Corporate Web Filtering

[Barry]

Quote:

Originally Posted by Thorn

What? Someone using the "i" on a non-Apple product? How dare they! Jobs better alert his lawyers!

Actually I think Compaq started the i thing.

[pureh@te]

Pfsense has squid and lots of other features for network monitoring and Traffic shaping and tons of other stuff. I highly recommend it.

[newkoba]

for a free solution i recommend untangle and for commercial pay usage i would recommend webwasher over websense anyday. well except maybe now that mcafee bought webwasher man they suck.

[lupin]

There's tonnes of commercial products out there for this sort of thing. As Thorn mentioned none can tell you how long a website was in focus on a screen. Some (such as the Astaro product) try and do some funky things with their reporting where they assume that each set of page requests from a site means a three (or maybe five) minute usage period for that site. Its not really accurate however, especially when you consider that some site auto refresh their content without user intervention. On a proxy this looks like multiple requests to the site. We have had had usage reports get wildly skewed when users leave their machine logged on overnight with a news page open in the browser.

The best choice depends on the features you are after, including stuff such as:

• Categorisation of sites
• Malware scanning
• Content type protection
• SSL inspection
• Phishing protection
• Blocking of compromised hosts
• Authentication of users
• etc

Personally I have been using the Clearswift MimeSweeper for Web software product for years and I really like it. It has its problems though, it has performance problems for large sites, SSL inspection is an addon and doesn't work very well, reporting is not terrific, and its well renowned for being extraordinarily difficult to configure, especially if you want high security. Its also gone end of life just recently.

It is however (in my humble opinion) one of the best products out there for filtering web traffic based on content, it actually analyses the contents of traffic and determines file type based on the contents of the file (rather than on MIME Type headers or file extensions as most other products do), it can look inside zip files, office documents etc for embedded files, etc. It can provide excellent security if you know how to configure it well - its saved us from many a web based malware infection.

We are about to replace it with the MimeSweeper for Web appliance, which apparently fixes many of the issues with performance, reporting, ease of use etc. I don't know yet whether the security will be of the same high level, but I'm hopeful.

Some other well regarded products in the space which I have looked into are:

• WebMarshall
• ContentKeeper
• The Sophos product (cant remember the name)
• BlueCoat
• Barracuda

[Barry]

Quote:

Originally Posted by lupin

Some other well regarded products in the space which I have looked into are:

• WebMarshall
• ContentKeeper
• The Sophos product (cant remember the name)
• BlueCoat
• Barracuda

These guys make awesome anti virus products.

[BaconZombie]

Thanks all for your input.

I know the active windows monitoring in going to be an issue but that's the law in Irish.

I'll have to research all the suggestions this week.

[Thorn]

Quote:

Originally Posted by BOFH139

I know the active windows monitoring in going to be an issue but that's the law in Irish.

Just out of curiosity (I want to kill a cat. ), what exacly does the law say?

[wyze]

Quote:

Originally Posted by BOFH139

I know this is a BackTrack Forum but I’d like to get you expert advice on this topic.

The company I work for are looking to introduce a web filtering/reporting system.

One of the main features the system need is the ability to know if the website is in focus and for how long not just that the site was visited x amount of times. This is because the laws in Ireland are very grey to say the lest.

The setup is as follows, all Windows XP systems on an intranet that has two separate dedicated links to two different data-centres, are external Internet gateways are then split out over the data-centres backbone connection.
So what systems do my brethren BoFH’s use in their realms or suggest I look at using?

Sonicwalls do this well.

[lupin]

Quote:

Originally Posted by Barry

These guys make awesome anti virus products.

Yeah, they are pretty good. We have been using them on our mail gateway and web gateway at work for approx 7 years now. Successive Virustotal scans of some new virus samples we were receiving via email about 6 months ago always showed Sophos being amongst the first to offer detection.

We were having some issues a while back where Sophos were not detecting certain web based malware dropper programs that Symantec (running on our desktops) was detecting. Haven't had that happen for about a year now though, so either Sophos have gotten better or Symantec have gotten worse

[thepretender84]

2 words...Clark Connect. Just about every school in my state uses it. We have students trying to bypass our filtering 24/7. The only thing that I have seen get by it is Tor. However, with a quick Snort rule, you can easily detect it and deal with the user. BTW, we tried websense, but dropped it for CC.