background image

ii

M86 S

ECURITY

, R3000 E

VALUATION

 G

UIDE

R3000 I

NTERNET

 F

ILTER

 E

VALUATION

 G

UIDE

© 2009 M86 Security

All rights reserved. Printed in the United States of America

Local: 714.282.6111 • Domestic U.S.: 1.888.786.7999 • International: +1.714.282.6111

This document may not, in whole or in part, be copied, photocopied, reproduced, trans-
lated, or reduced to any electronic medium or machine readable form without prior writ-
ten consent from M86 Security.

Every effort has been made to ensure the accuracy of this document. However, M86 
Security makes no warranties with respect to this documentation and disclaims any 
implied warranties of merchantability and fitness for a particular purpose. M86 Security 
shall not be liable for any error or for incidental or consequential damages in connec-
tion with the furnishing, performance, or use of this manual or the examples herein. 
Due to future enhancements and modifications of this product, the information 
described in this documentation is subject to change without notice.

Trademarks

Other product names mentioned in this manual may be trademarks or registered trade-
marks of their respective companies and are the sole property of their respective man-
ufacturers.

Summary of Contents for R3000 Series

Page 1: ...R3000 Internet Filter EVALUATION GUIDE Models R3000 HL SL MSA Software Version 3 0 00 Document Version 09 09 09...

Page 2: ...ment However M86 Security makes no warranties with respect to this documentation and disclaims any implied warranties of merchantability and fitness for a particular purpose M86 Security shall not be...

Page 3: ...a list of selected Categories 11 Group Profile 12 Set the Group Profile 12 Create edit a list of selected Categories for a Group Profile 13 Group settings tests 14 Test the Rules and Profiles feature...

Page 4: ...ard filtering 29 How to test wildcard filtering 30 Configure test block services 31 Anonymous proxies 31 How to configure anonymous proxies 31 How to test anonymous proxies 32 Block IM P2P application...

Page 5: ...t meets the needs of a wide range of filtering expec tations M86 Security offers a wide range of Internet filtering and reporting appliances that not only help companies maintain compliance with laws...

Page 6: ...u for taking the time to review 8e6 s R3000 Internet Filtering Appliance Your interest in our company and product is greatly appreciated This Evaluation Guide Is designed to provide product evaluators...

Page 7: ...de provided in the shipping carton We also recommend prior to reviewing the R3000 that you perform a complete library update This is done by going into the R3000 Administrator console 1 Click the Libr...

Page 8: ...fig uring and customizing the many capabilities of the R3000 quickly overcomes any confusion related to this simple similarity and the following exercises are meant to provide a very explicit and easy...

Page 9: ...a Group likely called something as generic as Sales and represented as an IP subset in the Global Group tree The main Group screen The GROUP administrative feature on the R3000 allows the administrat...

Page 10: ...avigate the top level administrator console to GROUP 2 Click on IP and select Add Group 3 Provide the appropriate Group name use AllUsers for this evaluation and supply a password for this group Click...

Page 11: ...lowed categories A Profile contains the particular filtering parameters that are unique to a group or individual and consists of Library Catego ries Rules Ports and numerous other filtering features t...

Page 12: ...tegories The second profile is the Group Profile A Group Profile is assigned to an IP Group under the Global Group and can contain filtering parameters different from the Global Group default For exam...

Page 13: ...from the Global Group menu This window is used for adding a filtering rule when creating a filtering profile for an entity By default Rule 1 BYPASS displays in the Current Rules pull down menu The ot...

Page 14: ...gory Groups For example in the Adult Content category group you would find the categories Child Pornography Explicit Art Obscene and Tasteless R Rated and Pornography To move all categories within a c...

Page 15: ...ecting library categories that will be passed warned always allowed or blocked for the Global Group Profile By default Custom Profile displays in the Available Filter Levels pull down menu and Uncateg...

Page 16: ...file is exactly the same as setting up the Global Group Profile except that Rules can be used to define the Profile Category Profile displays by default when Group Profile is selected from an IP Group...

Page 17: ...ry category from the Pass categories column 2 Click in the appropriate column Double click the Block column to move the library category to the blocked categories column To remove a library category f...

Page 18: ...flect the next sequential number available for a rule 3 Move categories from Pass categories to Allow or Block as desired Leave categories that don t need to be blocked in Pass NOTE For the purposes o...

Page 19: ...vels field select the Rule you created 4 Click Apply in the bottom right corner 5 Access the Internet from an IP address within the Sales group 6 Attempt to access a Web site obviously included within...

Page 20: ...useful and powerful features of the R3000 depend on the creation of Custom Categories Custom Categories in Library tree menu How to create a Custom Category 1 Navigate the top level administrator cons...

Page 21: ...custom category called Evaluation Category 2 Add any three URLs per the previous configuration instructions 3 Select GROUP from the top level administrator navigation 4 Click Global Group and select...

Page 22: ...us intervals of time throughout a day week month or year Time Profile window Set up a Time Profile 1 Select GROUP from the top level administrator console 2 Choose AllUsers from the IP Groups and sele...

Page 23: ...egory isn t blocked in any other profile for this group 8 Click Apply in the bottom right corner click Yes and then click OK 9 Click Close Test the Time Profile 1 From an IP address within the Sales g...

Page 24: ...ser receives a quota block page and cannot access that category until quotas are reset NOTE If the Overall Quota is specified in the profile the user s total quota time for all quota marked categories...

Page 25: ...tice page informing you that 75 percent of quota time has been attained 2 Continue accessing sports related Web sites After the five minute period has elapsed you should receive the Quota Block page i...

Page 26: ...ired for work without requiring administrators to keep up with employees who find creative ways to bypass black lists White list rule setup How to create and configure a White List 1 Create a custom c...

Page 27: ...allows the administrator to warn a user that sites within a specific category may violate the acceptable use policy without actually blocking them from the site outright The user will be prompted with...

Page 28: ...by the administrator of the R3000 Safe Search Enforcement Filter Options How to configure the Safe Search Enforcement feature 1 Select GROUP from the top level administrator console 2 Click Global Gro...

Page 29: ...e words and phrases can be added either one at a time or by uploading a text file Instead of questionable content and or images a block page appears Search Engine Keyword filtering How to configure Se...

Page 30: ...yword Filtering using the keywords playboy sex and porn 2 Activate Search Engine Keyword Filtering in the Global Group Profile 3 In the Global Group Profile select the Category tab 4 Move the Keyword...

Page 31: ...all it File Extensions 3 Select URL Keywords from the newly created File Extensions custom category 4 Add a file extension in the Keyword field and click Add When adding the file extensions make sure...

Page 32: ...every individual domain to the library on an ongoing basis the R3000 can accept a wildcard to block these types of sites more efficiently For example adding http myspace com where the asterisk is the...

Page 33: ...s from that category to add the wildcard URL 4 In the URL text field enter the site in the format of site com and click Add 5 Highlight the newly added wildcard URL and click Apply Action 6 Continue w...

Page 34: ...e top level administration navigation 4 Click Global Group and select Global Group Profile 5 In the Category tab move the Wildcards custom category you created from the Pass column to the Block column...

Page 35: ...prevents users from bypassing the filter if they try to use unencrypted Web and client based proxies Therefore if the site is not catego rized as Web Based Anonymous Proxies the R3000 will still be a...

Page 36: ...0 Internet Filter blocks these proxy types using the Proxy Pattern Detection feature PHPproxy form unencrypted v0 3 and 0 4 CGIProxy HTTP FTP proxy in a perl based CGI script unencrypted including CGI...

Page 37: ...h streaming media create a tremendous demand for network resources and can severely impact network performance In addition to blocking IM and P2P applications the R3000 also logs user attempts to run...

Page 38: ...essage to another user The attempt is blocked How to test for P2P From an IP address in the Global Group range attempt to access a P2P site such as Limewire com The attempt is blocked How to test for...

Page 39: ...ime Probes 1 Select REPORTING from the top level administrator console and choose Real Time Probe 2 Enable Real Time Probes by selecting On and clicking Save to apply your setting 3 Click the link Go...

Page 40: ...7 Display Name Sports Search Option Category Category Sports Start Date Time Now Total Run Time in Minutes 5 2 Click Apply and OK 3 Click the View tab to see the probe that you have just created Its...

Page 41: ...Internet access of users who are frequent violators of policy e g exhibiting multiple attempts to access blocked sites over short periods of time X Strikes feature How to configure the X Strikes feat...

Page 42: ...pt to access blocked sites the computer will be locked down if that attempt is made within the time threshold set in step 3b The lock disables further access and instead only displays a block page ind...

Page 43: ...net access will be denied 4 Select the Email Alert tab and make the following settings a In the Minutes Past Midnight Before Starting Time Interval field enter the number of minutes past midnight that...

Page 44: ...Specify Locked Life Time 2 Specify a Redirect URL DEFAULT Email Alert enter your email address Minutes Past Midnight Before Starting Time Interval 0 Interval Minutes to Wait Before Sending Alerts 1 En...

Page 45: ...00 EVALUATION GUIDE 41 4 After 2 minutes access will be available again 5 In approximately 1 2 minutes the nuances and security settings of the email server will impact the speed of delivery as well a...

Page 46: ...CONFIGURE AND TEST THE R3000 REAL TIME PROBES AND X STRIKES BLOCKING 42 M86 SECURITY R3000 EVALUATION GUIDE...

Reviews: