AOL Instant Messenger (often referred to as "AIM") is an instant messaging application that allows registered users to communicate in real time via text, voice, and video transmission over the Internet. It is maintained by AOL LLC. The official website is www.aim.com.

AIM is widely used all over the world. However, employees are using AIM to chat privacy topics, send and receive files, which will decrease working productivity, waste time and raise security risk.

So it is important to block AIM in enterprise network.

How to block AIM in your network?

AIM messenger can connect in several ways. Default is TCP port 5190. However, if you block AIM port 5190 in your firewall. It will turn to use port 80, 443 instead. And also, AIM messenger can use a HTTP/SOCK4/SOCK5 proxy server to reach the server. Even the worth, AIM traffics through port 80 using HTTP protocol, if you allow your employees to browser website, the 80 port must be available. And AIM has official clients, and many unofficial clients like gaim, trillian are also popular.
So, is blocking AIM mission impossible?

Of course not, but professional internet filter tools are needed. To block aim traffic, it needs the blocking aim tool has the ability to pick up aim traffic from large amount of connections.

I recommend you use WFilter to block aim, block msn and block messenger.

WFilter related features:

• Monitor AIM and ICQ messenger usage.
• Record chat contents of AIM and ICQ.
• Record files transfered by AIM/ICQ.
• Implement a policy to block AIM/ICQ or certain AIM/ICQ accounts.
• Block AIM file transfers, block icq file transfers.
• Support offical messenger client and other third party clients like gaim, trillian.

WFilter other monitor features:

Chat Monitor, MSN Messenger Chat Monitor, Yahoo Chat Monitor and other instant messenger monitor, block MSN, block Yahoo, block AIM, and other instant messenger block, block p2p, block p2p traffic, filter internet, block internet, internet monitor, monitor employee internet activity...

Wireless communication brings fundamental changes to data networking and telecommunications. Now days, more and more organizations and home users build up wireless networks. And in many situations, wired networks and wireless networks exist together. This topic demonstrates a solution to monitor wireless networks internet activities.

A typical network contains both wired and wireless networks:

To monitor both the wired network and the wireless network, we add a tplink port mirror switch TL-SL2210WEB here.

Port1 of it is connected to the router, port2 connected to WFilter and port3 connected to the wireless Access Point.

The port mirror configuration is as below:

By now, you can monitor all the wireless computers.

An URL database contains about 50 catalogs will be available in WFilter next release coming in this September.

WFilter 3.1 version now can only support URL white list and black list based on URL keywords match. This is not enough, a URL database will make you able to add rule for each catalog easily.

WFilter Deployment

----Using Dlink2366

A company use a router connected to internet. A Dlink2366 as the central switch.

The network topology diagram:

In this issue, we only need to do port mirroring in the Dlink2366 to do monitoring.

Dlink 2366 port mirror configuration:

As in the diagram above, port 16 is connected with the router and port 1 is connected to the computer with WFilter installed on.

WFilter related features:

Chat Monitor, Monitor employees, internet monitor, msn chat monitor, aim monitor, yahoo monitor, block p2p, block msn, block aim, block yahoo, block messenger, filter internet.

WFilter Deployment

---- CISCO2950 + ISA2004

Company A use ISA server 2004 as the proxy server, a cisco 2950 switch as the central switch.

The topology diagram:

For this kind of topology, we have two solutions:

Solution 1: Install WFilter at the ISA server computer can directly monitor all computers.

Solution 2: Install WFilter at another computer and configure port mirror at cisco 2950.

Notice:  By default, WFilter only analysis traffic between local network and the internet. So if you are using a local proxy server, WFilter will not analysis the traffic between the proxy server and the client computers by default. You need to add the proxy server ip address to "Local Servers" in "Monitor Settings" of WFilter to make WFilter work.

How to configure port mirror of CISCO 2950?

As indicated in the above diagram, the ISA server is connected to port 23 of the switch and WFilter is connected to port 22. To make WFilter work, you only need to mirror port 23's traffic to port 22.

Syntax:

monitor session session_number {destination {interface interface-id [, | -] [encapsulation {dot1q}] [ingress vlan vlan id] | remote vlan vlan-id reflector-port interface-id} | {source {interface interface-id [, | -] [both | rx | tx] | remote vlan vlan-id}}

In this example:

1. Set port 23 as the source mirror port

monitor session 1 source interface Fa0/23

2. Set port 22 as the destination port

monitor session 1 destination interface Fa0/22 ingress vlan 1

Notice: By default, the mirror port of cisco 2950 is recv-only. However, WFilter shall be able to send packages to implement block features. So in this example, we add "ingress vlan 1" to enable send of port 22.

Some cisco switch do not support ingress syntax, if your switch does not support ingress, you can set a different "blocking adaptor". Please follow below steps:

1. Set port 23 as the source mirror port.

monitor session 1 source interface Fa0/23

2. Set port 22 as the target mirror port(recv-only)

monitor session 1 destination interface Fa0/22

3. Add a network card in the computer with WFilter install on, connected to a normal port of the switch.

4. Change the "blocking adatpor" to the new added adaptor in "Monitor Settings" of WFilter.

WFilter related features:

Chat Monitor, Monitor employees, internet monitor, msn chat monitor, aim monitor, yahoo monitor, block p2p, block msn, block aim, block yahoo, block messenger, filter internet.

Block online streaming using WFilter

Various online streaming services are available on Internet, such as online movie, online music, online radio and ....

Some employees will spend a lot of time searching and watching such materials at work time, even worse, they will download copies of copyrighted popular music and movies, sharing of these copies among strangers is illegal in most jurisdictions.

So it is important for organizations to block online streaming, block internet radio, block p2p traffic, monitor Internet access to guard against unauthorized share or leak and enhance efficiency use of enterprise resources.

Using WFilter to block internet radio and streaming

WFilter also has complete protocol reports for you.

You also can use WFilter to monitor chat, monitor email, block messenger, block p2p and implement an internet access policy.