Category Archives: How to filter internet access

How WFilter works to block internet connections in network?

How WFilter works to monitor and archive internet activities?

WFilter is an enterprise Internet filtering software program. A business or
organization can implement its Internet communication policy into
WFilter and let it perform the work.
WFilter intercepts, records and monitors Internet behaviors of users
on a network, for the purpose of ensuring policy compliance, or
measurement on job performance in an organization.

A mirroring port replicates the data from other ports or VLAN’s. To monitor all internet activity, WFilter needs to be connected to a mirroring port of your switch.  And the mirroring port shall be configured to mirror your internet traffic.

When connected to a mirroring port, WFilter gets packet copies of all internet traffic, then decodes and saves them into log files. This is how WFilter works to monitor internet usage.

For more information about how to setup port mirroring, please check: WFilter Deployment Examples.
To check whether your port mirroring is properly configured, please check: How to check whether port mirroring is properly configured?
If you don’t have a manageable switch, you need to setup a windows gateway or proxy server to do monitoring, please check: How to monitor internet usage without a manageable switch?

How WFilter works to block internet connections?

Many users had asked: “Since WFilter only handles packet copies and the original packets don’t pass through WFilter machine, how WFilter works to block internet connections?”

Actually, there are two filtering technology: pass-through filtering and pass-by filtering.

With a pass-through filtering solution, packets shall pass through the filtering product; if a packet needs to be blocked, the filtering product just drop it.

However, a pass-by filtering product only handles copies of network packets, it can not hold the original packets. Therefore, it sends RST packets to terminate TCP connections. This is how WFilter works to block connections.

Please notice:

1. Since WFilter needs to send RST packets to block a connection, the “blocking adapter” of WFilter shall be able to access your network. The blocking adapter shall be configured in “System Settings”->”Monitoring Settings” of WFilter.

2. Some switches do not allow outgoing traffic on the mirroring port, if so, you need to setup a separate NIC as the blocking adapter. Even outgoing traffic is allowed on the mirroring port, we recommend you to use a secondary NIC for blocking when you’re managing over 100 computers.  Otherwise, the monitoring adapter will be overloaded.

3. If you have multiple VLANs, the blocking adapter shall belong to a VLAN which can communicate with other VLANs.

4. Sometimes you might need to set “Automatic Metric” of the blocking adapter for windows to recognize this adapter as the primary adapter. Please check this blog topic: Blocking adapter doesn’t work when using two network cards with WFilter.

For more information about difference of the two filtering solutions, please check: What’s the difference between Pass-by filtering and Pass-through filtering?
More details about WFilter filtering technology, please check: WFilter Technologies and Security

How can I block tor or other similiar application?

1. What is tor ?

Tor is a system intended to enable online anonymity, composed of client software and a network of servers which can mask information about users’ locations and other factors which might identify them. Use of this system makes it more difficult to trace internet traffic to the user, including visits to Web sites, online posts, instant messages, and other communication forms. It is intended to protect users’ personal freedom, privacy, and ability to conduct confidential business, by keeping their internet activities from being monitored. The software is open-source and the network is free of charge to use.

Since client workstations can use tor to bypass internet filtering, so you may want to block tor traffic in your network.

In this tutorial, we will guide you to block tor traffic with “WFilter
Enterprise 3.3″.

2. How to block tor with Wfilter?

Because tor uses HTTP/TLS to encrypt its traffic, we need to use “HTTPS black/white list” feature of WFilter to filter HTTPS websites to block tor.

First, create a new “HTTPS White List” and add the allowed HTTPS domains in it. As in below figure:


Enable “HTTPS black/white list” in certain blocking level settings.

Finally, apply this blocking policy to certain computers.

3. Now tor will be completely blocked.


Blocking events in WFilter:

More information, please check “WFilter Enterprise”.

Other related links:

How to block
internet downloading?

How
to monitor internet usage on company network?

Internet
monitoring software for business

How to filter web
surfing?

How to block websites and restrict internet access?
How to block HTTPS websites on my network?

How to block HTTPS websites on my network?

Hypertext Transfer Protocol Secure (HTTPS) is a combination of the Hypertext Transfer Protocol with the SSL/TLS protocol to provide encryption and secure (website security testing) identification of the server. It uses port 443. HTTPS connections are often used for payment transactions on the World Wide Web and for sensitive transactions in corporate information systems.
As more and more websites provide both HTTP and HTTPS access. For example, facebook.com can be access both from “http://www.facebook.com” and “https://www.facebook.com”. So you can not block facebook completely until both http and https are blocked. However, HTTPS are widely used in payment transactions, web email authentication …, so block all HTTPS traffic will not be a good choice.

“WFilter Enterprise” provides you a “HTTPS black/white List” for you to filter HTTPS websites by its domain name.

First, enable “HTTPS Black/white List”.


Second, add HTTPS domains in the black list.

More information, please check “WFilter Enterprise”.
Other
related links:
How to block
internet downloading?

How
to monitor internet usage on company network?

Internet
monitoring software for business

How to filter web
surfing?

How to block websites and restrict internet access?
How to Block Bittorrent and bitcomet?
How to block msn file transfer?
How to block certain websites to save your productivity?
How to block AIM using WFilter?

How to block BBC online video with WFilter?

One customer reported that BBC online video can not be blocked by WFilter, even “Block Online HTTP Video and Downloading of Video Files” is checked in certain blocking levels.
So we did some research and found, other than HTTP protocol, the BBC websites also use the RTMP (Real Time Messaging Protocol) to play online video.
Because blocking of RTMP is not supported by default in WFilter(will be added soon), this tutorial will guide you to block BBC online video by the “Customize Protocols” feature of WFilter.

First, Add a new protocol named “RTMP”.


1. Protocol Settings:
Protocol Name: RTMP
Protocol Desc: Real Time Messaging
Protocol Type: Streaming

2. Pattern1
Name: RTMP_HTTP
Desc: RTMP_HTTP
Type: HTTP SEND
Offset: 0
Format: User-Agent
Content: Shockwave\sFlash

3. Pattern2
Name: RTMP
Desc: RTMP
Type: TCP_SEND
Offset: 0
Begin Byte: 03
Format: 0
Content: \x03[\x00-\xff]{4}\x80\x00

Second, Enable blocking of RTMP in certain blocking levels.

Now, BBC videos will be successfully blocked.

Related Topic: How to block bbc iplayer?

How to restrict employees internet access on your network?

Internet can be a benefit to business when used properly, but internet
is often abused by employees and poses significant liability and
security risks. Used
improperly, the Internet can subject every organization to harassment claims,
countless hours of lost productivity and innumerable security leaks and
vulnerabilities.

Several important risks caused by improper internet usage:
1. Virus Infection
2. Lost Productivity
3. Legal liability
4. Bandwidth consumer

So it is necessary for you to restrict employees internet access on your network.

To achieve this goal,  first you need an internet access policy, which should be able to:

1. Clarify what constitutes acceptable use of Internet services.
2. Ensure employees understand who to contact with questions regarding acceptable use.
3. Ensure employees understand the penalties that arise from Internet misuse.
4. Help lessen an organization’s spyware and virus infestation rates.
5. Provide human resources with signed documentation from each employee stating a pledge not to improperly use Internet services.
6. Help mitigate productivity losses.
7. Decrease dependence upon technology solutions used to enforce employee behavior.
8. Reduce the organization’s liability resulting from harassment claims, copyright violations originating onsite and other illegal acts.

You also need an internet filtering product to assure your internet policy. Let’s take “WFilter Enterprise” as an example, it enables you to monitor and filter internet access for all computers from a mirroring port of your switch. You only need to install WFilter in one computer to monitor the whole network.

Key Features:

  • Keep a detailed record of each web surfing and web posting.
  • Record all incoming and outgoing email content and attachment.
  • Monitor and archive instance messengers chat contents and activities.
  • Monitor and archive files transferred by web, ftp and IM tools.
  • Implement a policy to filter internet access during working hours.
  • Websites, messengers and p2p file downloading can be blocked to save bandwidth and raise productivity.
  • You only need to install WFilter in ONE computer to manage your whole network.

http://www.imfirewall.us

How to block file uploading to internet on company networks?

For security purpose, you might want to block employees file uploading to internet on your network. However, since there are so many tools can be used for uploading, it is extremely difficult to block them all.

Files can be uploaded in various ways:
1. Upload to certain websites, eg: webmail, file sharing websites…
2. Using msn/yahoo/icq messengers to send files.
3. Email attachments.
4. FTP
5. Other third party tools.

WFilter provide a simply solution to block file uploading on company networks. Using WFilter, you can block file uploading and file transfers of all computers from ONE computer.

This tutorial will guide you to block file uploading using WFilter.

First, block file uploading to websites.


Please notice “block uploading files via web pages” only works on HTTP websites. To control HTTPs websites, you can use “HTTPS black/white list” in “Others” of WFilter.

Second, block email attachments.


Third, block FTP and file transfer via messengers.


Last, block unknown protocols.

Blocking unknown protocols blocks file uploading using other unknown third party programs.


More information, please check “WFilter Enterprise”.
Other related links:
How to block internet downloading?
How to monitor internet usage on company network?
Internet monitoring software for business
How to filter web surfing?
How to block websites and restrict internet access?
How to Block Bittorrent and bitcomet?
How to block msn file transfer?
How to block certain websites to save your productivity?
How to block AIM using WFilter?

How to block facebook game using WFilter?

Sometimes you may want to block facebook games during working hours. This tutorial will guide you to block facebook games using “WFilter Enterprise”.

First, add a website black list.


Second, choose this website black list in certain blocking policy.


Third, apply this blocking policy to certain computers.


Now, facebook game is blocked.

How to block bbc iplayer on company network?

BBC iPlayer (formerly known as Integrated Media Player (iMP), Interactive Media Player, and MyBBCPlayer) is an internet television service, P2P, cable television, and several mobile devices developed by the BBC to extend its existing RealPlayer-based “Radio Player” and other streamed video clip content.

As online iPlayer may consume much internet bandwidth, this tutorial will guide you to block BBC iPlayer using WFilter. We suppose WFilter is already properly installed and is capable of monitoring/blocking other computers, if not, please read How to monitor internet usage on company network first.

WFilter’s “website black list” is based on website domains, so we can not use “website black list” to block iPlayer, since iPlayer is a subfolder of www.bbc.co.uk without a individual domain. However, we still can use “URL Keywords Filtering” feature to block url with certain keywords.

The below example demonstrates blocking of url with keyword “iplayer”.

1. Create a blocking policy, and enable “URL Keywords Filtering”.


2. Choose “Streaming Media” category and click the edit icon to edit its keywords list.


Please notice: WFilter already has some default keywords(the default
keywords are hidden). For example, “video” is already included in the
“Streaming Media” category. If you only want to block “iplayer”, you can add a new category in “Category Settings”->”Customize Categories” of WFilter.

In this example, we need to add “iplayer” to the keywords list:

3. Apply this blocking policy to certain computers.

4. By now, urls with keywords “iplayer” will be blocked.

More information, please check “WFilter Enterprise”.
Other related links:
How to block internet downloading?
How to monitor internet usage on company network?
Internet monitoring software for business
How to filter web surfing?
How to block websites and restrict internet access?
How to Block Bittorrent and bitcomet?
How to block msn file transfer?
How to block certain websites to save your productivity?
How to block AIM using WFilter?

How to block sending emails with attachment on company network?

WFilter can be used to block sending/receiving emails, block sending attachments and filter email accounts. And you only need to install WFilter in one computer to monitor all computers in your network.

This tutorial will guide you to block outgoing emails with attachments.

1. Block outgoing emails with attachment(s)

This feature can block sending of emails with attachments via SMTP protocol.

1.1 Add a new blocking level, as in the below figure:

1.2 Set a proper “Level Name” and “Level Desc”, check “Block sending emails with attachment(s)”, as in Figure 2:

1.3 Apply this new blocking level to certain users in “User-computer Table”, as in the below figure:

1.4 Emails with attachment(s) will be blocked, as in Figure 4:

Blocking adapter doesn’t work when using two network cards with WFilter.

Some switches does not allow outgoing traffic on a mirroring port. In this case, WFilter needs a separate blocking adapter to send blocking packets. And if you’re monitoring and filtering more than 100 computers, we recommend you to use a different blocking adapter as the monitoring adapter.

When the two network cards are installed, we will want the Windows system to use the blocking adapter to access your network. However, sometime the Windows system might pick up the monitoring adapter and fails to connect to your network. This problem can be resolved by the “Automatic Metric” setting in Windows.

A metric is a value that is assigned to an IP route for a particular
network interface that identifies the cost that is associated with
using that route. The Automatic Metric feature is configured independently for each network interface in the network. This feature is useful in situations where you have more than one
network interface of the same speed, for example, when each network
interface has been assigned a default gateway. In this situation, you
may want to manually configure the metric on one network interface, and
enable the Automatic Metric feature to configure the metric of the
other network interface. This setup can enable you to control the
network interface that is used first in the routing of IP traffic.

In our case, the “Automatic Metric” of the blocking adapter shall be smaller than the monitoring adapter. So by setting “Automatic Metric” of the blocking adapter to “1″, and the monitoring adapter to “2″, Windows system will use the blocking adapter to access your network.