Full Reporting And Logging

All web browsing activity is recorded to an SQL database that can be either be viewed on screen or exported for external analysis. An extensive range of detailed reports can be generated to show anything from 'most visited domains' and 'top blocked categories' to time spent browsing and bandwidth utilisation. Where authentication is enabled, reports can also be generated by user or group so that the worst offending users (in terms of requesting pages that were blocked by our service) can be quickly identified.

Reports can also be easily customised, with a drill-down facility that allows the data to be explored to a much greater depth. For example, from a list of blocked sites that students have attempted to access, it is possible to drill-down to find out exactly which individuals have been trying to access any particular site.

 

Reports can also be produced in a graphical format appropriate to the report contents such as pie charts and bar graphs, saved in familiar file formats such as PDF and Excel, or emailed to a distribution list. User Agent Reporting can be used to identify non-standard browsers or other software using the web (such as spyware) and AJAX based real-time logs and traffic graphs show instantaneous web activity.

Automatic data aggregation from multiple remote systems provides network-wide reporting. The new report template facility allows administrators to create, store and schedule their own reports.

Incident Alerts
Under normal circumstances our system will run for weeks or months without the need for human attention. However, should the system detect unusual web activity or a hacker decide to attack either the firewall or one of the systems it is protecting, then we can make network administration staff aware of the incident by sending alert messages to cell (mobile) phones.

User Authentication
Our system supports a wide variety of authentication schemes in order to establish user identity so that the correct filtering policies can be applied.

Verification of usernames and passwords against the organisation's primary authentication system is the preferred mode of operation. Integration with RADIUS, Microsoft Active Directory®, Novell eDirectory™ or other LDAP authentication systems* avoids the need to replicate or maintain user details on the system. Group membership on the authentication system is mapped to our security policies so that authentication system changes are immediately reflected on the our system. Our filtering policies control if and when users are allowed to access to particular categories of web sites, if they are allowed to download files etc.

User identification also makes reports far more meaningful and useful, in that reports containing actual user names are far more comprehensible that lists of IP addresses. However, if no central authentication system is available, a user database can be maintained on the system itself.

The system works with all major browsers and operating systems including Microsoft Windows, Mac OSX and Linux. The use of NTLM and Internet Explorer provides seamless single sign-on without the need for users to log into the system or enter their Windows ID/password again.

You can rely on us to provide maximum accuracy and security with minimum administration effort - everything from simple IP-based identification to full group based authentication and policy based filtering.

*This option is not available with Corporate Firewall.

Blocking Anonymous Proxies
An anonymous proxy is a website which allows the user to browse through it to other sites without disclosing their URLs to any filtering software. All that the filtering software will see is the URL or IP address of the proxy. As illustrated below, the proxy is typically presented to the user as a form.

Often, the URL of the proxy is misleading - education administrators recently finding (the now defunct) mathshelp.info and examstudies.com littering their logs. Although they look like legitimate sites, they are actually anonymous proxies!

How do your users find an anonymous proxy? Easy - try entering "unblock myspace" into Google!

 

Hundreds of thousands of sites offering the same thing - anonymous proxying. To make matters totally impossible for a URL filter, the addresses of these sites change frequently, rendering a URL blocklist impossible to maintain.

How Does The System Block Anonymous Proxies

Dynamic Content Analysis is the answer. The system examines all received web pages, not just for objectionable content and malware but also for the tell-tale signatures of a proxy. Despite the efforts of many proxy sites to hide their function, the system will detect them based on the proxy signatures which are present in one of the dosens of categories included in the system's daily blocklist update.