Internet can be a benefit to business when used properly, but internet is often abused by employees and poses significant liability and security risks:
- 1. Internet downloading and malicious websites are harmful to your network.
- 2. Online messengers, social networks websites are killing your productivity.
- 3. P2P programs and IPTV applications can easily consume most of your bandwidth.
- 4. Sharing of copyrighted popular music and movies is illegal in most jurisdictions.
Therefore, it is necessary for business administrators to track employees internet usage and restrict internet usage in company networks.
Below I list several aspects to track and filter internet activity on company networks.
1. Keep a record of internet activities.
To track internet usage, you can setup a mirroring port in your switch, and connect an internet monitoring product to this mirroring port to archive all internet activities.
Please check this blog article: How to monitor internet usage on company network?
2. Restrict websites access
- 1. Only work-related websites are allowed during work time.
- 2. Destructive websites like violence, adult, shall be blocked always.
- 3. Downloading websites shall be blocked to save bandwidth if you are suffering from slow internet speed.
For those companies who are very strict with websites browsing, you can implement a website whitelist, by which, only websites in the whitelist can be visited.
How to whitelist websites?
3. Block bandwidth consuming protocols
To keep your internet working smoothly, bandwidth consuming protocols like p2p downloading, online streaming shall be blocked during working hours.
Please check:
1. How to monitor internet bandwidth?
2. How to block p2p traffic in your network?
Routing and Remote Access is a network service in Microsoft Windows Server 2008, Windows Server 2003, and Windows 2000 Server that can provides Network address translator (NAT) for connecting a private network to the Internet. An example network topology is as below: 
Since all internet traffic goes through the RRAS server, it's very simple for you to monitor and filter internet activities: "just install WFilter in this server."
The RRAS server has two adapters: the internal NIC and external NIC, you shall be able to see two adapters in the "monitoring adapter settings" of "System Settings"->"Monitoring Settings". 
We recommend you to choose the internal NIC as the monitoring and blocking adapter, because you will be able to monitor, block and report on individual network computers.
However, if you choose the external NIC as the monitoring and blocking adapter, WFilter will treat the whole network as one computer, because the RRAS server will translate all subnet ip addresses to its public ip address.
We have noticed that some users prefer to monitor on the internal NIC to save license number, because you only need ONE 1-user license to monitor the public ip address. However, we recommend you not to do it, because this is not WFilter designed to work, and there might have an over-blocking issue for some p2p protocols.
More information, please check "WFilter Enterprise".
Other related links:
How to block UDP ports in RRAS windows server 2003?
How to block internet downloading?
How to monitor internet usage on company network?
Internet monitoring software for business
How to filter web surfing?
How to block websites and restrict internet access?
How to block HTTPS websites on my network?
WFilter can monitor and filter computers internet activities in your network. In WFilter, two monitoring modes are available: "by ip address" and "by MAC address". In "by ip address" monitoring mode, WFilter identifies a computer based on its ip address, while it identifies a computer based on its MAC address in "by mac address" monitoring mode.
However, if computers ip addresses are not fixed in your network. You might have trouble to identify a computer to set its monitoring/blocking policy.
This tutorial will introduce you several solutions to identify computers in your network in WFilter.
1. Monitor and block by AD users
Since WFilter can be integrated with Microsoft active directory, you don't need to face the trouble of identifying computers if you have an available AD.
With "account monitoring" enabled, you can set blocking policy based on AD users, despite which computers they are using.
Please check this document for more details about "account monitoring": How to do monitoring based on user accounts?
2. Identify computers by MAC addresses
With "by mac address" monitoring mode, WFilter identifies a computer by its MAC address. MAC address is assigned by the manufacturer of a network interface card (NIC) and are stored in its hardware. It won't change unless the NIC hardware is replaced.
When you set a recording policy or blocking policy to one computer in "user-computer table", certain settings will be bound to its mac address. Even its ip address is changed, certain settings will not be lost.
However, "By MAC address" monitoring mode is only available for single-segment networks, because a computer's mac address can not be retrieved when it's located behind a router.
Therefore, in a single-segment network, "by mac addresses" will be a good choice if your ip addresses are dynamic.
3. Identify computers by IP addresses
If your network is multi-segments, you only can use "by ip address" monitoring mode. Therefore, we recommend you to make ip addresses static in a multi-segments network. If you want to leave the ip addresses as dynamic, the only solution left is "Monitor and block by AD users" as discussed above.
More information, please check "WFilter Enterprise".
Other related links:
How to block internet
downloading?
How to monitor
internet usage on company networks?
Internet monitoring
software for business
How to
filter web surfing?
How to block
websites and restrict internet access?
How to block HTTPS
websites on my network?
How to setup ip-mac binding in WFilter?
How to block facebook at work of network computers?
Guest computers might come and leave for a network. However, unmanaged internet access of guest computers could be a nightmare for your network. Guest computers can consume most of your bandwidth with p2p downloading, and download copyrighted materials or virus which might be harmful.
This tutorial will guide you to setup a default internet blocking policy for guest computers with WFilter 3.3 version.
1. Set a different ip address range for guest computers.
If guest computers share a same ip address range with your existing computers, you won't be able to recognize them. For management purpose, the guest computers shall be in a different ip address range. For example:
1. Allocate all you existing computers with static ip addresses from "192.168.1.0" to "192.168.1.200".
2. In your wireless AP, set the DHCP range from "192.168.1.200" to "192.168.1.250".
Now every guest computers(mostly laptops) will get an ip address in range "192.168.1.200 - 192.168.1.250". Then you can set a blocking policy for them in WFilter.
2. Setup default blocking policies for certain ip ranges.
Now you can setup a default blocking policy for ip address in range "192.168.1.200 - 192.168.1.250". Every new computers in this ip range will be applied with this default policy.
 
Please notice: If you can not setup a different DHCP range for guest computers, you also can enable this "default monitoring policy" for new found computers. This feature is for WFilter to automatically configure monitoring and blocking policy when it detects a new computer. More information, please check "WFilter Enterprise".
Other related links:
How to
block internet downloading?
How
to monitor internet usage on company network?
Internet
monitoring software for business
How to filter
web surfing?
How
to block websites and restrict internet access?
How
to block HTTPS websites on my network?
1. What is tor ?
Tor is a system intended to enable online anonymity, composed of client software and a network of servers which can mask information about users' locations and other factors which might identify them. Use of this system makes it more difficult to trace internet traffic to the user, including visits to Web sites, online posts, instant messages, and other communication forms. It is intended to protect users' personal freedom, privacy, and ability to conduct confidential business, by keeping their internet activities from being monitored. The software is open-source and the network is free of charge to use.
Since client workstations can use tor to bypass internet filtering, so you may want to block tor traffic in your network.
In this tutorial, we will guide you to block tor traffic with "WFilter
Enterprise 3.3".
2. How to block tor with Wfilter?
Because tor uses HTTP/TLS to encrypt its traffic, we need to use "HTTPS black/white list" feature of WFilter to filter HTTPS websites to block tor.
First, create a new "HTTPS White List" and add the allowed HTTPS domains in it. As in below figure:
Enable "HTTPS black/white list" in certain blocking level settings.
Finally, apply this blocking policy to certain computers.
3. Now tor will be completely blocked.
Blocking events in WFilter:
More information, please check "WFilter Enterprise".
Other related links:
How to block
internet downloading?
How
to monitor internet usage on company network?
Internet
monitoring software for business
How to filter web
surfing?
How to block websites and restrict internet access?
How to block HTTPS websites on my network?
There are a lot of products for you to manage your network: firewall, content filtering, web filtering proxy... Some users might get confused to choose them. Since more and more customers had requested a comparison of WFilter to other similar products, I wrote this guide to list some important differences. WFilter is a passby internet monitoring and filtering software program. It monitors network traffic from a mirroring port in your switch. When a TCP connection needs to be blocked, WFilter will send 1-2 RST packets to reset this connection. This is called "Passby Filtering". More technical details of WFilter can be found at: WFilter TechnologiesWFilter VS firewall program/applianceAdvantages:1. WFilter monitor and archive most internet activities, while firewalls don't keep internet usage details. 2. WFilter parses protocols at the application layer, it can recognize 100+ common protocols according to their signatures and behaviors. Most firewall program/application filters packets based on ports or ip addresses. 3. WFilter analyse copies of internet packets from a mirroring port of your switch. It is easy to be deployed, without any delay of your network. However, a firewall program/appliance needs to be deployed at the edge of your network. And since each packet goes through the firewall program/appliance, there will be a slight delay. 4. If the WFilter server goes down, the Internet connection stays alive. If the firewall program/appliance hangs, you will not be able to access internet. 5. WFilter is a content filtering product. It is designed to monitor and filter internet usage of employees to raise your productivity. However, a firewall program/appliance is designed to filter network packets and protect your network. Disadvantages:1. WFilter can not block UDP packets. So you also need to block UDP ports in your router/firewall. 2. WFilter consumes more memory and disk space of your computer. If you archive all internet activity, it might consume 2-3M disk space for each monitored computer every day. WFilter VS open source web filtering projectsSome open source projects, like "SQUID" and "dansguardian", also provide web filtering solutions. Below I list some major differences: 1. Most open source projects work as a proxy server. It requires you to change your internet access to proxy mode. 2. Most open source projects are web filtering only. Blocking of p2p traffic, internet monitoring/archieving are not supported. 3. Lack of statistics and reports for open source projects. 4. Lack of support for open source projects. Since protocols are changing, live update/support is required to keep your pattern database up to date, while most open source projects don't have such support. In IMFirewall protocol lab, to keep our pattern database up to date, we have a system to monitor most common internet products/protocols, so when a new version of certain product is released, our team will work on it immediately. Try "WFilter Enterprise" by yourself: http://www.imfirewall.us/WFilter.htm
TeamViewer is a computer software package for remote control, desktop sharing, and file transfer between computers. The software operates with Microsoft Windows, Mac OS X, iOS, and Linux. It is possible to access a machine running TeamViewer with a web browser.
With TeamViewer, it will be very convenient for employees to access computers in their homes, transfer files to remote computers. So for security purpose, sometimes you may want to block TeamViewer on your network. This tutorial will guide you to block TeamViewer with "WFilter Enterprise 3.3". Because blocking of Teamviewer is not supported by default in WFilter, in this example, we uses "Customize Protocols " feature of WFilter to define TeamViewer protocol.
First, Add "TeamViewer" Protocol.
. TeamViewer has two patterns: 1. "teamviewer01": Type -- "HTTP SEND" Format -- "X-IM-URL" Content --- "s=.*\&(p|id)=.*\&client=.*" 2. "teamviewer02": Type -- "TCP ALL" Format -- "0" Content -- "^\x17\x24[\x00-\xff]{2}\x00" Second, Enable blocking of teamViewer in certain blocking levels. And apply this blocking policy to certain computers.  Now, TeamViewer will be blocked.WFilter blocking events:  Failure connection of teamViewer.  More information, please check "WFilter Enterprise".
Other related links: How to block internet downloading?How to monitor internet usage on company network?Internet monitoring software for businessHow to filter web surfing?How to block websites and restrict internet access?
One customer reported that BBC online video can not be blocked by WFilter, even "Block Online HTTP Video and Downloading of Video Files" is checked in certain blocking levels. So we did some research and found, other than HTTP protocol, the BBC websites also use the RTMP (Real Time Messaging Protocol) to play online video. Because blocking of RTMP is not supported by default in WFilter(will be added soon), this tutorial will guide you to block BBC online video by the "Customize Protocols " feature of WFilter.
First, Add a new protocol named "RTMP".  1. Protocol Settings: Protocol Name: RTMP Protocol Desc: Real Time Messaging Protocol Type: Streaming 2. Pattern1 Name: RTMP_HTTP Desc: RTMP_HTTP Type: HTTP SEND Offset: 0 Format: User-Agent Content: Shockwave\sFlash 3. Pattern2 Name: RTMP Desc: RTMP Type: TCP_SEND Offset: 0 Begin Byte: 03 Format: 0 Content: \x03[\x00-\xff]{4}\x80\x00 Second, Enable blocking of RTMP in certain blocking levels. Now, BBC videos will be successfully blocked. Related Topic: How to block bbc iplayer?
Internet can be a benefit to business when used properly, but internet
is often abused by employees and poses significant liability and
security risks. Used
improperly, the Internet can subject every organization to harassment claims,
countless hours of lost productivity and innumerable security leaks and
vulnerabilities. Several important risks caused by improper internet usage: 1. Virus Infection 2. Lost Productivity 3. Legal liability 4. Bandwidth consumer So it is necessary for you to restrict employees internet access on your network. To achieve this goal, first you need an internet access policy, which should be able to: 1. Clarify what constitutes acceptable use of Internet services. 2. Ensure employees understand who to contact with questions regarding acceptable use. 3. Ensure employees understand the penalties that arise from Internet misuse. 4. Help lessen an organization's spyware and virus infestation rates. 5. Provide human resources with signed documentation from each employee stating a pledge not to improperly use Internet services. 6. Help mitigate productivity losses. 7. Decrease dependence upon technology solutions used to enforce employee behavior. 8. Reduce the organization's liability resulting from harassment claims, copyright violations originating onsite and other illegal acts. You also need an internet filtering product to assure your internet policy. Let's take "WFilter Enterprise" as an example, it enables you to monitor and filter internet access for all computers from a mirroring port of your switch. You only need to install WFilter in one computer to monitor the whole network. Key Features:
- Keep a detailed record of each web surfing and web posting.
- Record all incoming and outgoing email content and attachment.
- Monitor and archive instance messengers chat contents and activities.
- Monitor and archive files transferred by web, ftp and IM tools.
- Implement a policy to filter internet access during working hours.
- Websites, messengers and p2p file downloading can be blocked to save bandwidth and raise productivity.
- You only need to install WFilter in ONE computer to manage your whole network.
http://www.imfirewall.us
Though official Google Talk protocol is XMPP, it is more
complicated and flexible than XMPP. Google Talk (GTalk) provides several ways for you to access your gtalk account, including:
- 1). Official "Google Talk" client.
- 2). Gmail chat in google mail account.
- 3). Google Talk Gadget -- a web version of Gtalk.
This makes it complicated for you to block usage of google talk on company network. This tutorial will guide you to block google talk, gmail chat and google talk gadget using WFilter.
WFilter identifies Google talk connections by signature matching. Blocking google talk is simple in WFilter.
The below examples demonstrates blocking of google talk and gmail chat.
1. Blocking of jabber, gmail chat and gadget
Set a blocking policy in WFilter to block jabber and google talk: 
2. Blocked Google talk:
 
3. Blocked gadget
 4. Blocked gmail chat
For security purpose, you might want to block employees file uploading to internet on your network. However, since there are so many tools can be used for uploading, it is extremely difficult to block them all. Files can be uploaded in various ways: 1. Upload to certain websites, eg: webmail, file sharing websites... 2. Using msn/yahoo/icq messengers to send files. 3. Email attachments. 4. FTP 5. Other third party tools. WFilter provide a simply solution to block file uploading on company networks. Using WFilter, you can block file uploading and file transfers of all computers from ONE computer. This tutorial will guide you to block file uploading using WFilter. First, block file uploading to websites. Please notice "block uploading files via web pages" only works on HTTP websites. To control HTTPs websites, you can use "HTTPS black/white list" in "Others" of WFilter. Second, block email attachments.
 Third, block FTP and file transfer via messengers.
 Last, block unknown protocols.Blocking unknown protocols blocks file uploading using other unknown third party programs.  More information, please check "WFilter Enterprise".
Other related links: How to block internet downloading?How to monitor internet usage on company network?Internet monitoring software for businessHow to filter web surfing?How to block websites and restrict internet access?How to Block Bittorrent and bitcomet? How to block msn file transfer?How to block certain websites to save your productivity? How to block AIM using WFilter?
WFilter can be used to block sending/receiving emails, block sending attachments and filter email accounts. And you only need to install WFilter in one computer to monitor all computers in your network. This tutorial will guide you to block outgoing emails with attachments.
This feature can block sending of emails with attachments via SMTP protocol.
1.1 Add a new blocking level, as in the below figure:
 1.2 Set a proper "Level Name" and "Level Desc", check "Block sending emails with attachment(s)", as in Figure 2:  1.3 Apply this new blocking level to certain users in "User-computer Table", as in the below figure:  1.4 Emails with attachment(s) will be blocked, as in Figure 4:  
Some switches does not allow outgoing traffic on a mirroring port. In this case, WFilter needs a separate blocking adapter to send blocking packets. And if you're monitoring and filtering more than 100 computers, we recommend you to use a different blocking adapter as the monitoring adapter. When the two network cards are installed, we will want the Windows system to use the blocking adapter to access your network. However, sometime the Windows system might pick up the monitoring adapter and fails to connect to your network. This problem can be resolved by the "Automatic Metric" setting in Windows. A metric is a value that is assigned to an IP route for a particular
network interface that identifies the cost that is associated with
using that route. The Automatic Metric feature is configured independently for each network interface in the network. This feature is useful in situations where you have more than one
network interface of the same speed, for example, when each network
interface has been assigned a default gateway. In this situation, you
may want to manually configure the metric on one network interface, and
enable the Automatic Metric feature to configure the metric of the
other network interface. This setup can enable you to control the
network interface that is used first in the routing of IP traffic. In our case, the "Automatic Metric" of the blocking adapter shall be smaller than the monitoring adapter. So by setting "Automatic Metric" of the blocking adapter to "1", and the monitoring adapter to "2", Windows system will use the blocking adapter to access your network.   
LimeWire is a free peer-to-peer file sharing (P2P) client for Windows, Mac OS X, Linux, and other operating systems supported by the Java software platform. It uses the Gnutella network and also the BitTorrent protocol. Using Limewire, users can easily download copies of copyrighted materials and illegal or objectionable content. In LimeWire versions prior to 5.0, users could accidentally configure the software to allow access to any file on their computer, including documents with personal information. Though recent versions of LimeWire do not allow unintentional sharing of documents or applications, it still opens a share directory to share downloaded files by default. Therefore, to save your bandwidth and keep your network safe, you might want to block limewire program on your network. However, though the default TCP port of Gnutella2 is 6346. You can not block limewire only by blocking this port in your router or firewall, because Limewire allow users to change its default port. This tutorial will guide you to block limewire downloading using WFilter. WFilter blocks Limewire traffic based on signature matching despite which port it is using. Limewire can be blocked only by a single click.
 Blocked limewire:  Blocking logs of limewire in WFilter:  WFilter homepage: http://www.imfirewall.us/WFilter.htm
Traffic Shaping and Prioritization is becoming more and more common in the corporate market. Most companies with remote offices are now connected via a WAN (Wide Area Network). Applications tend to become centrally hosted at the head office and remote offices are expected to pull data from central databases and server farms. As applications become more hungry in terms of bandwidth and prices of dedicated circuits being relatively high in most areas of the world, instead of increasing the size of their WAN circuits, companies feel the need to properly manage their circuits to make sure business-oriented traffic gets priority over best-effort traffic. Traffic shaping is thus a good means for companies to avoid purchasing additional bandwidth while properly managing these resources. With a linux gateway, you have a very rich set of tools for managing and manipulating the transmission of packets. More details can be found at: http://linux-ip.net/articles/Traffic-Control-HOWTO/index.html, However, sometimes it might be difficult for you to deploy a linux gateway server. This tutorial will guide to implement a passby bandwidth management solution, which enables you to manage internet bandwidth through a mirroring port on your switch. Port mirroring allows you to setup a port in the switch to receive packets of other ports. Setting up a mirror port does no change to your network topology, and it will not affect your network speed. Let's take WFilter as an example: First, setup a mirroring port.When the port mirroring is properly setup, WFilter will be able to monitor all computers internet activities.  Bandwidth Management SettingsUsing WFilter's bandwidth management feature, you can set a maximum accumulating bandwidth of each computer for a period time. In this example, each user can have 200M internet bandwidth every day. Only messengers and emails are allowed when the bandwidth limit is reached. 
You also can setup a policy to block certain users when available
internet bandwidth of the entire network is not enough. For example,
When entire network traffic exceeds 80% of available internet
bandwidth, p2p traffic will be blocked.
 Bandwidth Alert SettingsAnd the bandwidth alert feature will send you an alert email when the accumulating bandwidth of a computer is too large.  More information, please check "WFilter Enterprise". Other related links: How to block websites at work during working hours?How to block video streaming on company network?How to block internet downloading?How to monitor internet bandwidth?How to monitor internet usage on company network?How to block instant messaging on company network?How to filter websites and restrict website access?
You may assign static ip addresses to computers manually or in your DHCP server. However, it is difficult to prevent users from changing their ip addresses or mac addresses. Though it is more reasonable to setup ip-mac binding in routers or switches, software solution is also a good option, as it is easier to setup and manage.
This tutorial will guide you to bind ip addresses to mac addresses in WFilter, an internet filtering and monitoring software product.
First, you need to setup a mirror port in your switch to do monitoring.
For how to deploy internet monitoring and filtering, check this guide: How to monitor internet usage?
Second, in "Control Settings"->"IP Management" of WFilter, you can setup ip-mac binding just by a few clicks.
 i
When ip-mac binding is setup, internet access will be blocked when the user tries to change ip address or mac address.
Please notice: "ip-mac binding" feature of WFilter only works for single segment networks. It is because the real MAC addresses of computers can not be retrieved in a multiple-segments network.
Instant Messaging can be a benefit to business when used properly,
but IM is often abused by employees and poses significant liability and
security risks.
The free consumer IM client
programs in widest use, such as AIM, ICQ, Yahoo and MSN Messenger, pose many
security concerns. More than text-based chat, IM programs also include peer to peer file
transfer capabilities, which can pose security risks in two ways.
Internal users can send documents that may be confidential out of your
network, circumventing your network's perimeter defenses against file
sharing programs or e-mail attachments. On the other hand, external
users can send files that might contain viruses or malicious code to
users on the internal network. In addition, a liability risk arises if
employees use the file transfer feature to share copyrighted music,
movie or software files in violation of the law. To make your business efficient, it is necessary for you to monitor, filter and block instant messaging in your network. You may want to apply an internet messenger usage policy like this: 1. Only authrozied users can use certain IM tools. 2. File transfer via messengers shall be blocked. 3. Only work-related IM accounts can be used. As most firewall programs do not support that kind of feature, you need an internet monitoring and filtering program like "WFilter Enterprise". "WFilter Enteprise" enables you to monitor, manage and block internet access of all computers on a mirroring port. For internet messaging blocking, WFilter supports: 1. Blocking certain messenger protocols. 2. Blocking file transfer via messengers. 3. Blocking certain messenger account using black/white list. Figures:  Block file transfer in messengers:  MSN black/white list:  More information, please check "WFilter Enterprise". Other related links: How to block websites at work during working hours?How to block video streaming on company network?How to block internet downloading?How to monitor internet bandwidth?How to monitor internet usage on company network?Internet monitoring software for businessHow to filter web surfing?
Unmanaged websites surfing is killing your productivity. Employees may spend hours to read news, watch online video and play online web games. So, to save productivity, it is necessary for organizations to block certain websites and restrict internet access. You need to implement an internet policy as: 1. Only work-related websites are allowed during work time. 2. Destructive websites like violence, adult, shall be blocked always. 3. Downloading websites shall be blocked to save bandwidth if you are suffering from slow internet speed. However, in today's internet, a website can not be blocked only by blocking its ip address or domain. It is still accessable by: 1. Open proxy servers. 2. Third party tunneling proxy service. 3. Tunnel VPN service. To make your blocking effecient, you also need to block certain proxy/tunneling protocols. WFilter makes it simple to block websites and proxy service. 1. Filter certain websites
You can filter certain websites by "website black/white list" and "website category":   2. Block Proxy Service and VPN protocols.WFilter supports proxy protocol transparently. No addtional setting is required to block open proxy server. You may setup a "HTTPS black/white list" to block unwanted VPN.  More information, please check "WFilter Enterprise". Other related links: How to block video streaming on company network?How to block internet downloading?How to monitor internet bandwidth?How to monitor internet usage on company network?Internet monitoring software for businessHow to filter web surfing?
Online audio/video streaming can consume most of your bandwidth. To save your bandwidth, you might want to block online steaming traffic on your network. Generally speaking, online streaming can run on different protocols: 1. Video websites, like youtube. You can watch video directly on the webpages. 2. Standard Real Time Streaming Protocol(RTSP). 3. P2P based streaming products, like pplive, ppstream. 4. Video downloading websites. Therefore, for complete blocking of video streaming, you need to block all above video traffic. First, block "streaming" category websites: Second, block downloading of video files: Third, blocking RTSP and other online streaming protocols: More information, please check "protocols supported by WFilter". Other related links: How to block internet downloading?How to monitor internet bandwidth?How to monitor internet usage on company network?Internet monitoring software for businessHow to filter web surfing?How to block websites and restrict internet access?How to Block Bittorrent and bitcomet? How to block msn file transfer?How to block certain websites to save your productivity? How to block AIM using WFilter
Unmanaged internet downloading can consume most of your bandwidth, In practice, many, often most, of the files shared on peer-to-peer
networks are copies of copyrighted popular music and movies.
So, it is important for corporations to manage, control and block p2p traffic and block unwanted file downloading. Files can be downloaded via various ways as described below: 1. Downloading from HTTP/FTP websites. 2. Downloading from p2p networks.
3. Downloading from instant messenger buddies. For security purpose, downloading from p2p networks shall be completely forbidden in company networks. And only HTTP/FTP downloading from trusted websites can be allowed. Instant messenger file transfer makes it convenient to share files with our friends. It is fast and secure. However, because IM is so popular, virus writers can use it to spread malicious programs. These viruses are spread, in most cases, when a person clicks a link or opens an infected file that was sent in an instant message that appeared to come from a friend. Therefore, messenger file transfer also put your network in danger. "WFilter Enterprise" makes it simple to manage file transfers between local network and the internet. Using WFilter, you may: 1. Limit file downloading size. 2. Block web downloading by file type. 3. Block web downloading by content type. (Mime type) 4. Block p2p traffic. 5. Block file transfer via messengers. Figures: 
 Other related links: How to monitor internet bandwidth?Internet blockingHow to filter web surfing?How to monitor internet usage on company network?Internet monitoring software for businessInternet monitoring software
Unmanaged internet access is harmful to your business. Without proper internet monitoring and filtering, you may suffer from: 1. Lower productivity. Your employees might take hours for web surfing, chatting and watching videos. 2. Slow internet speed. P2P programs or IPTV programs can easily consume most of your bandwidth. So normal business will not have enough available bandwidth. 3. Unmanaged downloading will bring virus, worms and spyware, which is harmful to your network. 4. Leaking of business documents and materials. Therefore, it is important for you to monitor and manage employees internet activity. This guide will introduce you several aspects of deployment and usage of internet monitoring and filtering software. Please be aware that I am only going to talk about internet access monitoring, which does not include screen monitoring, USB forbiding and keystroke recording. The latter requires you to install a client agent in every computer. And internet monitoring only needs to be installed near the internet entrance. How to deploy internet monitoring software? Though internet monitoring only needs to be installed near internet entrance, it is quite different for different network topologies. For "Router<->Switch<->Computers" networks, you need to setup a mirroring port in the switch to enable monitoring. If you are using ISA or wingate proxy server, you can do monitoring right in the proxy server. How to monitor internet bandwidth? Upon properly deployed, you can easily monitor internet bandwidth and activities using internet monitoring software. Below let me take "WFilter Enterprise" as an example: Use WFilter's "Active Connections" feature, you can have a clear view of all connections in your network.  Connections of a particular computer, you can kill established connections if you want. 
For more details about "monitor internet bandwidth", please refer to: How to monitor internet bandwidth?
How to monitor internet usage?In "Online computers" of WFilter, click the numbers under each title to view detailed records. 
How to block downloading?To save bandwidth, inproper downloading shall be blocked. The below figure shows blocking of large size files and blocking by video files. Blocking of video files. For more details, please refer to "How to block downloading?".
Internet can be a benefit to business when used properly, but internet
is often abused by employees and poses significant liability and
security risks. In today's internet, P2P programs and IPTV applications can easily consume most of your bandwidth. Therefore, monitoring of internet activity and monitoring of bandwidth usage is important to keep your business efficient. Below I list several aspects to monitor internet usage on company network. How to monitor internet usage? You can not monitor other computers internet usage in a network unless you have access to their network traffic. There have two ways to see other computers internet traffic: 1. Configure a span port(port mirroring) in your switch. 2. Do monitoring in the gateway or proxy. If you already setup a computer as the gateway or proxy server, you just need to install internet monitoring software in the server to do monitoring. Since many networks are using a router as the gateway, using a port mirroring switch is a good choice. Port mirroring allows you to setup a port in the switch to receive packets of other ports. Setting up a mirror port does no change to your network topology, and it will not affect your network speed. A broadcasted hub can also help you to do monitoring, however, broadcasted hubs can only work in 10M bit mode, and it is not so stable. Therefore I recommend you not to use a broadcasted hub to do monitoring. Read this example for details to setup port mirroring: Deploy internet monitoring using a port mirror switch . How to monitor internet connections? Once you've setup the span port, you can easily monitor internet connections using internet monitor software. Here we take "WFilter Enterprise" as an example: Monitor all computers internet connections Use WFilter's "Active Connections" feature, you can have a clear view of all connections in your network. Monitor a computer's internet connectionsConnections of a particular computer, you can kill established connections if you want. How to monitor internet activity?
In "Online computers", click the numbers under each title to view detailed records.
Browsing history: Other related links: How to monitor internet bandwidth?Internet blocking
|
Copyright © 2012 IMFirewall Software. All rights reserved.
DasBlog 'Portal' theme by Johnny Hughes.
Pick a theme:
|
|