Overview

DeviceLock allows you to control data that is transferred over different network protocols, thus enhancing protection against unwanted information disclosure and offering additional transport-level security. With the Protocols feature, you can define policies to selectively allow or block data/file transmission via specific protocols as well as shadow copy the transferred data. For flexibility, policies can be defined on a per-user or per-group basis.

DeviceLock recognizes and controls the following protocols:

•Career Search - Controls looking for vacancies on job search websites, including the control of files, messages and search requests of users accessing those sites. Controlled are the websites of the following job search providers (including sites in national domains):

•Avito

•CareerBuilder

•College Recruiter

•craigslist

•Dice

•Glassdoor

•GovernmentJobs

•HeadHunter.com

•hh.ru

•Hired

•Indeed

•JobisJob

•Ladders

•Mediabistro

•Monster

•Rabota.ru

•Simply Hired

•SuperJob.ru

•us.jobs

•USAJOBS

•Yandex.Rabota

•ZipRecruiter

•File Sharing - Controls data exchange via Web-based file storage, sharing and synchronization services. The following services are supported:

•4shared (including the control of the 4shared app for Windows desktop)

•Amazon Simple Storage Service (Amazon S3)

•AnonFile

•Box

•Cloud Mail.ru

•dmca.gripe

•Dropbox

Note: To use the Dropbox application for Windows, a rule that specifies the following hosts for the SSL protocol must be added to the protocols white list:

•*.dropbox.com

•*.compute-1.amazonaws.com

For instructions, see Defining Protocols White List.

•DropMeFiles

•Easyupload.io

•Files.fm

•freenet.de

•GitHub file sharing service

Note: To access the GitHub file sharing service using Windows applications such as GitHub Desktop, SmartGit or TortoiseGit, a rule that specifies the host github.com for the SSL protocol must be added to the protocols white list.

For instructions, see Defining Protocols White List.

•GMX File Storage

•Gofile.io

•Google Docs / Google Drive

Note: To use the Backup and Sync from Google application (formerly Google Drive Sync), a rule that specifies the following hosts for the SSL protocol must be added to the protocols white list:

•*accounts.google.com

•*www.googleapis.com

For instructions, see Defining Protocols White List.

•iCloud

•IDrive

•MagentaCLOUD

•MediaFire

•MEGA (including the control of the MEGAsync app for Windows desktop)

Note: DeviceLock controls access to the MEGA file sharing service and the uploading of files through that service (outgoing files). The control of incoming files and POST-requests for MEGA is not performed.

•OneDrive

•Sendspace

•transfer.sh

•TransFiles.ru

•Uploadfiles.io

•Web.de file sharing service

•WeTransfer

•Yandex.Disk

Note: To use the Yandex.Disk application for Windows, a rule that specifies the following hosts for the SSL protocol must be added to the protocols white list:

•webdav.yandex.ru

•*downloader.disk.yandex.ru

•uploader*.disk.yandex.net

•push.yandex.ru

•*.storage.yandex.net

•oauth.yandex.ru

•cloud-api.yandex.net

For instructions, see Defining Protocols White List.

In addition to controlling file sharing Web services over HTTP, DeviceLock also controls file and data exchange via the Web Distributed Authoring and Versioning (WebDAV) protocol.

Both non-SSL and SSL connections are supported.

•FTP (File Transfer Protocol) - The Internet standard protocol for transferring files between computers.

Both active-mode and passive-mode FTP connections are supported. FTPS (FTP over SSL) is also supported. Both implicit and explicit FTPS connections are supported.

•HTTP (Hypertext Transfer Protocol) - An application-level client/server protocol used for data transfer over the World Wide Web.

Control over HTTP also includes control over data exchange via the Web Distributed Authoring and Versioning (WebDAV) protocol, an extension to HTTP.

HTTPS (SSL over HTTP) is supported as well.

•IBM Notes - A proprietary protocol that IBM Notes uses to communicate with IBM Domino server. DeviceLock supports version 8.5 (December 2008) and later versions (any client-server combinations that Domino / Notes support).

•ICQ Messenger - Open System for Communication in Realtime (OSCAR) protocol used by ICQ Instant Messenger.

Both non-SSL and SSL connections are supported.

•IRC (Internet Relay Chat) - An Internet standard protocol that supports interactive, real-time, text-based communications in established “chat rooms” on the Internet by means of IRC servers.

Both non-SSL and SSL connections are supported.

•Jabber - An open, XML-based protocol for instant messaging. Jabber is also known as XMPP, the Extensible Messaging and Presence Protocol.

•Mail.ru Agent - An instant messaging program created by Mail.ru.

Note: SSL connections between Jabber/Mail.ru Agent clients and the server are controlled as generic (non-SSL) connections.

•MAPI (Messaging Application Programming Interface) - MAPI/RPC (also known as Outlook - Exchange Transport Protocol) is the proprietary protocol that Microsoft Outlook uses to communicate with Microsoft Exchange Server. DeviceLock supports all versions of Outlook (both 32-bit and 64-bit) starting with Outlook 2003. Also supported are all versions of Exchange Server.

•Skype - A proprietary voice-over-Internet protocol service and software application. Within this protocol, DeviceLock controls communications through the following applications:

•Skype version 4.x or later

•Skype for Business 2015, 2016, or 2019

•Microsoft Lync 2013

•Skype Meetings App

•Skype for Business Web App

•Skype for Business in Outlook Web App (OWA 365)

Note: Communications using MSN/Windows Messenger are blocked if any permissions, auditing, shadowing or alert settings are configured for the Skype protocol.

•SMB (Server Message Block) - A network file sharing protocol.

•SMTP (Simple Mail Transfer Protocol) - An Internet standard protocol used for exchanging e-mail messages between SMTP servers on the Internet.

Extended SMTP (ESMTP) is also supported. Both non-SSL and SSL connections are supported.

•Social Networks - Controls communication with social networking sites. The following social networking sites are supported:

•Disqus

•Facebook (+API)

•Google+

•Instagram (including the control of the Instagram app for Windows 10)

•LinkedIn

•LiveInternet.ru

•LiveJournal

•MeinVZ.de

•Myspace

•Odnoklassniki.ru

•Pinterest

•StudiVZ.de

•Tumblr

•Twitter

•Vkontakte (+API)

•XING.com

Note: SSL traffic on social networking sites is controlled as generic (non-SSL) traffic.

•Telegram - Controls the Telegram Desktop and Telegram Web messaging apps, including the Telegram Desktop app for Windows 10.

•Telnet - The Internet standard protocol for remote terminal connection service.

•Torrent - Controls peer-to-peer (P2P) communications of torrent clients over TCP, UDP or HTTP protocols.

•Viber - An instant messaging and voice-over-IP service and software application. DeviceLock supports Windows-based Viber application version 4.x and later.

•Web Mail - Controls Web-based mail communication. The following Web-based e-mail services are supported:

•ABV Mail

•AOL Mail

•freenet.de

•Gmail

•GMX Mail

•Hotmail (Outlook.com)

•Mail.ru

•NAVER

•Outlook Web App (OWA)

•Rambler Mail

•T-online.de

•Web.de

•Yahoo! Mail

•Yandex Mail

•Zimbra

Both non-SSL and SSL connections are supported.

Note: If the HTTP protocol is not allowed by the protocol permission settings, connection to the Zimbra or Outlook Web App (OWA) mail service may fail despite the Web Mail protocol permission. To prevent failures in this case, add the Zimbra and OWA hosts to the white list for the HTTP protocol. For instructions, see White List Management Tasks.

•Web Search - Controls the use of websites that provide web-search services, as well as user search requests on those sites. Controlled are the sites of the following web-search providers (including websites in national domains and mobile versions of the websites):

•Google

•Yandex

•Bing

•Baidu

•Yahoo

•Mail.ru

•Ask.com

•AOL Search

•Rambler

•Wolfram Alpha

•DuckDuckGo

•WebCrawler

•Search.com

•Wayback Machine

•Dogpile

•StartPage

•Excite

•NAVER

•Web.de

•WhatsApp - Controls the Web application WhatsApp Web as well as the WhatsApp Desktop application for Windows-based computers.

•Zoom - A cloud platform for video and audio conferencing, collaboration, chat, and webinars provided by Zoom Video Communications (zoom.us). Within this protocol, DeviceLock controls the use of the Zoom communication application for Windows-based computers, including connections to Zoom servers, participation in Zoom meetings, and the exchange of messages and files using that application.

Note: To allow applications with embedded SSL certificates to connect to their servers, the respective hosts should be white-listed for the SSL protocol (see Managing Protocols White List).

Security policies for protocols can be administered by using the DeviceLock Management Console, Service Settings Editor, or DeviceLock Group Policy Manager. The administrator can also use the Report Permissions/Auditing plug-in from DeviceLock Enterprise Manager to view or change security policies defined for protocols.