One customer reported that BBC online video can not be blocked by WFilter, even "Block Online HTTP Video and Downloading of Video Files" is checked in certain blocking levels. So we did some research and found, other than HTTP protocol, the BBC websites also use the RTMP (Real Time Messaging Protocol) to play online video. Because blocking of RTMP is not supported by default in WFilter(will be added soon), this tutorial will guide you to block BBC online video by the "Customize Protocols " feature of WFilter.
First, Add a new protocol named "RTMP".  1. Protocol Settings: Protocol Name: RTMP Protocol Desc: Real Time Messaging Protocol Type: Streaming 2. Pattern1 Name: RTMP_HTTP Desc: RTMP_HTTP Type: HTTP SEND Offset: 0 Format: User-Agent Content: Shockwave\sFlash 3. Pattern2 Name: RTMP Desc: RTMP Type: TCP_SEND Offset: 0 Begin Byte: 03 Format: 0 Content: \x03[\x00-\xff]{4}\x80\x00 Second, Enable blocking of RTMP in certain blocking levels. Now, BBC videos will be successfully blocked. Related Topic: How to block bbc iplayer?
Internet can be a benefit to business when used properly, but internet
is often abused by employees and poses significant liability and
security risks. Used
improperly, the Internet can subject every organization to harassment claims,
countless hours of lost productivity and innumerable security leaks and
vulnerabilities. Several important risks caused by improper internet usage: 1. Virus Infection 2. Lost Productivity 3. Legal liability 4. Bandwidth consumer So it is necessary for you to restrict employees internet access on your network. To achieve this goal, first you need an internet access policy, which should be able to: 1. Clarify what constitutes acceptable use of Internet services. 2. Ensure employees understand who to contact with questions regarding acceptable use. 3. Ensure employees understand the penalties that arise from Internet misuse. 4. Help lessen an organization's spyware and virus infestation rates. 5. Provide human resources with signed documentation from each employee stating a pledge not to improperly use Internet services. 6. Help mitigate productivity losses. 7. Decrease dependence upon technology solutions used to enforce employee behavior. 8. Reduce the organization's liability resulting from harassment claims, copyright violations originating onsite and other illegal acts. You also need an internet filtering product to assure your internet policy. Let's take "WFilter Enterprise" as an example, it enables you to monitor and filter internet access for all computers from a mirroring port of your switch. You only need to install WFilter in one computer to monitor the whole network. Key Features:
- Keep a detailed record of each web surfing and web posting.
- Record all incoming and outgoing email content and attachment.
- Monitor and archive instance messengers chat contents and activities.
- Monitor and archive files transferred by web, ftp and IM tools.
- Implement a policy to filter internet access during working hours.
- Websites, messengers and p2p file downloading can be blocked to save bandwidth and raise productivity.
- You only need to install WFilter in ONE computer to manage your whole network.
http://www.imfirewall.us
BBC iPlayer (formerly known as Integrated Media Player (iMP), Interactive Media Player, and MyBBCPlayer) is an internet television service, P2P, cable television, and several mobile devices developed by the BBC to extend its existing RealPlayer-based "Radio Player" and other streamed video clip content. As online iPlayer may consume much internet bandwidth, this tutorial will guide you to block BBC iPlayer using WFilter. We suppose WFilter is already properly installed and is capable of monitoring/blocking other computers, if not, please read How to monitor internet usage on company network first. WFilter's "website black list" is based on website domains, so we can not use "website black list" to block iPlayer, since iPlayer is a subfolder of www.bbc.co.uk without a individual domain. However, we still can use "URL Keywords Filtering" feature to block url with certain keywords. The below example demonstrates blocking of url with keyword "iplayer". 1. Create a blocking policy, and enable "URL Keywords Filtering". 2. Choose "Streaming Media" category and click the edit icon to edit its keywords list. Please notice: WFilter already has some default keywords(the default
keywords are hidden). For example, "video" is already included in the
"Streaming Media" category. If you only want to block "iplayer", you can add a new category in "Category Settings"->"Customize Categories" of WFilter. In this example, we need to add "iplayer" to the keywords list:  3. Apply this blocking policy to certain computers.  4. By now, urls with keywords "iplayer" will be blocked. More information, please check "WFilter Enterprise".
Other related links: How to block internet downloading?How to monitor internet usage on company network?Internet monitoring software for businessHow to filter web surfing?How to block websites and restrict internet access?How to Block Bittorrent and bitcomet? How to block msn file transfer?How to block certain websites to save your productivity? How to block AIM using WFilter?
Unmanaged internet downloading can consume most of your bandwidth, In practice, many, often most, of the files shared on peer-to-peer
networks are copies of copyrighted popular music and movies.
So, it is important for corporations to manage, control and block p2p traffic and block unwanted file downloading. Files can be downloaded via various ways as described below: 1. Downloading from HTTP/FTP websites. 2. Downloading from p2p networks.
3. Downloading from instant messenger buddies. For security purpose, downloading from p2p networks shall be completely forbidden in company networks. And only HTTP/FTP downloading from trusted websites can be allowed. Instant messenger file transfer makes it convenient to share files with our friends. It is fast and secure. However, because IM is so popular, virus writers can use it to spread malicious programs. These viruses are spread, in most cases, when a person clicks a link or opens an infected file that was sent in an instant message that appeared to come from a friend. Therefore, messenger file transfer also put your network in danger. "WFilter Enterprise" makes it simple to manage file transfers between local network and the internet. Using WFilter, you may: 1. Limit file downloading size. 2. Block web downloading by file type. 3. Block web downloading by content type. (Mime type) 4. Block p2p traffic. 5. Block file transfer via messengers. Figures: 
 Other related links: How to monitor internet bandwidth?Internet blockingHow to filter web surfing?How to monitor internet usage on company network?Internet monitoring software for businessInternet monitoring software
Unmanaged internet access is harmful to your business. Without proper internet monitoring and filtering, you may suffer from: 1. Lower productivity. Your employees might take hours for web surfing, chatting and watching videos. 2. Slow internet speed. P2P programs or IPTV programs can easily consume most of your bandwidth. So normal business will not have enough available bandwidth. 3. Unmanaged downloading will bring virus, worms and spyware, which is harmful to your network. 4. Leaking of business documents and materials. Therefore, it is important for you to monitor and manage employees internet activity. This guide will introduce you several aspects of deployment and usage of internet monitoring and filtering software. Please be aware that I am only going to talk about internet access monitoring, which does not include screen monitoring, USB forbiding and keystroke recording. The latter requires you to install a client agent in every computer. And internet monitoring only needs to be installed near the internet entrance. How to deploy internet monitoring software? Though internet monitoring only needs to be installed near internet entrance, it is quite different for different network topologies. For "Router<->Switch<->Computers" networks, you need to setup a mirroring port in the switch to enable monitoring. If you are using ISA or wingate proxy server, you can do monitoring right in the proxy server. How to monitor internet bandwidth? Upon properly deployed, you can easily monitor internet bandwidth and activities using internet monitoring software. Below let me take "WFilter Enterprise" as an example: Use WFilter's "Active Connections" feature, you can have a clear view of all connections in your network.  Connections of a particular computer, you can kill established connections if you want. 
For more details about "monitor internet bandwidth", please refer to: How to monitor internet bandwidth?
How to monitor internet usage?In "Online computers" of WFilter, click the numbers under each title to view detailed records.  
How to block downloading?To save bandwidth, inproper downloading shall be blocked. The below figure shows blocking of large size files and blocking by video files. Blocking of video files. For more details, please refer to "How to block downloading?".
WFilter Monitoring Performance
WFilter is designed to monitor a network with no more than 1000 computers, and the available internet bandwidth of the entire network shall be no more than 100Mbit/s. Since WFilter is software, the performance depends a lot on the hardware performance. Higher bandwidth requires faster CPU, and more monitored computers require more RAM. Therefore, we recommend you to provide 1M available RAM for each monitored computer. Below is a performance test result for HTTP request of WFilter 3.3 file-based version:
| # | Computers | Bandwidth | Total HTTP Requests | Recorded Percent | CPU | Memory |
|---|
| 1 | 50 | 37.2M | 16000 | 100% | 35% | 260,298K |
| 2 | 100 | 35M | 20000 | 100% | 38% | 280,576K |
| 3 | 200 | 31M | 40000 | 100% | 58% | 294,561K |
| 4 | 400 | 33M | 80000 | 100% | 68% | 372,786K |
| 5 | 600 | 32.3M | 120000 | 100% | 80% | 540,151K |
| 6 | 1000 | 32.6M | 200000 | 60% | 99% | 540,664K |
As we can see from the above table, when monitored computers number reachs 1000, the "recorded percent" decreased to 60% suddenly. And we noticed the memory only slightly increased, so it shall because lack of memory. Therefore we added the monitoring computer RAM to 2G, and do the test again:
| # | Computers | Bandwidth | Total HTTP Requests | Recorded Percent | CPU | Memory |
|---|
| 7 | 1000 | 32.7M | 200000 | 100% | 90% | 820,640K |
And the test of WFilter 3.3 database version(SQL Server) performance has the similar result:
| # | Computers | Bandwidth | Total HTTP Requests | Recorded Percent | CPU | Memory |
|---|
| 1 | 50 | 34.9M | 10000 | 100% | 45% | 197,392K |
| 2 | 100 | 34.9M | 20000 | 100% | 45% | 210,196K |
| 3 | 200 | 31M | 40000 | 100% | 45% | 270,960K |
| 4 | 400 | 32.9M | 80000 | 100% | 45% | 364,234K |
| 5 | 1000 | 28.6M | 200000 | 58.84% | 100% | 540,664K |
The performance of 1000-user can also be improved by adding RAM of the monitoring computer.
Test Environment
| 1 | Network | 100M ethernet |
| 2 | Test Client | Intel(R) pentium(R) Dual 1.80+1.80GHz , 1G RAM |
| 3 | Test Monitoring Server | Intel(R) Celeron(R) 2.66GHz, 1G RAM |
| 4 | WFilter Version | WFilter 3.3 |
| 5 | Switch | Tplink TL-SF1008 |
WFilter 3.3 is under alpha testing now. The new version will add "Bandwidth limit", "Url keywords blocking", "Website visit quota" and other exciting features. 1. "Bandwidth limit". You can set bandwidth limit for each computer, or blocking certain internet traffic when internet bandwidth is too high. This feature can help you to manage company bandwidth flexibly. 2. "Url Keywords Blocking", blocking url/webpage by keywords category. You may use this feature to block certain keywords from being searched in search engines. 3. "Website visit quota", by this feature, you are able to set visit time quota for each website category. For example, "news" websites can be limited to "1 hour" for each day.
Most employees waste more than an hour on browsing web pages. Even worse, someone will not be able to concentrate on their work during work time.
So, to save productivity, it is necessary for organizations to block certain websites and restrict internet access.
In my opinion, things should be done from several aspects:
1. Only work-related websites are allowed during work time.
2. Destructive websites like violence, adult, shall be blocked always.
3. Downloading websites shall be blocked to save bandwidth if you are suffering from slow internet speed.
For those companies who are very strict with websites browsing, you can implement a website whitelist, by which, only websites in the whitelist can be visited.
More information, please refer to internet blocking and internet monitoring.
IMFirewall P2P Classify Engine Introduction
1 Introduction
IMFirewall Software is a professional Internet filtering software provider. We focus on Internet information security and providing customers with a comprehensive approach to manage the Internet usage of enterprise network since founded in 2004. By 2007-10, protocols number supported in our pattern database has reached over 90. And our pattern analysis team is monitoring and analyzing protocols everyday.
2 Supported Pattern Type
Three pattern types are supported:
1. Signature Pattern
You may call it digit signature. As most p2p programs do not has a fix port range nor central servers. The only way to match them is by signature match. IMFirewall pattern matching engine scans every connection for signature of existing protocols..
2. Port Pattern
IMFirewall pattern matching engine can also recognize protocols by port or port range.
3. HTTP Pattern
Because more and more protocols are using HTTP protocol or HTTP tunnel to communicate, our pattern-matching engine also checks http mime-header for signatures. HTTP pattern is powerful to recognize http-based protocols.
3 Pattern Matching Speed
We test the speed of each pattern when new pattern found, the standard speed is 20,000 matches in 1 second.
4 Quick Response for New (Updated) Protocols
As protocols may vary from time to time, it is necessary to keep the pattern database up to date in time.
We have a protocol/programs monitoring system, which will monitor the website and files on official websites of each protocol. Once there is a change, the system will notify our protocol analysis team to test it.
This makes us a quick response for new (updated) protocols. Usually, a updated protocol can be added to our pattern database in 2-3 business days.
Links: Supported protocols list of WFilter
Someone told me WFilter can not block bittorrent downloading. So I did some research yesterday.
I downloaded both bittorrent and bitcomet from their official website. I also downloaded an availble torrent file from bittorrent.com.
Turning "Block P2P" on in WFilter console, then use bitcomet to download, the download never begined. However, when I use bittorrent to download, it will start downloading after trying for a few seconds.
This is really interesting. Since WFilter can detect and block bittorrent traffic using pattern match, this should not happen. So what's the reason? After detailed analysis of the network traffic, I found bittorrent also download data directly from bittorrent.com using http protocol. That means bittorrent not only use p2p downloading, but also can download files directly from the website.
Knowing that, I added "bittorrent.com" in the black list of wfilter's website black&white list, then did the download again. Aha, bittorrent never be able to download any files.
MSN, also called as live messenger is widely used. Windows Live Messenger gives you brilliant ways to connect and share your photos (and other stuff). Contact lists, emoticons, instant access to your friends.
However, sending and receiving files using MSN will face some security risk. External users can send files that might contain viruses or malicious code to users on the internal network. In addition, a liability risk arises if employees use the file transfer feature to share copyrighted music, movie or software files in violation of the law.
How to block msn file transfer?
MSN transfers files using dynamic ports which are negotiated. So it is impossilbe to block msn file transfer ports.
WFilter provides a efficient way to block msn file transfer. By using WFilter, It is very easy for you to detect and block MSN file transfers.
A more detailed example can be found here:
Example of blocking msn
A pure peer-to-peer network does not have the notion of clients or servers, but only equal peer nodes that simultaneously function as both "clients" and "servers" to the other nodes on the network. This model of network arrangement differs from the client-server model where communication is usually to and from a central server.
Some networks and channels such as Napster, OpenNAP and IRC server channels use a client-server structure for some tasks (e.g. searching) and a peer-to-peer structure for others. Networks such as Gnutella use a peer-to-peer structure for all purposes, and are sometimes referred to as true peer-to-peer networks, although Gnutella is greatly facilitated by directory servers that inform peers of the network addresses of other peers.
As you can see from above, a peer-to-peer network is complex and it is almost impossible for you to block p2p in the router or the gateway.
WFilter provides a efficient way to block p2p traffic by signature match. By using WFilter, It is very easy for you to detect and block p2p traffic and file downloading.
WFilter related features:
- Detect p2p traffic in your network.
- Implement a policy to block certain p2p traffic.
- Support over 30 p2p protocols, cover most common p2p softwares.
- Define a file extension list forbidden from being download.
Block online streaming using WFilter
Various online streaming services are available on Internet, such as online movie, online music, online radio and ....
Some employees will spend a lot of time searching and watching such materials at work time, even worse, they will download copies of copyrighted popular music and movies, sharing of these copies among strangers is illegal in most jurisdictions.
So it is important for organizations to block online streaming, block internet radio, block p2p traffic, monitor Internet access to guard against unauthorized share or leak and enhance efficiency use of enterprise resources.
WFilter also has complete protocol reports for you.
You also can use WFilter to monitor chat, monitor email, block messenger, block p2p and implement an internet access policy.
|
Copyright © 2010 IMFirewall Software. All rights reserved.
DasBlog 'Portal' theme by Johnny Hughes.
Pick a theme:
|
|