1. What is the Mail.Ru Agent?
Mail.Ru is the leading Internet portal in Russia in communication and entertainment. Its key product is the biggest communication portal for Russian speaking audience that includes the largest free webmail service, instant messenger Mail.Ru Agent, national social network Moi Mir@Mail.Ru and search engine Poisk@Mail.Ru, Mail.Ru headquarters is in Moscow.
Also Mail.Ru is the leader in online game publishing with over 50 percent market share in Russia. The company is a publisher of more than 100 game titles in Russia, Europe, Asia, including such popular original titles as Troetsarstvie, Legend: Legacy of the Dragons, Allods Online as well as successful international licenses such as Perfect World II, Lord of the Rings Online. Also Mail.Ru owns 50 percent in NIKITA.ONLINE.
This turtorial will guide you to block Mail.Ru Agent in your network.
2. How to block Mail.Ru Agent and Web-Mail.Ru?
2.1. First, add a new Custom Protocol
Because "Mail.Ru Agent" is not in Wfilter default pattern database, you need to add a custom protocol.
The first pattern:
Name: Mail.Ru_TCP
Desc: Mail.Ru_TCP
Type: TCP SEND
Offset: 0
Format: 0
Content: ^\xef\xbe\xad\xde
The second pattern:
Name: Mail.Ru_HTTP
Desc: Mail.Ru_HTTP
Type: HTTP SEND
Offset: 0
Format: Host
Content: ^(mra|webagent)\.mail\.ru
The third pattern:
Name: Mail.Ru_TCP_2
Desc: Mail.Ru_TCP_2
Type: TCP RECV
Offset: 0
Format: 0
Content: ^\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}:2041\x0a$
2.2. Enable blocking of "Mail.ru Agent" in certain blocking policy.
Apply this blocking policy to certain computers.
3. Now Mail.Ru Agent will be completely blocked.
4. Web-Mail.Ru is also blocked.
More information, please check "WFilter Enterprise".
Other related links:
How to block internet downloading?
How to monitor internet usage on company network?
Internet monitoring software for business
How to filter web surfing?
How to block websites and restrict internet access?
How to block HTTPS websites on my network?
Though official Google Talk protocol is XMPP, it is more
complicated and flexible than XMPP. Google Talk (GTalk) provides several ways for you to access your gtalk account, including:
- 1). Official "Google Talk" client.
- 2). Gmail chat in google mail account.
- 3). Google Talk Gadget -- a web version of Gtalk.
This makes it complicated for you to block usage of google talk on company network. This tutorial will guide you to block google talk, gmail chat and google talk gadget using WFilter.
WFilter identifies Google talk connections by signature matching. Blocking google talk is simple in WFilter.
The below examples demonstrates blocking of google talk and gmail chat.
1. Blocking of jabber, gmail chat and gadget
Set a blocking policy in WFilter to block jabber and google talk: 
2. Blocked Google talk:
 
3. Blocked gadget
 4. Blocked gmail chat
Do you notice that your staffs are playing MSN online games during working time? Do you know how to stop them playing games? Here we are talking about how to block MSN games.
This tutorial will guide you to block MSN online game with WFilter.
1. Open WFilter, choose 'System Settings—>Customize Protocols',set 'Protocol Name,Protocol Desc, Protocol Type, Show it in Blocking Rule' as the picture, then click 'New Pattern'.
2. Input the following words into the textbox. Then click 'Save Settings'.
Name: MSN Game
Desc: MSN Game
Type: HTTP SEND
Begin Byte: (Leave it as blank.)
Offset: 0
Format: X-IM-URL
Content: ^GET\s\/GameBrowser\/GameBrows
3. In 'Control Settings'-->'Blocking Levels'-->'Level Name: Block MSN Game'-->in tab 'Games and stock', check 'Block MSN Game'.
4. In 'User-computer Table', change the Blocking Rules of a certain IP --> 'Save Settings'-->'Apply Changes'.
5.Now let's check whether WFilter works!
Instant Messaging can be a benefit to business when used properly,
but IM is often abused by employees and poses significant liability and
security risks.
The free consumer IM client
programs in widest use, such as AIM, ICQ, Yahoo and MSN Messenger, pose many
security concerns. More than text-based chat, IM programs also include peer to peer file
transfer capabilities, which can pose security risks in two ways.
Internal users can send documents that may be confidential out of your
network, circumventing your network's perimeter defenses against file
sharing programs or e-mail attachments. On the other hand, external
users can send files that might contain viruses or malicious code to
users on the internal network. In addition, a liability risk arises if
employees use the file transfer feature to share copyrighted music,
movie or software files in violation of the law. To make your business efficient, it is necessary for you to monitor, filter and block instant messaging in your network. You may want to apply an internet messenger usage policy like this: 1. Only authrozied users can use certain IM tools. 2. File transfer via messengers shall be blocked. 3. Only work-related IM accounts can be used. As most firewall programs do not support that kind of feature, you need an internet monitoring and filtering program like "WFilter Enterprise". "WFilter Enteprise" enables you to monitor, manage and block internet access of all computers on a mirroring port. For internet messaging blocking, WFilter supports: 1. Blocking certain messenger protocols. 2. Blocking file transfer via messengers. 3. Blocking certain messenger account using black/white list. Figures:  Block file transfer in messengers:  MSN black/white list:  More information, please check "WFilter Enterprise". Other related links: How to block websites at work during working hours?How to block video streaming on company network?How to block internet downloading?How to monitor internet bandwidth?How to monitor internet usage on company network?Internet monitoring software for businessHow to filter web surfing?
Unmanaged internet access is harmful to your business. Without proper internet monitoring and filtering, you may suffer from: 1. Lower productivity. Your employees might take hours for web surfing, chatting and watching videos. 2. Slow internet speed. P2P programs or IPTV programs can easily consume most of your bandwidth. So normal business will not have enough available bandwidth. 3. Unmanaged downloading will bring virus, worms and spyware, which is harmful to your network. 4. Leaking of business documents and materials. Therefore, it is important for you to monitor and manage employees internet activity. This guide will introduce you several aspects of deployment and usage of internet monitoring and filtering software. Please be aware that I am only going to talk about internet access monitoring, which does not include screen monitoring, USB forbiding and keystroke recording. The latter requires you to install a client agent in every computer. And internet monitoring only needs to be installed near the internet entrance. How to deploy internet monitoring software? Though internet monitoring only needs to be installed near internet entrance, it is quite different for different network topologies. For "Router<->Switch<->Computers" networks, you need to setup a mirroring port in the switch to enable monitoring. If you are using ISA or wingate proxy server, you can do monitoring right in the proxy server. How to monitor internet bandwidth? Upon properly deployed, you can easily monitor internet bandwidth and activities using internet monitoring software. Below let me take "WFilter Enterprise" as an example: Use WFilter's "Active Connections" feature, you can have a clear view of all connections in your network.  Connections of a particular computer, you can kill established connections if you want. 
For more details about "monitor internet bandwidth", please refer to: How to monitor internet bandwidth?
How to monitor internet usage?In "Online computers" of WFilter, click the numbers under each title to view detailed records.  
How to block downloading?To save bandwidth, inproper downloading shall be blocked. The below figure shows blocking of large size files and blocking by video files.  Blocking of video files.  For more details, please refer to "How to block downloading?".
WFilter Monitoring Performance
WFilter is designed to monitor a network with no more than 1000 computers, and the available internet bandwidth of the entire network shall be no more than 100Mbit/s. Since WFilter is software, the performance depends a lot on the hardware performance. Higher bandwidth requires faster CPU, and more monitored computers require more RAM. Therefore, we recommend you to provide 1M available RAM for each monitored computer. Below is a performance test result for HTTP request of WFilter 3.3 file-based version:
| # | Computers | Bandwidth | Total HTTP Requests | Recorded Percent | CPU | Memory |
|---|
| 1 | 50 | 37.2M | 16000 | 100% | 35% | 260,298K |
| 2 | 100 | 35M | 20000 | 100% | 38% | 280,576K |
| 3 | 200 | 31M | 40000 | 100% | 58% | 294,561K |
| 4 | 400 | 33M | 80000 | 100% | 68% | 372,786K |
| 5 | 600 | 32.3M | 120000 | 100% | 80% | 540,151K |
| 6 | 1000 | 32.6M | 200000 | 60% | 99% | 540,664K |
As we can see from the above table, when monitored computers number reachs 1000, the "recorded percent" decreased to 60% suddenly. And we noticed the memory only slightly increased, so it shall because lack of memory. Therefore we added the monitoring computer RAM to 2G, and do the test again:
| # | Computers | Bandwidth | Total HTTP Requests | Recorded Percent | CPU | Memory |
|---|
| 7 | 1000 | 32.7M | 200000 | 100% | 90% | 820,640K |
And the test of WFilter 3.3 database version(SQL Server) performance has the similar result:
| # | Computers | Bandwidth | Total HTTP Requests | Recorded Percent | CPU | Memory |
|---|
| 1 | 50 | 34.9M | 10000 | 100% | 45% | 197,392K |
| 2 | 100 | 34.9M | 20000 | 100% | 45% | 210,196K |
| 3 | 200 | 31M | 40000 | 100% | 45% | 270,960K |
| 4 | 400 | 32.9M | 80000 | 100% | 45% | 364,234K |
| 5 | 1000 | 28.6M | 200000 | 58.84% | 100% | 540,664K |
The performance of 1000-user can also be improved by adding RAM of the monitoring computer.
Test Environment
| 1 | Network | 100M ethernet |
| 2 | Test Client | Intel(R) pentium(R) Dual 1.80+1.80GHz , 1G RAM |
| 3 | Test Monitoring Server | Intel(R) Celeron(R) 2.66GHz, 1G RAM |
| 4 | WFilter Version | WFilter 3.3 |
| 5 | Switch | Tplink TL-SF1008 |
WFilter 3.3 is under alpha testing now. The new version will add "Bandwidth limit", "Url keywords blocking", "Website visit quota" and other exciting features. 1. "Bandwidth limit". You can set bandwidth limit for each computer, or blocking certain internet traffic when internet bandwidth is too high. This feature can help you to manage company bandwidth flexibly. 2. "Url Keywords Blocking", blocking url/webpage by keywords category. You may use this feature to block certain keywords from being searched in search engines. 3. "Website visit quota", by this feature, you are able to set visit time quota for each website category. For example, "news" websites can be limited to "1 hour" for each day.
It is said that Google talk uses Jabber protocol to communicate. However, Google talk has more flexible ways to connect: 1. Using Jabber standard tcp port 5222. 2. Using TLS port 443. 3. Using web chatting on port 80. So you will not able to block Google talk by simply blocking Jabber standard port. And 443, 80 ports are essential internet ports which shall not be blocked. WFilter makes it simple to block google talk. Google talk connections can be identified and blocked by signature matching. And all these can be done just by one click as below: More information, please refer to: http://www.imfirewall.com/en/protocols/Jabber.htm.
Most employees waste more than an hour on browsing web pages. Even worse, someone will not be able to concentrate on their work during work time.
So, to save productivity, it is necessary for organizations to block certain websites and restrict internet access.
In my opinion, things should be done from several aspects:
1. Only work-related websites are allowed during work time.
2. Destructive websites like violence, adult, shall be blocked always.
3. Downloading websites shall be blocked to save bandwidth if you are suffering from slow internet speed.
For those companies who are very strict with websites browsing, you can implement a website whitelist, by which, only websites in the whitelist can be visited.
More information, please refer to internet blocking and internet monitoring.
Block MSN file transfer: impossible mission?
It is convenient to transfer files via messengers like msn/live, yahoo, icq... But it is also necessary for organizations to block unauthorized file transfers to keep their networks safe.
However, messenger software uses several ways to avoid being blocked. They use dynamic ports, encrypted connections, variety connection type to bypass network firewall.
Let me take msn as an example. By our test, there have four type of msn file transfer as described below:
1. For two buddies, if one of them is connected to internet directly, direct connection will be established to transfer files. This is the quickest way. There has three type of direct connections with dynamic ports which is negotiated by two sides.
1.1) Direct TCP connection.
1.2) Direct TCP connection use TLS encryption.
1.3) Direct UDP transmission.
2. If direct connection can not be established, msn servers can act as a relay server to transfer files. The file transfer packets will be among with normal msn messages.
As you can see from above, there is no way to block msn file transfer simply by blocking some ports in the firewall. The firewall should be smart enough to recognize msn file transfer direct connections, and it shall be able to pick up file transfer packets from normal msn messages.
Block MSN File Transfer
Internet Monitor
Block P2P
IMFirewall P2P Classify Engine Introduction
1 Introduction
IMFirewall Software is a professional Internet filtering software provider. We focus on Internet information security and providing customers with a comprehensive approach to manage the Internet usage of enterprise network since founded in 2004. By 2007-10, protocols number supported in our pattern database has reached over 90. And our pattern analysis team is monitoring and analyzing protocols everyday.
2 Supported Pattern Type
Three pattern types are supported:
1. Signature Pattern
You may call it digit signature. As most p2p programs do not has a fix port range nor central servers. The only way to match them is by signature match. IMFirewall pattern matching engine scans every connection for signature of existing protocols..
2. Port Pattern
IMFirewall pattern matching engine can also recognize protocols by port or port range.
3. HTTP Pattern
Because more and more protocols are using HTTP protocol or HTTP tunnel to communicate, our pattern-matching engine also checks http mime-header for signatures. HTTP pattern is powerful to recognize http-based protocols.
3 Pattern Matching Speed
We test the speed of each pattern when new pattern found, the standard speed is 20,000 matches in 1 second.
4 Quick Response for New (Updated) Protocols
As protocols may vary from time to time, it is necessary to keep the pattern database up to date in time.
We have a protocol/programs monitoring system, which will monitor the website and files on official websites of each protocol. Once there is a change, the system will notify our protocol analysis team to test it.
This makes us a quick response for new (updated) protocols. Usually, a updated protocol can be added to our pattern database in 2-3 business days.
Links: Supported protocols list of WFilter
MSN, also called as live messenger is widely used. Windows Live Messenger gives you brilliant ways to connect and share your photos (and other stuff). Contact lists, emoticons, instant access to your friends.
However, sending and receiving files using MSN will face some security risk. External users can send files that might contain viruses or malicious code to users on the internal network. In addition, a liability risk arises if employees use the file transfer feature to share copyrighted music, movie or software files in violation of the law.
How to block msn file transfer?
MSN transfers files using dynamic ports which are negotiated. So it is impossilbe to block msn file transfer ports.
WFilter provides a efficient way to block msn file transfer. By using WFilter, It is very easy for you to detect and block MSN file transfers.
A more detailed example can be found here:
Example of blocking msn
AOL Instant Messenger (often referred to as "AIM") is an instant messaging application that allows registered users to communicate in real time via text, voice, and video transmission over the Internet. It is maintained by AOL LLC. The official website is www.aim.com.
AIM is widely used all over the world. However, employees are using AIM to chat privacy topics, send and receive files, which will decrease working productivity, waste time and raise security risk.
So it is important to block AIM in enterprise network.
How to block AIM in your network?
AIM messenger can connect in several ways. Default is TCP port 5190. However, if you block AIM port 5190 in your firewall. It will turn to use port 80, 443 instead. And also, AIM messenger can use a HTTP/SOCK4/SOCK5 proxy server to reach the server. Even the worth, AIM traffics through port 80 using HTTP protocol, if you allow your employees to browser website, the 80 port must be available. And AIM has official clients, and many unofficial clients like gaim, trillian are also popular.
So, is blocking AIM mission impossible?
Of course not, but professional internet filter tools are needed. To block aim traffic, it needs the blocking aim tool has the ability to pick up aim traffic from large amount of connections.
I recommend you use WFilter to block aim, block msn and block messenger.
WFilter related features:
- Monitor AIM and ICQ messenger usage.
- Record chat contents of AIM and ICQ.
- Record files transfered by AIM/ICQ.
- Implement a policy to block AIM/ICQ or certain AIM/ICQ accounts.
- Block AIM file transfers, block icq file transfers.
- Support offical messenger client and other third party clients like gaim, trillian.
WFilter other monitor features:
Chat Monitor, MSN Messenger Chat Monitor, Yahoo Chat Monitor and other instant messenger monitor, block MSN, block Yahoo, block AIM, and other instant messenger block, block p2p, block p2p traffic, filter internet, block internet, internet monitor, monitor employee internet activity...
|
Copyright © 2012 IMFirewall Software. All rights reserved.
DasBlog 'Portal' theme by Johnny Hughes.
Pick a theme:
|
|