How to block VNC traffic of network computers with WFilter?

Leave a reply

VNC® provides secure remote access computers from any location for your home and organization. RFB is the protocol used in VNC and its derivatives.


This tutorial will guide you to block VNC with “WFilter Enterprise 4.0″. Because blocking of VNC is not supported by default in WFilter, in this example, we uses “Customize Protocols” feature of WFilter to define the VNC protocol.


First, Add “VNC” Protocol in “Customize Protocols”.


In “Customize Protocols”, new a protocol named “vnc”.



VNC has a pattern:
“vnc_tcp”:
Type–”TCP ALL”
Format–”0″
Pattern Content–”^\x52\x46\x42\x20\x30\x30″


Second, Enable blocking of VNC in certain blocking levels.


And apply this blocking policy to certain computers.


Now, VNC will be blocked.


WFilter blocking events:


Failure connection of VNC.

WFilter deployment with RouterOS’s port streaming feature.

Leave a reply

Installed on a personal computer or server computer, RouterOS turns the computer into a network router, implementing features such as firewall rules, virtual private network (VPN) server and client, bandwidth shaping and quality of service, wireless access point functions and other commonly used features for routing and interconnecting networks.

To implement internet monitoring and more powerful internet filtering features with your RouterOS, you can enable RouterOS’s “port streaming” feature to mirror all internet packets to WFilter for monitoring and filtering.

This tutorial will guide you to configure RouterOS to work together with WFilter.

Enable Packet Streaming

Enable Packet Streaming in “Tools”->”Packet Sniffer”, choose the lan interface as the sniffer interface.

Set the WFilter server ip as the streaming server

Set the WFilter server ip address as the streaming server

Done, now you’re able to monitor all network computers in WFilter.

More information, please check “WFilter Enterprise”.

Other related links:

How to block UDP ports in RRAS windows server 2003?
How to block internet downloading?
How to monitor internet usage on company network?
Internet monitoring software for business
How to filter web surfing?
How to block websites and restrict internet access?
How to block HTTPS websites on my network?

Modify ESET personal firewall settings to make WFilter work.

Leave a reply

All internet packets are required for WFilter to parse network activities. However, the ESET personal firewall blocks non-local computer network packets by default. Therefore, when the ESET personal firewall is enabled, WFilter can not monitor itself computer because other computer’s network packets are all blocked by ESET.

To make WFilter work with ESET personal firewall, you need to adjust the firewall settings.

The following example demonstrates how to configure ESET Smart Security 5.0:

1. Click “Setup” -> “Network” in ESET.

2. The filtering mode shall be “interactive filtering mode”.

3. Click “Configure rules and zones…” to set the rules.

In “Toggle detailed view of all rules” view, click “new” to creat a new rule.

The new rule is set to allow all TCP&UDP traffic. All other rules shall be disabled.

  1. Direction: Both
  2. Action: Allow
  3. Protocol: TCP & UDP
  4. Profile: For every

4. In “Advanced Personal firewall setup…”

Uncheck “Check TCP connection status” in “Packet inspection” section of “IDS and advanced options”.

Now your WFilter shall be able to work.

More information of disable ESET firewall, please check: http://kb.eset.com/esetkb/index?page=content&id=SOLN2113

WFilter adds solution for monitoring terminal server users.

Leave a reply

Terminal Services allows IT departments to install applications on a
central server.
For example, instead of deploying database or accounting software on all
desktops, the applications can simply be installed on a server and
remote users can log on and use them via the network.
This centralization makes upgrading, troubleshooting, and software
management much easier.

However, since all terminal clients share the server’s network, it
becomes difficult to monitor/filter individual users internet usage
because most internet monitoring/filtering products only monitor/filter
internet activities based on ip addresses or MAC addresses.

From WFilter en.3.3.148 version, with WFilter proxy’s “user authentication” feature, you are able to monitor terminal client users and set differnet internet policy for each user.

Please check details of this solution at: How to monitor terminal server users?

How to block google mail (gmail) access of network computers?

Leave a reply

Sometimes you might want to block google mail(gmail) access in your network. This tutorial will guide to block gmail with WFilter.

Google mail( gmail ) supports vary kinds of access, including:

  1. Web access via HTTPs protocol.
  2. SMTP over SSL for sending emails.
  3. POP over SSL for receiving emails.
  4. IMAP over SSL for receiving emails.

So for complete blocking of gmail, you need to enable blocking of certain email protocols, and also need to enable “HTTPS black list” to block gmail web access.

1. Block SMTP/POP/IMAP over SSL

Enable blocking of “SMTP over SSL”, “POP over SSL” and “IMAP over SSL” in certain blocking policy. These settings will block gmail access from email client programs.

2. Block gmail web access.

Enable “HTTPS black/white list”, and choose “New” to new a list.

Add “mail.google.com” into the new HTTPs black list.

New gmail web access is also blocked.

Please notice: if gmail web page is already open before enabing of HTTPs black list, the current https session can not be blocked until restarting of your browser.

More information, please check “WFilter Enterprise”.

Other related links:

How to block UDP ports in RRAS windows server 2003?
How to block internet downloading?
How to monitor internet usage on company network?
Internet monitoring software for business
How to filter web surfing?
How to block websites and restrict internet access?
How to block HTTPS websites on my network?

Does port mirroring influence my network speed?

Leave a reply

For pass-by monitoring and filtering, you need to setup a mirroring port in your switch. When port mirroring feature is enabled, the switch will replicate data from other ports onto a single port for monitoring purpose. Since the original packets will not be hold or delayed, port mirroring does not affect your network speed theoretically.

However, inproper port mirroring settings will cause heavy load in your switch and even cause packet loss.

So please consider the following points when configuring a mirroring port:

  1. Do not mirror multiple ports to one port until necessary.
  2. If it is required to mirror multiple ports, please make sure the total mirrored ports throughput will not exceeds the mirroring port throughput limit.
  3. For WFilter, mirroring the internet port is enough. Usually, only the router/firewall port needs to be mirrored.
  4. If your switch does not allow outgoing traffic on the mirroring port, or you’re using WFilter to filter internet access for more than 50 computers, it is recommended to use two network adapters: one is for monitoring only, another one is for filtering.

How to check whether port mirroring settings are correct?
How to check whether a switch supports port mirroring?
Why a port mirroring switch is required to monitor my network?

How to filter the internet access for business network?

Leave a reply

The internet has been turned to an invaluable tool in business. However, the availability of internet currently has given
an important risk factor to the employer liability and at the same time
consumes the employers 90% of hours in productivity.

Therefore internet access shall be filtered and restricted to keep the working productivity of your employees.

There have several ways to filter internet access:

1. Setup an network internet filtering program.
With a filtering program, you will be able to filter internet access of all computers in your network from ONE computer only.
There have a lot such products in the market. For example, WFilter
Enterprise, or Websense Enterprise are very helpful for you to filter internet access of network computers.

Passby internet filtering products usually require you to setup a mirroring port in a manageable switch. Setting up a mirroring port does no change to your network toplogly and it will not influence your network performance.

2. Setup ACL policy in your Router/Firewall/UTM. Firewall devices can
enable you to block websites/ports/ip addresses. So you also can setup
ACL rules in your firewall to block certain traffic. For more
information about UTM solution, please visit http://www.astaro.com

3. Filter websites from the dns server. You may try “opendns” solution.
Opendns solution is simple and easy to setup. However, with this
solution, there can only have one policy for your entire network.

WFilter 4.0 is coming.

Leave a reply

WFilter 4.0 version will be released soon after nearly two years development.


The new version made a lot improvement and optimization of current features. Also a series of new features are added, such as “WFilter Dashboard”, “Central Management of WFilter servers”, “WFilter Local Account”, “Multi-adapter Monitoring”, and several new alert types. Below is a brief introduction to these new features:


1. WFilter Dashboard


WFilter Dashboard allow you to check the monitoring status, log storage status, system warnings from a central dashboard.



2. WFilter Servers Management


This feature enables you to manage several WFilter servers from a central localtion.



3. Default IP Policy


The “Default IP Policy” feature enables you to set different policies to different ip ranges, when a new computer found it’s default ip policy will be applied.



4. Search of Network Computers


You can use the “Search Computers” feature to search computers in your network. It’s more convenient than the passive computer finding in the old version.



5. More Alert Types


More alert types are added: disk space alert, new computer alert, ip address changing alert…



6. More Powerful Account Monitoring


WFilter’s “account monitoring” feature can integrate WFilter with your active directory. So you can deploy monitoring based on user accounts. The new version added “WFilter local accounts” feature. When you don’t have an available active directory, you also can use “WFilter local account” feature to monitor/filter by user accounts.


6.1 Integrate Active Directory





6.2 WFilter local account



7. Multi-adapters Monitoring


WFilter 4.0 can support monitoring on multiple adapters to support complicated networkings.


How to track and restrict internet usage in your network?

Leave a reply

Internet can be a benefit to business when used properly, but internet is often abused by employees and poses significant liability and security risks:

  • 1. Internet downloading and malicious websites are harmful to your network.
  • 2. Online messengers, social networks websites are killing your productivity.
  • 3. P2P programs and IPTV applications can easily consume most of your bandwidth.
  • 4. Sharing of copyrighted popular music and movies is illegal in most jurisdictions.

Therefore, it is necessary for business administrators to track employees internet usage and restrict internet usage in company networks.

Below I list several aspects to track and filter internet activity on company networks.

1. Keep a record of internet activities.

To track internet usage, you can setup a mirroring port in your switch, and connect an internet monitoring product to this mirroring port to archive all internet activities.

Please check this blog article: How to monitor internet usage on company network?

2. Restrict websites access

  • 1. Only work-related websites are allowed during work time.
  • 2. Destructive websites like violence, adult, shall be blocked always.
  • 3. Downloading websites shall be blocked to save bandwidth if you are suffering from slow internet speed.

For those companies who are very strict with websites browsing, you can implement a website whitelist, by which, only websites in the whitelist can be visited.

How to whitelist websites?

3. Block bandwidth consuming protocols

To keep your internet working smoothly, bandwidth consuming protocols like p2p downloading, online streaming shall be blocked during working hours.

Please check:

1. How to monitor internet bandwidth?
2. How to block p2p traffic in your network?

How to deploy internet monitoring and filtering in RRAS windows gateway?

Leave a reply

Routing and Remote Access is a network service in Microsoft Windows Server 2008, Windows Server 2003, and Windows 2000 Server that can provides Network address translator (NAT) for connecting a private network to the Internet. An example network topology is as below:


Since all internet traffic goes through the RRAS server, it’s very simple for you to monitor and filter internet activities: “just install WFilter in this server.”


The RRAS server has two adapters: the internal NIC and external NIC, you shall be able to see two adapters in the “monitoring adapter settings” of “System Settings”->”Monitoring Settings”.


We recommend you to choose the internal NIC as the monitoring and blocking adapter, because you will be able to monitor, block and report on individual network computers.


However, if you choose the external NIC as the monitoring and blocking adapter, WFilter will treat the whole network as one computer, because the RRAS server will translate all subnet ip addresses to its public ip address.


We have noticed that some users prefer to monitor on the internal NIC to save license number, because you only need ONE 1-user license to monitor the public ip address. However, we recommend you not to do it, because this is not WFilter designed to work, and there might have an over-blocking issue for some p2p protocols.


 


More information, please check “WFilter Enterprise”.


Other related links:


How to block UDP ports in RRAS windows server 2003?
How to block internet downloading?
How to monitor internet usage on company network?
Internet monitoring software for business
How to filter web surfing?
How to block websites and restrict internet access?
How to block HTTPS websites on my network?