GFI WebMonitor - A good step ahead

The Web Content Filtering and Security products are already a maturing market. The need for monitoring and controlling user access to the Web is identified as critical for today's businesses

GFI Software is entering this market arena with a solution named GFI WebMonitor. This product is available either as a standalone proxy version that works in most network environments or as a dedicated plug-in for organizations that have deployed Microsoft ISA Server.

Installation
The installation is very easy, and the only really critical step that the admin needs to make a decesion in which mode the software will run. GFI WebMonitor can run in the following modes:

  1. Simple Proxy mode - In this mode, GFI WebMonitor operates on a server with a single NIC and functions as a proxy. In order to use it, block direct access to the Internet from the clients and set their browsers to use the GFI WebMonitor system as a proxy.
  2. Traffic forwarding mode - In this mode, GFI WebMonitor works 'inline', and acts as a router/proxy. To operate in this mode, you need to install GFI WebMonitor on a server with two NICs and routing ability (like Windows RRAS)
We will observe the operation of GFI WebMonitor in Simple Proxy mode - a mode that is easier to set-up and which will be the default choice of most companies.According to the documentation, GFI WebMonitor is designed for corporate use. In order to understand how GFI WebMonitor matches the corporate expectations, let's define a corporate environment scenario in which GFI WebMonitor will have to perform:

Corporate Scenario


Internet users
A typical corporate organization will have the following Internet users:
  1. Standard Internet Users - The generic corporate grunts, people who are not expected to use the Internet during most of their work day. Their Internet access is limited to most basic Internet access, and download of PDF, Word and PPT files of maximum 2 MB size.
  2. Power Internet users - Power Internet users, requiring access to a lot of Internet locations, and who regularly download documentation (PDF, Office) and media (audio, video, flash) from the Internet. These files can be of a larger size, up to 50 MB.
  3. Management - The top brass, which although would use the Internet very rarely, they should not feel as if they are much limited
  4. Exceptions - For research or testing purposes, exceptions of all rules must exist
Corporate policy
The typical corporate organization has a Internet access corporate policy. Here is a sample one:
  • Rules for all users
  1. No access to gaming sites, porn sites, narcotics or alcohol abuse sites, gambling sites, spamming and hate mail, racism and hate sites, job search sites, social media and instant messaging sites, web based e-mail services, virus and malware sites, hacking or exploitation sites, personal financial gain sites.
  2. No workaround bypass of this policy is permitted
  • Rules for Standard Internet Users
  1. No access to news sites, media sites, file sharing sites
  2. Download limit set to 5 MB per file
  3. Permitted files - HTML, Images, XML, PDF, PPT, DOC(X), XLS(X)
  4. No malware should be downloaded
  5. Limit bandwidth to a maximum of 10kbps per user
  • Rules for Advanced Internet users
  1. No access to file sharing sites
  2. Download limit set to 50 MB per file
  3. Permitted files - HTML, Images, XML, PDF, PPT, DOC(X), XLS(X), AVI, MP3, MP4, FLV, VSD, Archives containing these types of files
  4. No malware should be downloaded
  5. Limit bandwidth to a maximum of 150kbps per user
  • Rules for Managers
  1. Download limit to 500 MB per file
  2. Permitted files - PDF, PPT, DOC(X), XLS(X), AVI, MP3, MP4, FLV, VSD, Archives containing these types of files
  3. No malware should be downloaded
  4. Limit bandwidth to a maximum of 250kbps per user
Internet usage reports must be submitted to Information Security Officer per request and in a Monthly automatic report

GFI WebMonitor Performance against scenario

We have used all functions of WebMonitor to simulate the corporate scenario as close as possible. We have set up groups for web filtering and download access, and tested for normal functionality.

GFI WebMonitor has a simple but useful tactical dashboard for overview



Web Filtering Control

The good
  • All restricted areas can be set-up in the web filtering control, and were properly blocked with a restriction message. If default policies are not sufficient, you can include or exclude manually, or you can also suggest categorizing a site GFI's database, so it gets into policy automatically.

The issues
  • The minor administration issue that we found is that the categories are not explained, and it took us some time to discover that Instant Messaging is defined as Internet Communications. A dynamic description should appear as a category is selected - this will make the admin's life much easier.
  • The functional issue that found is that there is no bandwidth control for anyone. GFI might discuss that this is not a function of a content filter, but there are products which provide these functions.

Download Control
The good
  • The download controls can define the file types that can be downloaded
  • The integrated proxy can save the already downloaded files, thus reducing internet link load


The issues
  • There is no file size limit to apply to groups. So corporations cannot limit users to downloading only certain size of files and thus preventing of hogging the Internet link.
  • Download restrictions can be bypassed by hiding files within other files (Zipped executable, embedded as an object within a word file)
  • Selection of items in download control is a bit difficult, since you need to open each item specifically. This is mostly a cosmetic issue, but it can nag the administrator

Spyware and virus protection

The good

The antivirus protection worked as expected, and it identified the test EICAR virus simulation file


The issues
  • The antivirus protection worked on the second attempt. The first time EICAR was downloaded and wasn't detected as a virus. We checked the antivirus engines and found that they have remained in Downloading and updating status for the entire 5 days of testing. After we forced the update to finish (required a reboot of the GFI WebMonitor computer and about 1 hour of patience) , the EICAR file was detected as a virus threat. We can't identify the reason for this behavior

Phishing protection

The good
  • The phishning control is very effective. We tested against a fresh phishing site (at time of test only live for 5 hours) It was properly blocked both by GFI WebMonitor as well as Firefox Phishing protection. The site for testing was selected from PhishTrack


    Instant Messaging Control

    The good
    • We tested with Windows Live messanger, and notifications are properly delivered to the administrator.

    The issues

    • This function looks more like a nice idea then a real functionality. It only functions for Microsoft IM Protocols, and is not useful for Skype, XMPP - (Jabber), YMSG (Yahoo), Gadu-Gadu. These protocols will either pass undetected or will not work at all.

    Reporting

    The good
    • GFI WebMonitor has a brief set of reports integrated within it's engine, and it has a free ReportPack add-on especially for reporting.



    Conclusion

    GFI WebMonitor is a nice step in the right direction. The product is very easy to install, and the company that starts using it can see it's benefits by the end of the first day of use.
    It matched all the basic requirements of our sample scenario, and only failed at the most advanced expectations. We have some reserve about the antivirus, but this is probably due to error in our installation or a bug that will befixed.

    In order to evaluate whether GFI WebMonitor meets your requirements, simply note down your corporate scenario, and install the evaluatoion version. You'll be able to evaluate the match to your requirements very fast.


    Talkback and comments are most welcome

    2 comments:

    Getit said...

    Lovely blog it is. Download Zapya for PC to share files and folders easily from PC to Mobile

    Sunmugam Chidambaram said...


    Good post like to Read More Like this
    xender for pc

    Designed by Posicionamiento Web