The internet has been turned to an invaluable tool in business. However, the availability of internet currently has given an important risk factor to the employer liability and at the same time consumes the employers 90% of hours in productivity.

Therefore internet access shall be filtered and restricted to keep the working productivity of your employees.

There have several ways to filter internet access:

1. Setup an network internet filtering program. With a filtering program, you will be able to filter internet access of all computers in your network from ONE computer only. There have a lot such products in the market. For example, WFilter Enterprise, or Websense Enterprise are very helpful for you to filter internet access of network computers.

Passby internet filtering products usually require you to setup a mirroring port in a manageable switch. Setting up a mirroring port does no change to your network toplogly and it will not influence your network performance.

2. Setup ACL policy in your Router/Firewall/UTM. Firewall devices can enable you to block websites/ports/ip addresses. So you also can setup ACL rules in your firewall to block certain traffic. For more information about UTM solution, please visit http://www.astaro.com

3. Filter websites from the dns server. You may try "opendns" solution. Opendns solution is simple and easy to setup. However, with this solution, there can only have one policy for your entire network.

WFilter 4.0 version will be released soon after nearly two years development.

The new version made a lot improvement and optimization of current features. Also a series of new features are added, such as "WFilter Dashboard", "Central Management of WFilter servers", "WFilter Local Account", "Multi-adapter Monitoring", and several new alert types. Below is a brief introduction to these new features:

1. WFilter Dashboard

WFilter Dashboard allow you to check the monitoring status, log storage status, system warnings from a central dashboard.

2. WFilter Servers Management

This feature enables you to manage several WFilter servers from a central localtion.

3. Default IP Policy

The "Default IP Policy" feature enables you to set different policies to different ip ranges, when a new computer found it's default ip policy will be applied.

4. Search of Network Computers

You can use the "Search Computers" feature to search computers in your network. It's more convenient than the passive computer finding in the old version.

5. More Alert Types

More alert types are added: disk space alert, new computer alert, ip address changing alert...

6. More Powerful Account Monitoring

WFilter's "account monitoring" feature can integrate WFilter with your active directory. So you can deploy monitoring based on user accounts. The new version added "WFilter local accounts" feature. When you don't have an available active directory, you also can use "WFilter local account" feature to monitor/filter by user accounts.

6.1 Integrate Active Directory

6.2 WFilter local account

7. Multi-adapters Monitoring

WFilter 4.0 can support monitoring on multiple adapters to support complicated networkings.

Internet can be a benefit to business when used properly, but internet is often abused by employees and poses significant liability and security risks:

• 1. Internet downloading and malicious websites are harmful to your network.
• 2. Online messengers, social networks websites are killing your productivity.
• 3. P2P programs and IPTV applications can easily consume most of your bandwidth.
• 4. Sharing of copyrighted popular music and movies is illegal in most jurisdictions.

Therefore, it is necessary for business administrators to track employees internet usage and restrict internet usage in company networks.

Below I list several aspects to track and filter internet activity on company networks.

1. Keep a record of internet activities.

To track internet usage, you can setup a mirroring port in your switch, and connect an internet monitoring product to this mirroring port to archive all internet activities.

Please check this blog article: How to monitor internet usage on company network?

2. Restrict websites access

• 1. Only work-related websites are allowed during work time.
• 2. Destructive websites like violence, adult, shall be blocked always.
• 3. Downloading websites shall be blocked to save bandwidth if you are suffering from slow internet speed.

For those companies who are very strict with websites browsing, you can implement a website whitelist, by which, only websites in the whitelist can be visited.

How to whitelist websites?

3. Block bandwidth consuming protocols

To keep your internet working smoothly, bandwidth consuming protocols like p2p downloading, online streaming shall be blocked during working hours.

Please check:

1. How to monitor internet bandwidth?
2. How to block p2p traffic in your network?

Routing and Remote Access is a network service in Microsoft Windows Server 2008, Windows Server 2003, and Windows 2000 Server that can provides Network address translator (NAT) for connecting a private network to the Internet. An example network topology is as below:

Since all internet traffic goes through the RRAS server, it's very simple for you to monitor and filter internet activities: "just install WFilter in this server."

The RRAS server has two adapters: the internal NIC and external NIC, you shall be able to see two adapters in the "monitoring adapter settings" of "System Settings"->"Monitoring Settings".

We recommend you to choose the internal NIC as the monitoring and blocking adapter, because you will be able to monitor, block and report on individual network computers.

However, if you choose the external NIC as the monitoring and blocking adapter, WFilter will treat the whole network as one computer, because the RRAS server will translate all subnet ip addresses to its public ip address.

We have noticed that some users prefer to monitor on the internal NIC to save license number, because you only need ONE 1-user license to monitor the public ip address. However, we recommend you not to do it, because this is not WFilter designed to work, and there might have an over-blocking issue for some p2p protocols.

 

More information, please check "WFilter Enterprise".

Other related links:

How to block UDP ports in RRAS windows server 2003?
How to block internet downloading?
How to monitor internet usage on company network?
Internet monitoring software for business
How to filter web surfing?
How to block websites and restrict internet access?
How to block HTTPS websites on my network?

As a pass-by filtering product, WFilter only can block TCP traffic. For complete blocking of p2p traffic, you're required to block UDP ports 1024-65534 in your router or firewall. For more information about pass-by filtering, please check: difference between Pass-by filtering and Pass-through filtering.

Since some networks use a windows server with "Routing and Remote Access Service"(RRAS) as the gateway, you also can configure the "IP Filter" in RRAS to block UDP ports. In this tutorial, we will guide you to block all UDP ports except DNS(53) in windows server 2003.

1. Open "Routing and Remote Access" in "Control Panel"->"Administrative Tools".

2. Click "General"->"properties".

3. Click "Inbound Filters".

4. Add DNS port UDP 53 into the allow list

Click "New"->"Add IP Filter", choose "Protocol" as "UDP", "Sourceport" as "53", "Destination port" as "0"(means all).

5. Add all TCP into the allow list

Click "New"->"Add IP Filter", choose "Protocol" as "TCP", "Sourceport" as "0", "Destination port" as "0".

6. Block others

Check "Drop all packets except those that meet the criteria below" to block other traffic.

By now, UDP ports are all blocked except UDP 53(DNS). And WFilter is now full functional to block p2p/IM/iptv traffic.

More information, please check "WFilter Enterprise".

Other related links:

How to block internet downloading?
How to monitor internet usage on company network?
Internet monitoring software for business
How to filter web surfing?
How to block websites and restrict internet access?
How to block HTTPS websites on my network?

This turtorial will guide you to block porn websites in your network.

Three ways of WFilter to block porn websites:

• 1. Using website black list.
• 2. Using "Url keywords filtering" to block keywords in url.
• 3. Using the default url database of WFilter to block website by categories.

1. Using "website black list" to block porn websites

If you know the websites to be blocked, you can add them into a website black list to be blocked. For example:

2. Using "URL keywords filtering" to block porn sites

The "URL keywords filtering" will search the visited URL addresses for certain keywords. When certain keywords is found, it will be blocked.

For example, add "porn", "sex" to "Sexual", and block "Sexual" category in "URL Keywords Filtering".

3. Using "Web access rules" to block porn sites

WFilter has a default url database which contains millions of common websites. You may enable "Web Access Rule" and block the "Sexual" category to block sexual websites in the default url database.

However, the url database can not cover all websites in internet. You may search a domain in "Category Settings"->"Category Search". If the search result is "not found", it means this domain is not in the default url database. You can add it to the default url database in "Categories List"->"Add websites to a catagory".

4. Websites been blocked.

More information, please check "WFilter Enterprise".

Other related links:

How to block internet downloading?
How to monitor internet usage on company networks?
Internet monitoring software for business
How to filter web surfing?
How to block websites and restrict internet access?
How to block HTTPS websites on my network?
How to setup ip-mac binding in WFilter?
How to block facebook at work of network computers?