1 / 35

More versatility with ease of installation...

More versatility with ease of installation.

tracy
Télécharger la présentation

More versatility with ease of installation...

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. More versatility with ease of installation... The X-Stop R2000 represents a departure from all previous filtering technologies, affording more versatility, features and performance. The R2000 is ideal for large or small organizations such as school districts, businesses and ISPs. To keep your network humming, the R2000 is designed to filter connections that appear on your Ethernet without interfering with the connection as in proxy-based filters.

  2. Features and Benefits

  3. Plug N’ Block Technology A unique “Plug & Block” feature developed by X-Stop removes the installation hassle. You don’t have to configure your browser or router, nor do you have to program or modify your existing network hardware infrastructure. To begin filtering, all you need is a power cord, a network cable and 2 IP addresses. Since the system adapts to any TCP network, it can easily handle thousands of PCs with no degradation in throughput.

  4. URL Filter X-Stop monitors and blocks Web (HTTP) and file transfers (FTP) that lead to non-work related or offensive sites. New sites are added daily, sometimes within hours of the site going online. X-Stop issues an HTML block page when a violation occurs and administrators can change the design of the block page to their liking. There are also customizable included and excluded lists.

  5. Search Engine Monitor X-Stop can be activated to monitor and block select Internet searches for non-productive material. X-Stop blocks the words used to search for non-work related sites, then blocks the search, not the search engine (i.e., users can’t search on words such as “porn”).

  6. Newsgroup Filter Monitors all newsgroup (NNTP) requests and compares each request with the X-Stop newsgroup library. If there is a match, X-Stop terminates any further activity to that particular newsgroup.

  7. New Features: • User/Group Profiles. A simple means of managing filtering levels by establishing group or individual user profiles. • Radius. This new feature accommodates more end users and permits remote control of management levels and parameters without re-creating user accounts.

  8. Key Features: • Plug & Block installation • Invisible, router or firewall modes • Up to 100 times faster than competitor products • No network slow-down • Unprecedented scalability • Fault-tolerant technology prevents network failure • Denies access to pre-selected Internet Web sites (HTTP) • Denies access to pre-selected Internet FTP sites (FTP) • Denies access to pre-selected Internet newsgroups (NNTP) • Denies searches using pre-selected words within Internet search engines • Blocks selective ports (services) such as IRC chat, ICQ, RealVideo, RealAudio, etc. • Automatically filters proxy servers, preventing bypassing of the R2000 • Integrates with RADIUS module for authentication • Customizable individual filtering profile for end users • VPN capability, supporting IPIP tunneling • Automatic daily library updates of new blocked sites • Selective category filtering • Selective user/group filtering by IP or username • Individual filtering profiles for dynamic IPs • Detailed reporting of Internet usage, by user or by organization • Supports multiple block pages

  9. 3 Different Modes • Invisible Mode (Monitor Mode) • Router Mode • Firewall Mode

  10. 1) Invisible Mode • Extremely effective • Not a point of failure on the network • Content filtering without significant changes to the established network • Able to work with router mode • Cache system may cause problems

  11. 1) Invisible Mode User makes request A TCP reset is sent to the web server, alerting the web server to kill the session Request passes through hub Router receives request and sends request to the Internet R2000 listens to request as it passes through the hub R2000 matches the request against its library If the website requested matches in the library a block page is sent to the client If the item requested is not in the library the R2000 does not respond

  12. 2) Router Mode • Default mode • Extremely effective • Acts as an Ethernet router • Outbound traffic passes through the unit • Return traffic does not pass through the unit • Able to work with invisible mode • Cache system may cause problems

  13. 2) Router Mode User makes request Request passes through the R2000 As the request passes to the router, the R2000 matches the request against its library A TCP reset is sent to the web server, alerting the web server to kill the session If the item requested is not in the library the R2000 does not respond If the website requested matches in the library a block page is sent to the client

  14. 3) Firewall Mode • 100% effective filtering (with regard to library) • Return traffic will not pass through the unit • Acts as an Ethernet router • Will not work with invisible or router mode • Cache systems will not cause problems

  15. 3) Firewall Mode User makes request Request is received by the R2000 Router receives request and sends request to the Internet If the item requested is not in the library the R2000 sends the request to the router If the website requested matches in the library a block page is sent to the client (the request never leaves the R2000)

  16. Installation Scenarios • Inside the Internet router • Inside a firewall • On a switch • On a network with a caching proxy

  17. 1) Inside the Internet Router • Invisible or router mode is suggested • Able to see all outbound Internet traffic • Easiest point of installation • If NAT is in place, reports may be ineffective

  18. Inside the Internet Router

  19. 2) Inside a Firewall • A one-to-one NAT is required • A hole allowing access to our support staff must be configured • Invisible or router mode is suggested • Both interfaces must be plugged in behind the firewall

  20. Inside the Firewall

  21. 3) On a Switch • Router and firewall mode, no changes are required • For invisible mode to work, a port monitor must be configured on the switch • Invisible mode will not work on a switching hub

  22. Port Monitoring

  23. 4) On a Network with a Caching Proxy • If the cache device is filtered, the cache must be cleared • If the cache device is not filtered, the R2000 must be in firewall mode with the cache device outside the R2000 • The R2000 cannot be installed behind a proxy if the IP addresses inside the proxy are non-routable

  24. Methods for Handling Cache Invisible or Router Mode If monitor mode is used, the caching device must have its gateway set to the R2000 so that all cached pages are filtered. Firewall Mode If the caching device can not be filtered, then all filtered users must have their gateway defined as the R2000 in firewall mode.

  25. Firewall Mode and Cache

  26. Filtering the Cache

  27. Filtering Methods (Profiles) • • A profile represents the categories and ports that are filtered or blocked for a specific user, or group of users. • Blocking is defined as a total stoppage of all traffic on a specific port. • Filtering is defined as limiting the ability to of users to view sites that are contained in the R2000’s library.

  28. Types of Profiles • • Default Profile • GroupProfile • RadiusProfile • UserProfile

  29. User Profiles Radius Profiles Group Profiles Default Profile The Profile Tier System

  30. Default Profile • • This is the level of filtering that is assigned to all filtered IPs. • All other profiles supercede this profile. • If a user is to be filtered, the user’s IP must be contained in the default profile. • The default profile is IP-based.

  31. Group Profiles • • Supercedes the default profile. • Users in a group profile must be in the default profile. • A group profile can be one or many IPs. • Group profiles are IP-based. • The range of IPs filtered must be subnetable.

  32. Radius Profiles • • Supercedes the default and group profiles. • The profile is assigned at the time a user dials-in, and ends at the end of the dial-in session. • The R2000 must be set as the primary accounting server. • Profiles are passed to the R2000 as a class attribute, and all accounting packets are forwarded to the accounting server unchanged.

  33. User Profiles • • Supercedes all other profiles. • Assigned by username and password. • Administrators can give end users the ability an unlimited number of profiles. (ISP or large business.) • Simple username/password bypass is available.

More Related