WFilter can be used to block sending/receiving emails, block sending attachments and filter email accounts. And you only need to install WFilter in one computer to monitor all computers in your network. This tutorial will guide you to block outgoing emails with attachments.
This feature can block sending of emails with attachments via SMTP protocol.
1.1 Add a new blocking level, as in the below figure:
 1.2 Set a proper "Level Name" and "Level Desc", check "Block sending emails with attachment(s)", as in Figure 2:  1.3 Apply this new blocking level to certain users in "User-computer Table", as in the below figure:  1.4 Emails with attachment(s) will be blocked, as in Figure 4:  
Some switches does not allow outgoing traffic on a mirroring port. In this case, WFilter needs a separate blocking adapter to send blocking packets. And if you're monitoring and filtering more than 100 computers, we recommend you to use a different blocking adapter as the monitoring adapter. When the two network cards are installed, we will want the Windows system to use the blocking adapter to access your network. However, sometime the Windows system might pick up the monitoring adapter and fails to connect to your network. This problem can be resolved by the "Automatic Metric" setting in Windows. A metric is a value that is assigned to an IP route for a particular
network interface that identifies the cost that is associated with
using that route. The Automatic Metric feature is configured independently for each network interface in the network. This feature is useful in situations where you have more than one
network interface of the same speed, for example, when each network
interface has been assigned a default gateway. In this situation, you
may want to manually configure the metric on one network interface, and
enable the Automatic Metric feature to configure the metric of the
other network interface. This setup can enable you to control the
network interface that is used first in the routing of IP traffic. In our case, the "Automatic Metric" of the blocking adapter shall be smaller than the monitoring adapter. So by setting "Automatic Metric" of the blocking adapter to "1", and the monitoring adapter to "2", Windows system will use the blocking adapter to access your network.   
You may assign static ip addresses to computers manually or in your DHCP server. However, it is difficult to prevent users from changing their ip addresses or mac addresses. Though it is more reasonable to setup ip-mac binding in routers or switches, software solution is also a good option, as it is easier to setup and manage. This tutorial will guide you to bind ip addresses to mac addresses in WFilter, an internet filtering and monitoring software product. First, you need to setup a mirror port in your switch to do monitoring. For how to deploy internet monitoring and filtering, check this guide: How to monitor internet usage?Second, in "Control Settings"->"IP Management" of WFilter, you can setup ip-mac binding just by a few clicks.  i When ip-mac binding is setup, internet access will be blocked when the user tries to change ip address or mac address.
WFilter supports online activation and Email activation.
If
you choose to activate your product over the Internet, upon your
submisson the activation wizard will detect your Internet connection
and connect to a secure server to transfer your register key to us. The
registration is passed back to you, automatically activating WFilter,
if the register key is valid.
If you choose to activate your
product by email activation, you should input the register key in text
box and click the "confirm". You will get an activation code. Please
send them to the support email box. The validation code will be sent
back to you within 24 hours. Please copy them in the valiation code
textbox to activate your product. 1. Steps of Online ActivationOnline activation requires an available internet connection to connect to WFilter activation server. 1). In "Help"->"About" of WFilter, click "Product Activation".  2). Input your key number and use "online activation" to do online activation.  3). Successful activation.   2. Steps of Email ActivationOnline activation requires an available internet connection. If you can not connect to WFilter activation server, you also can use "Email Activation". 1). Input your key number and use "email activation" to do online activation.  2). In "Email Activation", copy the activation code and send to support email address.   3) It might take several hours to receive the reply email since the response email is sent manually.  4). In "Help"->"About" of WFilter, you need to enter the received validation code into WFilter.   3. De-activationSometimes, you might want to move the key to another computer. You need to de-activate this key first. Click "deactivate" in "Help"->"About" to de-activate the key.
Instant Messaging can be a benefit to business when used properly,
but IM is often abused by employees and poses significant liability and
security risks.
The free consumer IM client
programs in widest use, such as AIM, ICQ, Yahoo and MSN Messenger, pose many
security concerns. More than text-based chat, IM programs also include peer to peer file
transfer capabilities, which can pose security risks in two ways.
Internal users can send documents that may be confidential out of your
network, circumventing your network's perimeter defenses against file
sharing programs or e-mail attachments. On the other hand, external
users can send files that might contain viruses or malicious code to
users on the internal network. In addition, a liability risk arises if
employees use the file transfer feature to share copyrighted music,
movie or software files in violation of the law. To make your business efficient, it is necessary for you to monitor, filter and block instant messaging in your network. You may want to apply an internet messenger usage policy like this: 1. Only authrozied users can use certain IM tools. 2. File transfer via messengers shall be blocked. 3. Only work-related IM accounts can be used. As most firewall programs do not support that kind of feature, you need an internet monitoring and filtering program like "WFilter Enterprise". "WFilter Enteprise" enables you to monitor, manage and block internet access of all computers on a mirroring port. For internet messaging blocking, WFilter supports: 1. Blocking certain messenger protocols. 2. Blocking file transfer via messengers. 3. Blocking certain messenger account using black/white list. Figures:  Block file transfer in messengers:  MSN black/white list:  More information, please check "WFilter Enterprise". Other related links: How to block websites at work during working hours?How to block video streaming on company network?How to block internet downloading?How to monitor internet bandwidth?How to monitor internet usage on company network?Internet monitoring software for businessHow to filter web surfing?
Unmanaged websites surfing is killing your productivity. Employees may spend hours to read news, watch online video and play online web games. So, to save productivity, it is necessary for organizations to block certain websites and restrict internet access. You need to implement an internet policy as: 1. Only work-related websites are allowed during work time. 2. Destructive websites like violence, adult, shall be blocked always. 3. Downloading websites shall be blocked to save bandwidth if you are suffering from slow internet speed. However, in today's internet, a website can not be blocked only by blocking its ip address or domain. It is still accessable by: 1. Open proxy servers. 2. Third party tunneling proxy service. 3. Tunnel VPN service. To make your blocking effecient, you also need to block certain proxy/tunneling protocols. WFilter makes it simple to block websites and proxy service. 1. Filter certain websites
You can filter certain websites by "website black/white list" and "website category":   2. Block Proxy Service and VPN protocols.WFilter supports proxy protocol transparently. No addtional setting is required to block open proxy server. You may setup a "HTTPS black/white list" to block unwanted VPN.  More information, please check "WFilter Enterprise". Other related links: How to block video streaming on company network?How to block internet downloading?How to monitor internet bandwidth?How to monitor internet usage on company network?Internet monitoring software for businessHow to filter web surfing?
Unmanaged internet access is harmful to your business. Without proper internet monitoring and filtering, you may suffer from: 1. Lower productivity. Your employees might take hours for web surfing, chatting and watching videos. 2. Slow internet speed. P2P programs or IPTV programs can easily consume most of your bandwidth. So normal business will not have enough available bandwidth. 3. Unmanaged downloading will bring virus, worms and spyware, which is harmful to your network. 4. Leaking of business documents and materials. Therefore, it is important for you to monitor and manage employees internet activity. This guide will introduce you several aspects of deployment and usage of internet monitoring and filtering software. Please be aware that I am only going to talk about internet access monitoring, which does not include screen monitoring, USB forbiding and keystroke recording. The latter requires you to install a client agent in every computer. And internet monitoring only needs to be installed near the internet entrance. How to deploy internet monitoring software? Though internet monitoring only needs to be installed near internet entrance, it is quite different for different network topologies. For "Router<->Switch<->Computers" networks, you need to setup a mirroring port in the switch to enable monitoring. If you are using ISA or wingate proxy server, you can do monitoring right in the proxy server. How to monitor internet bandwidth? Upon properly deployed, you can easily monitor internet bandwidth and activities using internet monitoring software. Below let me take "WFilter Enterprise" as an example: Use WFilter's "Active Connections" feature, you can have a clear view of all connections in your network.  Connections of a particular computer, you can kill established connections if you want. 
For more details about "monitor internet bandwidth", please refer to: How to monitor internet bandwidth?
How to monitor internet usage?In "Online computers" of WFilter, click the numbers under each title to view detailed records.  
How to block downloading?To save bandwidth, inproper downloading shall be blocked. The below figure shows blocking of large size files and blocking by video files.  Blocking of video files.  For more details, please refer to "How to block downloading?".
Introduction
WFilter supports various ways to filter web surfing activity:
- Block Web Surfing Completely
- Enable Website Black/White List
- Enable URL Keywords Filtering
- Enable Website Category Access Policy
- Websites Exception List
- Enable HTTPS Black/White List
When enabled, all HTTP web surfing will be blocked, except for domains in the "Websites Exception List".
1.1 Add a new blocking level, as in the below figure:
 Figure 1 1.2 Set a proper "Level Name" and "Level Desc", check the "Block Web Surfing". If you want to display a blocking page when blocked, you need to enable "Display a Deny Page When Blocking", as in Figure 2:  Figure 2 1.3 Apply this new blocking level to certain users in "User-computer Table", as in the below figure:
 Figure 3 1.4 Websites will be blocked, as in Figure 4:  Figure 4  Figure 5 Website black/white list can set black list or white list for websites based on domain name.
When black list is enabled, websites in the black list will be blocked. When white list is enabled, only websites in the white list can be visited.
2.1 Add a new blocking level, as in the below figure:
Figure 6 2.2 Set a proper "Level Name" and "Level Desc", check the "Enable Website black/white list", as in Figure 7: Figure 7 2.3 Add certain websites into a black list, as in Figure 8:  Figure 8 2.4 Apply this new blocking level to certain users in "User-computer Table", as in the below figure:
Figure 9 2.5 Websites in the black list will be blocked, as in Figure 10: Figure 10 Figure 11 URL keywords filtering can filter webpages by url address. Using this feature, you can block searching for certain keywords in search engines.
3.1 Add a new blocking level, as in the below figure:
Figure 12
3.2 Set a proper "Level Name" and "Level Desc", check the "Enable URL Keywords Filtering", as in Figure 13: Figure 13 3.3 Check the keywords category to be blocked, as in Figure 14:  Figure 14 3.4 Apply this new blocking level to certain users in "User-computer Table", as in the below figure:
Figure 15 3.5 In this example, searching for "game" will be blocked, as in Figure 16 and Figure 17: Figure 16  Figure 17 Website category access rules can filter websites based on websites categories. Four filtering modes are supported: "Allow", "Deny", "Warn" and "Time Quota".
4.1 Add a new blocking level, as in the below figure:
Figure 18 4.2 Set a proper "Level Name" and "Level Desc", check the "Enable web category rule", as in Figure 19:  Figure 19 4.3 Set certain filtering mode for certain categories, as in Figure 20:  Figure 20 4.4 Apply this new blocking level to certain users in "User-computer Table", as in the below figure:
Figure 21 4.6 In this example, time quota is enabled for "Game" websites, as in Figure 22:
 Figure 22 Websites in the exception list will not be blocked by other rules.
 Figure 23 Above functions can only filter HTTP websites, to block HTTPS websites, you need to enable the "HTTPS Black/White List".
6.1 Add a new blocking level, as in the below figure:
Figure 24 6.2 Set a proper "Level Name" and "Level Desc", check the "Enable HTTPS Black/White List", as in Figure 25: Figure 25 6.3 Add certain websites into a HTTPS Black list, as in Figure 26:  Figure 26 6.4 Apply this new blocking level to certain users in "User-computer Table", as in the below figure:
Figure 27 6.5 As in Figure 28 and 29, certain HTTPS websites will be blocked.  Figure 28  Figure 29 |
WFilter Monitoring Performance
WFilter is designed to monitor a network with no more than 1000 computers, and the available internet bandwidth of the entire network shall be no more than 100Mbit/s. Since WFilter is software, the performance depends a lot on the hardware performance. Higher bandwidth requires faster CPU, and more monitored computers require more RAM. Therefore, we recommend you to provide 1M available RAM for each monitored computer. Below is a performance test result for HTTP request of WFilter 3.3 file-based version:
| # | Computers | Bandwidth | Total HTTP Requests | Recorded Percent | CPU | Memory |
|---|
| 1 | 50 | 37.2M | 16000 | 100% | 35% | 260,298K |
| 2 | 100 | 35M | 20000 | 100% | 38% | 280,576K |
| 3 | 200 | 31M | 40000 | 100% | 58% | 294,561K |
| 4 | 400 | 33M | 80000 | 100% | 68% | 372,786K |
| 5 | 600 | 32.3M | 120000 | 100% | 80% | 540,151K |
| 6 | 1000 | 32.6M | 200000 | 60% | 99% | 540,664K |
As we can see from the above table, when monitored computers number reachs 1000, the "recorded percent" decreased to 60% suddenly. And we noticed the memory only slightly increased, so it shall because lack of memory. Therefore we added the monitoring computer RAM to 2G, and do the test again:
| # | Computers | Bandwidth | Total HTTP Requests | Recorded Percent | CPU | Memory |
|---|
| 7 | 1000 | 32.7M | 200000 | 100% | 90% | 820,640K |
And the test of WFilter 3.3 database version(SQL Server) performance has the similar result:
| # | Computers | Bandwidth | Total HTTP Requests | Recorded Percent | CPU | Memory |
|---|
| 1 | 50 | 34.9M | 10000 | 100% | 45% | 197,392K |
| 2 | 100 | 34.9M | 20000 | 100% | 45% | 210,196K |
| 3 | 200 | 31M | 40000 | 100% | 45% | 270,960K |
| 4 | 400 | 32.9M | 80000 | 100% | 45% | 364,234K |
| 5 | 1000 | 28.6M | 200000 | 58.84% | 100% | 540,664K |
The performance of 1000-user can also be improved by adding RAM of the monitoring computer.
Test Environment
| 1 | Network | 100M ethernet |
| 2 | Test Client | Intel(R) pentium(R) Dual 1.80+1.80GHz , 1G RAM |
| 3 | Test Monitoring Server | Intel(R) Celeron(R) 2.66GHz, 1G RAM |
| 4 | WFilter Version | WFilter 3.3 |
| 5 | Switch | Tplink TL-SF1008 |
WFilter 3.3 is under alpha testing now. The new version will add "Bandwidth limit", "Url keywords blocking", "Website visit quota" and other exciting features. 1. "Bandwidth limit". You can set bandwidth limit for each computer, or blocking certain internet traffic when internet bandwidth is too high. This feature can help you to manage company bandwidth flexibly. 2. "Url Keywords Blocking", blocking url/webpage by keywords category. You may use this feature to block certain keywords from being searched in search engines. 3. "Website visit quota", by this feature, you are able to set visit time quota for each website category. For example, "news" websites can be limited to "1 hour" for each day.
Some websites, like facebook, youtube, are rather time consumable.
If you do nothing to filter certain websites, your employees may spend several hours a day on web surfing.
So How to block certain websites to save your productivity?
1. Some router/gateway might have the ability to block certain websites.
2. Firewall appliances, like cisco PIX, will also be a good choice.
3. The third, you can choose internet filtering software to do web filter and blocking.
Most employees waste more than an hour on browsing web pages. Even worse, someone will not be able to concentrate on their work during work time.
So, to save productivity, it is necessary for organizations to block certain websites and restrict internet access.
In my opinion, things should be done from several aspects:
1. Only work-related websites are allowed during work time.
2. Destructive websites like violence, adult, shall be blocked always.
3. Downloading websites shall be blocked to save bandwidth if you are suffering from slow internet speed.
For those companies who are very strict with websites browsing, you can implement a website whitelist, by which, only websites in the whitelist can be visited.
More information, please refer to internet blocking and internet monitoring.
IMFirewall P2P Classify Engine Introduction
1 Introduction
IMFirewall Software is a professional Internet filtering software provider. We focus on Internet information security and providing customers with a comprehensive approach to manage the Internet usage of enterprise network since founded in 2004. By 2007-10, protocols number supported in our pattern database has reached over 90. And our pattern analysis team is monitoring and analyzing protocols everyday.
2 Supported Pattern Type
Three pattern types are supported:
1. Signature Pattern
You may call it digit signature. As most p2p programs do not has a fix port range nor central servers. The only way to match them is by signature match. IMFirewall pattern matching engine scans every connection for signature of existing protocols..
2. Port Pattern
IMFirewall pattern matching engine can also recognize protocols by port or port range.
3. HTTP Pattern
Because more and more protocols are using HTTP protocol or HTTP tunnel to communicate, our pattern-matching engine also checks http mime-header for signatures. HTTP pattern is powerful to recognize http-based protocols.
3 Pattern Matching Speed
We test the speed of each pattern when new pattern found, the standard speed is 20,000 matches in 1 second.
4 Quick Response for New (Updated) Protocols
As protocols may vary from time to time, it is necessary to keep the pattern database up to date in time.
We have a protocol/programs monitoring system, which will monitor the website and files on official websites of each protocol. Once there is a change, the system will notify our protocol analysis team to test it.
This makes us a quick response for new (updated) protocols. Usually, a updated protocol can be added to our pattern database in 2-3 business days.
Links: Supported protocols list of WFilter
Here we've added some configuration examples of wfilter:
AOL Instant Messenger (often referred to as "AIM") is an instant messaging application that allows registered users to communicate in real time via text, voice, and video transmission over the Internet. It is maintained by AOL LLC. The official website is www.aim.com.
AIM is widely used all over the world. However, employees are using AIM to chat privacy topics, send and receive files, which will decrease working productivity, waste time and raise security risk.
So it is important to block AIM in enterprise network.
How to block AIM in your network?
AIM messenger can connect in several ways. Default is TCP port 5190. However, if you block AIM port 5190 in your firewall. It will turn to use port 80, 443 instead. And also, AIM messenger can use a HTTP/SOCK4/SOCK5 proxy server to reach the server. Even the worth, AIM traffics through port 80 using HTTP protocol, if you allow your employees to browser website, the 80 port must be available. And AIM has official clients, and many unofficial clients like gaim, trillian are also popular.
So, is blocking AIM mission impossible?
Of course not, but professional internet filter tools are needed. To block aim traffic, it needs the blocking aim tool has the ability to pick up aim traffic from large amount of connections.
I recommend you use WFilter to block aim, block msn and block messenger.
WFilter related features:
- Monitor AIM and ICQ messenger usage.
- Record chat contents of AIM and ICQ.
- Record files transfered by AIM/ICQ.
- Implement a policy to block AIM/ICQ or certain AIM/ICQ accounts.
- Block AIM file transfers, block icq file transfers.
- Support offical messenger client and other third party clients like gaim, trillian.
WFilter other monitor features:
Chat Monitor, MSN Messenger Chat Monitor, Yahoo Chat Monitor and other instant messenger monitor, block MSN, block Yahoo, block AIM, and other instant messenger block, block p2p, block p2p traffic, filter internet, block internet, internet monitor, monitor employee internet activity...
An URL database contains about 50 catalogs will be available in WFilter next release coming in this September.
WFilter 3.1 version now can only support URL white list and black list based on URL keywords match. This is not enough, a URL database will make you able to add rule for each catalog easily.
|
Copyright © 2010 IMFirewall Software. All rights reserved.
DasBlog 'Portal' theme by Johnny Hughes.
Pick a theme:
|
|