Manage your WServerNews profileWServerNews privacy policy
WServerNews (formerly W2Knews)
Vol. 13, #26 - Jun 26, 2008 - Issue #680
Webfilters: Hardware vs. Software

  1. Editor's Corner
    • Webfilters: Hardware vs. Software
    • The Future Of Web Filtering
    • Quote of the Week
  2. Tech Briefing
    • Why A Multi-Layered Anonymizer Defense Is Best
    • IM Filtering - A Hybrid Approach
    • How iPrism Authenticates Open Directory
  3. Windows Server News
    • New Intellectual Property Legislation Makes P2P Blocking Critical
    • Why Reporting Is Crucial For Any Organization
    • See Appliance-Based Web Filtering In Action
  4. WServer Third Party News
    • How Healthy Is Your Data?
    • Channel: The Next Wave
  5. WServerNews - Product of the Week
    • Watch a Demo and Get a Cool Free T-Shirt
Watch a Demo and Get a Cool Free T-Shirt

iPrism Web Filter leads the pack in stopping Web-based threats like spyware, malware, anonymizers and inappropriate content. Now, when you watch the iPrism in action, you get a cool t-shirt and a chance to win a 50" plasma TV. Better than software- only solutions, iPrism?s powerful appliance-based technology protects at the perimeter and can be installed and working within minutes. And iPrism got 5-stars from SC magazine and has renewal rates of over 98%. Find out why! See the leader of the pack in action and get a cool t-shirt while supplies last!

Editor's Corner

Hi All,

This is a rare 'special edition' that we created because we wanted to highlight a particular web filtering solution that a lot of our readers like and use. We have tried to get as much ammo as possible to help you get approval for one of these.

Webfilters: Hardware vs. Software

Comparing Hardware-based Web Filtering to Software-based Solutions

Both hardware and software based solutions for Web filtering have been available for some time. Vendors for these solutions extol the virtues of each approach and it's often difficult for customers to make an informed decision. However, there are some advantages to appliance-based filtering that you should consider before committing your budget. Here are some points to consider when comparing solutions:

Provide easy installation and configuration
Single-purpose, ready-to-go appliances often deploy with a simple wireline plug-in. Unlike software deployments, appliances eliminate many time-consuming separate installation and operating system version synchronization processes.

Offer low learning curves and a good user interface
Appliances do not require IT staff to learn arcane manual commands and protocols in order to configure and monitor network security or maintain the product itself.

Simplify administration
Products that enable central management of multiple remote configurations simplify administration. Moreover, the ability to handle administration tasks conveniently from a Web-based system administration console that IT staff can access from any location is extremely productive and cost effective.

Offer less operator interaction
Users have a tendency to "experiment" with things, and the black-box approach limits the damage caused by curious users. Appliances not only improve security, they also reduce trouble calls to the help desk.

The Future Of Web Filtering

Having a choice among software-based, SaaS and appliance-based Web filters may sound like an advantage but it can involve some tough decisions if you are looking for a more comprehensive secure content management solution. Software-based Web filters like Websense, are often complex and difficult to configure and manage, leading many customers to lean towards an appliance or managed service. The ease-of-use, inherent interoperability and low TCO make either approach a good bet but it may be difficult to decide which is the right for you. St. Bernard has introduced a Hybrid platform that blends the best of appliance-based and managed services giving customers the best of both worlds. This pioneering approach has been initially rolled out by adding "in-the-cloud" IM filtering to the iPrism Web Filter. This gives customers a combination of iPrism's control and protocol analysis and the flexible policy management and malware filtering of a SaaS solution. It also assures an IM filtering solution with appliance-based security and policy enforcement plus infinite scalability. Learn more about the iPrism Hybrid platform.

Quote of the Week

"We are what we repeatedly do. Excellence, then, is not an action, but a habit." -- Aristotle

Thank you for being a WServerNews subscriber. Please tell your friends about us. They can subscribe here:

Hope you enjoy this issue of WServerNews! Warm regards, Stu Sjouwerman  |   Email me: [email protected]

Tech Briefing

Why A Multi-Layered Anonymizer Defense Is Best

Many customers, particularly schools and libraries may be asking about anonymizer defense. Anonymizers are web-based proxy servers that forward client requests to other servers. Schools hate them because they allow students to remove identifying information before taking them to a forbidden site. This can cause all kinds of problems with CIPA compliance, which schools need to receive e-Rate technology funding. Some Internet filters boast that they have anonymizer defense but, in many cases, their approach is inadequate, blocking anonymizers using one technique but letting others through because they aren't comprehensive enough. A solution that offers multi-layered protection from anonymizer abuse, is probably your best choice.

Some Web filters offer URL blocking that includes anonymizer sites. In these cases, the vendor is using heuristics or human-review or a combination of both. With this technique, anonymizer sites are added to the URL database as they are detected. Typically, databases are updated periodically and if this is the only technique a Web filter employs, you are vulnerable to any undetected anonymizer sites accessed before an update can occur. Studies tell us these sites are cropping up continuously so employing URL blocking alone is not enough protection.

Another approach that provides real-time defense is deep packet inspection. This approach uses artificial intelligence agents to analyze patterns in the requested URL. When data forensics detects a suspicious pattern, it dynamically blocks access to the site. This can be combined with human review to actively identify unique and consistent patterns, giving you dynamic real-time classification.

A multi-layered approach that combines both human-reviewed URL classification and deep packet inspection is the best way to deliver comprehensive anonymizer protection. Recently, the iPrism Web Filter, which employs this multi-layered approach, enhanced its anonymizer defense tactics to further protect customers from these sites. These enhanced features include:
  • HTTPS (SSL) traffic on Port 443 is now strictly enforced by default giving iPrism the ability to detect and block anonymizer traffic that tries to spoof secure traffic.
  • HTTPS traffic is reported using domain names, instead of IP addresses so that administrators know where users are going on the web.
  • iPrism's on-the-fly proxy detection further secures Web traffic. Administrators can run reports to show what anonymizers were blocked including proxy blocking of:
    • UltraSurf domain
    • The Google-web-accelerator domain
    • The http-proxy domain
  • Proxy URLs are collected and message groups are monitored daily for new anonymizers. These results are distributed via iGuard URL database updates as prequalified websites.
  • Manual searches for anonymizers are conducted using top search engines and a keyword list.

IM Filtering - A Hybrid Approach

From its initial use as a social networking tool, instant messaging has now become a part of corporate cultures where it enables collaboration and serves as a real-time communications tool. However, IM carries threats such as worms, trojans and malware that can jeopardize network security. Other problems such as file sharing and SPIM, the IM equivalent of SPAM, can interfere with productivity and degrade network performance. That's why IM filtering is emerging as the best way to take advantage of the benefits IM can offer businesses while mitigating the threats it carries. Although both software-based and appliance-based solutions for IM filtering exist, a hybrid approach may be the most effective way to manage corporate IM use. By combining the control of an appliance with the infinite scalability and ease of a managed service, a solution such as the iPrism IM Filter, can deliver effective protection in a new way.

With its easy deployment and management from the iPrism Central Management Console, users are only a few mouse clicks away from controlling their company's IM use. It offers support of major IM protocols and logs all of the IM conversations occurring within your organization. Customers have the ability to customize the IM filter to fit specific corporate requirements, which makes any IM filter more relevant for enforcing AUP and regulatory compliance. Logging and saving conversations is helpful if confronting e-discovery issues. To find out more about this hybrid approach to IM management, click here.

How iPrism Authenticates Open Directory

St. Bernard's award-winning iPrism Web Filter offers better integration with Open Directory than any other solution on the market. This is invaluable to customers who need a more convenient and accurate way to monitor and block URL traffic regardless of their OS.

iPrism supports LDAPv2; the newer versions of Open Directory (LDAP) are an LDAPv3 implementation, but you can force Open Directory to honor LDAPv2 requests from iPrism by including the following line in your slap2.conf file:

allow bind_v2

If this binding is not in place, iPrism may return "non-descript protocol" errors when iPrism tries to authenticate Open Directory to the LDAP server. Once the above line has been included in your slap2.conf file, you must map iPrism filtering policies to an LDAP attribute. You must add a new attribute to your schema or use an existing attribute to map to your iPrism policies, as Open Directory has no "MemberOf" User attribute and thus each user's Group Membership cannot be used to determine filtering.

For example, if you use dsAttrType:apple-keyword, when a user authenticates, iPrism looks to Open Directory to determine which Keywords are assigned to that user. The keyword corresponds to an iPrism filtering policy of the same name.

Keywords are maintained in the Advanced tab of the Work Group Manager (WGM), or using an LDAP import tool such as Passenger. This solution allows filtering and reporting by user, rather than filtering only by IP address.

Windows Server News

New Intellectual Property Legislation Makes P2P Blocking Critical

Recent legislation giving federal law enforcement agents more power in enforcing intellectual property (IP) laws puts new pressure on organizations to audit their users and protect against illegal file downloads. The Prioritizing Resources & Organization for Intellectual Property Act (H.R. 4279), which was passed by an overwhelming majority of the Congress, increases the criminal and civil penalties for piracy and counterfeiting. In addition, it creates an IP enforcement division within the Department of Justice headed by an IP "Czar" responsible for coordinating enforcement efforts among various federal law enforcement agencies. This legislation governs U.S.-owned IP including pharmaceuticals and manufactured goods, and artistic works such as MP3 and video files or other content transmitted electronically as well as on hard media.

Organizations that are lax in securing their networks from illegal downloads will face stiff penalties including criminal charges and having their computer equipment confiscated. Now more than ever, having a secure content management solution that monitors and blocks P2P and IM file sharing needs to be part of any organization's overall security strategy. As this law, which was passed on May 8, 2008, becomes more established with more agents working on cases, we are sure to see a huge increase in indictments. Organizations will not be let off the hook simply because they weren't aware that illegal activity was occurring on their networks. They will be as culpable to legal action as the street vendor selling bootlegged movies and CDs.

Why Reporting Is Crucial For Any Organization

As the recent passage of legislation toughening intellectual property laws demonstrates, the regulatory landscape does not look like it will be clearing anytime soon. In fact, your customers can expect to be subjected to new regulations as doing business in the 21st century gets even more complex. Of major concern to all organizations are mandates such as protecting client/customer/patient data where failure to comply can lead to lawsuits and financial loss. Employee Internet abuse is another problem that can have adverse consequences ranging from loss of productivity to legal liability. Fulfilling regulatory requirements such as CIPA, HIPAA, SOX and GBLA are critical to your organization because lack of compliance can result in serious fines or legal action. Internal issues such as enforcing your acceptable use policy or securing your networks and systems are important considerations that can directly affect your bottom line. The ability to secure Web access is only part of the solution. Regulatory and internal policy enforcement are only valuable when you can prove your compliance.

That's why comprehensive reporting has to be part of any effective Internet security strategy. Ideally, reporting should be flexible and easy-to-use with drill-down capabilities and real-time monitoring, giving you visibility into the big picture of your organization's Web use and the ability to drill-down to individual users in real time. Considering the number of regulatory requirments to which an organization might be subject, it's also important that Web filtering reporting be flexible enough to cover all the parameters you need in the format you need it. And securing your data is another factor. An appliance-based Web filter can provide a secure platform on which to retain the data you need to generate these critical reports.

See Appliance-Based Web Filtering In Action

The St. Bernard's iPrism Web Filter was recently upgraded with the powerful new h-Series Appliances. This has increased performance, particularly throughput, which now ranges from 10 to 100+ Mbps. No other appliance-based Web filter offers that range of speed making iPrism ideal for all types of applications particularly where big pipelines require hardware that can keep up. Since introducing their new appliances, they've also upgraded the iPrism software adding antivirus and other features that are enhanced by the new boxes. You can view an online live product demo and see the iPrism Web Filter in action - a great prelude for customers who often end up getting an evaluation unit after see the iPrism in action. St. Bernard's customer renewal rates exceed 95% -- a solid testament to the quality of their Web filtering solution. To register for the demo, click here.

WServer Third Party News

How Healthy Is Your Data?

Recent medical data breaches at UCLA, Wellpoint, Tenet Healthcare and New York Presbyterian Hospital have highlighted a growing problem with the security of patient data. As organizations move to make patient records available electronically and share data with outside third parties, this information is increasingly at risk of being hacked or stolen.

According to Phoenix Health System's HIPAAtech, the top security vulnerabilities include the following internet-based threats: firewall and system probing; Network File Systems (NFS) application attacks, computer viruses, phishing, Instant Messaging, Peer-to-Peer programs, e-mail attacks, and spoofing, sniffing, fragmentation and splicing attacks.

Securing confidential patient data against Internet-based threats is a critical concern for IT professionals in the Healthcare Industry. Compliance with HIPAA mandates, preventing data from leaving the network and employing a strong, layered, security strategy can help enforce acceptable use and security policies while protecting at-risk patient data. Full article:

Channel: The Next Wave

How pioneering VARs are staying ahead of the curve with a fresh approach to business. When it comes to partnerships with vendors, some programs are more successful than others. Many solution providers are re-thinking the traditional delivery model and employing innovative strategies that produce results.
  • Choose Flexible Solutions
    One approach that has proven successful for a number of solution providers is offering a mix of products from both large and small vendors. Alternative vendors can often provide access to long-term strategy and customized programs that larger vendors don't offer. Choose vendors with a focus on partnership, who will share product roadmaps and take a team approach.
  • Focus on IT and Product Knowledge
    VARs find that developing their bank of IT knowledge and acquiring certifications proves more valuable in interactions with enterprise-level customers than a focus on sales. Partner with vendors that provide technical training programs designed to be accessible and easy to use.
  • Recurring Revenue
    Other next-generation solution providers focus on services or solutions which provide a recurring revenue stream, and can open the door for additional offerings. Seek partners that offer products and programs to help you sustain and grow your business with recurring revenue sources.
  • Provide Added Value
    For some integrators, a consultative selling approach, featuring top-tier service, training and design helps them retain customers and improve the dismal state of IT customer satisfaction. By targeting local underserved retail businesses, and offering services that help them compete with large discounters, solution provides can build a loyal customer base. By focusing on customer service rather than reacting to the latest market trend, VARs can achieve steady and consistent growth in their business.

WServerNews - Product of the Week

Watch a Demo and Get a Cool Free T-Shirt

iPrism Web Filter leads the pack in stopping Web-based threats like spyware, malware, anonymizers and inappropriate content. Now, when you watch the iPrism in action, you get a cool t-shirt and a chance to win a 50" plasma TV. Better than software- only solutions, iPrism?s powerful appliance-based technology protects at the perimeter and can be installed and working within minutes. And iPrism got 5-stars from SC magazine and has renewal rates of over 98%. Find out why! See the leader of the pack in action and get a cool t-shirt while supplies last!