Blog Home  Home Feed your aggregator (RSS 2.0)  
IMFirewall Blog
Block Internet Access,Block P2P,Web Filtering
 
Archive
<July 2010>
SunMonTueWedThuFriSat
27282930123
45678910
11121314151617
18192021222324
25262728293031
1234567
July, 2010 (1)
June, 2010 (1)
May, 2010 (2)
April, 2010 (3)
March, 2010 (1)
January, 2010 (4)
December, 2009 (4)
November, 2009 (5)
October, 2009 (1)
September, 2009 (1)
August, 2009 (4)
July, 2009 (1)
April, 2009 (1)
January, 2009 (1)
December, 2008 (1)
May, 2008 (1)
April, 2008 (2)
January, 2008 (1)
July, 2007 (3)
June, 2007 (6)
May, 2007 (4)
July, 2005 (1)
Navigation
Online Marketing
IMFirewall Forum
Block P2P Traffic
Internet Filtering
Internet Monitor
Email Monitor
Block Internet Access
Monitor Employees
Home
Categories
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
Blogroll
 blogcatalog
Contact
Send mail to the author(s) Email Me

Disclaimer
The opinions expressed herein are my own personal opinions and do not represent my employer's view in any way.

Sign In
# Sunday, August 16, 2009
Internet monitoring software for business by Bruce Geng
  Unmanaged internet access is harmful to your business.
  Without proper internet monitoring and filtering, you may suffer from:
  1. Lower productivity. Your employees might take hours for web surfing, chatting and watching videos.
  2. Slow internet speed. P2P programs or IPTV programs can easily consume most of your bandwidth. So normal business will not have enough available bandwidth.
  3. Unmanaged downloading will bring virus, worms and spyware, which is harmful to your network.
  4. Leaking of business documents and materials.

  Therefore, it is important for you to monitor and manage employees internet activity. This guide will introduce you several aspects of deployment and usage of internet monitoring and filtering software. Please be aware that I am only going to talk about internet access monitoring, which does not include screen monitoring, USB forbiding and keystroke recording. The latter requires you to install a client agent in every computer. And internet monitoring only needs to be installed near the internet entrance.

How to deploy internet monitoring software?

  Though internet monitoring only needs to be installed near internet entrance, it is quite different for different network topologies.
  For "Router<->Switch<->Computers" networks, you need to setup a mirroring port in the switch to enable monitoring. If you are using ISA or wingate proxy server, you can do monitoring right in the proxy server.

How to monitor internet bandwidth?

  Upon properly deployed, you can easily monitor internet bandwidth and activities using internet monitoring software.
  Below let me take "WFilter Enterprise" as an example:
 
  Use WFilter's "Active Connections" feature, you can have a clear view of all connections in your network.

Connections of a particular computer, you can kill established connections if you want.



For more details about "monitor internet bandwidth", please refer to: How to monitor internet bandwidth?

How to monitor internet usage?

In "Online computers" of WFilter, click the numbers under each title to view detailed records.



How to block downloading?

To save bandwidth, inproper downloading shall be blocked. The below figure shows blocking of large size files and blocking by video files.



Blocking of video files.





For more details, please refer to "How to block downloading?".




Sunday, August 16, 2009 3:29:52 AM (GMT Standard Time, UTC+00:00)    Block Messenger | Block P2P | Chat Monitor | Content Filter | Deployment | How to block downloading | How to block internet | How to block p2p | How to block websites | How to filter internet access | How to monitor internet bandwidth | How to monitor internet usage | Internet monitor | Internet Monitoring  |   |  Trackback
# Wednesday, August 05, 2009
How to monitor internet usage on company network? by Bruce Geng
  Internet can be a benefit to business when used properly, but internet is often abused by employees and poses significant liability and security risks. In today's internet, P2P programs and IPTV applications can easily consume most of your bandwidth.
  Therefore, monitoring of internet activity and monitoring of bandwidth usage is important to keep your business efficient.
  Below I list several aspects to monitor internet usage on company network.

How to monitor internet usage?

  You can not monitor other computers internet usage in a network unless you have access to their network traffic.
  There have two ways to see other computers internet traffic:
  1. Configure a span port(port mirroring) in your switch.
  2. Do monitoring in the gateway or proxy.

  If you already setup a computer as the gateway or proxy server, you just need to install internet monitoring software in the server to do monitoring. 
  Since many networks are using a router as the gateway, using a port mirroring switch is a good choice. Port mirroring allows you to setup a port in the switch to receive packets of other ports. Setting up a mirror port does no change to your network topology, and it will not affect your network speed.  A broadcasted hub can also help you to do monitoring, however, broadcasted hubs can only work in 10M bit mode, and it is not so stable. Therefore I recommend you not to use a broadcasted hub to do monitoring.
  Read this example for details to setup port mirroring: Deploy internet monitoring using a port mirror switch .

How to monitor internet connections?

  Once you've setup the span port, you can easily monitor internet connections using internet monitor software.
  Here we take "WFilter Enterprise" as an example:

Monitor all computers internet connections

   Use WFilter's "Active Connections" feature, you can have a clear view of all connections in your network.






Monitor a computer's internet connections


Connections of a particular computer, you can kill established connections if you want.



How to monitor internet activity?


   In "Online computers", click the numbers under each title to view detailed records.





Browsing history:








Other related links:
How to monitor internet bandwidth?
Internet blocking

Wednesday, August 05, 2009 2:05:28 PM (GMT Standard Time, UTC+00:00)    Deployment | How to block internet | How to monitor internet usage | Internet monitor | Internet Monitoring  |   |  Trackback
# Monday, April 20, 2009
Monitoring performance of WFilter. by Bruce Geng

WFilter Monitoring Performance

WFilter is designed to monitor a network with no more than 1000 computers, and the available internet bandwidth of the entire network shall be no more than 100Mbit/s.

Since WFilter is software, the performance depends a lot on the hardware performance. Higher bandwidth requires faster CPU, and more monitored computers require more RAM. Therefore, we recommend you to provide 1M available RAM for each monitored computer.

Below is a performance test result for HTTP request of WFilter 3.3 file-based version:


#ComputersBandwidthTotal HTTP RequestsRecorded PercentCPUMemory
15037.2M16000100%35%260,298K
210035M20000100%38%280,576K
320031M40000100%58%294,561K
440033M80000100%68%372,786K
560032.3M120000100%80%540,151K
6100032.6M20000060%99%540,664K

As we can see from the above table, when monitored computers number reachs 1000, the "recorded percent" decreased to 60% suddenly. And we noticed the memory only slightly increased, so it shall because lack of memory. Therefore we added the monitoring computer RAM to 2G, and do the test again:

#ComputersBandwidthTotal HTTP RequestsRecorded PercentCPUMemory
7100032.7M200000100%90%820,640K

And the test of WFilter 3.3 database version(SQL Server) performance has the similar result:

#ComputersBandwidthTotal HTTP RequestsRecorded PercentCPUMemory
15034.9M10000100%45%197,392K
210034.9M20000100%45%210,196K
320031M40000100%45%270,960K
440032.9M80000100%45%364,234K
5100028.6M20000058.84%100%540,664K

The performance of 1000-user can also be improved by adding RAM of the monitoring computer.

Test Environment

1Network100M ethernet
2Test ClientIntel(R) pentium(R) Dual 1.80+1.80GHz , 1G RAM
3Test Monitoring ServerIntel(R) Celeron(R) 2.66GHz, 1G RAM
4WFilter VersionWFilter 3.3
5SwitchTplink TL-SF1008



Monday, April 20, 2009 6:34:35 AM (GMT Standard Time, UTC+00:00)    Block Messenger | Block P2P | Chat Monitor | Content Filter | Deployment | How to block p2p | How to block websites  |   |  Trackback
# Wednesday, January 07, 2009
WFilter 3.3 will come soon. by Bruce Geng
  WFilter 3.3 is under alpha testing now. The new version will add "Bandwidth limit", "Url keywords blocking", "Website visit quota" and other exciting features.
  1. "Bandwidth limit". You can set bandwidth limit for each computer, or blocking certain internet traffic when internet bandwidth is too high. This feature can help you to manage company bandwidth flexibly.
  2. "Url Keywords Blocking", blocking url/webpage by keywords category. You may use this feature to block certain keywords from being searched in search engines.
  3. "Website visit quota", by this feature, you are able to set visit time quota for each website category. For example, "news" websites can be limited to "1 hour" for each day.


 

Wednesday, January 07, 2009 5:37:21 AM (GMT Standard Time, UTC+00:00)    Block Messenger | Block P2P | Chat Monitor | Content Filter | dasBlog | Deployment | How to block p2p | How to block websites  |   |  Trackback
# Thursday, December 25, 2008
how to block google talk using WFilter? by Bruce Geng
     It is said that Google talk uses Jabber protocol to communicate.
     However, Google talk has more flexible ways to connect:
     1. Using Jabber standard tcp port 5222.
     2. Using TLS port 443.
     3. Using web chatting on port 80.

     So you will not able to block Google talk by simply blocking Jabber standard port. And 443, 80 ports are essential internet ports which shall not be blocked.

     WFilter makes it simple to block google talk. Google talk connections can be identified and blocked by signature matching. And all these can be done just by one click as below:



     More information, please refer to: http://www.imfirewall.com/en/protocols/Jabber.htm.

Thursday, December 25, 2008 5:01:43 AM (GMT Standard Time, UTC+00:00)    Block Messenger | Chat Monitor  |   |  Trackback
# Monday, April 28, 2008
How to block websites and restrict internet access? by Bruce Geng

Most employees waste more than an hour on browsing web pages. Even worse, someone will not be able to concentrate on their work during work time.
So, to save productivity, it is necessary for organizations to block certain websites and restrict internet access.

In my opinion, things should be done from several aspects:

1. Only work-related websites are allowed during work time.
2. Destructive websites like violence, adult, shall be blocked always.
3. Downloading websites shall be blocked to save bandwidth if you are suffering from slow internet speed.

For those companies who are very strict with websites browsing, you can implement a website whitelist, by which, only websites in the whitelist can be visited.

More information, please refer to internet blocking and internet monitoring.

Monday, April 28, 2008 6:28:05 AM (GMT Standard Time, UTC+00:00)    Block Messenger | Block P2P | Content Filter | How to block websites  |   |  Trackback
# Sunday, July 08, 2007
WFilter configuration examples. by Bruce Geng

Here we've added some configuration examples of wfilter:

# Title Description
1
 Website Black/white List Configuration Example of website black and white list configuration.
2
 Email Black/White List Configuration Example of email black and white list configuration.
3
 ID based Black/White List Configuration Example of ID based black and white list configuration.
4
 Example of Blocking QQ Examples of blocking QQ, blocking QQ file transfer and QQ id black&white list configuration.
5
 Example of Blocking MSN Examples of blocking MSN, blocking MSN file transfer and MSN id black&white list configuration.
Sunday, July 08, 2007 8:25:58 AM (GMT Standard Time, UTC+00:00)    Content Filter  |   |  Trackback
WFilter deployment examples. by Bruce Geng

We've added some wfilter deployment examples in pratice.

# Title Description
1
 Deploy WFilter using Dlink2366 Using Dlink2366 port mirror switch to deploy WFilter.
2
 Deploy WFilter using Quidway S5012p Using Huawei QuidwayS5012p to deploy WFilter.
3
 Wireless Network Monitoring Example Example of wireless network monitoring
4
 Deploy WFilter using cisco 2950 Example of deploy WFilter using cisco 2950 with ISA Server.

Sunday, July 08, 2007 8:24:44 AM (GMT Standard Time, UTC+00:00)    Deployment  |   |  Trackback
# Thursday, June 14, 2007
WFilter will add URL database in next release by Bruce Geng

An URL database contains about 50 catalogs will be available in WFilter next release coming in this September.

WFilter 3.1 version now can only support URL white list and black list based on URL keywords match. This is not enough, a URL database will make you able to add rule for each catalog easily.

 

Thursday, June 14, 2007 11:50:13 AM (GMT Standard Time, UTC+00:00)    Content Filter  |   |  Trackback
# Thursday, May 24, 2007
Block online streaming using WFilter by Bruce Geng

Block online streaming using WFilter

Various online streaming services are available on Internet, such as online movie, online music, online radio and ....

Some employees will spend a lot of time searching and watching such materials at work time, even worse, they will download copies of copyrighted popular music and movies, sharing of these copies among strangers is illegal in most jurisdictions.

So it is important for organizations to block online streaming, block internet radioblock p2p traffic, monitor Internet access to guard against unauthorized share or leak and enhance efficiency use of enterprise resources.

Using WFilter to block internet radio and streaming

WFilter also has complete protocol reports for you.

 

 

You also can use WFilter to monitor chat, monitor email, block messenger, block p2p and implement an internet access policy.

 

 

Thursday, May 24, 2007 8:16:41 AM (GMT Standard Time, UTC+00:00)    Block P2P  |   |  Trackback
# Tuesday, May 22, 2007
Silently chat monitor using ARP Spoof by Bruce Geng

Silently monitoring using ARP Spoof

Most monitoring softwares require a broadcasted hub or a port mirror switch, or the monitoring program need to be installed at the proxy server.

If you don't want to buy additional device and change your network topology, IMMonitor provides an arp-spoof tool to help you. However, we recommend you use a port mirror switch for long term use because arp-spoof will has some shortcomings:

Always do not spoof more than 30 computers and keep your computer stable. If your computer hangs or power off when spoofing, the computers being spoofed will lose connections.

Run ARP Spoof from IMMonitor

 

You need to restart your computer for the first time running arp-spoof. After restart, run arp-spoof again, choose your adaptor and set the mode to "Full duplex", check the computers you want to spoof and click "Start ARP Spoof".

Open IMMonitor console with ARPSpoof running, set "Mode" to "By IP Address" in "Monitor settings". Then open "Online Computers" of IMMonitor, you will able to monitor other computers.

IMMonitor Features

Chat monitor: MSN chat monitor, AIM chat monitor, Yahoo chat monitor, ICQ chat monitor, QQ chat monitor, live messenger monitor.

Email Monitor: monitor emails, monitor email content, monitor company email, monitor pop3 email, monior smtp email, monitor incoming and outgoing emails.

Web surfing monitor.

 

 

Tuesday, May 22, 2007 3:22:45 AM (GMT Standard Time, UTC+00:00)    Chat Monitor  |   |  Trackback
# Saturday, May 19, 2007
Chat monitor using IMMonitor by Bruce Geng

Chat monitor using IMMonitor

It's really important for companies to monitor employees instant messaging to prevent leaking of corporations business secret, and increase working productivity.

It's also important for parents to monitor kids chat activities to protect them.

IMMonitor is designed to silently monitor chat content, monitor email transfer and web surfing activities in local network without installing any programs in client computers.

Here I give a short description of how to using IMMonitor to monitor chat in your network:

To install IMMonitor, please read How to install and deploy IMMonitor first.

Login into IMMonitor.

Login into IMMonitor using username admin, initial password 123456.

After login, you will be able to see all online computers detected. If you can not see other computers in your network. Your deployment of IMMonitor is possibly to be incorrect. Please check "How to deploy IMMonitor" chapter in "Getting started with IMMonitor".

Online computers list:

The figures under "Chat logs" will show monitored chat message number. Click the figure you will be able to see all messenger id which have been used in this computer.

 

Click a messenger id and choose a date, you may see all chat history logs and chat content in that day of this id.

  Notice:

      Incorrect deployment of IMMonitor will no be able to monitor others computers, it is important to read "Gettting started with IMMonitor" first.

 

Saturday, May 19, 2007 6:35:04 AM (GMT Standard Time, UTC+00:00)    Chat Monitor  |   |  Trackback
Copyright © 2010 IMFirewall Software. All rights reserved.
DasBlog 'Portal' theme by Johnny Hughes.
Pick a theme: