Monthly Archives: December 2010

How to block facebook at work of network computers?

Facebook is a social utility that connects people with friends and others who work, study and live around them. However, employees might spend too much time on this website during working hours.


This tutorial will guide you to setup an internet policy to block facebook access at work with WFilter 3.3 version.


You can block facebook access at different levels:



  1. Block facebook website completely.
  2. Allow facebook website, but block facebook chatting.
  3. Allow facebook website, but block facebook applications and games.

1. Block facebook website completely


1). Block facebook website by “Website Black/White List”.


Add “*.facebook.com” into a website black list.


Now HTTP access of facebook will be blocked.


2). Block https facebook by “HTTPS Black/White List”


Since facebook also provide https access, for complete blocking, you also need to block https facebook by “HTTPS Black/White List”.


Add “*.facebook.com” into a HTTPS black list.



Please notice, reopening of your browser is required for the HTTPS black list to work.


2. Block facebook IM chatting


You may use WFilter to block “facebook IM” directly in “Blocking Level Settings”->”Messengers”.



You will not be able to send a message when facebook IM is blocked.



3. Block facebook applications and games


Facebook applications and games will be blocked simply by adding “apps.facebook.com” into a website black list.




More information, please check “WFilter Enterprise”.


Other related links:


How to block internet downloading?
How to monitor internet usage on company networks?
Internet monitoring software for business
How to filter web surfing?
How to block websites and restrict internet access?
How to block HTTPS websites on my network?


How to check whether a switch supports port mirroring?

To monitor internet activities of all computers in your network, the WFilter computer shall be connected to a mirroring port of your switch, or install WFilter into a gateway computer.

Some inexperienced users might don’t know whether a switch can support port mirroring. Hence we list how to check whether port mirroring is supported by your switch.

First, check the features list of your switch.

“Port mirroring” is also called as “port SPAN”, “port monitoring”. A port mirroring switch is usually called “a manageable switch” or “managed switch”.
If you can find certain keywords in your switch features list or manual, “port mirroring” is supported.

Example 1: description of cisco 2950.


Example 2: feature list of NETGEAR GS108T.

Second, check switch Web UI to find mirroring options.

Most manageable switches provide you a web UI or console interface for you to change it settings. If you can find “port mirroring” or “port monitoring” options in its Web UI, certainly port mirroring is supported.

Example 1: Web UI of dlink 3226.

Example 2: Web UI of netgear GS748AT.

For more information, please check: Why WFilter can only monitor itself? How to monitor other computers in network?

How to block internet access of guest computers in network?

Guest computers might come and leave for a network. However, unmanaged internet access of guest computers could be a nightmare for your network. Guest computers can consume most of your bandwidth with p2p downloading, and download copyrighted materials or virus which might be harmful.

This tutorial will guide you to setup a default internet blocking policy for guest computers with WFilter 3.3 version.

1. Set a different ip address range for guest computers.

If guest computers share a same ip address range with your existing computers, you won’t be able to recognize them. For management purpose, the guest computers shall be in a different ip address range. For example:

1. Allocate all you existing computers with static ip addresses from “192.168.1.0″ to “192.168.1.200″.

2. In your wireless AP, set the DHCP range from “192.168.1.200″ to “192.168.1.250″.

Now every guest computers(mostly laptops) will get an ip address in range “192.168.1.200 – 192.168.1.250″. Then you can set a blocking policy for them in WFilter.

2. Setup default blocking policies for certain ip ranges.

Now you can setup a default blocking policy for ip address in range “192.168.1.200 – 192.168.1.250″. Every new computers in this ip range will be applied with this default policy.

Please notice: If you can not setup a different DHCP range for guest computers, you also can enable this “default monitoring policy” for new found computers. This feature is for WFilter to automatically configure monitoring and blocking policy when it detects a new computer.

More information, please check “WFilter Enterprise”.

Other related links:

How to
block internet downloading?

How
to monitor internet usage on company network?

Internet
monitoring software for business

How to filter
web surfing?

How
to block websites and restrict internet access?

How
to block HTTPS websites on my network?

 

How WFilter works to block internet connections in network?

How WFilter works to monitor and archive internet activities?

WFilter is an enterprise Internet filtering software program. A business or
organization can implement its Internet communication policy into
WFilter and let it perform the work.
WFilter intercepts, records and monitors Internet behaviors of users
on a network, for the purpose of ensuring policy compliance, or
measurement on job performance in an organization.

A mirroring port replicates the data from other ports or VLAN’s. To monitor all internet activity, WFilter needs to be connected to a mirroring port of your switch.  And the mirroring port shall be configured to mirror your internet traffic.

When connected to a mirroring port, WFilter gets packet copies of all internet traffic, then decodes and saves them into log files. This is how WFilter works to monitor internet usage.

For more information about how to setup port mirroring, please check: WFilter Deployment Examples.
To check whether your port mirroring is properly configured, please check: How to check whether port mirroring is properly configured?
If you don’t have a manageable switch, you need to setup a windows gateway or proxy server to do monitoring, please check: How to monitor internet usage without a manageable switch?

How WFilter works to block internet connections?

Many users had asked: “Since WFilter only handles packet copies and the original packets don’t pass through WFilter machine, how WFilter works to block internet connections?”

Actually, there are two filtering technology: pass-through filtering and pass-by filtering.

With a pass-through filtering solution, packets shall pass through the filtering product; if a packet needs to be blocked, the filtering product just drop it.

However, a pass-by filtering product only handles copies of network packets, it can not hold the original packets. Therefore, it sends RST packets to terminate TCP connections. This is how WFilter works to block connections.

Please notice:

1. Since WFilter needs to send RST packets to block a connection, the “blocking adapter” of WFilter shall be able to access your network. The blocking adapter shall be configured in “System Settings”->”Monitoring Settings” of WFilter.

2. Some switches do not allow outgoing traffic on the mirroring port, if so, you need to setup a separate NIC as the blocking adapter. Even outgoing traffic is allowed on the mirroring port, we recommend you to use a secondary NIC for blocking when you’re managing over 100 computers.  Otherwise, the monitoring adapter will be overloaded.

3. If you have multiple VLANs, the blocking adapter shall belong to a VLAN which can communicate with other VLANs.

4. Sometimes you might need to set “Automatic Metric” of the blocking adapter for windows to recognize this adapter as the primary adapter. Please check this blog topic: Blocking adapter doesn’t work when using two network cards with WFilter.

For more information about difference of the two filtering solutions, please check: What’s the difference between Pass-by filtering and Pass-through filtering?
More details about WFilter filtering technology, please check: WFilter Technologies and Security

How to block Mail.Ru Agent in network?

1. What is the Mail.Ru Agent?


Mail.Ru is the leading Internet portal in Russia in communication and entertainment. Its key product is the biggest communication portal for Russian speaking audience that includes the largest free webmail service, instant messenger Mail.Ru Agent, national social network Moi Mir@Mail.Ru and search engine Poisk@Mail.Ru, Mail.Ru headquarters is in Moscow.


Also Mail.Ru is the leader in online game publishing with over 50 percent market share in Russia. The company is a publisher of more than 100 game titles in Russia, Europe, Asia, including such popular original titles as Troetsarstvie, Legend: Legacy of the Dragons, Allods Online as well as successful international licenses such as Perfect World II, Lord of the Rings Online. Also Mail.Ru owns 50 percent in NIKITA.ONLINE.


This turtorial will guide you to block Mail.Ru Agent in your network.


2. How to block Mail.Ru Agent and Web-Mail.Ru?


2.1. First, add a new Custom Protocol


Because “Mail.Ru Agent” is not in Wfilter default pattern database, you need to add a custom protocol.



            The first pattern:


            Name: Mail.Ru_TCP
            Desc: Mail.Ru_TCP
            Type: TCP SEND
            Offset: 0
            Format: 0
            Content: ^\xef\xbe\xad\xde


            The second pattern:


            Name: Mail.Ru_HTTP
            Desc: Mail.Ru_HTTP
            Type: HTTP SEND
            Offset: 0
            Format: Host
            Content: ^(mra|webagent)\.mail\.ru


              The third pattern:

            Name: Mail.Ru_TCP_2
            Desc: Mail.Ru_TCP_2
            Type: TCP RECV
            Offset: 0
            Format: 0
            Content: ^\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}:2041\x0a$


 


2.2. Enable blocking of “Mail.ru Agent” in certain blocking policy.




Apply this blocking policy to certain computers.


 


3. Now Mail.Ru Agent will be completely blocked.




4. Web-Mail.Ru is also blocked.



More information, please check “WFilter Enterprise”.


Other related links:


How to block internet downloading?
How to monitor internet usage on company network?
Internet monitoring software for business
How to filter web surfing?
How to block websites and restrict internet access?
How to block HTTPS websites on my network?