LANguard Internet Access Control
LANguard manual
By GFI Ltd.
http://www.gfi.com
E-mail: [email protected]
This manual was produced by GFI Communications Ltd.Information in
this document is subject to change without notice. Companies, names, and data
used in examples herein are fictitious unless otherwise noted. No part of this
document may be reproduced or transmitted in any form or by any means,
electronic or mechanical, for any purpose, without the express written permission
of GFI FAX & VOICE Ltd.
LANguard was developed by GFI Communications Ltd.
LANguard is copyright of GFI Communications Ltd. Ó 1995-1999 GFI Communications Ltd. All
rights reserved.
LANguard is a
registered trademark and GFI FAX & VOICE and the GFI FAX & VOICE logo
are trademarks of GFI FAX & VOICE Ltd. in Europe, the United States and
other countries.
LANguard fulfils 3 important functions:
Secures your network from outside threats and hackers
LANguard is able to block all external
traffic from the Internet and so effectively protect your network fromelectronic
break-ins, penetration attacks, hackers, and other threats.
The 1999 Information Security Industry survey revealed that the number of
companies hit by an unauthorized access breach increased by nearly 92 per cent
from 1997 to 1998. The study reported that companies suffered an average loss
of US$256,000 to security breaches in 1998; and 12 per cent of the 745
organizations surveyed said their financial loss totalled US$23.3 million.
Throughout the first half of 1999 alone, hackers broke into and vandalized a
series of high-profile US federal government sites, including those run by the
White House, the Senate, the FBI, the US Army, and a federal weather site.
Ensures productive use of the Internet
LANguard allows you to monitor Internet
usage from all machines on the network. It also allows you to block external
traffic or specific sites that you have listed as non-productive. By
intelligently analysing URLs, LANguard can also block out sites that are likely
to be non-productive even though they are not included in your list.
An article in the
July 1999 issue of the Sacramento Bee
reported that US companies and government agencies lose an estimated US$50
billion a year in productivity due to employees using the Net for their own
personal interests while on the job. Webster Network Strategies of Florida
revealed that employees spend a daily average of 90 minutes surfing the
Internet for their own use when at work. Exec-U-Net, a job placement firm, says
that almost 90 per cent of senior executives surf the Net at the workplace to
find new jobs while a 1998 study by Elron Software found that over 6 out of 10
companies reported employees accessing sexually explicit sites at work.
Monitors internal network traffic for threats
Many companies mistakenly assume that
unauthorized access is only attempted by external parties. In fact the majority
of corporate security threats stem from internal sources, such as users hacking
into shares to which they are barred entry and accessing confidential data. Of
course, your network provides for some security, but passwords are easily
hacked and many 'backdoors' exist.
The 1999 Information Security survey says that
“companies suffer employee access abuses more than any other type of security
breach”, and quotes Deloitte & Touche Security Services as confirming that
“the internal threat has been the highest threat for... many years”. The study
found that 52 per cent of the companies surveyed experienced unauthorized
employee access in 1998.
LANguard provides an effective and
easy-to-use method of securing your network. It allows you to specify all
computers to which outside users should not have access. Then LANguard blocks
all TCP/IP traffic to those machines
and makes it IMPOSSIBLE for hackers to access them.
LANguard is able work with a back-up,
second copy of LANguard running on your network. This way you can enjoy 100%
security and fault tolerance, even in cases
where your main firewall machine has a hardware problem or power outage.
LANguard is able to monitor bandwidth
usage and can also help you justify decisions on increasing available
bandwidth.
LANguard checks and logs users accessing
undesirable sites. It can alert an administrator or block users accessing these
sites. Besides the fact that some employees spend more time on entertainment
rather than work, the Net can also mean you need to protect your company
against law suits! Allowing employees to download offensive material could make
your company vulnerable to an expensive law suit.
Various US court cases have been
instituted by employees alleging a hostile workplace due to exposure to
objectionable material at work, a July 1998 InfoWorld
article reported. A leading information technology legal counsel was quoted
as saying that, in such cases, the court is keen to examine the steps taken by
the employer to prevent such an occurrence from taking place.
Trojans are little programs that run on
your PC and allow people to access your PC's files and run programs on it.
Trojans are probably one of the most dangerous security threats, because they
often penetrate your network in the form of an e-mail attachment or web
application. It is virtually impossible for anti-virus software to catch them
because they are continuously changing and are usually disguised as normal
programs. However, with LANguard, you can detect them because they show up as
network traffic as soon as they are started. At this point, you can take
immediate action and remove the Trojan from the user’s computer.
LANguard includes detailed reporting
options to allow you to compile and analyse Internet usage statistics with
ease. The following reports are available in LANguard:
·
Detailed list of all web sites accessed
·
Detailed list of all FTP and other Internet traffic
·
List of Internet traffic per machine/user
·
List of web sites accessed per machine/user
·
Traffic usage distribution
To enable the security/system administrator
to take immediate action where appropriate, you can configure LANguard to issue
alerts on particular occurrences. Alerts can be issued via e-mail, a pop-up
dialog or a sound.
LANguard can help in the cost
apportionment of Internet usage. Because LANguard keeps detailed logs of
Internet bandwidth usage, you are able to allocate the cost of leased lines
appropriately and fairly.
LANguard is easy to install and requires
no specialized TCP/IP or security knowledge. You simply run the 'setup.exe'
install program, and LANguard will automatically detect and configure network
settings.
LANguard can check for keywords in URLs
to determine whether a site is inappropriate or not. This method is much more
efficient and dependable than that of using a database of inappropriate sites.
The amount of sites that are added each day makeit
practically impossible to reliably categorize the Internet: In 1993, there were
26,000 domain names in use; in 1999 there are over 5 million web sites.
Instead, LANguard can check for a keyword such as 'sex' in a URL and therefore
prevent access to that site. Keywords for particular sites are unlikely to
change and therefore you can almost certainly block out unwanted sites.
You can also check for words in web pages
or other internet traffic.
LANguard uses revolutionary network
sniffer technology, allowing it monitor all TCP/IP traffic entering and leaving
the company.
LANguard consists of the following parts:
The LANguard Windows NT service
This is the core of the LANguard
application. It runs a native Windows NT service and has no interface to make
it more robust. The LANguard service runs in the background, monitoring your
network and enforcing the rules that you set in the LANguard application.
The LANguard application
This is the LANguard 'interface'. It
serves as a monitor for your network and for configuring the rules that you
wish to set. It is also the place to configure LANguard.
The LANguard log viewer
The LANguard log viewer enables you to
view the logs created by LANguard.
To install LANguard you
require the following:
·
Windows NT workstation or server
·
An ethernet network card installed in the LANguard
machine
Also, you need to observe the following:
·
Where to install LANguard
·
Make sure you are logged on as an Administrator.
LANguard uses a so
called Sniffer engine to monitor/control Internet activity. To be able to do
this, LANguard needs to be able to sniff all traffic going to and from the
Internet. Therefore, the location where you install LANguard is very important.
If you do not install
LANGuard in the correct location then it might not be able to see all the
network traffic and therefore it would not able to block or monitor all
traffic. To determine where to install LANguard, follow these simple questions:
Question 1
To access the
internet, do you use a hardware router (CISCO, NORTEL etc.) or do you use a
software router or proxy server?
If you use a
software router or proxy server,
install LANguard on the machine running the software router or proxy server. By
default LANguard will work with Microsoft Proxy Server, which is set to port
80. If your proxy server uses a different port, you will have to go to the
‘Network Settings’ dialog in the LANguard Configuration menu and change the
port from the proxy settings tab. For more information on how to configure
LANguard with Microsoft Proxy Server, please go to the paragraph ‘Configuring
LANguard for MS Proxy Server’.
You can skip the rest
of this paragraph and go directly to the paragraph on installing LANguard.
If you use a hardware router, please continue with the following questions:
Question 2
Is your router
connected to a normal hub (i.e. a non switched hub?
If yes, install
LANguard on a machine connected to this hub. You can skip the rest of this
paragraph and go directly to the paragraph on installing LANguard.
If no, go to the next
question
Note: If you are not sure whether you have a switched hub, check the box,
the router itself or the docs. It would say something like 'Fast ethernet
switching hub'. Also it is much more expensive than a regular hub.
Question 3
Is your router
connected to a switched hub?
If yes, then you will
have install LANguard in such a way that it can see all the Internet traffic.
If you install LANguard on a machine that is connected to one of the ports of
your switched hub, it will only be able to see its own traffic.
To install LANguard in
such a way that it can see all the Internet traffic on your switched hub, you
have two options:
LANguard configured via
a separate hub for a switch
Switched hub Option 1 - Install extra hub
Buy a small 5 node hub
(can be purchased for less than $50) and connect the router and the machine
running LANguard to this hub. Then connect the small hub to the switch.
LANguard will now be able to monitor and control all Internet traffic to and
from your network.
LANguard configured via
a BNC connection for a switched hub
Switched hub Option 2 - Put router on BNC connection
For this option, your
switched hub & router must have a BNC connection (They usually have at
least one such connection). Then connect the router and LANguard machine to the
switch by means of BNC.
If you don’t have a BNC
crimping tool, you can buy 2 ready made BNC wires with one termination in
almost any computer store.
Once you have the BNC
wires, connect one to the switch and to the LANguard machine, using a BNC T
connection. Then run the second wire to the router via a second BNC T
connection. terminate the BNC wire by putting a terminator on the BNC T
connection of the router.
Note: If you setup LANguard for use with a switch, LANguard will not be
able to monitor internal network traffic (ie. Netbios)
Note: If you have a 100/10 hub with machines running both 100 & 10
mbps network cards, you can only monitor one ‘speed segment’ at a time. For example, if your hub has 10 machines
running 100 mbps and 2 machines running 10 mbps network cards, then you can
only monitor either the machines running 100 mbps or the machines running 10
mbps. To monitor the 100 mbps machines you need to have the LANguard machine
running a 100 mbps connection. If you want to monitor the 10 mbps connection
you must set the LANguard machine to run a 10 mbps connection. However it is
generally better to ensure that your entire network is running at the same speed.
In this example, it would be better to upgrade the 2 machines to 100 mbps.
(This is better for your network, independently from the LANguard
installation/program)
Step 1: Insert the LANguard CD-ROM in your CD-ROM drive, and run languard.exe from Windows Explorer. If you have downloaded LANguard, simply double-click
languard.exe.
Step 2: Close all other Windows programs and click Next.
Step 3: Confirm the License Agreement.
Step 4: Enter your e-mail address, company name, and serial number. If you
are evaluating the product, enter Evaluation. Click Next.
Step 5: Set-up will now
ask you where you want LANguard to be installed. LANguard will need
approximately 30 MB of free hard disk space. In addition to this, you must
reserve approximately 200-400 MB for log files. Click Next to continue.
Step 6: The set-up program
will now copy all program files to the selected destination, and finish the
installation by creating a GFI LANguard program group. Click Finish to finish set-up and view the Getting
Started document.
LANguard will
install itself as a new service on your computer.
During install, LANguard finds all
settings necessary for you to run LANguard. However, you may wish to change
certain settings afterwards. These are the configuration options:
Local network definition
These are automatically read from the
Windows NT network configuration. There is normally no need to change these
settings.
The list of local computer names
This displays a list of cached IPs and
names of computers on your network. If you wish LANguard to rescan the network
for new names, select 'Clear All'. LANguard will then automatically rebuild a
new list of computers on your local network.
If you use Microsoft Proxy Server and you
have installed Proxy server with all the default options, there is no need to
change anything in either the Microsoft Proxy Server or the LANguard
configuration. However if you have changed any settings or if you can not see
the user’s URL requests in either the Network monitor or the Log files, please
follow this procedure:
Proxy server setup
1. Go to the Microsoft Proxy Server program group and start the MMC
configuration of it.
2. Check if the Web proxy service is running. If not, start it.
3. Now right click the mouse and select properties from the menu
4. Under the tab Service properties, click ‘Client configuration’.
5. Check if the port is set to 80. If yes, you don’t need to do
anything.
6. If the port is not set to 80, you will have to change the Proxy
server port in the LANguard Network settings dialog accessible from the
LANguard configuration menu.
7. Be sure that your browser clients are configured to use the settings
specified here.
To check whether the client workstations
browser settings are using the correct Proxy server settings:
IE 5 settings for Microsoft Proxy Server
1. Go to the Internet Options menu
2. Click on the tab ‘Connections’
3. Click on the button ‘LAN Settings’
4. Now either specify ‘automatic’ or specify the port manually.
One of the main functions of LANguard is
to act as a network monitor, allowing you to check Internet & network
usage. Using LANguard, you can monitor:
·
All Internet usage of each machine on
the network, for example, what sites the users are browsing.
·
All shares that a machine is
accessing, for example, if machine A is accessing a share on machine B, this
can be seen in LANguard.
·
Inbound traffic to your network from
the Internet.
After you have installed & configured
LANguard, and restarted your machine, you can start the LANguard application.
You can do this from the LANguard program menu.
The Network monitor view of LANguard with the info tab
selected
When you start LANguard, it will scan the
network (which takes a few seconds) and build a list of machines currently on
the network. LANguard will give you a global overview (i.e., for the whole
network) of all traffic on the LAN.
To see the inbound and outbound traffic of
an individual machine, double-click on the computer name or click once on the +
sign in front of it.
This will expand the branch and show you
all TCP/IP traffic for that computer.
The info tab appears in the right pane of
the Network Monitor view and gives you more detailed information about the
network traffic to and from the PC you have selected.
It shows the type of Internet traffic
used by that PC, and the amount of network traffic.
Note: If you have not selected a PC, then the info tab will display the
information for the whole network.
The Network monitor displaying the shares of a
particular machine
The Shares tab allows you to view a list
of the shares on the machine you have selected. If you double-click on a share
you can see what users are using that share at the moment.
Note: The shares tab will only be available if you have selected a
computer in the left-hand pane. Otherwise the tab will appear greyed out.
The Network monitor showing data of a particular
connection
This tab allows you to take a closer look
at the data. You can see all the data entering and leaving that PC.
Note: The Peek channel tab will only be available if you have selected a
particular connection. Otherwise the tab will appear greyed out.
Since the network monitor displays many
connections and information, you will probably want to filter the information
at times. In the LANguard Network monitor, you can filter on type of traffic or
on current or past connections. These filters are called ‘views’ in LANguard.
These views can be selected from the
toolbar at the top of the Network monitor.
In LANguard you can view the following
Network traffic filters:
View only Netbios connections (LAN traffic)
If you select the Netbios traffic view,
then only connections to and from computers on the LAN will be displayed. Using
this filter you can quickly see only LAN-related traffic.
View only WWW traffic (http)
If you select the WWW traffic view, then
only connections to web sites are displayed. Using this filter you can quickly
see only WWW-related traffic.
View only Internet traffic
If you select the Internet traffic view,
then only Internet connections are displayed. Using this filter you can quickly
see only Internet-related traffic.
View all connections
If you select this view, then you will be
able to see all connections.
You can also choose to see only the
active connections or also past connections.
LANguard is able to detect other
computers running network sniffers. Password sniffers (which are freely
available on the Internet) use some form of network sniffing to quickly crack
an administrator or other user's password. With LANguard's network sniffer
detection you can detect users or computers running such programs and take
corrective action.
Computers running a network sniffer are
displayed in the network monitor with a small amplifying glass next to them.
LANguard shows two PC’s running Networks
sniffers – P2-400 and NickGII
You can run the Network monitor on a
remote machine (i.e a machine that is not running the LANguard service). To do
this, you need to share the directory that LANguard was installed in. Using the
NT security rights, assign access to this share for only the users that you
wish to give access to the Network monitor.
Once you have done this, simply access
the share via the network and start LANguard.exe. This will start up the
Network monitor and allow you to see the monitoring of the LANguard service
installed on the remote machine.
This chapter concentrates on the features
that LANguard includes to implement a Network policy, i.e. setting up rules to
control & monitor Internet usage, block external traffic accessing your
site and more.
The Network policy view
To set up a policy, LANguard uses the
concept of 'Rules'. A rule is a condition that you set regarding a network
policy, for example, blocking IRC traffic on the network and to the Internet.
Other examples of rules are:
·
blocking external traffic to your network
·
blocking access to hotmail.com
·
blocking FTP downloading
·
blocking certain users accessing particular computers
on the network
There are five types of rules:
Simple - this option is for new users of LANguard who wish to have fewer
options to make it simpler to create a rule.
Advanced - this rule includes advanced features but requires a little more
knowledge of TCP/IP and LANguard.
Global - this rule allows you to easily set rules for the entire network
with ease, thereby blocking all FTP traffic to the Internet.
Content
checking rule - this rule allows you to set a
policy which content is allowed in your network. For example, you can block
URL's that contain specific words or block web pages or web searches with
specific words!
URL
checking rule - this rule allows you to block URL's
which contain certain keywords.
To create a simple rule, simply select
Add Simple Rule from the Rules menu or right click with the mouse in the
Network policy view. This will bring up a pop-up menu with the same menu
options.
Creating a simple rule
To create a simple rule:
1. Select Add Simple Rule from the Rules
menu
2. Select what action you want to
perform:
Block -
selecting this option will cause LANguard to block the event.
Alert -
selecting this option will alert you with a beep or a custom alert that this
event is happening.
Log -
selecting this option will log this event.
3. Select on which computers you wish to
apply this rule. You can select multiple computers.
4. Select on
what type of connection the action should be performed
WWW = web site browsing
FTP =
downloading of files
SMTP =
sending of mails
POP3 =
retrieving of email
IRC =
Internet relay chat
IMAP =
retrieving of email
Netbios = LAN
access
Telnet =
Telnet sessions
5. Click Add to activate the rule.
Schedule: Optionally you can select
'Schedule'. Using the Schedule function you can specify a certain day and time
when this rule should be enforced.
The Rule schedule function
Note: A simple or advanced rule will override a global rule, in order
for you to create exceptions.
To create an advanced rule, simply select
Add Advanced Rule from the menu or right-click with the mouse in the Network
policy view. This will bring up a pop-up menu with the same menu options.
The advanced rule
1. Select Add Advanced Rule.
2. Select what action you want to
perform:
Block -
selecting this option will cause LANguard to block the event.
Alert -
selecting this option will alert you with a beep or a custom alert that this
event is happening.
Allow - this
option will allow a certain action. In this way you can create exceptions to
rules.
Log -
selecting this option will log this event.
3. Select between which computers you
wish to block/log/alert traffic, for example, you can specify that local
computers cannot access outside computers.
4. Select on what type of traffic the
action should be performed. You can select from the standard traffic, such as
WWW, IRC etc.
You can also add more types of traffic to
the rule or specify exceptions. To do this click on the button next to the
'Type of traffic' List box. If you have selected 'Any type of traffic’, then
you can specify an exception to the rule: You can specify a service or a port
number.
If you have selected a particular type of
service, the button will become 'Include' in which case you can add more types
of services or ports to the rule.
5. If you wish, you can edit the rule
description.
6. Click Add to activate the rule.
Schedule: Optionally you can select
'Schedule'. Using the Schedule function you can specify a certain day and time
when this rule should be enforced.
Note: A simple or advanced rule will
override a global rule, in order for you to create exceptions.
A
global rule applies to all computers on the Network! However it is overridden
by a simple or advanced rule allowing you to make exceptions.
To create a global rule, simply select
Add Global Rule from the Rules menu.
Creating a global rule
1. Select Add Global Rule.
2. Select what action you wish to prevent:
Block all
traffic between Internet and LAN - selecting this option will cause LANguard to
block all traffic to and from the Internet.
Block all
traffic from Internet to LAN - selecting this option will cause LANguard to
block all traffic from the Internet and the LAN. In this mode, LANguard acts as
a firewall.
Block traffic
from LAN to Internet - With this option you can control what types of protocol
your users have access to. For example, you can block users using IRC to chat
on the Internet.
Block all LAN
connections to internet except selected type of connections & all
connections from the internet to the LAN.
Block all
connections from internet to LAN except selected type of connections & all
connections from the LAN to internet.
3. Select for what types of protocols
this should be applicable. WWW = web
site browsing
FTP = downloading of files
SMTP = sending of mails
POP3 = retrieving of email
IRC = Internet relay chat
IMAP = retrieving of email
Netbios = LAN access
Telnet = Telnet sessions
4. Click Add to activate the rule
By default, a content checking rule applies to all computers on the
Network!
To create a content checking rule, simply select Add Content
Checking Rule from the Rules menu.
Creating
a content checking rule
1. Select Add Content Checking Rule.
2. Select what action you wish to be performed if a particular
content is detected:
Block - selecting this option will cause
LANguard to block the event.
Alert - selecting this option will alert you
with a beep or a custom alert that this event is happening.
Log - selecting this option will log this
event.
3. Specify which keywords you wish to be alerted upon if they appear
in a URL, web page or other content. This means that if you for example specify
the word "sport", then a site called www.nbasports.com will be
detected.
Note: This a much better way to detect inappropriate sites than using a
rating database, since these will invariably be out of date.
You can also specify phrases. This feature also allows you to
specify combinations of keywords, for example "sex" AND
"hot". This will allow you to better prevent valid sites being
excluded.
4. Select for what types of protocols this should be applicable.
WWW = web site browsing
FTP = downloading of files
SMTP = sending of mails
POP3 = retrieving of email
IRC = Internet relay chat
IMAP = retrieving of email
Netbios = LAN access
Telnet = Telnet sessions
5. When you are ready specifying the content checking rule, simply
select Add to activate the rule.
By default, a URL checking
rule applies to all computers on the Network!
A URL checking rule differs from a content checking rule in that it
only checks the URL, ie not any content of pages or other information.
To create a URL checking rule, simply select Add URL Checking Rule
from the Rules menu.
Creating
a URL checking rule
1. Select Add URL Checking Rule.
2. You can now specify keywords that appear in URL's. This means
that is you for example specify the word "sport", then a site called
www.nbasports.com will be detected. If you wish to specify multiple keywords,
you must use the operand "AND".
3. Select what action you wish to be performed if a particular
content is detected:
Block - selecting this option will cause
LANguard to block the event.
Alert - selecting this option will alert you
with a beep or a custom alert that this event is happening.
Log - selecting this option will log this
event.
4. When you are ready specifying the URL checking rule, simply
select Add to activate the rule.
If you wish to block a certain web site,
for example, www.hotmail.com or www.playboy.com, you can use the Block URL
function.
Blocking a URL
To block a URL:
1. Select Block web site/URL.
2. Enter the URL to the site.
3. Click Add.
Users will not be able to access this
site.
If you wish to block users using
different mail servers to send out mail (for example to bypass a content
checking and filtering package such as Mail essentials), you can use the Block
Mail server function.
Blocking access to a mail server
To block use of a particular Mail server:
1. Select Block Mail server.
2. Enter the full hostname of the mail
server, for example, my.mailserver.com.
3. Click Add.
Users will not be send or receive mail
from this mail server.
Apart from blocking or logging certain
network actions, you can also request that LANguard alerts you when certain
actions take place. For example, you could set LANguard to alert you if a
particular user accesses a particular share that he/she should not have access
to! LANguard can alert you in the following ways:
a) A simple computer beep
b) Send a message to a computer. You must
fill in a valid machine name where the message must be sent to.
Note: The messenger service must be
running on both machines
c) You can have LANguard run an external
application. For example, LANguard could start your email client and send you
an email.
The LANguard reports & log viewer
Using the LANguard reports & log
viewer, you can view the LANguard logs and create reports on Internet &
network usage.
The LANGuard logs are logs of all network
traffic, meaning no information has been filtered. Use these logs to create
reports on.
The custom logs are logs of specific
types of network traffic, as specified in the custom rule. Using these rules
you can specify exactly what 'Actions' (for example, accessing websites or
shares) you wish LANguard to log. When you specify that LANguard should log
these actions, LANguard will create separate log files on your hard disk for
these rules.
Both the main and the custom logs can be
viewed with the LANguard log viewer. You can also use this viewer to manage
your logs, because if you leave them unmanaged they will take up a lot of
space. Be sure only to log what you think is important information.
Because the logs will contain a lot of
information, you can use the filter option available from the menu or toolbar
to filter out particular information.
LANguard filter
This filter allows you to filter out
particular types of traffic, so that you view only the events you wish to see.
For example, if you select Http, you will only see the web browser connections.
The LANguard advanced filter
The advanced filter option allows you to
specify more advanced filters, for example to view connections between
particular machines.
The LANguard reports
The LANguard reports allow you to get a
better insight in your internet usage. All reports have a text report and a
graphical report, which represent the data in a different way. The following
reports are available in LANguard:
The Web access report
The text report shows all sites and by
whom they we're accessed.
The graph report shows the top 15 sites
and by how many users they were accessed.
The text report shows each ftp site and
by whom they we're accessed.
The graph report shows the top 15 FTP
sites and the amount of users that accessed them.
All Internet access report
The text report shows each site or IP and
by whom it was accessed.
The graph report shows the top 15 Sites
or IP's and the amount of users that accessed it. This report shows all
external connections regardless of the port. (i.e. it includes all types of
traffic.)
User web access report
The text report shows the IP's of local
users and which sites they accessed.
The graph report shows the top 15 Users
that opened the most Web Connections.
Network distribution report
The text report shows connection type and
how many connections we're opened of that type, and the percentage that
connection type is taking from the total bandwidth.
The graph report shows a pie chart with
the percentage each connection type is taking from the total bandwidth
Internet usage by time report
The text report shows 1 hour time ranges,
and how many connections occured within that time frame.
The graph report shows a bar for each of
the 1 hour time range showing how many connections occured within that
hour.
Internet usage day distribution report
The text report shows the days of the
week and how many connections there we're on that day.
The graph report shows the day of the
week and how many connections occured on that day.
The text report shows connection type and
how many connections where opened of that type and the percentage that
connection type is taking from the total bandwidth on a specific IP.
The graph report shows a pie chart with
the percentage each connection type is taking from the total bandwidth on a
specific IP.
Same as network distribution but for a
specific date range.
Global data transfer report
The text report shows connection type,
how many bytes we're transferred on that connection type and the percentage
that that transfer has taken from the total bandwidth.
The graph shows how many bytes we're
transfered on each connection type.
Same as previous report but performed
only on a particular user.
DNS
(Domain Name System) Server IP Address - A DNS
server can be thought of as the computer at your ISP whose job is to take all
DNS addresses that you type into your web browser – such as www.yahoo.com – and
translate those addresses into their corresponding IP addresses.
Firewalls - A method of protecting files and programs on one network from
users on another network. Firewalls are typically installed to give users
access to the Internet while protecting their internal information.
IP
(Internet Protocol) - The Internet Protocol is the
network layer for the TCP/IP protocol suite. It is a connectionless,
best-effort packet switching protocol.
Port
number – Port has twomeanings. One is as a
connector on your computer. The other can be thought of as a service number.
Every service that travels over phone lines and modems has a standard port
number. For example, to use the World Wide Web service the standard port number
is 80. The standard port number for telnet is 23. Who came up with this system?
Port numbers are controlled and assigned by the IANA (Internet Assigned Numbers
Authority). How do you know what service has what port number? Most computers
have a table in their systems that lists which port numbers have been assigned
to which services; or alternatively you can find port number lists on the web.
Router
- A device thatt forwards traffic between networks.
If you request information from a location on your network or the Internet
using TCP/IP, your computer will broadcast the IP Address request onto your LAN.
The router’s job is to detect requests for IP addresses that are not part of
your LAN and then route them to the appropriate network, which may either be
the Internet or another subnet working on your LAN.
Subnet
- A portion of a network that shares a common
address component. On TCP/IP networks, subnets are defined as all devices whose
IP addresses have the same prefix. For example, all devices with IP addresses
that start with 213.0.0.0 would be part of the same subnet.
Subnet
mask / IP address
mask - Subnet mask is what is used to determine what subnet an IP address
belongs to. Subnetting enables the network administrator to further divide the
host part of the address into two or more subnets.
TCP/IP (Transmission Control
Protocol/Internet Protocol) - TCP/IP is the standard protocol used on the
Internet. This means that every computer that wants to communicate with another
computer on the Internet must use the TCP/IP protocol to transmit and route
data packets. TCP/IP uses IP addresses to locate different computers or devices
on a network.
F
Firewall
1
R
Router
5, 9
T
TCP/IP
2, 12, 16