1. Manuals
  2. Brands
  3. M86 Security Manuals
  4. Network Hardware
  5. R3000 Series
  6. Evaluation manual

M86 Security R3000 Series Evaluation Manual

Internet filter
Hide thumbs
Table of Contents

Advertisement

Quick Links

Download this manual
R3000 Internet Filter
EVALUATION
GUIDE
Models: R3000 HL/SL/MSA
Software Version: 3.0.00
Document Version: 09.09.09

Advertisement

Table of Contents
loading

Related Manuals for M86 Security R3000 Series

Summary of Contents for M86 Security R3000 Series

  • Page 1 R3000 Internet Filter EVALUATION GUIDE Models: R3000 HL/SL/MSA Software Version: 3.0.00 Document Version: 09.09.09...
  • Page 2 Every effort has been made to ensure the accuracy of this document. However, M86 Security makes no warranties with respect to this documentation and disclaims any implied warranties of merchantability and fitness for a particular purpose. M86 Security shall not be liable for any error or for incidental or consequential damages in connec- tion with the furnishing, performance, or use of this manual or the examples herein.

  • Page 3: Table Of Contents

    ONTENTS R3000 E ................1 VALUATION UIDE Market Overview......................1 Product Overview......................1 Note to Evaluators......................2 R3000, U ............3 NSTALL THE PDATE IBRARIES R3000 ..............4 ONFIGURE AND EST THE Understand the most common and useful features............ 4 Group setup for different user types on the network..........5 Apply different filtering levels for different types of users ............
  • Page 4 ONTENTS How to test the Safe Search Enforcement feature ............24 Search Engine Keyword Filtering ................... 25 How to configure Search Engine Keyword Filtering ............25 How to test Search Engine Keyword Filtering ..............26 Attachment filtering ........................ 27 How to configure attachment filtering ................27 How to test attachment filtering ..................

  • Page 5: R3000 Evaluation Guide

    M86 Security offers a wide range of Internet filtering and reporting appliances that not only help companies maintain compliance with laws such as the California Security Breach Information Act (CSBIA) (see http://www.8e6.com/resources/...

  • Page 6: Note To Evaluators

    R3000 E VALUATION UIDE OTE TO VALUATORS Note to Evaluators Thank you for taking the time to review 8e6’s R3000 Internet Filtering Appliance. Your interest in our company and product is greatly appreciated. This Evaluation Guide Is designed to provide product evaluators an efficient way to install, configure and exercise the main product features of the R3000 Internet Filter.

  • Page 7: Nstall The R3000, Update Libraries

    R3000, U NSTALL THE PDATE IBRARIES OTE TO VALUATORS R3000, U NSTALL THE PDATE IBRARIES To install the appliance, configure the box and to test filtering is operational please refer to the step-by-step instructions found in the Quick Start Guide provided in the shipping carton.

  • Page 8: Configure And Test The R3000

    R3000 U ONFIGURE AND EST THE NDERSTAND THE MOST COMMON AND USEFUL FEATURES R3000 ONFIGURE AND EST THE Understand the most common and useful features One of the advantages of a hardware appliance, in addition to its compatibility and extremely low profile on the network, is its ease of use. Configuration of the R3000 can seem disarmingly simple at times, but when the hardware and software are designed to work together, the levels of complication decrease and robust power and efficiency significantly increase.

  • Page 9: Group Setup For Different User Types On The Network

    R3000 G ONFIGURE AND EST THE ROUP SETUP FOR DIFFERENT USER TYPES ON THE NETWORK Group setup for different user types on the network Apply different filtering levels for different types of users Description: There are two primary Groups to understand when administering the R3000.

  • Page 10: How To Create An Ip Group

    R3000 G ONFIGURE AND EST THE ROUP SETUP FOR DIFFERENT USER TYPES ON THE NETWORK there are system settings required that must be initiated prior to establishing the groups in these environments, and it will be helpful and save time to work with a Solutions Engineer the first time these settings are initiated.

  • Page 11: Rules And Profiles: Creating And Using Each

    R3000 G ONFIGURE AND EST THE ROUP SETUP FOR DIFFERENT USER TYPES ON THE NETWORK Rules and Profiles: Creating and using each Description: Rules and Profiles may seem confusing as it often appears that they are used interchangeably. And, while the administrative windows controlling the creation of Rules and Profiles are very similar, they each serve two distinct purposes.

  • Page 12: How Is A Profile Used

    R3000 G ONFIGURE AND EST THE ROUP SETUP FOR DIFFERENT USER TYPES ON THE NETWORK How is a Profile used? A Profile defines the particular filtering parameters assigned to a group or indi- vidual. There are two kinds of Profiles. The first is the Global Group Profile. Category Profile tab The default for the Global Group Profile is set up under the Category Profile tab of the Global Group’s administrative controls.
  • Page 13 R3000 G ONFIGURE AND EST THE ROUP SETUP FOR DIFFERENT USER TYPES ON THE NETWORK NOTE: * Different doesn’t necessarily mean that a group is no longer filtered by the library Categories in the Global Group Profile. In fact, different may mean the group is filtered by several categories in addition to those in the Global Group Profile.

  • Page 14: How To Create A New Rule

    R3000 G ONFIGURE AND EST THE ROUP SETUP FOR DIFFERENT USER TYPES ON THE NETWORK How to create a new Rule 1. From the top level administrator console, select GROUP. 2. Click Global Group and select Rules. 3. In the Rule Details frame click New Rule to populate the Rule # field with the next consecutive rule number available.

  • Page 15: Global Group Profile

    R3000 G ONFIGURE AND EST THE ROUP SETUP FOR DIFFERENT USER TYPES ON THE NETWORK Global Group Profile Global Group Profile Category tab The Global Group Profile window displays when Global Group Profile is selected from the Global Group menu. Set the Global Group Profile The Category Profile displays by default when Global Group Profile is selected from the Global Group menu.

  • Page 16: Group Profile

    R3000 G ONFIGURE AND EST THE ROUP SETUP FOR DIFFERENT USER TYPES ON THE NETWORK • Double click the Allow column to move the library category to the always allowed column. 3. Choose Pass, Warn or Block to specify whether Uncategorized Sites should pass, warn the user, or be blocked.

  • Page 17: Create, Edit A List Of Selected Categories For A Group Profile

    R3000 G ONFIGURE AND EST THE ROUP SETUP FOR DIFFERENT USER TYPES ON THE NETWORK Selecting the library categories to be in the Pass, Allow, Warn or Block columns is just like configuring the Global Group Profile library Categories. Create, edit a list of selected Categories for a Group Profile To define which categories will be passed, warned, always allowed or blocked in the Global Group Profile: 1.

  • Page 18: Group Settings Tests

    R3000 G ONFIGURE AND EST THE ROUP SETTINGS TESTS Group settings tests Test the Rules and Profiles feature To test the Rules and Profiles feature, first define a Rule. Rules window 1. Select Rules under Global Groups. 2. Click New Rule (the Rule # will reflect the next sequential number available for a rule).

  • Page 19: Test The Rule

    R3000 G ONFIGURE AND EST THE ROUP SETTINGS TESTS Test the Rule To test the Rule, apply it to an IP Group. IP group profile window with rule applied 1. Select AllUsers from the IP Groups. 2. Select Group Profile. 3.

  • Page 20: Custom Categories

    R3000 C ONFIGURE AND EST THE USTOM ATEGORIES Custom Categories Create and configure a Custom Category Description: The R3000 allows an administrator to create a new category not listed among the 100+ options in the Library Categories. With literally tens of millions of URLs researched and screened among those existing categories, it might seem like a case of overkill to create a new one, but many of the most useful and powerful features of the R3000 depend on the creation of Custom Categories.

  • Page 21: Custom Category Setup And Usage Test

    R3000 C ONFIGURE AND EST THE USTOM ATEGORIES 3. Type in a URL you want to add. 4. Click Add. Wait for a moment while the R3000 searches through all URLs in its Library database (including IP addresses) to find URL and IP matches. Matches are listed in the window.

  • Page 22: Filtering Profile Features

    R3000 F ONFIGURE AND EST THE ILTERING PROFILE FEATURES Filtering profile features Time Profile feature Description: The Time Profile feature lets the administrator set up a profile for any user or group to run at a scheduled time period. A user or group can have multiple time profiles, and these can be set to run at various intervals of time throughout a day, week, month, or year.

  • Page 23: Test The Time Profile

    R3000 F ONFIGURE AND EST THE ILTERING PROFILE FEATURES Adding Time Profile window 5. Click the Rule tab. 6. Double click the Society/Lifestyles Category to open it. 7. Find Alcohol, double click in the Block column, and click OK. NOTE: In order to perform the test that follows, be sure the Alcohol category isn’t blocked in any other profile for this group.

  • Page 24: Quota Feature

    R3000 F ONFIGURE AND EST THE ILTERING PROFILE FEATURES Quota feature Description: The Quota feature restricts the amount of time a user can spend in a passed category. When the user reaches 75 percent of time in a quota-designated category, the quota notice page pops up to warn the user about this information. If 100 percent of quota time is attained, the user receives a quota block page and cannot access that category until quotas are reset.

  • Page 25: Test The Quota Feature

    R3000 F ONFIGURE AND EST THE ILTERING PROFILE FEATURES Test the Quota feature 1. From an IP address within the Sales group, access countless sports-related Web sites on the Internet for a five-minute period—espn.com, sportsillus- trated.cnn.com, tennis.com, soccer.com, etc. During the course of the five minute period, you should receive a Quota Notice page informing you that 75 percent of quota time has been attained.

  • Page 26: White List Feature

    R3000 F ONFIGURE AND EST THE ILTERING PROFILE FEATURES White List feature Description: White lists are effective when a particular group requires tight control over content options. For example, rather than spend hours determining what employees in shipping shouldn’t be viewing, it is much easier to define only the things they can view.

  • Page 27: Test The White List

    R3000 F ONFIGURE AND EST THE ILTERING PROFILE FEATURES Test the White List After completing steps 1-8 above, then: 1. From an IP address contained within the Global Group range, attempt to access any of the URLs included in the Evaluation Category. Access is allowed. 2.

  • Page 28: Google/Bing/Yahoo!/Ask/Aol Safe Search Enforcement

    R3000 F ONFIGURE AND EST THE ILTERING PROFILE FEATURES Google/Bing/Yahoo!/Ask/AOL Safe Search Enforcement Description: Google, Bing, Yahoo!, Ask, and AOL have very effective safe search features that can be activated to ensure search results do not contain sexually explicit material. Unfortunately, safe search can be deactivated in the preference settings of each search engine.

  • Page 29: Search Engine Keyword Filtering

    R3000 F ONFIGURE AND EST THE ILTERING PROFILE FEATURES Search Engine Keyword Filtering Description: There are a number of words and phrases that clearly won’t be used to find business-related content on the Web. With Search Engine Keyword Filtering administrators can stop a search before it even starts (to cause trouble). The R3000 allows administrators to add words or phrases, up to 75 characters long (alphanumeric), to shut down access to restricted content right at the point an employee clicks search.

  • Page 30: How To Test Search Engine Keyword Filtering

    R3000 F ONFIGURE AND EST THE ILTERING PROFILE FEATURES 9. Activate the Search Engine Keyword Filter Control checkbox. 10. Click Apply. Adding Search Engine Keywords How to test Search Engine Keyword Filtering 1. Create a custom category called Keyword Filtering, using the keywords playboy, sex and porn.

  • Page 31: Attachment Filtering

    R3000 F ONFIGURE AND EST THE ILTERING PROFILE FEATURES Attachment filtering Description: Unchecked and unmanaged, the download of attachments can bring a network to its knees. The R3000’s Attachment Filtering feature identifies the download of a file as soon as it’s initiated, and blocks the download. Attachment filtering setup in URL Keywords How to configure attachment filtering 1.

  • Page 32: How To Test Attachment Filtering

    R3000 F ONFIGURE AND EST THE ILTERING PROFILE FEATURES Attachment filtering setup in Filter Options tab How to test attachment filtering 1. Configure the File Extensions custom category. 2. Enable URL Keyword Filter Control in the Global Group Profile. 3. Access the Internet from an IP address within the Global Group range. 4.

  • Page 33: How To Configure Wildcard Filtering

    R3000 F ONFIGURE AND EST THE ILTERING PROFILE FEATURES not be able to access http://www.sports.cnn.com, since direct URL entries take precedence over wildcard entries. Wildcard filtering How to configure wildcard filtering 1. Go to LIBRARY in the top level administrator navigation. 2.

  • Page 34: How To Test Wildcard Filtering

    R3000 F ONFIGURE AND EST THE ILTERING PROFILE FEATURES How to test wildcard filtering 1. Create a custom category called Wildcards. 2. Add the following URLs (or any three URLs) per the previous configuration instructions: a. *.playboy.com b. *.myspace.com c. *.8e6.com 3.

  • Page 35: Configure, Test, Block Services

    R3000 C ONFIGURE AND EST THE ONFIGURE TEST BLOCK SERVICES Configure, test, block services Anonymous proxies Description: Web-based anonymous proxy services provide a method to bypass Web filters. Administrators can block the Web-Based Proxies/Anonymizer library Category to keep employees away from sites that offer free anonymous proxy services.

  • Page 36: How To Test Anonymous Proxies

    R3000 C ONFIGURE AND EST THE ONFIGURE TEST BLOCK SERVICES How to test anonymous proxies 1. From an IP address in the Global Group range, go to http://proxy.org and click on Free Proxy Form. 2. Enter any URL and select GO. The request is routed through anonymous proxies and is blocked.

  • Page 37: Block Im, P2P Applications And Streaming Media

    R3000 C ONFIGURE AND EST THE ONFIGURE TEST BLOCK SERVICES Block IM, P2P applications and streaming media Description: The R3000 provides Peer-to-Peer (P2P) and Instant Message (IM) blocking. Peer-to-Peer and Instant Messaging pose significant challenges to administrators due to the risks of content type that can be passed on via these tools (images and video), as well as the ease by which these enable malicious code and viruses to circumvent many networks.

  • Page 38: How To Test For Im

    R3000 C ONFIGURE AND EST THE ONFIGURE TEST BLOCK SERVICES How to test for IM 1. From an IP address in the Global Group range, activate an IM program such as Yahoo! IM or AIM. 2. Attempt to send an instant message to another user. The attempt is blocked. How to test for P2P From an IP address in the Global Group range, attempt to access a P2P site such as Limewire.com.

  • Page 39: Real Time Probes And X-Strikes Blocking

    R3000 R ONFIGURE AND EST THE ROBES AND TRIKES LOCKING Real Time Probes and X-Strikes Blocking Real Time Probes feature Description: Real time probes allow an administrator to monitor an employee’s Internet usage in real time to determine if that user is accessing appropriate Internet content.

  • Page 40: How To Test Real Time Probes

    R3000 R ONFIGURE AND EST THE ROBES AND TRIKES LOCKING How to test Real Time Probes 1. Configure a Real Time Probe with the following criteria: • Maximum Probes to Run/Schedule Simultaneously: 10 • Maximum Probes that can be Scheduled: 5 •...

  • Page 41: X-Strikes Feature

    R3000 R ONFIGURE AND EST THE ROBES AND TRIKES LOCKING X-Strikes feature Description: The X-Strikes feature is a very powerful administrator tool that enables both the lockdown of users engaged in severe policy violations, as well as, remote notification of the violations, as they occur. X-Strikes is designed to identify and terminate Internet access of users who are frequent violators of policy, e.g.
  • Page 42 R3000 R ONFIGURE AND EST THE ROBES AND TRIKES LOCKING X Strikes Blocking Next, the actual parameters of the X-Strike feature need to be configured. 1. Select SYSTEM from the top level administrator console. 2. Click X Strikes Blocking. 3. Make the following settings: a.
  • Page 43 R3000 R ONFIGURE AND EST THE ROBES AND TRIKES LOCKING d. Set the Flood Tolerance Delay (in seconds) to determine the maximum delay that will occur before a user who accesses the same URL will receive another block page. If a user receives a block page and attempts to flood the filter through rapid refresh of the page, the X-Strikes feature will not log a strike for every attempt but instead log a strike for each Flood Tolerance Delay threshold that reached.

  • Page 44: How To Test X-Strikes

    R3000 R ONFIGURE AND EST THE ROBES AND TRIKES LOCKING X Strikes testing How to test X-Strikes 1. Set up X-Strikes with the following settings: a. Configuration: • Reset X-Strike Count Upon Authentication: ON • Maximum Strikes Before Locking the Workstation: 3 •...
  • Page 45 R3000 R ONFIGURE AND EST THE ROBES AND TRIKES LOCKING 4. After 2 minutes, access will be available again. 5. In approximately 1-2 minutes (the nuances and security settings of the email server will impact the speed of delivery, as well) a notification should be received at the email address noted in the Email Alert field.
  • Page 46 R3000 R ONFIGURE AND EST THE ROBES AND TRIKES LOCKING M86 S , R3000 E ECURITY VALUATION UIDE...

This manual is also suitable for:

R3000 hlR3000 slR3000 msa

Table of Contents