OffsetTTL poro Header
ChecksumSource IP AddressDest IP Address
IP Options padding
data
IP Packet
Traffic
IP Packet
Expression:(ip.addr=xxxx||ip.ttl=3)&http.url=www.google.com&&keyword=“parade”
InteligenceFingerprint
SRMEEngine
Action:Block?Mirror?Shape?Forward….
GreeNet Super Rule Match Engine(SRME )• C-language-Like Syntax• 70+ built-in function• 30+ Operator include regular • 600+ protocol various• All mainstream protocol include
private
Online rule editing• 1 Million+ loaded• Effective immediately
DPI/DFI Match Examples
• Basic Match----Protocol Header• IP Address
srcip = 192.168.100.1/24,dst = 202.1.3.5, srcip = 192.168.100.1/24&(|) dst = 202.1.3.5• Domain/SNI
üExact Match host = “www.bd.com”,server_name = “www.b.com”üDomain With port Match host=”www.bd/com:8080”üWildcard Match host = “www.*d.com”üRegular Expression Match host = “\.b+d*\.(com|cn|net)$”
• Urlü Exact Match url = “www.bd.com/index”ü Wildcard Match url= “www.*d.com” url = “*w.*t.com” url = “www.t*.co*”ü Regular Expression Match url = “\.b+d*\.(com|cn|net)$+index”
DPI/DFI Match Examples
• Advanced Match----Any Character• Payload
üBinary CharacterSome malware characteristics were found: the first packet TCP packet header offset 21-
30 bits is 1001100111Expr:TCP.FirstPacket.Headeroffset[21:30] = 1001100111
ü String CharacterFind all packets that begin with “ I am Jom”,end with “1-5” and “A-Z” ,eg.”I am Jom2B”,”I
am Jom3A” Expr:Tcp.Payload.contains(“^I am Jom[1-5][A-Z]”)
• Combination characteristic(flow and packet)üExpr:(ip.addr=xxxx||ip.ttl=3)&http.url=www.google.com&keyword=“parade”&flow.ip.statistics>100
GCMC Engine + Content Database
6/10/2020 GreeNet - Proprietary and Confidential 8
GreeNet provides a powerful content management controller(GCMC) , plus series of content database (also can be customized), mainly includes:• TI DB
• Kaspersky OEM• Phishing/Cheat DB
• Tencent OEM• IDS DB
• Snort Community• Waf DB
• Radware OEM and Opensource Community• DDoS DB
• Radware• IOC DB
• Credit-based OpenIOC to identify dark net ip, vpn ip etc.• GreeNet Own APP DB
• GreeNet DPI products access more than 400T of traffic, research more than 20 years
• Contains 30000+ application signature ,100000+ urlblacklist
• Weekly update to GreeNet’s DB DPI solution
GN Content Database
GCMC Engine
TI DB Phishing DB IDS DB
Waf DB DOS DBDOS DB IOC DB App DB
Custmoerized DB
Audio File Recovery
Exe File Recovery
Video File Recovery
PE File Recovery
Compressed File Recovery
Text File Recovery
File Recovery Engine
• GreeNet DPI identifies most of the file types in the market. Full recovery capability is available.
6/10/2020 GreeNet - Proprietary and Confidential 9
Image File Recovery
Texttxt、html、mht、xml、wml、xhtml、torrent
ImageJPEG、GIF、PNG、BMP、TIFF、JPEG2000、WebP
Big5、UTF-8、GBK、GB2312、UTF-16、ANSI Coding
VideoWMV、RMB、RMVB、MP4、AVI、flv、mov….
OthersExe、Zip、rar、APK、IPA、PE、COM…
HTTP/EMAIL/RTSP…...Traffic
CR
File Scan Engine• CR & IR Engine • GreeNet character, text and
image recognition engine• Dual Scan Engine : ClamAV &
Kaspersky KAV• Fully integration : ClamAV and
Kaspersky KAV twin-Engine integration for more accurate malware detection
6/10/2020 GreeNet - Proprietary and Confidential 10
IR
Tencent AI API ClamAV Kaspersky
GreeNet GCMC Unique Feature
• Seamless DPI Security Engine with the multiple world class security vendor databases• Completed Security Protection by Traffic Flow and Content Type• Intelligence Rule Based Engine by GreeNet SRME (Super Rule Match
Engine)• Fresh Signature update by weekly• Dual Antivirus Engine workforce • Realtime update User define website database and bulk import
support• Realtime update Custom define application by pattern and behaviour
Specs of GCMC Content Filtering Solution
6/10/2020 GreeNet - Proprietary and Confidential 12
Specifications & Features
Supported GreeNet Devices NetDominator Series Devices
Number of URLs and Applications 10,000,000 / 10,000Realtime update User define website database and bulk import support YesRealtime update Custom define application by pattern and behaviour YesNumber of Subscribers 10,000,000 per 2RU
Blocking Actions TCP RESET, Portal Redirect, Mirror, Log
File Detection / Recovery Engine Image, Text, Audio, EXE, Video, PE, Compressed
White Listing Support Yes3rd Party Content Database Support YesAutomatic Update of 3rd Party Blacklists and Content DBs Yes
Click to edit Master title styleClick to edit Master subtitle style
Click to edit Master subtitle style
6/10/2020 GreeNet - Proprietary and Confidential 13
Thank You