manualshive.com logo in svg

Freedom9 freeGuard Capture 1000, User Manual

The Freedom9 freeGuard Capture 1000 product is a powerful network security appliance designed to protect your data and communications. Ensure optimal performance by following the User Manual provided. Download the manual for free from manualshive.com, to learn more about product functionalities and configurations.

Share
Download
background image

freeGuard Capture Appliance User’s Manual 

 

 

 

77 

9  Anomaly Flow IP 

 
When the corporate network is under a DoS (or DDoS) attack, the ICR appliance will take 
actions (such as sending alerts) to protect the internal network.  
 
This chapter will be discussing the functionality and application of Anomaly Flow IP. 

Figure 77, Anomaly flow IP menu 

 

 

Overview 

z

 

Threshold sessions of anomaly flow (per Source IP)  
Threshold value to identify the anomaly flow. 

 

z

 

Anomaly Flow IP Blocking  
Block the IP which generates the Anomaly flow. 
 

z

 

Alert Notification 
Send the alerts by email and/or NetBIOS message. 

 

z

 

Co-Defense System 
The ICR appliance is able to cooperate with a core switch to against anomaly flow, 
protecting corporate network from being paralyzed. 

 

z

 

Non-detected IP  
If a local server is known as a service provider, not an anomaly flow IP, then this 
server can be classified as a non-detected IP. 

 

Summary of Contents for freeGuard Capture 1000

Page 1: ...freeGuard Capture Internet Content Recorder and Email Archiver USER S MANUAL Part ICR 1000 ICR 2000 Rev 2 0...

Page 2: ...eproduced or translated into another language without prior expressed written consent from Freedom9 Inc Copyright 2008 the freedom9 company logo are trademarks or registered trademarks of Freedom9 Inc...

Page 3: ...e If installed in a closed or multi unit rack assembly the operating ambient temperature of the rack environment may be greater than room ambient Therefore consideration should be given to installing...

Page 4: ......

Page 5: ...STEM CLOCK SYNCHRONIZATION 20 USER GROUPS MANAGEMENT 21 3 SYSTEM 22 INTERFACE OVERVIEW 22 ADMINISTRATOR ACCOUNTS 24 Admin Account 24 Read Write Privileges 24 Group Administrator 24 INTERFACE IP 26 Set...

Page 6: ...IST 42 5 INSTANT MESSAGING MANAGEMENT 43 CONFIGURE 43 Login Notice 43 Login Notice Examples 44 AUTHENTICATION 47 Setting 47 User 47 RADIUS 48 POP3 48 LDAP 48 RULES 49 Default Rule 49 Account Rule 51 6...

Page 7: ...1 OVERVIEW 71 TODAY TOP 10 72 HISTORY TOP N 74 Flow Statistics 76 9 ANOMALY FLOW IP 77 OVERVIEW 77 ANOMALY FLOW IP SETTING 78 VIRUS INFECTED IP 79 INTRUSION IP 80 10 LOCAL DISK 81 STORAGE TIME 81 DISK...

Page 8: ...4 EVENT LOG 102 14 TECHNICAL SUPPORT 103 Online Support 103 Telephone Support 103...

Page 9: ...e 18 Interface IP address setup 26 Figure 19 System setting page 27 Figure 20 Save the configuration file 28 Figure 21 Reboot confirmation 29 Figure 22 System date time setting 30 Figure 23 Add a new...

Page 10: ...ownload the search result 63 Figure 64 Records Captured POP3 IMAP 64 Figure 65 Records Captured HTTP 65 Figure 66 Records Captured IM 66 Figure 67 Records Captured Web SMTP 67 Figure 68 Records Captur...

Page 11: ...Figure 92 Report Settings 90 Figure 93 Daily report sent by the email 91 Figure 94 Sample Report by Email Network Traffic 92 Figure 95 Daily Report by Users partial 94 Figure 96 Report Sample Weekly R...

Page 12: ...8...

Page 13: ...and easy to limit the access to certain services and by monitoring employee activity organizations can quickly improve their productivity Feature highlights Key features z Supports Sniffing and Bridg...

Page 14: ...z Power Led Green the appliance is powered on z Hard Disk LED Flashing System is accessing data from the hard drive z Console Port One DB9 console port for serial cable connection z WAN LAN ports RJ...

Page 15: ...freeGuard Capture Appliance User s Manual 11 Front Panel for ICR2000 Figure 2 ICR2000 Front Panel...

Page 16: ...h ICR appliance from Freedom9 Inc has been pre configured with IP address and one administration account The default IP address for the ICR appliance is 192 168 1 1 with subnet mask set to 255 255 255...

Page 17: ...freeGuard Capture Appliance User s Manual 13 Sniffer Mode Link one of the internet recorder s port to the mirror port of core switch or any port of the hub Figure 4 Deployment Sniffer Mode...

Page 18: ...art the web browser IE or Netscape browse to http 192 168 1 1 Once you see the pop up login dialogue box type in the correct User Name and Password to login If it s the first time of login please use...

Page 19: ...freeGuard Capture Appliance User s Manual 15...

Page 20: ...zard Figure 7 Setup Wizard Setup Wizard will help you on the configurations on Choose display language for the Web interface Choose the default HTML Character Encoding method Figure 8 Choose default H...

Page 21: ...method is generally used in the network that clients PC does not have a unique IP address such as a network with DHCP implemented Setup Interface IP Address If different IP addresses range has been u...

Page 22: ...ur reference you may configure your management address based on the subnet ranges below 10 0 0 0 10 255 255 255 172 16 0 0 172 31 255 255 192 168 0 0 192 168 255 255 Enter all the subnet information t...

Page 23: ...Capture Appliance User s Manual 19 If the interface IP has been changed in previous steps and the Finish button was clicked you ll need to use the new IP address for your web browser in order to log...

Page 24: ...rver Please adjust the time lag depends on the time area or click Synchronize system clock with this client in order to provide the current time for the system Figure 12 System clock synchronization I...

Page 25: ...the user groups the number of supported user groups may vary depends on which model of ICR appliance you have Figure 13 Set the name of department or group Under User List Logged system will display t...

Page 26: ...to the deployment Bridge mode WAN port and LAN port works individually Sniffer mode WAN port serves as a packet receiver it can be connected to the mirror port of a core switch or a network hub LAN p...

Page 27: ...ce z Language language used for page display z Install Wizard wizard for quick and easy configuration z Logout logout from the Web interface z Software Update upgrade the firmware of ICR appliance E m...

Page 28: ...ate the ICR appliance the administration account is required Admin is the default login name for system administration and it can not be changed nor removed You can add more administration accounts an...

Page 29: ...freeGuard Capture Appliance User s Manual 25 Figure 16 Create a Group Administrator 1 Figure 17 Create a Group Administrator 2...

Page 30: ...nterface for ICR appliance Figure 18 Interface IP address setup Ping response can be enabled on the unit so the unit will send back the response to the PING test from the administrative PC Administrat...

Page 31: ...ge This page allows you to initialize the ICR appliance backup restore configuration files perform a factory reset Format the hard drive repair the database setup email alert change the mode of the de...

Page 32: ...gs from a saved configuration file click Browse button to locate the file and click the OK button at the bottom of the page to apply the change Figure 20 Save the configuration file HTTP and HTTPS Com...

Page 33: ...boot task once it s been confirmed by the administrator Figure 21 Reboot confirmation Some tasks such as Format hard drive Database repair and system reboot may take some time to finish Some changes t...

Page 34: ...me setting Synchronize system clock The IP address of the NTP server is required in order to have the ICR system clock get synchronized you can also determine the frequency of the synchronization Dayl...

Page 35: ...IP Addresses for HTTP HTTPS and or PING Step 2 Disable the HTTP and HTTPS under System Interface IP page Figure 23 Add a new Permitted IP Address Once click OK the IP address will be added to the lis...

Page 36: ...ICR appliance is to use the Setup Install Wizard It ll guide you through the display languages system clock system deploy mode client user name binding method the settings of network interfaces and th...

Page 37: ...commended i e using a workstation physically located in the same LAN with ICR appliance To update with a newer firmware click Browse button to locate the file and then click the OK button to apply It...

Page 38: ...e make sure the firmware is correct for the model you have to avoid any possible data lost or discrepancy For more information on the release of the new firmware please contact Freedom9 technical supp...

Page 39: ...ork traffic capturing for all users Figure 28 User List menu Setting The administrator with proper privileges can create modify or remove a user group The number of user groups to be managed may vary...

Page 40: ...ocal file of the management workstation and it can be imported uploaded from a CSV file Figure 30 Save export user groups to file Setting Upload User List You can download the file for the user list a...

Page 41: ...ame if there s a computer name can be recognized all the subnet will be identified Users will be classified based on its subnet and listed on the User List Logged page And there are two ways for displ...

Page 42: ...ist modify a user Click on any user to modify the details for it you can assign a new user name change or assign the group name or move the user to the Ignore List Figure 33 Modify a user 1 Figure 34...

Page 43: ...as shown in the picture below Figure 35 Search for a user Once you click the search icon a pop up browser window will display the search dialogue box Figure 36 Search for a user search box And then t...

Page 44: ...Add new subnet to the group To add a new subnet to the Group click Add button Figure 38 Add a new subnet to the user group Figure 39 Add a new subnet Example After click OK button the new subnet will...

Page 45: ...Figure 40 User List Group View You can also move a Logged user to be ignored by the ICR appliance which will make the appliance NOT to capture the network packets from to that user To have a user not...

Page 46: ...iscovered and they will be displayed on the User List Logged page User names may be displayed in various forms The display name of a user client will be chosen from its computer name its entry from th...

Page 47: ...count or IM application IM Management provides settings for 1 Login notice configuration 2 Authentication configuration 3 Rules Figure 44 IM Management menu expended Configure Login Notice Login notic...

Page 48: ...Examples Here s an example for the notification in MSN messenger clients Once the user successfully signed on to MSN server using MSN client a MSN conversation window will be popped up with the notifi...

Page 49: ...freeGuard Capture Appliance User s Manual 45 Figure 46 IM Login Notice MSN Example Here s an example for NetBIOS message Figure 47 IM notice NetBIOS example Example for ICQ...

Page 50: ...46 Figure 48 IM notice ICQ...

Page 51: ...of the four available authentication methods namely User Radius POP3 and LDAP to regulate internal users access to instant messaging Setting Authentication Message is used to prompt the users when th...

Page 52: ...48 RADIUS POP3 LDAP...

Page 53: ...ance User s Manual 49 Rules Default Rule IM access can be regulated based on the IM clients including web based clients For newly detected IM users the default rule will be applied Figure 50 IM Authen...

Page 54: ...50...

Page 55: ...d into three categories namely default account accept account and drop account System administrator may regulate the IM access by arranging users in different account Figure 51 IM Authentication Accou...

Page 56: ...t supported by the ICR appliance may vary depend on the model and firmware installed Currently the ICR appliance supports up to 11 different P2P protocols such as Bit Torrent Apple Juice iMesh eDonkey...

Page 57: ...is not allowed to use the P2P protocol the request will be dropped System administrator may regulate the P2P access by arranging users in different account Figure 53 P2P Management User Rule To move...

Page 58: ...54 To move the two users to be the Drop accounts list just click the link says to Drop...

Page 59: ...appliance captures the network traffic search view download or remove the captured records according to network protocols or user names Setting Under Record Settings you ll find the configuration pag...

Page 60: ...using fixed IP addresses binding to IP Address User Name IP binding is commonly used Online activities recorded from the same IP address will be seen as from the same user For company using DHCP dist...

Page 61: ...through an on site proxy server The maximum entries to be displayed This option allows you to specify the records per page to be displayed on the Web interface any integer value from 10 to 200 are val...

Page 62: ...g This option allows you to keep a copy of what the HTTP web pages visited by the user If it s checked a snapshot of the visited pages will be saved to the local hard drive Otherwise only the URL of t...

Page 63: ...ay Figure 57 Captured data by user Move the mouse to the user name for details To switch to the department group view click on the button called Department Group Click the user name IP address to show...

Page 64: ...60 Or you can choose Customer View from the pop up menu for more specific search over the history Figure 58 Customer view search by user...

Page 65: ...P3 FTP and Telnet Figure 59 Record Service SMTP Messages It captures and archives all the emails sent from the internal mail server with SMTP protocol Records can be searched with combined criteria th...

Page 66: ...rward icon Figure 61 Records Captured Forward To search for the records or define the search criteria click the Search icon the search page will be displayed Once you enter the keywords for search cli...

Page 67: ...he search result will look like this all the keywords are high lighted as shown below All records are displayed per day To save the searched result to a local file click the Download button on the sea...

Page 68: ...the records or define the search criteria click the Search icon the search page will be displayed Depends on the data volume the search in the email database may take some time To forward a copy of t...

Page 69: ...define the search criteria click the Search icon the search page will be displayed Click the links under Web Site column to see the contents of the visited captured HTTP URL In order to view the snaps...

Page 70: ...lay names of an instant messaging chat it can also capture and archive file s transferred during the text conversation Figure 66 Records Captured IM More examples for captured IM chats To search for t...

Page 71: ...rted Web based email server may vary Currently ICR appliance supports web mail service provided by Yahoo GMail Hotmail Seednet PChome Hinet Sina Sohu 163 126 Yam and Tom An example of the captured rec...

Page 72: ...liance supports web mail service provided by Yahoo GMail Hotmail Seednet PChome Hinet Sina Sohu 163 126 Yam and Tom An example of the captured records through Web POP3 communication to view the email...

Page 73: ...s It archives files transferred via FTP protocol Figure 69 Records Captured FTP To download the captured FTP transfer click on the URL under File Name column Figure 70 Records Captured FTP download a...

Page 74: ...ession communicated through Telnet protocol Figure 71 Records Captured Telnet Sessions To view the details for the session click the icon under Detail column The screen shot below is an example of the...

Page 75: ...Logged are used as a basis for displaying the User Name z 8 Recorded Others indicates respectively the sum total of traffic of 8 major services namely SMTP POP3 HTTP IM Web SMTP Web POP3 FTP and Teln...

Page 76: ...mpled in bits per second z Y axis indicates time z Blue line signifies the continuous variation of the major services z Brown line signifies the continuous variation of other services z Gray line indi...

Page 77: ...freeGuard Capture Appliance User s Manual 73 Detailed statistics per user can be displayed by clicking on the user name with the URL link...

Page 78: ...requently used services of a specific period of time will be displayed page navigation is provided in order to view the data for all the users Figure 75 Flow Analysis Top N In History statistics in Se...

Page 79: ...nistrator to send a copy of the report by email the recipient will get an email with a PDF formatted report attached The administrator can also download the report to local hard drive for future refer...

Page 80: ...76 Flow Statistics This page displays the statistics chart of the packets processed in the certain period Figure 76 Flow Analysis Statistics Chart...

Page 81: ...z Threshold sessions of anomaly flow per Source IP Threshold value to identify the anomaly flow z Anomaly Flow IP Blocking Block the IP which generates the Anomaly flow z Alert Notification Send the a...

Page 82: ...ert notification to designated email address If the Enable Anomaly Flow IP Blocking is checked all sessions created by an anomaly flow IP will be dropped to ensure the Internet access for other users...

Page 83: ...ose might be infected by Virus When a DDoS attack occurs the ICR appliance will add an entry to the list and send out alert by email and or NetBIOS notification Figure 79 Virus infected IP Figure 80 N...

Page 84: ...source IP address and the time of the event happened The administrator can click the Clear button to remove all the records in the list or click Download to have a plain text version displayed on the...

Page 85: ...igure 83 Local Disk Menu Storage Time z Total Hard Disk Space Total usable capacity of the local hard drive for record capturing z Service The 8 major services to be recorded namely SMTP POP3 HTTP IM...

Page 86: ...82 Figure 84 Storage Time...

Page 87: ...ge space move the cursor over a color and then it shows what service it is and the used storage space z SMTP It indicates the total used storage space of SMTP records and list of the top 10 users z PO...

Page 88: ...84 Figure 85 Disk Space Usage An example to the disk space usage report Figure 86 Disk Space Usage Report...

Page 89: ...freeGuard Capture Appliance User s Manual 85 Different color will be used for each protocol which makes the chart easy to read Figure 87 Disk space usage details continued...

Page 90: ...Backup which will be run automatically to create a copy of the captured records to a remote storage device such as a NAS Network Attached Storage device or a network share Figure 88 Remote Backup men...

Page 91: ...tion Status of Remote Hard Disk Displays the access validity assigned access privilege read write space requirement for next backup and current available space of remote storage space z E mail Setting...

Page 92: ...e the duration is defined the required hard drive space will be displayed on the screen Browse Settings z Connection Status of Remote Hard Disk It displays the status of the connection to the remote s...

Page 93: ...jor network services supported by the ICR appliance Click the service name to show captured records of it To search in the same service click the search icon to forward the selected records tick the c...

Page 94: ...ng the management on corporate network Setting Settings Scheduled Report Periodic Under Report Settings you can define how the report will be generated and sent to the administrator s email address wh...

Page 95: ...freeGuard Capture Appliance User s Manual 91 Figure 93 Daily report sent by the email...

Page 96: ...92 Figure 94 Sample Report by Email Network Traffic...

Page 97: ...freeGuard Capture Appliance User s Manual 93...

Page 98: ...generated at 12 00 am on the first day of the week 4 Daily report gets generated at 12 00 am everyday Settings History Report You can also retrieve the history report by specifying a period in the pas...

Page 99: ...freeGuard Capture Appliance User s Manual 95 Figure 96 Report Sample Weekly Report...

Page 100: ...96 Figure 97 Report Sample Weekly Traffic Weekly report by user...

Page 101: ...orage Report Storage Report shows the bar charts of disk usage indicating the disk space utilization of each service It has viewed by day week month or year How to read the chart z Y axis indicates th...

Page 102: ...98...

Page 103: ...System Status page shows the resource usage session amount and system event log of the ICR appliance System Info Includes the usage of CPU hard disk memory and RAM disk all information are illustrate...

Page 104: ...100...

Page 105: ...created by each service such as HTTP FTP POP3 SMTP IM Telnet Web Mail and P2P Figure 99 System Status Current Session Records can be searched with criteria such as service status protocol source IP de...

Page 106: ...ICR appliance Older event will be removed from the system based on the expiration date for the event log is defined in System Settings Log storage time area Figure 101 Status Event Log To view more in...

Page 107: ...ial Web site please check the support page www freedom9 com support for latest information on technical articles frequently asked questions successful stories etc Telephone Support All the customers w...

Reviews:

No comments

Related manuals for freeGuard Capture 1000

Baracoda All in One Printer Communication Protocol Manual preview
All in One Printer
Brand: Baracoda Pages: 42
Billion BiPAC 4500NZ(L) User Manual preview
BiPAC 4500NZ(L)
Brand: Billion Pages: 146
DataRemote CDS-9010 Quick Start Manual preview
CDS-9010
Brand: DataRemote Pages: 2
Lantronix SISPM1040-582-LRT Quick Start Manual preview
SISPM1040-582-LRT
Brand: Lantronix Pages: 2
Lantronix SDS1101 Quick Start Manual preview
SDS1101
Brand: Lantronix Pages: 7
Lantronix Maestro E220 Series Quick Start Manual preview
Maestro E220 Series
Brand: Lantronix Pages: 25
X-Micro WLAN 11g User Manual preview
WLAN 11g
Brand: X-Micro Pages: 74
NETGEAR RAXE500 User Manual preview
RAXE500
Brand: NETGEAR Pages: 169
ICT Protege PRT-PX16-PCB Installation Manual preview
Protege PRT-PX16-PCB
Brand: ICT Pages: 34
Planet ADSL 2/2+ VPN Firewall Router ADE-4300A/B User Manual preview
ADSL 2/2+ VPN Firewall Router ADE-4300A/B
Brand: Planet Pages: 132
Cytron Technologies SHIELD-2AMOTOR User Manual preview
SHIELD-2AMOTOR
Brand: Cytron Technologies Pages: 13
ZyXEL Communications Prestige 100L Quick Start Manual preview
Prestige 100L
Brand: ZyXEL Communications Pages: 170
B&B Electronics Elinx EIR510 Series Quick Start Manual preview
Elinx EIR510 Series
Brand: B&B Electronics Pages: 2
Casablanca W-500 Technical Bulletin preview
W-500
Brand: Casablanca Pages: 13
LaCie FireWire 800 ExpressCard 34 Quick Install Manual preview
FireWire 800 ExpressCard 34
Brand: LaCie Pages: 24
Thermaltake Extreme Spirit Il Instruction preview
Extreme Spirit Il
Brand: Thermaltake Pages: 2
Paradyne iMarc SLV 9820-2M Installation Instructions Manual preview
iMarc SLV 9820-2M
Brand: Paradyne Pages: 24
Inspired Energy ATA004N Operating Instructions preview
ATA004N
Brand: Inspired Energy Pages: 5

Brands by name

Popular brands

Load more brands