Table of Contents
Advertisement
iPrism
Profiles' flexibility stems from the fact that each profile is made up of one or more individual filtering
criteria, called an Access Control List (ACL). An ACL tells iPrism what to do for each category of
website and specifies which traffic gets blocked or monitored. For example, ACLs can block access
to websites of an "adult" nature (and monitor any attempt to access them), monitor any accesses to
site categorized as "nudity" (and allow the user to access them), and let all other requests through
unmonitored and unblocked.
A profile can consist of a single ACL, which would provide the same degree of filtering all the time, or
it can utilize several ACLs, allowing different degrees of filtering at specific times. This is how a single
profile is able to provide a different level of filtering at various times of the day.
For detailed information about ACLs and how they work, see
How iPrism Uses Profiles
There are different ways that iPrism can make use of a filtering profile, depending on how iPrism is
configured on your network and whether or not you are using authentication:
•
Filtering by groups or local users, based on username. This type of filtering associates a
profile with a given user. It does not matter which machine they use, the user will always get the
same profile, as it is based on their username.
User-level filtering works well in environments where you want some people to have significantly
more (or less) access to the web than others. It also offers an additional layer of protection
because the user's profile applies to them no matter which workstation they log into.
Before a user can access the Internet s/he must be authenticated. iPrism provides a variety of
authentication methods and can access authentication servers like NTLM (for Microsoft Win-
dows users), Kerberos (for Microsoft Windows and Macintosh users) and LDAP (for Macintosh,
UNIX, Linux, and Novell users). See
•
Network-level filtering, based on a range of IP addresses. For network-level filtering, you
specify a set of IP addresses and associate a profile with them. For example, if your iPrism is for
a library, you can have one profile for the computers in the children's reading area, and another
for the adult library users.
Note: If a user has been successfully authenticated and their username is not
included in an iPrism group, iPrism will fall back to network-level filtering; i.e.,
they will be assigned a profile based on their workstation's IP address. Users
that cannot be authenticated will be blocked from all Web requests and IM/P2P
protocol traffic.
Chapter 3 Profiles & Filters
Access Control Lists
Directory Services
for more information on authentication.
Administration Guide
(ACLs).
20
Advertisement
Table of Contents
Need help?
Do you have a question about the iPrism Web Security and is the answer not in the manual?
Questions and answers