1. Manuals
  2. Brands
  3. Planet Manuals
  4. Monitor
  5. IM-1000
  6. User manual

Planet IM-1000 User Manual

Internet monitor
Hide thumbs
Table of Contents

Advertisement

Quick Links

Download this manual
Internet Monitor
IM-1000
User's Manual

Advertisement

Table of Contents
loading
Need help?

Need help?

Do you have a question about the IM-1000 and is the answer not in the manual?

Questions and answers

Summary of Contents for Planet IM-1000

  • Page 1 Internet Monitor IM-1000 User’s Manual...
  • Page 2 PLANET Technology. Disclaimer PLANET Technology does not warrant that the hardware will work properly in all environments and applications, and makes no warranty and representation, either implied or expressed, with respect to the quality, performance, merchantability, or fitness for a particular purpose.

  • Page 3: Customer Service

    Any error messages that displayed when the problem occurred ♦ Any software running when the problem occurred ♦ Steps you took to resolve the problem on your own Revision User’s Manual for PLANET Internet Monitor Model: IM-1000 Rev: 1.0 (November, 2006) PartNo.EM-IM1000v1...

  • Page 4: Table Of Contents

    Table of Contents Chapter 1 Introduction .................. 5 Package Contents................6 Front View ................... 7 Specification ................7 System Chapter 2 System……………………………………………....Admin………………………………………………....13 Interface IP…………………………………………….... 15 Setting………………………………………………....16 Date / Time……………………………………………... 22 Permitted IPs……………………………………………..23 Language…………………………………………..…………. 24 Software Update……………………………………....25 User List Chapter 3 User List……………………………………………....
  • Page 5 Web SMTP ………………………………….……………… 161 Web POP3 ………………………………….………………. 163 FTP ………………………………….…………………….. . 165 TELNET ………………………………….………………..167 Anomaly Flow IP Chapter 8 Anomaly Flow IP……………………………………………. Setting………………………………………………………… 171 Virus Infected IP…………………………………………..173 Intrusion IP………………………………………....176 Local Disk Chapter 9 Local Disk…………………………………………....Storage Time…………………..........180 Disk Space.................

  • Page 6: Chapter 1 Introduction

    (support mirror port function) to link IM1000 Inbound port to the any port of the hub or mirror port of core switch. Bridge mode links the IM-1000 Inbound port to firewall or gateway. Another Outbound port connects to the internal network via hub or switch.

  • Page 7: Package Contents

    Administrator easily analyze the network flow status by using these information. Virus-Infected Alarm If the internal virus-infected PC keeping send packets to paralyze the company's network, the IM-1000 would send the alarm message to inform the user and administrator. Use Bridge mode to deploy the IM-1000 can efficiently block the anomaly flow packets.

  • Page 8: Front View

    Blink to indicates there is traffic on the port Orange Steady on indicates the port is connected at 100Mbps speed 1.3 Specification Product Internet Monitor Model IM-1000 Recommend maximum concurrent user Hardware Ethernet Inbound 1 x 10/100 Based-TX RJ-45 Outbound...
  • Page 9 Management Sniffer and Bridge mode Network Connection 582,000 Concurrent Sessions 100Mbps Inbound to Outbound Throughput 50~100 Recommend concurrent user E-mail: SMTP, POP3 Internet Record Web Mail : Yahoo, Hotmail, SINA, Gmail, Hinet, PChome, Seednet, Sohu, 163, Tom, Yam IM: MSN, MSN Web Messenger, Yahoo Messenger, ICQ, QQ HTTP Telnet Sorting: by User Name or Service...

  • Page 10: Chapter 2 System

    Chapter 2 System The system administration, refers the competency to manage the IM-1000. In this Chapter, it will be define to the Admin, Interface IP, Setting, Date/ Time, Permitted IPs, Language, Log out, and Software Update. The IM-1000 is managed by the main system administrator. The main system administrator can add or delete any system settings and monitor the system status.
  • Page 11 There must be at least one administrator who have the competency to read and write in IM-1000. The default user name and password of system administrator in IM-1000 are admin and admin . Privilege: The administrator who has the competency to read/write, can change the system settings, monitor the system status, to add and cancel other administrators.
  • Page 12 Ping Enable the function, the user can send Ping (ICMP) packets to Interface. HTTP Enable this function, the user can login IM-1000 Web UI through HTTP protocol. HTTPS Enable this function, the user can login IM-1000 Web UI through HTTPS protocol .
  • Page 13 Web Management (Port Number) The system administrator can use the WebUI to manage IM-1000 anywhere. The system manager can also change the port number of IM-1000. When the port number of HTTP and HTTPS had been changed . If the system administrator want to log in to WebUI , then he must change the WebUI port number.

  • Page 14: Admin

    2.1 Admin Step1. In admin setting window click the New-Group Admin . Step2. In add new group-admin window enter te following information: Group-Admin set group_admin. Password enter 12345. Confirm Password enter 12345. In View Groups column, select the permitted group record to see. Step3.
  • Page 15 System Admin Step1. In admin find the administrator’s name that correspond to the right column, then click modify. Step2. In Modify admin password or modify group admin password window. Enter the following information Password enter admin. new Password enter 52364. confirm Password enter 52364.

  • Page 16: Interface Ip

    Enable the setting of Ping, HTTP and HTTPS function. Click OK. The interface IP setting Please do not cancel HTTP and HTTPS before setting the Interface IP, because it will let the system administrator could not enter the Web UI of IM-1000.

  • Page 17: Setting

    System setting to client, and click the download button at the right place. Step2 When it appeared File Download window click Save button, and it will show where the file will be saved. Click Save button again The settings of IM-1000 will be copied to the appointed directory.
  • Page 18 Step2. In Choose File window, choose the directory of former saved file in IM- 1000, and choose the correct setting, then click Open. Step3. Click the lower right OK, the window will closed. Step4. Click the OK inside the confirm dialogue box, the setting will import to IM-1000. Confirm the import setting...
  • Page 19 System Setting Step1. In System Setting Internet Recorder ConFiguration select Reset Factory Setting and Format Hard Disk. Step2 Click the OK in the lower right, it will restore to the factory setting of IM- 1000 and format the disk at the same time. Select Resect Factory Setting...
  • Page 20 Step2. Company Name, enter the name of the company which belong the IM- 1000. Step3. Device Name, enter the name of IM-1000. Step4. Sender Address, sending the e-mail address of the sender. Some of the ISP have request to enter in the sender address column Step5.
  • Page 21 Click Mail Test button to test E-Mail address 1 and E-Mail address 2 , to see if the e-mail sending address can receive the current caution message .
  • Page 22 System Setting Step1. In Reboot Internet Recorder Appliance Reboot button. Step2. It will show “Are you sure to reboot ?” Step3. Click OK to reboot IM-1000, or click Cancel to cancel reboot IM-1000. Reboot the internet recorder appliance...

  • Page 23: Date / Time

    System time setting Select Synchronize Sync button, the system time in IM-1000, will synchronize to the administrator’s computer. The settings of Set offset hours from GMT and Server IP can be entered with using Assist. If the local area execute the daylight saving time, then enable the daylight saving time setting.

  • Page 24: Permitted Ips

    If you want the Permitted IPs to be real working, then it must be connect from the administrator to the interface of IM-1000 WebUI, but the settings of Ping, HTTP, and HTTPS all must be canceled. Before you cancel the interface address of HTTP and HTTPS, you have to set the Permitted IPs first...

  • Page 25: Language

    2.6 Language Step1. In System Language, choose the Language you want, then Click OK Select the language version...

  • Page 26: Software Update

    It need 3 minutes to update the software, and will reboot after updated the system . Please do not turn it off, off line and exit the web page during the update or it will cause the error in IM-1000 It is...

  • Page 27: Chapter 3 User List

    Chapter 3 User List This chapter is about the users can be monitored by the IM-1000. It can automatic serch and add the new users, and the system administrator can add the lists by himself or herself.
  • Page 28 Setting User List Configuration Administrator can export the monitor user list and some related settings to the PC or import these settings into IM-1000. Department / Group The administrator can group the users according to the network structure, so that...
  • Page 29 We will setup three different user list in the application environment. Environments Example.1 The company can be divided into several departments , and part of the user department settled in different subnet. Example.2 Change the user list by import the user list configuration excel list .

  • Page 30: Example

    3.1 Example The company can be divided into several departments, and part of the user department settled in different subnet. Step1. In User List Setting, set the following settings To set the Department / Group depends on the real network deployment.
  • Page 31 Step2. In User List Logged, add the new user. Click of 172.19.0.0 subnet and the IM-1000 will search the new user in the subnet. Wait 1~2 minutes until search complete. If system administrator want to search users in specific subnet, set the search IP range and click search.
  • Page 32 Starting to search new user...
  • Page 33 User List Example 1 Select the new user to add...
  • Page 34 Complete to add the new user...
  • Page 35 IM-1000 will also look up the user DNS name correspond to the internal DNS server when searching the user list. When the searched PC has been set the PC or DNS name, then IM-1000 will use them to apply to user name. The user name priorities are : PC name...
  • Page 36 User List Example 1 Step3. Modify the user in user list Click User Name of Ray. User Name, enter Rayearth. Department / Group , select Laboratory. Click OK. Click User Name of 172.19.1.254. User Name, enter Gateway. Department / Group, select Device_Room. Select move this user to ignored user list.
  • Page 37 User List Example 1 Enter the user information to modify Complete to modify the user information...
  • Page 38 User List Example 1 Select the user to modify Enter the user information to modify Move the user to ignored user list...
  • Page 39 User List Example 1 Fig. 2-12 Complete to modify all the user list In Ignored user list, the system administrator can also select the user to move to logged user list.
  • Page 40 User List Example 1 Step4. In User List Logged, add the new subnet Click Add. Subnet , enter 192.168.139.1. Netmask, enter 255.255.255.0. Add a New user to this Department / Group, select R.D. Click OK Add a new subnet The Department / Group that selected by system administrator , which will become the default Department / Group in this subnet.
  • Page 41 Save , choose the position to save the download file.Click Save again. The user list settings will be saved in IM-1000 . Select the position to save the download file Step3. Use excel to open the user list configuration settings(user_set.csv), and...
  • Page 42 User List Example 2 The way to use the user list the contents of user_set.csv ################################################ #Format: # ~1 Group_1 How to use the User List ? ################################################ The setting of The name of Department / Group : Department/Group Department / Internal_Sales The User List can set 36 Group.
  • Page 43 User List Example 2 Step4. Change the information of Department / Group Change the 8th Department / Group information , and the original Customer_Service will change into Support. Add the 12th Department /Group information , and change Group_12 into R.D._2. Change the Department / Group information from excel...
  • Page 44 User List Example 2 Step5. To add and modify the user information in the first subnet. Change 192.168.139.216 Rayearth Department / Group information , and change the 10 Department / Group into 9 Department / Group. Insert a row under the user list in the first subnet, and enter the new user information in the row.
  • Page 45 User List Example 2 Step6. Add the third subnet and user’s information. Please enter the third subnet basic information under the second subnet user list . the range of IP, Netmask, Default Group . Please enter the basic user information under the third subnet. User IP, User Name, PC Name, Logged / Ignored List, User MAC, User Department / Group .
  • Page 46 User List Example 2 Step7. Save File user_set.csv Step8. In User List Setting, Click User List Configuration Import User List from Client PC Browse. Step9. In the Choose File window, select the modified user list setting, then Click Open. To import the modified file Step10.

  • Page 47: Chapter 4 Im Management

    Chapter 4 IM Management IM Management includs 3 main parts Configure Login Notice MIS engineer can customize the contents of IM login notice and IM-1000 can also send the IM login notice to user while he / she uses the IM software. Authentication MIS engineer can request user to pass the IM authentication first or IM-1000 will block the user’s IM connection.

  • Page 48: Configure

    4.1 Configure Login Notice MIS engineer can customize the contents of IM login notice and IM-1000 can also send the IM login notice to user while he / she uses the IM software. Step1. Select which IM notification to be enabled.

  • Page 49: Types Of Notification

    IM-1000 will notice user by NetBIOS notification about he processed the IM messages or activities after login to IM software. MSN Alert Notification IM-1000 will notice user by msn notification about he processed MSN messages or activities after login to MSN. (Only available in bridge mode) ICQ Alert Notification IM-1000 will notice the user by ICQ notification about he processed ICQ messages or activities after login to ICQ.
  • Page 50 NetBIOS login notification...
  • Page 51 IM Management Login Notice MSN login notification...
  • Page 52 ICQ login notification...
  • Page 53 IM Management Login Notice Yahoo Messnger login notification...

  • Page 54: Authentication

    4.2 Authentication MIS engineer can request user to pass the IM authentication first or IM-1000 will block the user’s IM connection. The user does not need to do any authentication once he/she passes the IM authentication. Terms Authentication Messages MIS engineer can customize the authentication messages. User will see the authenticaiton messages while he/she login the authenticaiton screen.
  • Page 55 User Distinguished Name It’s the needed account used for IM-1000 to process the authetication to LDAP server.
  • Page 56 IM Management Authentication Authentication message setting User login authentication...

  • Page 57: How To Use

    The Authentication function is only available in Bridge mode. If MIS engineer use Sniffer mode to deploy IM-1000, then appliance cannot block the IM connection and MIS engineer also cannot manage the internal user to use IM software. In other words, IM-1000 can only record the user’s IM conversation contents while using...
  • Page 58 IM-1000 provide four built-in authentication mode and also support to RADIUS, POP3 and LDAP server authentication. How to log in authentication interface? Open the browser, then type “http://IM-1000 interface/auth”. For example, http://192.168.1.1/auth...
  • Page 59 IM Management Example We set 4 authentication application environments . Method Environment Ex. 1 User(Built-in Internal user must pass the IM authentication then he/she is allowed to create MSN connection. (Use the built-in mechanism) user authentication.) Ex. 2 RADIUS Internal user must pass the IM authentication then he/she is allowed to create Yahoo connection.
  • Page 60 IM Management Example 1 Internal user must pass the IM authentication, then he/she is allowed to create MSN connection. (Use the built-in user authentication.) Step1 Add authentication user in Authentication User. Set the authentication user Step2. Select IM Management Rule Default Rule Accept : Authentication passed and MSN Message not encrypted.
  • Page 61 Example 1 Step3. If the internal user want to use MSN, then he/she must apply the use privilege of MSN from IM authentication management interface. The management interface is ”http:// IM-1000 interface/auth”, Default setting http://192.168.1.1/auth Enter the Name and Password.
  • Page 62 IM Management Example 1 Authentication success Step4 User can use the authenticated MSN account and there is no mor authentication to process in the future.
  • Page 63 IM Management Example 2 Internal user must pass the IM authentication, then he/she is allowed to create Yahoo connection. Use external RADIUS Server authentication. ( Windows 2003 built-in authentication. Deployment of Windows 2003 RADIUS Server Step1. Click Start Control Panel Add / Remove Programs , select Add / Remove Windows Components , then it shows the Windows Comonents Wizard.
  • Page 64 IM Management Example 2 Step3. Select Internet Authentication Servic Add new network authentication service components...
  • Page 65 IM Management Example 2 Step4 Click Start Control Panel Control Panel Administrative Tools , select Administrative Tools , select Network Authentication Network Authentication Service. Service. Select network authentication service...
  • Page 66 IM Management Example 2 Step5. Right click RADIUS Clients Right click RADIUS Clients New RADIUS Clien New RADIUS Clien Add new RADIUS client...
  • Page 67 IM Management Example 2 Step6. Enter the Name and Client Address( It is the same as IM-1000 IP Address ). Add New RADIUS client name and IP address setting...
  • Page 68 Step7. Select RADISU Standard, enter the Shared secret and Confirm Share . Select RADISU Standard, enter the Shared secret and Confirm Share secret ( It must be the same setting as RADIUS in IM-1000). secret ( It must be the same setting as RADIUS in IM-1000).
  • Page 69 IM Management Example 2 Step8. Right click on Remote Access Policies . Right click on Remote Access Policies New Remote Access Polic New Remote Access Polic Add new remote access policies...
  • Page 70 IM Management Example 2 Step9. Select Use the wizard to set up a typical policy for a common scenario , and enter the Policy name Add new remote access policies and policy name...
  • Page 71 IM Management Example 2 Step10. Select Ethernet . The way to add new remote access policy...
  • Page 72 IM Management Example 2 Step11. Select User Add new romote access policy user and group...
  • Page 73 IM Management Example 2 Step12. Select MD5-Challenge. The authentication of add new remote access policy...
  • Page 74 IM Management Example 2 Step13. Right click on the Radius Properties The network authentication service setting...
  • Page 75 IM Management Example 2 Step14. Select Grant remote access permission, and Remove the original setting, then click Add. The RADIUS properties settings...
  • Page 76 IM Management Example 2 Step15. Add Service-Type. Add new RADIUS properties attribute Step16. Add Authenticate Only from the left side. Add RADIUS properties service-type...
  • Page 77 IM Management Example 2 Step17. Click Edit Profile, select Authentication, and check Unencrypted authentication (PAP , SPAP). Edit RADIUS service-type dial-in property...
  • Page 78 IM Management Example 2 Step18. Add Auth User, click Start Setting Control Panel Administrative Tools, select Computer Management Enter computer management...
  • Page 79 Step21. In Authentication RADIUS function, enter IP, Port and Shared Secret. ( The setting must be the same as RADIUS server ). The RADIUS server setting Click Test, it can detect if the IM-1000 and RADIUS server can real working .
  • Page 80 Default IM rule Step23. If the internal user want to use MSN, then he/she must apply the use privilege of MSN from IM authentication management interface. The management interface is http://IM-1000 interface/auth. Default setting is http://192.168.1.1/auth. Enter the Name and Password.
  • Page 81 IM Management Example 2 Authentication setting...
  • Page 82 IM Management Example 2 Click OK Authenticated successful User can use the authenticated Yahoo account and there is no more authentication to process.
  • Page 83 Step1. Select Accept : Authentication passed and QQ Password valid in IM Management Rule Default Rule Set the QQ default rule Step2. Enter the POP3 setting in Authentication POP3 POP3 setting Click Test, to see if IM-1000 can connect to POP3 Server properly.
  • Page 84 Step3. If the internal user want to use QQ account, then he/she must apply the use privilege of MSN from IM authentication management interface. The management interface is http; //IM-1000 interface/auth. Default setting is http://192.168.1.1/auth. Enter the POP3 Server account name and password. (It is the mail account and password that used for receiving e-mails.)
  • Page 85 IM Management Example 3 Click OK QQ account authenticated succeed Step4. User can use the authenticated QQ account and there is no more authentication to process in the future.
  • Page 86 IM Management Example 4 Internal user must pass the IM authentication, then he/she is allowed to create ICQ connection. Use external LADP Server authentication. (Windows 2003 Server built-in authentication.) Windows 2003 LDAP Server Deployment Step1 Click Start Program Administrative Tools Manage MIS engineer Server.
  • Page 87 IM Management Example 4 Step3. In Preliminary Steps window , click Nex In Preliminary Steps window , click Nex The Preliminary steps Web UI...
  • Page 88 IM Management Example 4 Step4 In Server Role window, select Active Directory and click Nex le window, select Active Directory and click Nex t. t. The server role window...
  • Page 89 IM Management Example 4 Step5. In Summary of Selections window , click Nex . In Summary of Selections window , click Nex t. t. The summary of selections window...
  • Page 90 IM Management Example 4 Step6. In Active Directory Installation Wizard window, click Nex 6. In Active Directory Installation Wizard window, click Nex t. t. Active directory installation wizard...
  • Page 91 IM Management Example 4 Step7. In Operating System Compatibility window, click Nex g System Compatibility window, click Nex t. t. The operating system compatibility window...
  • Page 92 IM Managemnt Example 4 Step8. In Domain Controller Type window, select Domain controller for a . In Domain Controller Type window, select Domain controller for a new domain click N new domain click Next. ext. The domain controller type window...
  • Page 93 IM Management Example 4 Step9. In Create New Domain window, select Domain in a new forest, click Next . Create new domain window...
  • Page 94 IM Management Example 4 Step10. In New Domain Name window , enter the Full DNS name for new domain , click Next. The new domain name window...
  • Page 95 IM Management Example 4 Step11. In NetBIOS Domain Name window , enter the Domain NetBIOS name , click Next. The NetBIOS domain name window...
  • Page 96 IM Management Example 4 Step12. In Database and Log Folders window , enter the routes of Database folder and Log folder , click Next. The database and log folder window...
  • Page 97 IM Management Example 4 Step13. In Shared System Volume window, enter the Folder location, click Next. The shared system volume window...
  • Page 98 IM Management Example 4 Step14. In DNS Registration Diagnostics window , select I will correct the problem later by configuring DNS manually(Advanced), click Next . The DNS registration diagnostics window...
  • Page 99 IM Management Example 4 Step15. In Permissions window , select Permissions compatible only with Windows 2000 or Windows Server 2003 operating systems, click Next. The permissions window...
  • Page 100 IM Management Example 4 Step16. In Directory Services Restore Mode Administrator Password window, enter the Restore Mode Password and Confirm password, click Next. The directory services restore mode administrator password window...
  • Page 101 IM Management Example 4 Step17. In Summary window, click Next. The summary window...
  • Page 102 IM Management Example 4 Step18. Complete the Active Directory installation wizard. Complete the active directory installation wizard...
  • Page 103 IM Management Example 4 Step19. Click Start Programs Administrative Tools Active Directory Users and Computers . Enable active directory users and computers...
  • Page 104 IM Management Example 4 Step20. In Active Directory Users and Computers window , right click on the Users , select New User. Add new active directory user...
  • Page 105 IM Management Example 4 Step21. In New Object–User window , enter the settings , click Next . The new object – user setting window 1...
  • Page 106 IM Management Example 4 Step22. In New Object –User window, enter the password, click Next. The new object – user setting window 2...
  • Page 107 IM Management Example 4 Step23. Complete to add the user. Complete to add the user Step24. Select IM Management Default Rule Accept : Authentication passed.
  • Page 108 The default rule setting of IM...
  • Page 109 IM Management Example 4 Step25. In Authentication LDAP, enter the following setting: The LDAP Server setting Click Test it can detect if the IM-1000 and LDAP server can real working .
  • Page 110 IM Management Example 4 Step26. Internal user type http://IM-1000 interfac/auth in address cloumn of browser. For example, http://192.168.1.1/auth. Enter the authentication name and password. Enter ICQ account. Click OK. ICQ authentication setting...
  • Page 111 IM Management Example 4 Step27. User can create the ICQ connection after authenticated. Authenticated succeed...

  • Page 112: Rule

    MIS engineer can make the default IM rule for MSN, Yahoo, ICQ, and QQ. When IM-1000 detect new IM account and it will put the new account in Default Rule. On the other hand, MIS engineer can separately set the IM rule for every IM account in Account Rule, and the IM account will not affected by Default Rule.
  • Page 113 Default Rule MSN Special Default Rule IM-1000 can not record the encrypted MSN contents. MIS engineer can choose to block the MSN encrypted contents. If user selected China in Country/Region column of MSN personal profile, then user can select MSN content encryption function in Activities function.
  • Page 114 Drop: Authentication failed or MSN Message encrypted User can use MSN only if the MSN account passed authentication and MSN message not encrypted. IM-1000 will block the MSN if MSN not passed authentication or even though MSN passed authentication but its contents encrypted.
  • Page 115 IM-1000 will block the QQ if user’s QQ account did not pass the authentication and user type incorrect QQ account and password. If user select IM Management Rule Default Rule Accept: Always or Accept: Authentication passed then IM-1000 only record when user use the QQ but can not record the QQ messages.
  • Page 116 IM Management Example Environment Ex. 1 Apply the use privilege of QQ messenger from IM-1000. Ex. 2 User change the QQ password and apply the modify privilege from IM- 1000. Ex. 3 To modify the IM account information by importing the User Account List Configuration.
  • Page 117 IM Management Example 1 Apply the use privilege of QQ messenger from IM-1000 The system administrator can find there is one user who does not has the use privilege of QQ messenger from the record in IM-1000. Step1. In Record...
  • Page 118 Found the uncertificated QQ account...
  • Page 119 IM Management Example 1 Step2. Request the user to apply to modify his QQ password from IM-1000 Enter the address of http://192.168.1.1/qq_accounts in browser ( enter the string of “ /qq_accounts ”at the end of IM-1000 interface IP address), then it shows the interface of Add New QQ Account...
  • Page 120 Add new QQ account successfully...
  • Page 121 QQ Account, the administrator can see all the QQ account list. ( Administrator can not get user’s QQ password.) Password authenticated succeed Step4. IM-1000 can record the QQ contents successfully. Can record the QQ contents Record the QQ contents successfully...
  • Page 122 User had changed QQ password then applied the modify privilege of QQ password from IM-1000. Step1. The user’s QQ password is not correct. The QQ password is wrong Step2. Request user to apply to modify his/her QQ password from IM-1000. Enter the address of http://192.168.1.1/qq_accounts in browser ( enter the string of “...
  • Page 123 Example 2 Click OK to complete to modified the QQ password. Complete to modify the QQ password Step3. When the user re-login QQ, the IM-1000 will auto complete the QQ account authentication. Step4. In IM Management QQ Account, the system administrator can see the user’s QQ account has certificated.
  • Page 124 IM Management Example 2 Record the QQ message contents successfully...
  • Page 125 IM Management Example 3 To modify the IM account information by importing the User Account List Configuration (Excel list) Step1. Download the User Account List Configuration file. Click Download near Export Account Rule to Client PC in IM Management Rule Default Rule.
  • Page 126 IM Management Example 3 Step2. Open the user account list by Excel. IM_Rule_List.csv ######################################################### “#” means the #Format: description Account Rule IM_Type AuthName AuthType ######################################################### test01@hotmail.com Default sales 172.19.50.24 00:0C:29:8A:BB:46 USER test02@hotmail.com Default account 172.19.70.201 00:0A:48:0C:A6:20 - test03@hotmail.com Accept account 172.19.50.26 00:0A:48:0C:A6:20 - test04@hotmail.com...
  • Page 127 IM Management Example 3 Step3. Assume that MIS engineer want to modify one MSN account To modify the rule type and change Default to Accept test01@hotmail.com Default sales 172.19.50.24 00:0C:29:8A:BB:46 USER test01@hotmail.com Accept sales 172.19.50.24 00:0C:29:8A:BB:46 USER To modify the IP and MAC address test01@hotmail.com Accept sales...
  • Page 128 Default Rule. Import the file and click OK. Select the location to save the file Step5. Now the IM account information in IM-1000 is the modified document edited by MIS engineer. The CSV files can only modify the already existed IM account content or add new IM account, but cannot remove the IM account.
  • Page 129 but user can still enter the related POP3 information and pass the IM authentication in IM Management Interface.
  • Page 130 The user’s QQ account and password can not Password Incorrect pass the authentication. IM-1000 can not record the contents of the QQ account. IM-1000 can inspect if the stored QQ account and password are correct once user login QQ account.
  • Page 131 To Modify the IM Account Rule Step1. Select IM accout to be moved to other position. Click OK. (For example, select one MSN accout and click To Accept , to move the MSN account to Accept Accout.) Select IM account Confirm to move the account to accept account Step2.
  • Page 132 IM Management Account Rule Remove IM Account Select the IM account and click Remove. Add IM Account Step1. Select which IM service to add in IM Service function. For example, MSN. Click Add at the right column in MSN Account of Default Rule. Add MSN account of default rule Step2.
  • Page 133 Step3 Complete to add a MSN account to default rul Complete to add the MSN account of default rule...

  • Page 134: Chapter 5 Setting

    / department division . And assure the data transmission security and monitor the employee‘s internet activities. In other words, IM-1000 can prevent the employee to use the network resources to access private activity via internet.
  • Page 135 IP address (The Company uses the DHCP). When internal user want to link to the internet by IM-1000 in front of the router, the MAC address of packets will be replaced in rounter’s MAC address, then sent to IM-1000. It’s better to use the user name binds to IP address.
  • Page 136 System administrator can choose to enable the http cache setting, as IM-1000 process the http recording. Enable HTTP cache IM-1000 can record the browsed web pages by saving the whole web page contents, but it also waste more disk space.

  • Page 137: Chapter 6 User

    / department division . And assure the data transmission security and monitor the employee‘s internet activities. In other words, IM-1000 can prevent the employee to use the network resources to access private activity via internet .
  • Page 138 User Example Monitor the internet record of the specific User Step1. In Record User Logged , can select the division of user . Click subnet or department / group Select subnet classification Select department / group classification...
  • Page 139 User Example Step2 Click the user to see ( For example , use the subnet 172.19.0.0, User of Rayearth) , it shows the service record . The service types of specific user Step3 Click Today Log , to know what kind of internet activities has done by the employees.
  • Page 140 User Example Step4 click the event, to know the content of the internet activites done by the user.( For example , HTTP) Can open the http files in IM-1000...
  • Page 141 User Example Step5. Click SMTP, to know what kind of e-mail has sent by the user in SMTP service. The user’s SMTP service record Step6 Click the record, it will shows e-mail contents, and forward the mail to the specific mail box. And you can choose to open or save the attached file. The e-mail contents sent by the user...
  • Page 142 User Example Step7. Click POP3, to know what kind of e-mail has received by the user in POP3 service. The user’s POP3 service record Step8 Click the record , it shows the e-mail contents , and users can also forward this e-mail to the specific e-mail box.
  • Page 143 User Example Step9. Click HTTP, to know which web page did the user browsed. The User’s HTTP Service Record Step10. Click the record, it shows the web page. The user’s browsed web page...
  • Page 144 User Example Step11. Click IM, to know who has made the conversation with the user. Th number at right side represents the frequency of the conversation. The user ‘s MSN service record Step12. Click the number of 15 at the right side, then it shows the conversatio contents.
  • Page 145 User Example Step13. Click Web SMTP, to know what kind of E-Mail has the user sent in Web SMTP. The Web SMTP record Step14. Click the recorded subject, then it shows the e-mail contents, and it can be opened or saved. The e-mail contents sent via the Web SMTP...
  • Page 146 User Example Step15. Click Web POP3, to know what kind of e-mail has the user received in Web POP3 . The received record In Web POP3 Step16. Click the Subject, it shows the e-mail contents. The mail contents receieved from Web POP3...
  • Page 147 If the mail included the attached file, but user only read the mail content from Web POP3 records without downloading the attached file. Then IM-1000 will only notice the user about the mail has attached file and also its file name.
  • Page 148 User Example Step17. Click FTP, to know what kind of files has the user upload or download. The user’s service record in FTP Step18. Click the record, it shows File Download window, and choose to open or save. Download the file from FTP...
  • Page 149 User Example Step19. Click TELNET, to know which site has the user login. The user’s record in Telnet service Step20. Click view the content , then it shows the contents. It shows the contents when user’s Log in...

  • Page 150: Chapter 7 Service

    Chapter 7 Service IM-1000 includes eight services, it can let the MIS easy to manage all the information, ensecure the security of data transmission, and monitor the employees who use the network resources to access personal activities. SMTP Record the e-mail sent by the user mail server .
  • Page 151 According to the characteristic and keywords of mail recipient, sender, subject , name and specific date in the mail attachment , we can offer POP3 , SMTP, WebPOP3 , Web SMTP services, to search the mail record saved in IM-1000 . The function icon is In the SMTP, for example 1.
  • Page 152 According to the file name , PC name , user name , file size , specific date , some key words and characters , the administrator can use the FTP service to search the files in IM-1000. We will make some settings in FTP search function .
  • Page 153 Forward The system administrator can choose some records to forward to the specific mail box , according to the search results in POP3 and SMTP. In other words , the records backup function will be more flexible. We will add some settings in this function menu. 1.

  • Page 154: Smtp

    7.1 SMTP Step1 Click Record Service SMTP , it shows SMTP window. SMTP Step2. Click Subject to view the e-mail contents . ( ) Fig. 6-6 Click the subject in SMTP...
  • Page 155 Service SMTP Step3 It shows the mail contents sent by the user. The mail contents sent by the user It can shows the mail contents , forward function , and the MIS engineer can choose to view or save the attachment .

  • Page 156: Pop3

    7.2 POP3 Step1 Click Record Service POP3 . POP3 window Step2 Click Subject , to view the mail contents. Click the subject in POP3...
  • Page 157 Service POP3 Step3 It shows the mail contents sent by the user. The mail contents sent by the user It shows the mail contents , and then forward it . On the other hands , the attachment also can be viewed or saved .

  • Page 158: Http

    7.3 HTTP Step1 Click Record Service HTTP . HTTP Step2 Click Web Site to view. Click the web site recored...
  • Page 159 Service HTTP Step3. It shows the web site record . The user’s web site record...
  • Page 160 7.4 IM Step1 Click Record Service Step2 Click the IM record to view. Click the IM record...
  • Page 161 Service Step3 It shows the communication contents . The communication contents...

  • Page 162: Web Smtp

    7.5 Web SMTP Step1 Click Record Service Web SMTP . Web SMTP Step2 Click Subject to view the e-mail content . Click the subject in Web SMTP...
  • Page 163 Service Web SMTP Step3. It shows the Web mail content sent by the user. The mail content in Web SMTP This window shows the mail content , and the user can select to view or save the attachment.

  • Page 164: Web Pop3

    7.6 Web POP3 Step1 Click Record Service Web POP3. Web POP3 Step2 Click the Subject to view the mail content. Click the subject in Web POP3...
  • Page 165 Service Web POP3 Step3 It shows the web mail contents browsed by the user . The mail content in Web POP3 It shows the mail content , and the user can choose to view or save the attachment.

  • Page 166: Ftp

    7.7 FTP Step1 Click Record Service FTP . Step2 Click the FTP record to view. Click the FTP record...
  • Page 167 Service Step3 The user can select to open or save files via the FTP tools. To open or save the file...

  • Page 168: Telnet

    7.8 Telnet Step1 Click Record Service TELNET. TELNET Step2 Click the TELNET content to view. Click the TELNET record...
  • Page 169 Service TELNET Step3 It shows the TELNET content . The TELNET content...

  • Page 170: Anomaly Flow Ip

    Chapter 8 Anomaly Flow IP IM-1000 can block the internal anomaly mount of packets sent from external hackers and also included the mechanism of co-defense system, can enhance the enterprise network security and stability. In this chapter , we will make the introduction and settings of Anomaly Flow IP.
  • Page 171 When the session number ( per source IP ) has over the limitation of anomaly flow sessions per source IP, then IM-1000 will take this kind of IP to be anomaly flow IP and make some actions. For example, block the anomaly flow IP or send the...

  • Page 172: Setting

    Select Enable E-Mail Alarm Notification . Select Enable NetBIOS Alarm Notification . IP Address of Administrator, enter 172.19.100.254. Select enable co-defense system, and enter the IP address of switch, user name and password. Click OK. Anomaly flow IP setting in IM-1000...
  • Page 173 Anomaly Flow IP Setting Step2. Set the Non-detected IP : Click New Entry. Enter the IP Address and Netmask. Click OK. Enter the ip and netmask Complete the setting...

  • Page 174: Virus Infected Ip

    8.2 Virus Infected IP After complete the alarm setting , if the system has detected that there are many intrusion packets, it will show the alert message in Virus – Infected IP, or send NetBIOS alert message to the virus – infected user and MIS engineer’s PC.
  • Page 175 Anomaly Flow IP Virus-Infected IP Send the Net BIOS alarm to the administrator’s PC...
  • Page 176 Anomaly Flow IP Virus-Infected IP If the system administrator select Anomaly Flow IP Setting Enable E-Mail Alert Notification, the IM-1000 will automatic send the mail to alarm the system administrator.

  • Page 177: Intrusion Ip

    8.3 Intrusion IP When we complete the notification setting , the system will instant show the message at intrusion IP or send NetBIOS alarm notification to the invader and administrator’s PC after system has detected there are many intrusion packets from the external computer. The notification of intrrusion IP The NetBIOS notification sent to the intrusion IP...
  • Page 178 Anomaly Flow IP Intrusion IP The Net BIOS notification sent to the administrator’s PC...
  • Page 179 Anomaly Flow IP Intrusion IP If the system administrator select Anomaly Flow IP Setting Enable E-Mail Alert Notification , the IM-1000 will automatic send the mail notification to system administrator.

  • Page 180: Local Disk

    Chapter 9 Local Disk MIS engineer can easily know the current disk utilization included disk space and the estimated disk utilization and percentage of 8 services depends on the storage time that MIS engineer had set.

  • Page 181: Storage Time

    Total Hard Disk Space The total hard disk space in IM-1000. Estimated Storage Utilization and Percentage IM-1000 can estimate how much does the service utilization take part of total storage space and its percentage depends on daily average service flow and storage time.

  • Page 182: Disk Space

    9.2 Disk Space Hard Disk Utilization The 8-recorded services are displayed in different colors, the white color represents the free disk space.Use the mouse point to each color, it shows the service name and the 8-recorded services utilization in the storage disk . The 8-Recorded Services Utilization : It will arrange the TOP 10 users by the service utilization in graphic charts.
  • Page 183 The Storage disk information...

  • Page 184: Remote Backup

    Chapter 10 Remote Backup MIS engineer can backup the IM-1000 recorded files to remote NAS or file server. Advantages of remote backup 1. No storage limitation. 2. To avoid losing recorded files. For example, the records be removed by IM- 1000 when over the storage time or system make the unpredictable errors.

  • Page 185: Backup

    It is where the remote share directory located. Connection Status of Remote Hard Disk Connection Status To show if IM-1000 can connect to remote hard disk. Disk Space for Backup To show the needed disk space for backup. Hard Disk Utilization To show the total remote hard disk space and remained disk space.
  • Page 186 then he must set the backup folder to be July 2006 in Remote Backup Setting Browse. And he can also look up the record in July 2006 in Remote Backup Service.
  • Page 187 Set the mail notice setting Step2. To set the backup path. Enter the Computer Name / IP. Enter the name of Shared Directory. Enter the login ID for IM-1000 to login. Enter the password for IM-1000 to login Set the backup path...
  • Page 188 Remote Backup Setting Step3. Click Test ,and system shows a pop up window. MIS engineer can click nnection Test to see if IM-1000 can connect to the remote shared directory. To test if IM-1000 can connect to remote backup folder Step4.
  • Page 189 Connection Status of Remote Hard Disk...
  • Page 190 Remote Backup Setting Step5. The IM-1000 will backup the records to the IP address that MIS engineer had set in Backup Setting Computer Name / IP at 00:00 AM. Remote shared directory...
  • Page 191 Remote Backup Setting To set Backup Immediately Step1. Select the backup time. Step2. Select the service type to backup. Step3. Click OK Set backup immediately Step4. IM-1000 will send mail notice after backup completed...
  • Page 192 Remote Backup Backup the Shared Directory Backup the record of Shared Directory If MIS engineer want to backup the remote backup record of shared directory to other place, for example, to backup the contents by Compact Disc or backup the records of specific day to other folder, then MIS engineer must prepare the following files.
  • Page 193 user.MDY Remote Backup Backup the Shared Directory user.MYI The IM record contain 3 plus extension files which not included date. So MIS engineer also need to backup these 3 extension files when processing IM records backup im_own_alias_.frm im_own_alias_.MYD im_own_alias_.MYI All data types of every service category Service Data Type Name...

  • Page 194: Browse

    10.2 Browse Set Browse Folder Step1. Set the backup folder to browse. And the way to set Browse Setting is the same as Backup Setting. Set the browse setting Step2. MIS engineer can see the record contents saved in remote shared directory in Remote Backup Service after MIS engineer had comp leted...

  • Page 195: Report

    Chapter 11 Report The report can display the flow status and data in storage disk by the graphic charts. It also can mail the statistics report to specific e-mail address depends on the administrator’s demand . The report included three main parts Setting , Flow report, and Storage report . In this chapter , we will make the introduction of these three sections.
  • Page 196 1. Select yearly report , monthly report , weekly report and daily report . 2. Click OK . 3. The NUS- IM-1000 will send the storage report to the recipient when the time arrived. 4. In History Report , choose the selected date to mail.
  • Page 197 The periodic report setting...
  • Page 198 The storage report...
  • Page 199 The history report mail setting Receive the history report...
  • Page 200 The storage report...
  • Page 201 The IM-1000 will mail the statistics report to recipients by PDF attachment.

  • Page 202: Storage Report

    11.1 Storage Report In Record Service , it contains the 8 different services as the same as the record in Storage Report . It shows the status of storage space and flow report. The Storage Report is displayed in Step1. Hard Disk Utilization The 8 services are record in different colors . When the mouse point to the colors , it will show the service name and the usage space .
  • Page 203 Report Storage Report Step3. According to the time unit in every service . It is displayed in Ordinate The service usage . Its unit is Mbytes . Horizontal ordinate It represents the Time . The storage report of every service...

  • Page 204: Status Chapter 12 Status

    3.Record Info : It shows the current 8 services connection information. HTTP, FTP, POP3, SMTP, IM, TELNET, Web Mail 4. Event Log : It records every events occurred in IM-1000, such as modify settings, anomaly flow alert, forward mails , delete files and etc.

  • Page 205: System Info

    12.1 System Info Step1. In Status System Info , it shows the current system information of IM- 1000. System Uptime The cumulate time in the IM-1000 until the current time. CPU Utilization The CPU utilization in IM-1000 . HardDisk Utilization The hard disk utilization in IM-1000.
  • Page 206 Status System Info The system info...

  • Page 207: Arp Table

    Step1. In Status ARP Table , it shows the the information of user name, computer name , IP address and MAC address connected to the IM-1000 . User Name The identifid name of record in the computer . Computer Name The identified name on the internet in this computer .

  • Page 208: Record Info

    12.3 Record Info Step1. In Status Record Info, it shows the current 8 services connection information HTTP FTP POP3 SMTP IM TELNET Web Mail Select the refresh time period in Manually drop down menu. Or click Refresh , and system will instantly refresh the connection record information.
  • Page 209 Status Record Info Search the related connection information...

  • Page 210: Event Log

    12.4 Event Log Step1. In Status Event Log ,it records events occurred in IM-1000, such as modify settings, anomaly flow alert, forwarding mails , file delete action and etc. Click , and search the event. Click , IM-1000 shows the event information in detail.
  • Page 211 Status Event Log System shows event log in detail...

Table of Contents