LANCOM Techpaper Content Filter



Similar documents
LANCOM Content Filter Option. Handbuch Manual

Access Control Rules: URL Filtering

Application Control and URL Filtering

Proxy Blocking: Preventing Tunnels Around Your Web Filter. Information Paper August 2009

Configuring Your Gateman Proxy Server

Comparing Architectures For Internet Content Filtering Solutions

DriveLock Websecurity

Performance Characteristics of Data Security. Fabasoft Cloud

Avira Internet Security FireWall. HowTo

Automatic Hotspot Logon

Barracuda Web Filter Demo Guide Version 3.3 GETTING STARTED

Manual Password Depot Server 8

Quick Start Guide Getting started with your Hetzner package

Ensure safe and appropriate web surfing for all users with customizable filtering.

White Paper. How to Effectively Provide Safe and Productive Web. Environment for Today's Businesses

Image Control. Administrator Guide

Collax Web Security. Howto. This howto describes the setup of a Web proxy server as Web content filter.

WebMarshal User Guide

Content Filtering Client Policy & Reporting Administrator s Guide

McAfee Web Gateway Administration Intel Security Education Services Administration Course Training

Guide to Analyzing Feedback from Web Trends

Chapter 6 Using Network Monitoring Tools

Proventia Web Filter 2.2

orrelog Ping Monitor Adapter Software Users Manual

AlienVault. Unified Security Management (USM) 5.x Policy Management Fundamentals

HomeNet. Gateway User Guide

User Guide. Hosted Web Security. Copyright CensorNet Limited,

WildFire Reporting. WildFire Administrator s Guide 55. Copyright Palo Alto Networks

DiskPulse DISK CHANGE MONITOR

Dell SupportAssist Version 2.0 for Dell OpenManage Essentials Quick Start Guide

Chapter 6 Using Network Monitoring Tools

LifeSize Video Center Administrator Guide March 2011

SPAM FILTER Service Data Sheet

IBM Security QRadar SIEM & Fortinet FortiGate / FortiAnalyzer

Evaluation Guide. iprism Web Security V7.000


SecuraLive ULTIMATE SECURITY

How To Check If Your Router Is Working Properly

Configuring SonicWALL TSA on Citrix and Terminal Services Servers

Orientation Course - Lab Manual

CounterACT Plugin Configuration Guide for ForeScout Mobile Integration Module MaaS360 Version ForeScout Mobile

NETWRIX EVENT LOG MANAGER

Integrating a Hitachi IP5000 Wireless IP Phone

Stopping secure Web traffic from bypassing your content filter. BLACK BOX

Chapter 4 Firewall Protection and Content Filtering

Putting Web Threat Protection and Content Filtering in the Cloud

Burst Technology. bt-webfilter User Guide

When Reputation is Not Enough: Barracuda Spam & Virus Firewall Predictive Sender Profiling

User Guide for Paros v2.x

IPRO Viewer. Installation

WORKING WITH WINDOWS FIREWALL IN WINDOWS 7

User Guide. You will be presented with a login screen which will ask you for your username and password.

SANS Top 20 Critical Controls for Effective Cyber Defense

Barracuda Link Balancer

What s New Guide. Active Administrator 6.0

HowTo. Firewall Avira Premium Security Suite

Delegated Administration Quick Start

Avira Exchange Security Small Business Edition. Quick Guide

OPTENET Security Suite / OPTENET PC Web Filter

Copyright 2013 Trend Micro Incorporated. All rights reserved.

ProView. Remote monitoring and administration for self-service networks. Copyright Wincor Nixdorf International GmbH

Violin Symphony Abstract

IBM Connections Cloud Security

Hillstone StoneOS User Manual Hillstone Unified Intelligence Firewall Installation Manual

SonicWALL Security. User Guide. Version 4.6

SERVICE DESCRIPTION Web Proxy

Quest InTrust. Version 8.0. What's New. Active Directory Exchange Windows

Test Case 3 Active Directory Integration

How To Install Caarcserve Backup Patch Manager (Carcserver) On A Pc Or Mac Or Mac (Or Mac)

ESET Mobile Security Business Edition for Windows Mobile

Controlling Risk, Conserving Bandwidth, and Monitoring Productivity with Websense Web Security and Websense Content Gateway

How does the Excalibur Technology SPAM & Virus Protection System work?

Chapter 8 Router and Network Management

Guidelines for Web applications protection with dedicated Web Application Firewall

Application Detection

McAfee Network Security Platform Administration Course

Avira Exchange Security Version 12. HowTo

LANCOM Advanced VoIP Client 1.20 EN. Notes on Installation

User's Guide. Product Version: Publication Date: 7/25/2011

NetDefend Firewall UTM Services

Secure Content Management: Protected, Productive Networks for Today s Businesses

Barracuda Spam&Virus Firewall v5.1 a Web Filter v5.0 Nové funkce, pluginy a uživatelská vylepšení. Jiří Blažek, Product Manager

User Manual for Web. Help Desk Authority 9.0

NSFOCUS Web Application Firewall White Paper

Internet Advertising Glossary Internet Advertising Glossary

FEC Secure IPSec Client

Administration Guide. Novell Storage Manager for Active Directory. Novell Storage Manager for Active Directory Administration Guide

Larry Wilson Version 1.0 November, University Cyber-security Program Critical Asset Mapping

User's voice OPTENET WEBFILTER PC. Comprehensibility: Test user did not provide any comments. Look and Feel: Time to install and configure: 45 minutes

Filter Avoidance and Anonymous Proxy Guard

Sophos for Microsoft SharePoint startup guide

WEB QUARANTINE USER GUIDE VERSION 4.3

Important. Please read this User s Manual carefully to familiarize yourself with safe and effective usage.

Active Directory Integration

Next Generation IPS and Reputation Services

NetSpective Content Filter User Guide

Performing a Web Application Security Assessment

Cyan Networks Secure Web vs. Websense Security Gateway Battle card

How to Prevent Secure Web Traffic (HTTPS) from Crippling Your Content Filter. A Cymphonix White Paper

Monitoring Replication

Transcription:

The architecture Content filters can be implemented in a variety of different architectures: 11 Client-based solutions, where filter software is installed directly on a desktop computer, are suitable for private requirements. These applications, often called "parental control", are configured in such a way that they check target web sites against a central database server, and they allow or prohibit access accordingly. 11 In very large organizations it is worthwhile operating dedicated database servers that allow filter rules to be customized in an individual and specific manner. These solutions demand considerable financial and organizational resources due to the effort of running backup servers and maintaining the rules on a regular basis. 11 An integrated solution, where the content filter is implemented on the central gateway, is suitable for medium- to large-sized companies. The LANCOM is one example of this type of integrated solution where the filter uses the functions of an existing firewall. One major advantage over the client-based solutions is that the content filter can be configured centrally, meaning that all workstations can be monitored at any time in accordance with a standard policy with little effort. The LANCOM consists of a number of components: 22 Timed control for the selection of policies 22 Firewall for the selection of the data streams that are to be examined 22 Content filter that acts as a proxy, accepting the data to be examined and performing the desired actions 22 Rating server that examines the Internet sites and checks to see if they belong to specific categories The filter concept The LANCOM functions by combining configured rules and the rating server from IBM Tivoli Security Solutions. At the technical level, the content filter inspects each HTTP request according to the following criteria: 11 Who is attempting to access the Internet? The answer to this question is supplied by firewall rules that identify specific users or user groups via IP or MAC addresses. 11 When is access allowed? This is where the timeframes apply that are used to manage the validity of the filter rules. 11 Which URL should be opened? The content filter checks whether the web site belongs to a blacklist, a whitelist, and to one or more categories that are activated via user-defined profiles for a user group. 11 What action should the content filter perform? The content filter rules can permit or prohibit access to specific web pages or allow restricted access only. The first two items are configured by defining appropriate firewall rules and timeframes. In order to check the current URL, the content filter first makes use of the configured blacklists or whitelists. If the URL is found in the blacklist, it is blocked without any further checking. If the URL is found in the whitelist, it is permitted without any further checking. The whitelist has priority over any possible conflicting blacklist entry. When defining blacklists and whitelists, different paths can be entered separately for the same domain 1

meaning that certain areas of a URL can be rated differently. If the URL check based on blacklists and whitelists returns no result, the content filter will forward the query to a rating server. Data is anonymized before being processed so that no inference can be drawn as to the user's identity. The rating server examines the requested URL against its database and delivers the result via the LANCOM to the client's browser. Entries in the database primarily contain the stored URL and the category that the URL has been assigned to. One URL can be assigned to several categories. Furthermore, individual sub-pages can be categorized in different ways so that, for example, a different categorization is valid for each of the three URLs below: 11 www.mycompany.eu 11 www.mycompany.eu/news 11 www.mycompany.eu/downloads In the same way, individual hosts within the same domain can be assigned to different categories 11 www.mycompany.eu 11 downloads.mycompany.eu The example below shows the structure of the database entries: 11 Domains: mycompany.eu 11 Hosts: www.mycompany.eu, pics.mycompany.eu 11 Directories: www.mycompany.eu/pics/ 11 HTML pages: www.mycompany.eu/pics/index.html 11 Picture URLs: www.mycompany.eu/pics/001.jpg 11 IP addresses: http://123.123.123.123 11 Protocols: http:// vs. ftp:// 11 Ports: http://www.mycompany.eu:80 and http://www.mycompany.eu:81 If the URL is checked successfully, information is returned on which of the 58 categories it belongs to. The administrator can decide individually for the company which web sites or categories should result in what actions. The 58 categories are divided into 14 subject groups such as Pornography, Nudity", "Shopping" or "Criminal Activities". You can activate or deactivate each of the categories that these groups contain. The sub-categories for "Criminal Activities" are, for example, "Illegal Activities", "Computer Criminality", "Political Extremism/Hate/Discrimination". Content filter actions The content-filter actions initiate the measures required for each user group, time and target address. Besides the usual actions of "allow" and "block", the LANCOM provides a further option that can be used to handle access to the web sites in a flexible manner. The "override" option enables the user to visit a web site that has actually been blocked. This option allows the administrator to avoid situations in which company interests make it vital to access certain web sites that would normally be blocked. In such cases there may be no time or opportunity to check access and to adapt the rules if necessary. If the user accepts the override, he or she may access the unblocked web 2

site for some minutes or even a whole day, depending on the configuration. The administrator can be automatically informed of such incidents in order, for example, to activate access for URLs that are subject to frequent overrides. The override type allows temporary unblocking to be defined more precisely. For example, the override feature can be used to unblock the category which the requested domain belongs to. This will then make all the other web pages belonging to this category accessible. Alternatively, the domain can be temporarily unblocked irrespective of the categories that the various sub-pages are assigned to. The combination of category and domain is especially restrictive for the override feature since only those URLs will be permitted that belong to both the domain as well as to the categories of the current web site. The rating server The rating server uses various web crawlers to evaluate the content of web sites. Web crawlers browse the Internet automatically and quickly, analyzing keywords, text and images in order to classify and store them in a database. The combination of various intelligent algorithms for text classification and image identification using techniques to identify, for example, symbols, logos, skins and faces as well as OCR (optical character recognition). This guarantees an extremely reliable rating. The database contains a list with over 100 million URLs that cover some 10 billion web pages and is updated and extended by the dynamic, automated web crawler process with almost 150,000 entries daily. Web crawlers The web crawler algorithms are specifically designed for the requirements of the rating server. At a technical level, the web crawlers must apply the right strategy to take account of performance fluctuations, unreachable servers, spam domains, parked domains, multi-lingual and search-engine optimized web sites. At the content level, cultural, moral and ethical aspects are important for the appropriate rating of web sites geographically. In order to be able to examine all relevant URLs, the web crawlers follow hyperlinks they find on the web sites not within a domain but systematically beyond its boundaries into other domains. The web crawlers also make use of domain registration information and other external sources relating to new domains in order to find non-linked web pages. Text classification Text classification in the rating servers goes far beyond the simple examination of keywords. Even if it is easy to configure the search on the basis of keywords, a simple rating based on the number of occurrences of certain words has a significant disadvantage since some words have multiple meanings that can only be assessed under consideration of the context. The word "sex" can occur in, for example, pornographic as well as medical content. For this reason, intelligent search functions use the frequency of words and the inter-combination of different words. These heuristic processes make it possible to classify texts extremely accurately, provided that the quantity of text is sufficient for a valid assessment. Image classification Several technologies are used to classify images on web pages. Pornographic pictures are determined, for example, on the basis of the proportion of skin tones in the images. The rating servers have a special facial recognition feature that can reliably identify faces and their proportion in the image in order to prevent portraits being incorrectly identified as pornography. But image classification can also recognize symbols with political or similar significance in order to identify prohibited content. As images can often contain text, optical character recognition (OCR) is used to classify any conspicuous messages. 3

Combination of results In some cases the results of the individual rating engines do not provide clear-cut findings. For example, a web page may display images with a large proportion of skin, which suggests pornographic pictures. However, the associated text indicates a medical context. The results are therefore summarized using a weighted rating that makes it possible to perform a reliable classification. Automatic selection of the rating server The LANCOM uses a central rating server located in one of the world's largest computing centers. Besides the database, which is always up to date thanks to highly professional category management and the web sites examined, this solution offers an additional important advantage in that the LANCOM will automatically use a backup server if there is any disruption to the rating server. There are several redundant databases available around the world, meaning that access to the current rating status is always available. The LANCOM will always select the server with the fastest response time in order to optimize filter performance. User-defined category profiles The LANCOM can be specifically tailored to an organization's requirements using userdefined category profiles. In many cases, blacklists and whitelists apply uniformly to all users but the blocking or unblocking of different categories of web page does not need to be regulated uniformly for all parts of an organization. A press officer in the PR department might require access to URLs that should not be available to colleagues in production. In order to model these specific situations, profiles are set up that have their own category configuration. Such a userdefined profile is assigned to a user group via the firewall, which means that the user group then has its own filter settings. Logging and alerts The content filter's logging and alert functions are particularly important in light of the continuous development of filter rules. Depending on how it is configured, the content filter can inform the administrator about the number of licenses being exceeded or licenses expiring, about errors, or about blocks on web pages being overridden. The administrator can choose to be informed via e-mail, SNMP or SYSLOG. Furthermore, the content filter can create a snapshot at regular intervals to provide detailed statistics for a particular period for comparison with other periods. LANmonitor provides convenient functions that allow the status of the content filter to be viewed during operation. 4Content filter statistics are always anonymous 4 and do not allow any inference as to the user's identity. Only messages relating to the use of the override function can contain the IP and MAC address of the relevant computer and the requested URL, depending on the setting. User-defined blocked pages The LANCOM provides predefined pages for the "blocking" and "override" functions that can be displayed in the browser when the actions are triggered. A company can develop its own blocking and override pages to allow the content filter to be fully integrated into the organization. All modern web-page functions such as JavaScript are available for this. Simple HTML tags, which are inserted into the source text at run time, can be used to display function-related texts and buttons. 4

LANCOM content filters are used to implement corporate-wide policies Administrators can use a content filter to systematically filter content in the network and thereby prevent access to Internet sites with content that is illegal, offensive or hazardous. This can also be used to prevent private surfing during working hours. LANCOM content what Internet content is allowed in the network and what is not. Summary For many companies access to the Internet is a business-critical process. Implementing clear and uniform policies for Internet usage is essential in order to guard filters allow Internet access to be centrally configured and managed for the entire organization, allowing Internet policies to be implemented in a standardized and effective manner. This increases employee productivity and makes the network more secure, reduces the risk of illegal activity in many areas and reserves the entire bandwidth for business processes only. The LANCOM allows the network to be tailored to match organizational-specific requirements using a whole range of functions including the specific restriction by group, IP address or workstation, scheduled rules and warnings, or the complete blocking of certain web pages. The basis for filtering is provided by a central database, which currently contains more than 100 million URLs. These URLs are grouped into 58 categories that assist with customer-specific configuration. The continuous maintenance of the database goes far beyond the concepts of many other types of solution. The effort of manually maintaining URL lists can only ever be partially successful because the resulting errors can lead to gaps in network security. The LANCOM uses a database that automatically examines web sites, meaning that new and modified web content can be integrated very quickly. Web crawlers update and extend the central database with almost 150,000 web sites each day using complex analytical methods for automatic categorization. Using the LANCOM, the administrator can easily make informed decisions based on categories about against the dangers of malware etc., to ensure employee productivity, and to meet legal requirements. The LANCOM makes it possible set up a central, powerful filter solution for corporate networks that is also easy to configure. Using a database that is always up to date and rules specifically tailored to individual requirements, the LANCOM allows the effective implementation of company-wide policies, thus increasing the security of the network. LANCOM, LANCOM Systems and LCOS are registered trademarks. All other names or descriptions used may be trademarks or registered trademarks of their owners. Subject to change without notice. No liability for technical errors and/or omissions. 08/10 www.lancom.eu LANCOM Systems GmbH I Adenauerstr. 20/B2 I 52146 Wuerselen I Germany I E-mail info@lancom.eu

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information