Author Archives: WFilter

How to monitor internet bandwidth?

Leave a reply

  In today’s internet, video downloading, p2p programs, or IPTV programs can easily consume most of your bandwidth. So to make your internet more efficient, it is important for you to monitor internet bandwidth of each computers on your network.
  This tutorial will guide you in installing, setting up and using “WFilter Enterprise” to monitor your Internet bandwidth (uploads and download).

1. Setup a SPAN port for monitoring.

  Port mirroring allows you to setup a monitoring port in the switch to receive packets of other ports.
  First, you need to setup a SPAN port in your switch. And the computer with WFilter installed in shall be connected to the SPAN port.
  Read this example for details to setup port mirroring: Deploy internet monitoring using a port mirror switch.

2. Real-time bandwidth monitoring.

  Upon properly deployed, you will be able to monitor all computers internet activity and all internet connections.
  The “Online Computers” shows a list of online computers.

  The “Real-time bandwidth” shows current bandwidth usage diagram and top 20 computers.

3. Protocol Bandwidth Usage Report.

  The “Protocol Usage Report” shows the exact bandwidth usage for different protocols of each computer.
 


Bandwidth details:


More information, please check “WFilter Enterprise”.
Other related links:
How to block internet downloading?
How to monitor internet usage on company network?
Internet monitoring software for business
How to filter web surfing?
How to block websites and restrict internet access?
How to Block Bittorrent and bitcomet?
How to block msn file transfer?
How to block certain websites to save your productivity?
How to block AIM using WFilter

How to monitor internet usage on company network?

Leave a reply

  Internet can be a benefit to business when used properly, but internet
is often abused by employees and poses significant liability and
security risks. In today’s internet, P2P programs and IPTV applications can easily consume most of your bandwidth.
  Therefore, monitoring of internet activity and monitoring of bandwidth usage is important to keep your business efficient.
  Below I list several aspects to monitor internet usage on company network.

How to monitor internet usage?

  You can not monitor other computers internet usage in a network unless you have access to their network traffic.
  There have two ways to see other computers internet traffic:
  1. Configure a span port(port mirroring) in your switch.
  2. Do monitoring in the gateway or proxy.

  If you already setup a computer as the gateway or proxy server, you just need to install internet monitoring software in the server to do monitoring. 
  Since many networks are using a router as the gateway, using a port mirroring switch is a good choice. Port mirroring allows you to setup a port in the switch to receive packets of other ports. Setting up a mirror port does no change to your network topology, and it will not affect your network speed.  A broadcasted hub can also help you to do monitoring, however, broadcasted hubs can only work in 10M bit mode, and it is not so stable. Therefore I recommend you not to use a broadcasted hub to do monitoring.
  Read this example for details to setup port mirroring: Deploy internet monitoring using a port mirror switch .

How to monitor internet connections?

  Once you’ve setup the span port, you can easily monitor internet connections using internet monitor software.
  Here we take “WFilter Enterprise” as an example:

Monitor all computers internet connections

   Use WFilter’s “Active Connections” feature, you can have a clear view of all connections in your network.

Monitor a computer’s internet connections

Connections of a particular computer, you can kill established connections if you want.

How to monitor internet activity?

  
In “Online computers”, click the numbers under each title to view detailed records.

Browsing history:

Other related links:
How to monitor internet bandwidth?
Internet blocking

How to filter web surfing?

Leave a reply

Introduction

WFilter supports various ways to filter web surfing activity:

  1. Block Web Surfing Completely
  2. Enable Website Black/White List
  3. Enable URL Keywords Filtering
  4. Enable Website Category Access Policy
  5. Websites Exception List
  6. Enable HTTPS Black/White List

1. Block Web Surfing Completely

When enabled, all HTTP web surfing will be blocked, except for domains in the “Websites Exception List”.

1.1 Add a new blocking level, as in the below figure:

Figure 1

1.2 Set a proper “Level Name” and “Level Desc”, check the “Block Web Surfing”. If you want to display a blocking page when blocked, you need to enable “Display a Deny Page When Blocking”, as in Figure 2:

Figure 2

1.3 Apply this new blocking level to certain users in “User-computer Table”, as in the below figure:

Figure 3

1.4 Websites will be blocked, as in Figure 4:

Figure 4

Figure 5

2. Enable Website Black/White List

Website black/white list can set black list or white list for websites based on domain name.
When black list is enabled, websites in the black list will be blocked. When white list is enabled, only websites in the white list can be visited.

2.1 Add a new blocking level, as in the below figure:

Figure 6

2.2 Set a proper “Level Name” and “Level Desc”, check the “Enable Website black/white list”, as in Figure 7:

Figure 7

2.3 Add certain websites into a black list, as in Figure 8:

Figure 8

2.4 Apply this new blocking level to certain users in “User-computer Table”, as in the below figure:

Figure 9

2.5 Websites in the black list will be blocked, as in Figure 10:

Figure 10

Figure 11

3.1 Enable URL Keywords Filtering

URL keywords filtering can filter webpages by url address. Using this feature, you can block searching for certain keywords in search engines.

3.1 Add a new blocking level, as in the below figure:

Figure 12

3.2 Set a proper “Level Name” and “Level Desc”, check the “Enable URL Keywords Filtering”, as in Figure 13:

Figure 13

3.3 Check the keywords category to be blocked, as in Figure 14:

Figure 14

3.4 Apply this new blocking level to certain users in “User-computer Table”, as in the below figure:

Figure 15

3.5 In this example, searching for “game” will be blocked, as in Figure 16 and Figure 17:

Figure 16

Figure 17

4. Enable Website Category Access Policy

Website category access rules can filter websites based on websites categories. Four filtering modes are supported: “Allow”, “Deny”, “Warn” and “Time Quota”.

4.1 Add a new blocking level, as in the below figure:

Figure 18

4.2 Set a proper “Level Name” and “Level Desc”, check the “Enable web category rule”, as in Figure 19:

Figure 19

4.3 Set certain filtering mode for certain categories, as in Figure 20:

Figure 20

4.4 Apply this new blocking level to certain users in “User-computer Table”, as in the below figure:

Figure 21

4.6 In this example, time quota is enabled for “Game” websites, as in Figure 22:

Figure 22

5. Websites Exception List

Websites in the exception list will not be blocked by other rules.

Figure 23

6. Enable HTTPS Black/White List

Above functions can only filter HTTP websites, to block HTTPS websites, you need to enable the “HTTPS Black/White List”.

6.1 Add a new blocking level, as in the below figure:

Figure 24

6.2 Set a proper “Level Name” and “Level Desc”, check the “Enable HTTPS Black/White List”, as in Figure 25:

Figure 25

6.3 Add certain websites into a HTTPS Black list, as in Figure 26:

Figure 26

6.4 Apply this new blocking level to certain users in “User-computer Table”, as in the below figure:

Figure 27

6.5 As in Figure 28 and 29, certain HTTPS websites will be blocked.

Figure 28

Figure 29

Monitoring performance of WFilter.

Leave a reply

WFilter Monitoring Performance

WFilter is designed to monitor a network with no more than 1000 computers, and the available internet bandwidth of the entire network shall be no more than 100Mbit/s.

Since WFilter is software, the performance depends a lot on the hardware performance. Higher bandwidth requires faster CPU, and more monitored computers require more RAM. Therefore, we recommend you to provide 1M available RAM for each monitored computer.

Below is a performance test result for HTTP request of WFilter 3.3 file-based version:

# Computers Bandwidth Total HTTP Requests Recorded Percent CPU Memory
1 50 37.2M 16000 100% 35% 260,298K
2 100 35M 20000 100% 38% 280,576K
3 200 31M 40000 100% 58% 294,561K
4 400 33M 80000 100% 68% 372,786K
5 600 32.3M 120000 100% 80% 540,151K
6 1000 32.6M 200000 60% 99% 540,664K

As we can see from the above table, when monitored computers number reachs 1000, the “recorded percent” decreased to 60% suddenly. And we noticed the memory only slightly increased, so it shall because lack of memory. Therefore we added the monitoring computer RAM to 2G, and do the test again:

# Computers Bandwidth Total HTTP Requests Recorded Percent CPU Memory
7 1000 32.7M 200000 100% 90% 820,640K

And the test of WFilter 3.3 database version(SQL Server) performance has the similar result:

# Computers Bandwidth Total HTTP Requests Recorded Percent CPU Memory
1 50 34.9M 10000 100% 45% 197,392K
2 100 34.9M 20000 100% 45% 210,196K
3 200 31M 40000 100% 45% 270,960K
4 400 32.9M 80000 100% 45% 364,234K
5 1000 28.6M 200000 58.84% 100% 540,664K

The performance of 1000-user can also be improved by adding RAM of the monitoring computer.

Test Environment

1 Network 100M ethernet
2 Test Client Intel(R) pentium(R) Dual 1.80+1.80GHz , 1G RAM
3 Test Monitoring Server Intel(R) Celeron(R) 2.66GHz, 1G RAM
4 WFilter Version WFilter 3.3
5 Switch Tplink TL-SF1008

WFilter 3.3 will come soon.

Leave a reply

  WFilter 3.3 is under alpha testing now. The new version will add “Bandwidth limit”, “Url keywords blocking”, “Website visit quota” and other exciting features.
  1. “Bandwidth limit”. You can set bandwidth limit for each computer, or blocking certain internet traffic when internet bandwidth is too high. This feature can help you to manage company bandwidth flexibly.
  2. “Url Keywords Blocking”, blocking url/webpage by keywords category. You may use this feature to block certain keywords from being searched in search engines.
  3. “Website visit quota”, by this feature, you are able to set visit time quota for each website category. For example, “news” websites can be limited to “1 hour” for each day.

 

how to block google talk using WFilter?

Leave a reply

     It is said that Google talk uses Jabber protocol to communicate.
     However, Google talk has more flexible ways to connect:
     1. Using Jabber standard tcp port 5222.
     2. Using TLS port 443.
     3. Using web chatting on port 80.

     So you will not able to block Google talk by simply blocking Jabber standard port. And 443, 80 ports are essential internet ports which shall not be blocked.

     WFilter makes it simple to block google talk. Google talk connections can be identified and blocked by signature matching. And all these can be done just by one click as below:

     More information, please refer to: http://www.imfirewall.com/en/protocols/Jabber.htm.

How to block certain websites to save your productivity?

Leave a reply

Some websites, like facebook, youtube, are rather time consumable.


If you do nothing to filter certain websites, your employees may spend several hours a day on web surfing.


So How to block certain websites to save your productivity?


1. Some router/gateway might have the ability to block certain websites.


2. Firewall appliances, like cisco PIX, will also be a good choice.


3. The third, you can choose internet filtering software to do web filter and blocking.


 


 


 

How to block websites and restrict internet access?

Leave a reply

Most employees waste more than an hour on browsing web pages. Even worse, someone will not be able to concentrate on their work during work time.
So, to save productivity, it is necessary for organizations to block certain websites and restrict internet access.


In my opinion, things should be done from several aspects:


1. Only work-related websites are allowed during work time.
2. Destructive websites like violence, adult, shall be blocked always.
3. Downloading websites shall be blocked to save bandwidth if you are suffering from slow internet speed.


For those companies who are very strict with websites browsing, you can implement a website whitelist, by which, only websites in the whitelist can be visited.


More information, please refer to internet blocking and internet monitoring.

Block MSN file transfer: impossible mission?

Leave a reply

Block MSN file transfer: impossible mission?


  It is convenient to transfer files via messengers like msn/live, yahoo, icq…  But it is also necessary for organizations to block unauthorized file transfers to keep their networks safe.


  However, messenger software uses several ways to avoid being blocked. They use dynamic ports, encrypted connections, variety connection type to bypass network firewall.


  Let me take msn as an example. By our test, there have four type of msn file transfer as described below:


  1. For two buddies, if one of them is connected to internet directly, direct connection will be established to transfer files. This is the quickest way. There has three type of direct connections with dynamic ports which is negotiated by two sides.


  1.1) Direct TCP connection.


  1.2) Direct TCP connection use TLS encryption.


  1.3) Direct UDP transmission.


  2. If direct connection can not be established, msn servers can act as a relay server to transfer files. The file transfer packets will be among with normal msn messages.


  As you can see from above, there is no way to block msn file transfer simply by blocking some ports in the firewall. The firewall should be smart enough to recognize msn file transfer direct connections, and it shall be able to pick up file transfer packets from normal msn messages.


  Block MSN File Transfer


  Internet Monitor


  Block P2P


 


 

IMFirewall P2P Classify Engine Introduction

Leave a reply

IMFirewall P2P Classify Engine Introduction


1    Introduction


IMFirewall Software is a professional Internet filtering software provider. We focus on Internet information security and providing customers with a comprehensive approach to manage the Internet usage of enterprise network since founded in 2004. By 2007-10, protocols number supported in our pattern database has reached over 90. And our pattern analysis team is monitoring and analyzing protocols everyday.


2       Supported Pattern Type


Three pattern types are supported:


1.      Signature Pattern


You may call it digit signature. As most p2p programs do not has a fix port range nor central servers. The only way to match them is by signature match. IMFirewall pattern matching engine scans every connection for signature of existing protocols..


2.      Port Pattern


IMFirewall pattern matching engine can also recognize protocols by port or port range.


3.      HTTP Pattern


Because more and more protocols are using HTTP protocol or HTTP tunnel to communicate, our pattern-matching engine also checks http mime-header for signatures. HTTP pattern is powerful to recognize http-based protocols.


3       Pattern Matching Speed


We test the speed of each pattern when new pattern found, the standard speed is 20,000 matches in 1 second.


4       Quick Response for New (Updated) Protocols


As protocols may vary from time to time, it is necessary to keep the pattern database up to date in time.


We have a protocol/programs monitoring system, which will monitor the website and files on official websites of each protocol. Once there is a change, the system will notify our protocol analysis team to test it.


This makes us a quick response for new (updated) protocols. Usually, a updated protocol can be added to our pattern database in 2-3 business days.


 


Links: Supported protocols list of WFilter