GCMC - uploads-ssl.webflow.com

managing connections smarter

6/10/2020 GreeNet - Proprietary and Confidential 1

GCMC Content Filtering Solutions

[email protected]

October 06, 2020

mailto:[email protected]

BackGround

The world is facing the challenge of Internet content security and legal compliance. Governments and ISPs need to filter content through DPI technology and to address the challenges they face.

• With the aid of advanced DPI and Content Management Controller(GCMC), GreeNet provides a flexible carrier grade internet content filtering solution, which is mainly targeted for:ü Illegal Information Supervision (Porno, Drugs, Hated, Violence, Criminal Activities)ü Anti-Malware(Zombie, Trojan and Virus)ü Anti-Phishing, Abuse and Cheatü Anti-DDoS and Other Attackü VPN and DarkNet

Typical Deployment Topology


Monitoring & Enforcement

Network

Network

GreeNet BypassGreeNet DPI GCMC Engine（File/mal/spam…）

Suspected illegal http/email… mirror traffic

Traffic Analytics

Cotent Databse

NMSSec Analytics

Database Cluster

App/Dashboard Server

Analytics & Management

ETL Server

Query

SecDR

CDR/SecDR

Load

Policy dispatch

Content Detection Method

• Packet and Flow Detection• The raw Traffic is monitored, the traffic is deeply identified, analyzed and

classified by DPI and DFI technology, the traffic features are matched with preset filtering policies, so as to intervene the flow.

• File Detection• Through TCP packets restructuring, to achieve the original file for recovery of

traffic (such as HTML, images, video files, Emails and software), through the semantic/image recognition engine based on AI, or to scan file by file scan engine, identify the illegal content in the file content, so as to realize the illegal information filtering.


GreeNet DPI/DFI Engine


VER HLEN TOS Total LenthIdentification Fla

g OffsetTTL poro Header

ChecksumSource IP AddressDest IP Address

IP Options padding

data

IP Packet

Traffic

IP Packet

Expression：(ip.addr=xxxx||ip.ttl=3)&http.url=www.google.com&&keyword=“parade”

InteligenceFingerprint

SRMEEngine

Action:Block?Mirror?Shape?Forward….

GreeNet Super Rule Match Engine(SRME )• C-language-Like Syntax• 70+ built-in function• 30+ Operator include regular • 600+ protocol various• All mainstream protocol include

private

Online rule editing• 1 Million+ loaded• Effective immediately

DPI/DFI Match Examples

• Basic Match----Protocol Header• IP Address

srcip = 192.168.100.1/24,dst = 202.1.3.5, srcip = 192.168.100.1/24&(|) dst = 202.1.3.5• Domain/SNI

üExact Match host = “www.bd.com”,server_name = “www.b.com”üDomain With port Match host=”www.bd/com:8080”üWildcard Match host = “www.*d.com”üRegular Expression Match host = “\.b+d*\.(com|cn|net)$”

• Urlü Exact Match url = “www.bd.com/index”ü Wildcard Match url= “www.*d.com” url = “*w.*t.com” url = “www.t*.co*”ü Regular Expression Match url = “\.b+d*\.(com|cn|net)$+index”

DPI/DFI Match Examples

• Advanced Match----Any Character• Payload

üBinary CharacterSome malware characteristics were found: the first packet TCP packet header offset 21-

30 bits is 1001100111Expr:TCP.FirstPacket.Headeroffset[21:30] = 1001100111

ü String CharacterFind all packets that begin with “ I am Jom”,end with “1-5” and “A-Z” ,eg.”I am Jom2B”,”I

am Jom3A” Expr:Tcp.Payload.contains(“^I am Jom[1-5][A-Z]”)

• Combination characteristic(flow and packet)üExpr:(ip.addr=xxxx||ip.ttl=3)&http.url=www.google.com&keyword=“parade”&flow.ip.statistics>100

GCMC Engine + Content Database


GreeNet provides a powerful content management controller(GCMC) , plus series of content database (also can be customized), mainly includes:• TI DB

• Kaspersky OEM• Phishing/Cheat DB

• Tencent OEM• IDS DB

• Snort Community• Waf DB

• Radware OEM and Opensource Community• DDoS DB

• Radware• IOC DB

• Credit-based OpenIOC to identify dark net ip, vpn ip etc.• GreeNet Own APP DB

• GreeNet DPI products access more than 400T of traffic, research more than 20 years

• Contains 30000+ application signature ,100000+ urlblacklist

• Weekly update to GreeNet’s DB DPI solution

GN Content Database

GCMC Engine

TI DB Phishing DB IDS DB

Waf DB DOS DBDOS DB IOC DB App DB

Custmoerized DB

Audio File Recovery

Exe File Recovery

Video File Recovery

PE File Recovery

Compressed File Recovery

Text File Recovery

File Recovery Engine

• GreeNet DPI identifies most of the file types in the market. Full recovery capability is available.


Image File Recovery

Texttxt、html、mht、xml、wml、xhtml、torrent

ImageJPEG、GIF、PNG、BMP、TIFF、JPEG2000、WebP

Big5、UTF-8、GBK、GB2312、UTF-16、ANSI Coding

VideoWMV、RMB、RMVB、MP4、AVI、flv、mov….

OthersExe、Zip、rar、APK、IPA、PE、COM…

HTTP/EMAIL/RTSP…...Traffic

CR

File Scan Engine• CR & IR Engine • GreeNet character, text and

image recognition engine• Dual Scan Engine : ClamAV &

Kaspersky KAV• Fully integration : ClamAV and

Kaspersky KAV twin-Engine integration for more accurate malware detection


IR

Tencent AI API ClamAV Kaspersky

GreeNet GCMC Unique Feature

• Seamless DPI Security Engine with the multiple world class security vendor databases• Completed Security Protection by Traffic Flow and Content Type• Intelligence Rule Based Engine by GreeNet SRME (Super Rule Match

Engine)• Fresh Signature update by weekly• Dual Antivirus Engine workforce • Realtime update User define website database and bulk import

support• Realtime update Custom define application by pattern and behaviour

Specs of GCMC Content Filtering Solution


Specifications & Features

Supported GreeNet Devices NetDominator Series Devices

Number of URLs and Applications 10,000,000 / 10,000Realtime update User define website database and bulk import support YesRealtime update Custom define application by pattern and behaviour YesNumber of Subscribers 10,000,000 per 2RU

Blocking Actions TCP RESET, Portal Redirect, Mirror, Log

File Detection / Recovery Engine Image, Text, Audio, EXE, Video, PE, Compressed

White Listing Support Yes3rd Party Content Database Support YesAutomatic Update of 3rd Party Blacklists and Content DBs Yes

Click to edit Master title styleClick to edit Master subtitle style

Click to edit Master subtitle style


Thank You

[email protected]

Documents

GCMC - uploads-ssl.webflow.com