Internet can be a benefit to business when used properly, but internet is often abused by employees and poses significant liability and security risks. Used improperly, the Internet can subject every organization to harassment claims, countless hours of lost productivity and innumerable security leaks and vulnerabilities.

Several important risks caused by improper internet usage:
1. Virus Infection
2. Lost Productivity
3. Legal liability
4. Bandwidth consumer

So it is necessary for you to restrict employees internet access on your network.

To achieve this goal,  first you need an internet access policy, which should be able to:

1. Clarify what constitutes acceptable use of Internet services.
2. Ensure employees understand who to contact with questions regarding acceptable use.
3. Ensure employees understand the penalties that arise from Internet misuse.
4. Help lessen an organization's spyware and virus infestation rates.
5. Provide human resources with signed documentation from each employee stating a pledge not to improperly use Internet services.
6. Help mitigate productivity losses.
7. Decrease dependence upon technology solutions used to enforce employee behavior.
8. Reduce the organization's liability resulting from harassment claims, copyright violations originating onsite and other illegal acts.

You also need an internet filtering product to assure your internet policy. Let's take "WFilter Enterprise" as an example, it enables you to monitor and filter internet access for all computers from a mirroring port of your switch. You only need to install WFilter in one computer to monitor the whole network.

Key Features:

• Keep a detailed record of each web surfing and web posting.
• Record all incoming and outgoing email content and attachment.
• Monitor and archive instance messengers chat contents and activities.
• Monitor and archive files transferred by web, ftp and IM tools.
• Implement a policy to filter internet access during working hours.
• Websites, messengers and p2p file downloading can be blocked to save bandwidth and raise productivity.
• You only need to install WFilter in ONE computer to manage your whole network.

http://www.imfirewall.us

Some switches does not allow outgoing traffic on a mirroring port. In this case, WFilter needs a separate blocking adapter to send blocking packets. And if you're monitoring and filtering more than 100 computers, we recommend you to use a different blocking adapter as the monitoring adapter.

When the two network cards are installed, we will want the Windows system to use the blocking adapter to access your network. However, sometime the Windows system might pick up the monitoring adapter and fails to connect to your network. This problem can be resolved by the "Automatic Metric" setting in Windows.

A metric is a value that is assigned to an IP route for a particular network interface that identifies the cost that is associated with using that route. The Automatic Metric feature is configured independently for each network interface in the network. This feature is useful in situations where you have more than one network interface of the same speed, for example, when each network interface has been assigned a default gateway. In this situation, you may want to manually configure the metric on one network interface, and enable the Automatic Metric feature to configure the metric of the other network interface. This setup can enable you to control the network interface that is used first in the routing of IP traffic.

In our case, the "Automatic Metric" of the blocking adapter shall be smaller than the monitoring adapter. So by setting "Automatic Metric" of the blocking adapter to "1", and the monitoring adapter to "2", Windows system will use the blocking adapter to access your network.

LimeWire is a free peer-to-peer file sharing (P2P) client for Windows, Mac OS X, Linux, and other operating systems supported by the Java software platform. It uses the Gnutella network and also the BitTorrent protocol.

Using Limewire, users can easily download copies of copyrighted materials and illegal or objectionable content. In LimeWire versions prior to 5.0, users could accidentally configure the software to allow access to any file on their computer, including documents with personal information. Though recent versions of LimeWire do not allow unintentional sharing of documents or applications, it still opens a share directory to share downloaded files by default.

Therefore, to save your bandwidth and keep your network safe, you might want to block limewire program on your network.

However, though the default TCP port of Gnutella2 is 6346. You can not block limewire only by blocking this port in your router or firewall, because Limewire allow users to change its default port.

This tutorial will guide you to block limewire downloading using WFilter. WFilter blocks Limewire traffic based on signature matching despite which port it is using. Limewire can be blocked only by a single click.
 

Blocked limewire:



Blocking logs of limewire in WFilter:




WFilter homepage: http://www.imfirewall.us/WFilter.htm

Traffic Shaping and Prioritization is becoming more and more common in the corporate market. Most companies with remote offices are now connected via a WAN (Wide Area Network). Applications tend to become centrally hosted at the head office and remote offices are expected to pull data from central databases and server farms. As applications become more hungry in terms of bandwidth and prices of dedicated circuits being relatively high in most areas of the world, instead of increasing the size of their WAN circuits, companies feel the need to properly manage their circuits to make sure business-oriented traffic gets priority over best-effort traffic. Traffic shaping is thus a good means for companies to avoid purchasing additional bandwidth while properly managing these resources.

With a linux gateway, you have a very rich set of tools for managing and manipulating the transmission of packets. More details can be found at: http://linux-ip.net/articles/Traffic-Control-HOWTO/index.html, However, sometimes it might be difficult for you to deploy a linux gateway server.

This tutorial will guide to implement a passby bandwidth management solution, which enables you to manage internet bandwidth through a mirroring port on your switch. Port mirroring allows you to setup a port in the switch to receive packets of other ports. Setting up a mirror port does no change to your network topology, and it will not affect your network speed.

Let's take WFilter as an example:

First, setup a mirroring port.

When the port mirroring is properly setup, WFilter will be able to monitor all computers internet activities.

Bandwidth Management Settings

Using WFilter's bandwidth management feature, you can set a maximum accumulating bandwidth of each computer for a period time. In this example, each user can have 200M internet bandwidth every day. Only messengers and emails are allowed when the bandwidth limit is reached.


You also can setup a policy to block certain users when available internet bandwidth of the entire network is not enough. For example, When entire network traffic exceeds 80% of available internet bandwidth, p2p traffic will be blocked.

Bandwidth Alert Settings

And the bandwidth alert feature will send you an alert email when the accumulating bandwidth of a computer is too large.

More information, please check "WFilter Enterprise".
Other related links:
How to block websites at work during working hours?
How to block video streaming on company network?
How to block internet downloading?
How to monitor internet bandwidth?
How to monitor internet usage on company network?
How to block instant messaging on company network?
How to filter websites and restrict website access?

Online audio/video streaming can consume most of your bandwidth. To save your bandwidth, you might want to block online steaming traffic on your network.

Generally speaking, online streaming can run on different protocols:
1. Video websites, like youtube. You can watch video directly on the webpages.
2. Standard Real Time Streaming Protocol(RTSP).
3. P2P based streaming products, like pplive, ppstream.
4. Video downloading websites.

Therefore, for complete blocking of video streaming, you need to block all above video traffic. 

First, block "streaming" category websites:

Second, block downloading of video files:

Third, blocking RTSP and other online streaming protocols:

More information, please check "protocols supported by WFilter".
Other related links:
How to block internet downloading?
How to monitor internet bandwidth?
How to monitor internet usage on company network?
Internet monitoring software for business
How to filter web surfing?
How to block websites and restrict internet access?
How to Block Bittorrent and bitcomet?
How to block msn file transfer?
How to block certain websites to save your productivity?
How to block AIM using WFilter

  Unmanaged internet downloading can consume most of your bandwidth, In practice, many, often most, of the files shared on peer-to-peer networks are copies of copyrighted popular music and movies. 

  So, it is important for corporations to manage, control and block p2p traffic and block unwanted file downloading.

  Files can be downloaded via various ways as described below:

  1. Downloading from HTTP/FTP websites.

  2. Downloading from p2p networks.

  3. Downloading from instant messenger buddies.

  For security purpose, downloading from p2p networks shall be completely forbidden in company networks. And only HTTP/FTP downloading from trusted websites can be allowed.

  Instant messenger file transfer makes it convenient to share files with our friends. It is fast and secure. However, because IM is so popular, virus writers can use it to spread malicious programs. These viruses are spread, in most cases, when a person clicks a link or opens an infected file that was sent in an instant message that appeared to come from a friend. Therefore, messenger file transfer also put your network in danger.

  "WFilter Enterprise"  makes it simple to manage file transfers between local network and the internet. Using WFilter, you may:

  1. Limit file downloading size.

  2. Block web downloading by file type.

  3. Block web downloading by content type. (Mime type)

  4. Block p2p traffic.

  5. Block file transfer via messengers.

  Figures:

 

Other related links:
How to monitor internet bandwidth?
Internet blocking
How to filter web surfing?
How to monitor internet usage on company network?
Internet monitoring software for business
Internet monitoring software

  Unmanaged internet access is harmful to your business.
  Without proper internet monitoring and filtering, you may suffer from:
  1. Lower productivity. Your employees might take hours for web surfing, chatting and watching videos.
  2. Slow internet speed. P2P programs or IPTV programs can easily consume most of your bandwidth. So normal business will not have enough available bandwidth.
  3. Unmanaged downloading will bring virus, worms and spyware, which is harmful to your network.
  4. Leaking of business documents and materials.

  Therefore, it is important for you to monitor and manage employees internet activity. This guide will introduce you several aspects of deployment and usage of internet monitoring and filtering software. Please be aware that I am only going to talk about internet access monitoring, which does not include screen monitoring, USB forbiding and keystroke recording. The latter requires you to install a client agent in every computer. And internet monitoring only needs to be installed near the internet entrance.

How to deploy internet monitoring software?

  Though internet monitoring only needs to be installed near internet entrance, it is quite different for different network topologies.
  For "Router<->Switch<->Computers" networks, you need to setup a mirroring port in the switch to enable monitoring. If you are using ISA or wingate proxy server, you can do monitoring right in the proxy server.

How to monitor internet bandwidth?

  Upon properly deployed, you can easily monitor internet bandwidth and activities using internet monitoring software.
  Below let me take "WFilter Enterprise" as an example:
 
  Use WFilter's "Active Connections" feature, you can have a clear view of all connections in your network.

Connections of a particular computer, you can kill established connections if you want.

For more details about "monitor internet bandwidth", please refer to: How to monitor internet bandwidth?

How to monitor internet usage?

In "Online computers" of WFilter, click the numbers under each title to view detailed records.

How to block downloading?

To save bandwidth, inproper downloading shall be blocked. The below figure shows blocking of large size files and blocking by video files.

Blocking of video files.





For more details, please refer to "How to block downloading?".