Home

IMFirewall Blog - Monday, August 31, 2009

Block Internet Access,Block P2P,Web Filtering

Blogroll

blogcatalog

Contact

Email Me

Disclaimer
The opinions expressed herein are my own personal opinions and do not represent my employer's view in any way.

Monday, August 31, 2009

How to block internet downloading? by Administrator

Unmanaged internet downloading can consume most of your bandwidth, In practice, many, often most, of the files shared on peer-to-peer networks are copies of copyrighted popular music and movies.

So, it is important for corporations to manage, control and block p2p traffic and block unwanted file downloading.

Files can be downloaded via various ways as described below:

1. Downloading from HTTP/FTP websites.

2. Downloading from p2p networks.

3. Downloading from instant messenger buddies.

For security purpose, downloading from p2p networks shall be completely forbidden in company networks. And only HTTP/FTP downloading from trusted websites can be allowed.

Instant messenger file transfer makes it convenient to share files with our friends. It is fast and secure. However, because IM is so popular, virus writers can use it to spread malicious programs. These viruses are spread, in most cases, when a person clicks a link or opens an infected file that was sent in an instant message that appeared to come from a friend. Therefore, messenger file transfer also put your network in danger.

"WFilter Enterprise" makes it simple to manage file transfers between local network and the internet. Using WFilter, you may:

1. Limit file downloading size.

2. Block web downloading by file type.

3. Block web downloading by content type. (Mime type)

4. Block p2p traffic.

5. Block file transfer via messengers.

Figures:

Sunday, August 16, 2009

Internet monitoring software for business by Bruce Geng

Unmanaged internet access is harmful to your business.
Without proper internet monitoring and filtering, you may suffer from:
1. Lower productivity. Your employees might take hours for web surfing, chatting and watching videos.
2. Slow internet speed. P2P programs or IPTV programs can easily consume most of your bandwidth. So normal business will not have enough available bandwidth.
3. Unmanaged downloading will bring virus, worms and spyware, which is harmful to your network.
4. Leaking of business documents and materials.

Therefore, it is important for you to monitor and manage employees internet activity. This guide will introduce you several aspects of deployment and usage of internet monitoring and filtering software. Please be aware that I am only going to talk about internet access monitoring, which does not include screen monitoring, USB forbiding and keystroke recording. The latter requires you to install a client agent in every computer. And internet monitoring only needs to be installed near the internet entrance.

How to deploy internet monitoring software?

Though internet monitoring only needs to be installed near internet entrance, it is quite different for different network topologies.
For "Router<->Switch<->Computers" networks, you need to setup a mirroring port in the switch to enable monitoring. If you are using ISA or wingate proxy server, you can do monitoring right in the proxy server.

How to monitor internet bandwidth?

Upon properly deployed, you can easily monitor internet bandwidth and activities using internet monitoring software.
Below let me take "WFilter Enterprise" as an example:

Use WFilter's "Active Connections" feature, you can have a clear view of all connections in your network.

Connections of a particular computer, you can kill established connections if you want.

For more details about "monitor internet bandwidth", please refer to: How to monitor internet bandwidth?

How to monitor internet usage?

In "Online computers" of WFilter, click the numbers under each title to view detailed records.

How to block downloading?

To save bandwidth, inproper downloading shall be blocked. The below figure shows blocking of large size files and blocking by video files.

Blocking of video files.

For more details, please refer to "How to block downloading?".

Sunday, August 09, 2009

How to monitor internet bandwidth? by Administrator

In today's internet, video downloading, p2p programs, or IPTV programs can easily consume most of your bandwidth. So to make your internet more efficient, it is important for you to monitor internet bandwidth of each computers on your network.
This tutorial will guide you in installing, setting up and using "WFilter Enterprise" to monitor your Internet bandwidth (uploads and download).

1. Setup a SPAN port for monitoring.

Port mirroring allows you to setup a monitoring port in the switch to receive packets of other ports.
First, you need to setup a SPAN port in your switch. And the computer with WFilter installed in shall be connected to the SPAN port.
Read this example for details to setup port mirroring: Deploy internet monitoring using a port mirror switch.

2. Real-time bandwidth monitoring.

Upon properly deployed, you will be able to monitor all computers internet activity and all internet connections.
The "Online Computers" shows a list of online computers.

The "Real-time bandwidth" shows current bandwidth usage diagram and top 20 computers.

3. Protocol Bandwidth Usage Report.

The "Protocol Usage Report" shows the exact bandwidth usage for different protocols of each computer.

Bandwidth details:

More information, please check "WFilter Enterprise".
Other related links:
How to block internet downloading?
How to monitor internet usage on company network?
Internet monitoring software for business
How to filter web surfing?
How to block websites and restrict internet access?
How to Block Bittorrent and bitcomet?
How to block msn file transfer?
How to block certain websites to save your productivity?
How to block AIM using WFilter

Wednesday, August 05, 2009

How to monitor internet usage on company network? by Bruce Geng

Internet can be a benefit to business when used properly, but internet is often abused by employees and poses significant liability and security risks. In today's internet, P2P programs and IPTV applications can easily consume most of your bandwidth.
Therefore, monitoring of internet activity and monitoring of bandwidth usage is important to keep your business efficient.
Below I list several aspects to monitor internet usage on company network.

How to monitor internet usage?

You can not monitor other computers internet usage in a network unless you have access to their network traffic.
There have two ways to see other computers internet traffic:
1. Configure a span port(port mirroring) in your switch.
2. Do monitoring in the gateway or proxy.

If you already setup a computer as the gateway or proxy server, you just need to install internet monitoring software in the server to do monitoring.
Since many networks are using a router as the gateway, using a port mirroring switch is a good choice. Port mirroring allows you to setup a port in the switch to receive packets of other ports. Setting up a mirror port does no change to your network topology, and it will not affect your network speed. A broadcasted hub can also help you to do monitoring, however, broadcasted hubs can only work in 10M bit mode, and it is not so stable. Therefore I recommend you not to use a broadcasted hub to do monitoring.
Read this example for details to setup port mirroring: Deploy internet monitoring using a port mirror switch .

How to monitor internet connections?

Once you've setup the span port, you can easily monitor internet connections using internet monitor software.
Here we take "WFilter Enterprise" as an example:

Monitor all computers internet connections

Use WFilter's "Active Connections" feature, you can have a clear view of all connections in your network.

Monitor a computer's internet connections

Connections of a particular computer, you can kill established connections if you want.

How to monitor internet activity?

In "Online computers", click the numbers under each title to view detailed records.

Browsing history:

Other related links:
How to monitor internet bandwidth?
Internet blocking

Friday, July 17, 2009

How to filter web surfing? by Administrator

Introduction

WFilter supports various ways to filter web surfing activity:

Block Web Surfing Completely
Enable Website Black/White List
Enable URL Keywords Filtering
Enable Website Category Access Policy
Websites Exception List
Enable HTTPS Black/White List

1. Block Web Surfing Completely

When enabled, all HTTP web surfing will be blocked, except for domains in the "Websites Exception List".

1.1 Add a new blocking level, as in the below figure:

Figure 1

1.2 Set a proper "Level Name" and "Level Desc", check the "Block Web Surfing". If you want to display a blocking page when blocked, you need to enable "Display a Deny Page When Blocking", as in Figure 2:

Figure 2

1.3 Apply this new blocking level to certain users in "User-computer Table", as in the below figure:

Figure 3

1.4 Websites will be blocked, as in Figure 4:

Figure 4

Figure 5

2. Enable Website Black/White List

Website black/white list can set black list or white list for websites based on domain name. When black list is enabled, websites in the black list will be blocked. When white list is enabled, only websites in the white list can be visited.

2.1 Add a new blocking level, as in the below figure:

Figure 6

2.2 Set a proper "Level Name" and "Level Desc", check the "Enable Website black/white list", as in Figure 7:

Figure 7

2.3 Add certain websites into a black list, as in Figure 8:

Figure 8

2.4 Apply this new blocking level to certain users in "User-computer Table", as in the below figure:

Figure 9

2.5 Websites in the black list will be blocked, as in Figure 10:

Figure 10

Figure 11

3.1 Enable URL Keywords Filtering

URL keywords filtering can filter webpages by url address. Using this feature, you can block searching for certain keywords in search engines.

3.1 Add a new blocking level, as in the below figure:

Figure 12

3.2 Set a proper "Level Name" and "Level Desc", check the "Enable URL Keywords Filtering", as in Figure 13:

Figure 13

3.3 Check the keywords category to be blocked, as in Figure 14:

Figure 14

3.4 Apply this new blocking level to certain users in "User-computer Table", as in the below figure:

Figure 15

3.5 In this example, searching for "game" will be blocked, as in Figure 16 and Figure 17:

Figure 16

Figure 17

4. Enable Website Category Access Policy

Website category access rules can filter websites based on websites categories. Four filtering modes are supported: "Allow", "Deny", "Warn" and "Time Quota".

4.1 Add a new blocking level, as in the below figure:

Figure 18

4.2 Set a proper "Level Name" and "Level Desc", check the "Enable web category rule", as in Figure 19:

Figure 19

4.3 Set certain filtering mode for certain categories, as in Figure 20:

Figure 20

4.4 Apply this new blocking level to certain users in "User-computer Table", as in the below figure:

Figure 21

4.6 In this example, time quota is enabled for "Game" websites, as in Figure 22:

Figure 22

5. Websites Exception List

Websites in the exception list will not be blocked by other rules.

Figure 23

6. Enable HTTPS Black/White List

Above functions can only filter HTTP websites, to block HTTPS websites, you need to enable the "HTTPS Black/White List".

6.1 Add a new blocking level, as in the below figure:

Figure 24

6.2 Set a proper "Level Name" and "Level Desc", check the "Enable HTTPS Black/White List", as in Figure 25:

Figure 25

6.3 Add certain websites into a HTTPS Black list, as in Figure 26:

Figure 26

6.4 Apply this new blocking level to certain users in "User-computer Table", as in the below figure:

Figure 27

6.5 As in Figure 28 and 29, certain HTTPS websites will be blocked.

Figure 28

Figure 29

Monday, April 20, 2009

Monitoring performance of WFilter. by Bruce Geng

WFilter Monitoring Performance

WFilter is designed to monitor a network with no more than 1000 computers, and the available internet bandwidth of the entire network shall be no more than 100Mbit/s.

Since WFilter is software, the performance depends a lot on the hardware performance. Higher bandwidth requires faster CPU, and more monitored computers require more RAM. Therefore, we recommend you to provide 1M available RAM for each monitored computer.

Below is a performance test result for HTTP request of WFilter 3.3 file-based version:

#	Computers	Bandwidth	Total HTTP Requests	Recorded Percent	CPU	Memory
1	50	37.2M	16000	100%	35%	260,298K
2	100	35M	20000	100%	38%	280,576K
3	200	31M	40000	100%	58%	294,561K
4	400	33M	80000	100%	68%	372,786K
5	600	32.3M	120000	100%	80%	540,151K
6	1000	32.6M	200000	60%	99%	540,664K

As we can see from the above table, when monitored computers number reachs 1000, the "recorded percent" decreased to 60% suddenly. And we noticed the memory only slightly increased, so it shall because lack of memory. Therefore we added the monitoring computer RAM to 2G, and do the test again:

#	Computers	Bandwidth	Total HTTP Requests	Recorded Percent	CPU	Memory
7	1000	32.7M	200000	100%	90%	820,640K

And the test of WFilter 3.3 database version(SQL Server) performance has the similar result:

#	Computers	Bandwidth	Total HTTP Requests	Recorded Percent	CPU	Memory
1	50	34.9M	10000	100%	45%	197,392K
2	100	34.9M	20000	100%	45%	210,196K
3	200	31M	40000	100%	45%	270,960K
4	400	32.9M	80000	100%	45%	364,234K
5	1000	28.6M	200000	58.84%	100%	540,664K

The performance of 1000-user can also be improved by adding RAM of the monitoring computer.

Test Environment

1	Network	100M ethernet
2	Test Client	Intel(R) pentium(R) Dual 1.80+1.80GHz , 1G RAM
3	Test Monitoring Server	Intel(R) Celeron(R) 2.66GHz, 1G RAM
4	WFilter Version	WFilter 3.3
5	Switch	Tplink TL-SF1008