background image

freeGuard Capture Appliance User’s Manual 

 

 

 

45 

Figure 46, IM Login Notice – MSN Example 

 

 
Here’s an example for NetBIOS message, 

Figure 47, IM notice - NetBIOS example 

 

 
 
 
Example for ICQ, 

Содержание freeGuard Capture 1000

Страница 1: ...freeGuard Capture Internet Content Recorder and Email Archiver USER S MANUAL Part ICR 1000 ICR 2000 Rev 2 0...

Страница 2: ...eproduced or translated into another language without prior expressed written consent from Freedom9 Inc Copyright 2008 the freedom9 company logo are trademarks or registered trademarks of Freedom9 Inc...

Страница 3: ...e If installed in a closed or multi unit rack assembly the operating ambient temperature of the rack environment may be greater than room ambient Therefore consideration should be given to installing...

Страница 4: ......

Страница 5: ...STEM CLOCK SYNCHRONIZATION 20 USER GROUPS MANAGEMENT 21 3 SYSTEM 22 INTERFACE OVERVIEW 22 ADMINISTRATOR ACCOUNTS 24 Admin Account 24 Read Write Privileges 24 Group Administrator 24 INTERFACE IP 26 Set...

Страница 6: ...IST 42 5 INSTANT MESSAGING MANAGEMENT 43 CONFIGURE 43 Login Notice 43 Login Notice Examples 44 AUTHENTICATION 47 Setting 47 User 47 RADIUS 48 POP3 48 LDAP 48 RULES 49 Default Rule 49 Account Rule 51 6...

Страница 7: ...1 OVERVIEW 71 TODAY TOP 10 72 HISTORY TOP N 74 Flow Statistics 76 9 ANOMALY FLOW IP 77 OVERVIEW 77 ANOMALY FLOW IP SETTING 78 VIRUS INFECTED IP 79 INTRUSION IP 80 10 LOCAL DISK 81 STORAGE TIME 81 DISK...

Страница 8: ...4 EVENT LOG 102 14 TECHNICAL SUPPORT 103 Online Support 103 Telephone Support 103...

Страница 9: ...e 18 Interface IP address setup 26 Figure 19 System setting page 27 Figure 20 Save the configuration file 28 Figure 21 Reboot confirmation 29 Figure 22 System date time setting 30 Figure 23 Add a new...

Страница 10: ...ownload the search result 63 Figure 64 Records Captured POP3 IMAP 64 Figure 65 Records Captured HTTP 65 Figure 66 Records Captured IM 66 Figure 67 Records Captured Web SMTP 67 Figure 68 Records Captur...

Страница 11: ...Figure 92 Report Settings 90 Figure 93 Daily report sent by the email 91 Figure 94 Sample Report by Email Network Traffic 92 Figure 95 Daily Report by Users partial 94 Figure 96 Report Sample Weekly R...

Страница 12: ...8...

Страница 13: ...and easy to limit the access to certain services and by monitoring employee activity organizations can quickly improve their productivity Feature highlights Key features z Supports Sniffing and Bridg...

Страница 14: ...z Power Led Green the appliance is powered on z Hard Disk LED Flashing System is accessing data from the hard drive z Console Port One DB9 console port for serial cable connection z WAN LAN ports RJ...

Страница 15: ...freeGuard Capture Appliance User s Manual 11 Front Panel for ICR2000 Figure 2 ICR2000 Front Panel...

Страница 16: ...h ICR appliance from Freedom9 Inc has been pre configured with IP address and one administration account The default IP address for the ICR appliance is 192 168 1 1 with subnet mask set to 255 255 255...

Страница 17: ...freeGuard Capture Appliance User s Manual 13 Sniffer Mode Link one of the internet recorder s port to the mirror port of core switch or any port of the hub Figure 4 Deployment Sniffer Mode...

Страница 18: ...art the web browser IE or Netscape browse to http 192 168 1 1 Once you see the pop up login dialogue box type in the correct User Name and Password to login If it s the first time of login please use...

Страница 19: ...freeGuard Capture Appliance User s Manual 15...

Страница 20: ...zard Figure 7 Setup Wizard Setup Wizard will help you on the configurations on Choose display language for the Web interface Choose the default HTML Character Encoding method Figure 8 Choose default H...

Страница 21: ...method is generally used in the network that clients PC does not have a unique IP address such as a network with DHCP implemented Setup Interface IP Address If different IP addresses range has been u...

Страница 22: ...ur reference you may configure your management address based on the subnet ranges below 10 0 0 0 10 255 255 255 172 16 0 0 172 31 255 255 192 168 0 0 192 168 255 255 Enter all the subnet information t...

Страница 23: ...Capture Appliance User s Manual 19 If the interface IP has been changed in previous steps and the Finish button was clicked you ll need to use the new IP address for your web browser in order to log...

Страница 24: ...rver Please adjust the time lag depends on the time area or click Synchronize system clock with this client in order to provide the current time for the system Figure 12 System clock synchronization I...

Страница 25: ...the user groups the number of supported user groups may vary depends on which model of ICR appliance you have Figure 13 Set the name of department or group Under User List Logged system will display t...

Страница 26: ...to the deployment Bridge mode WAN port and LAN port works individually Sniffer mode WAN port serves as a packet receiver it can be connected to the mirror port of a core switch or a network hub LAN p...

Страница 27: ...ce z Language language used for page display z Install Wizard wizard for quick and easy configuration z Logout logout from the Web interface z Software Update upgrade the firmware of ICR appliance E m...

Страница 28: ...ate the ICR appliance the administration account is required Admin is the default login name for system administration and it can not be changed nor removed You can add more administration accounts an...

Страница 29: ...freeGuard Capture Appliance User s Manual 25 Figure 16 Create a Group Administrator 1 Figure 17 Create a Group Administrator 2...

Страница 30: ...nterface for ICR appliance Figure 18 Interface IP address setup Ping response can be enabled on the unit so the unit will send back the response to the PING test from the administrative PC Administrat...

Страница 31: ...ge This page allows you to initialize the ICR appliance backup restore configuration files perform a factory reset Format the hard drive repair the database setup email alert change the mode of the de...

Страница 32: ...gs from a saved configuration file click Browse button to locate the file and click the OK button at the bottom of the page to apply the change Figure 20 Save the configuration file HTTP and HTTPS Com...

Страница 33: ...boot task once it s been confirmed by the administrator Figure 21 Reboot confirmation Some tasks such as Format hard drive Database repair and system reboot may take some time to finish Some changes t...

Страница 34: ...me setting Synchronize system clock The IP address of the NTP server is required in order to have the ICR system clock get synchronized you can also determine the frequency of the synchronization Dayl...

Страница 35: ...IP Addresses for HTTP HTTPS and or PING Step 2 Disable the HTTP and HTTPS under System Interface IP page Figure 23 Add a new Permitted IP Address Once click OK the IP address will be added to the lis...

Страница 36: ...ICR appliance is to use the Setup Install Wizard It ll guide you through the display languages system clock system deploy mode client user name binding method the settings of network interfaces and th...

Страница 37: ...commended i e using a workstation physically located in the same LAN with ICR appliance To update with a newer firmware click Browse button to locate the file and then click the OK button to apply It...

Страница 38: ...e make sure the firmware is correct for the model you have to avoid any possible data lost or discrepancy For more information on the release of the new firmware please contact Freedom9 technical supp...

Страница 39: ...ork traffic capturing for all users Figure 28 User List menu Setting The administrator with proper privileges can create modify or remove a user group The number of user groups to be managed may vary...

Страница 40: ...ocal file of the management workstation and it can be imported uploaded from a CSV file Figure 30 Save export user groups to file Setting Upload User List You can download the file for the user list a...

Страница 41: ...ame if there s a computer name can be recognized all the subnet will be identified Users will be classified based on its subnet and listed on the User List Logged page And there are two ways for displ...

Страница 42: ...ist modify a user Click on any user to modify the details for it you can assign a new user name change or assign the group name or move the user to the Ignore List Figure 33 Modify a user 1 Figure 34...

Страница 43: ...as shown in the picture below Figure 35 Search for a user Once you click the search icon a pop up browser window will display the search dialogue box Figure 36 Search for a user search box And then t...

Страница 44: ...Add new subnet to the group To add a new subnet to the Group click Add button Figure 38 Add a new subnet to the user group Figure 39 Add a new subnet Example After click OK button the new subnet will...

Страница 45: ...Figure 40 User List Group View You can also move a Logged user to be ignored by the ICR appliance which will make the appliance NOT to capture the network packets from to that user To have a user not...

Страница 46: ...iscovered and they will be displayed on the User List Logged page User names may be displayed in various forms The display name of a user client will be chosen from its computer name its entry from th...

Страница 47: ...count or IM application IM Management provides settings for 1 Login notice configuration 2 Authentication configuration 3 Rules Figure 44 IM Management menu expended Configure Login Notice Login notic...

Страница 48: ...Examples Here s an example for the notification in MSN messenger clients Once the user successfully signed on to MSN server using MSN client a MSN conversation window will be popped up with the notifi...

Страница 49: ...freeGuard Capture Appliance User s Manual 45 Figure 46 IM Login Notice MSN Example Here s an example for NetBIOS message Figure 47 IM notice NetBIOS example Example for ICQ...

Страница 50: ...46 Figure 48 IM notice ICQ...

Страница 51: ...of the four available authentication methods namely User Radius POP3 and LDAP to regulate internal users access to instant messaging Setting Authentication Message is used to prompt the users when th...

Страница 52: ...48 RADIUS POP3 LDAP...

Страница 53: ...ance User s Manual 49 Rules Default Rule IM access can be regulated based on the IM clients including web based clients For newly detected IM users the default rule will be applied Figure 50 IM Authen...

Страница 54: ...50...

Страница 55: ...d into three categories namely default account accept account and drop account System administrator may regulate the IM access by arranging users in different account Figure 51 IM Authentication Accou...

Страница 56: ...t supported by the ICR appliance may vary depend on the model and firmware installed Currently the ICR appliance supports up to 11 different P2P protocols such as Bit Torrent Apple Juice iMesh eDonkey...

Страница 57: ...is not allowed to use the P2P protocol the request will be dropped System administrator may regulate the P2P access by arranging users in different account Figure 53 P2P Management User Rule To move...

Страница 58: ...54 To move the two users to be the Drop accounts list just click the link says to Drop...

Страница 59: ...appliance captures the network traffic search view download or remove the captured records according to network protocols or user names Setting Under Record Settings you ll find the configuration pag...

Страница 60: ...using fixed IP addresses binding to IP Address User Name IP binding is commonly used Online activities recorded from the same IP address will be seen as from the same user For company using DHCP dist...

Страница 61: ...through an on site proxy server The maximum entries to be displayed This option allows you to specify the records per page to be displayed on the Web interface any integer value from 10 to 200 are val...

Страница 62: ...g This option allows you to keep a copy of what the HTTP web pages visited by the user If it s checked a snapshot of the visited pages will be saved to the local hard drive Otherwise only the URL of t...

Страница 63: ...ay Figure 57 Captured data by user Move the mouse to the user name for details To switch to the department group view click on the button called Department Group Click the user name IP address to show...

Страница 64: ...60 Or you can choose Customer View from the pop up menu for more specific search over the history Figure 58 Customer view search by user...

Страница 65: ...P3 FTP and Telnet Figure 59 Record Service SMTP Messages It captures and archives all the emails sent from the internal mail server with SMTP protocol Records can be searched with combined criteria th...

Страница 66: ...rward icon Figure 61 Records Captured Forward To search for the records or define the search criteria click the Search icon the search page will be displayed Once you enter the keywords for search cli...

Страница 67: ...he search result will look like this all the keywords are high lighted as shown below All records are displayed per day To save the searched result to a local file click the Download button on the sea...

Страница 68: ...the records or define the search criteria click the Search icon the search page will be displayed Depends on the data volume the search in the email database may take some time To forward a copy of t...

Страница 69: ...define the search criteria click the Search icon the search page will be displayed Click the links under Web Site column to see the contents of the visited captured HTTP URL In order to view the snaps...

Страница 70: ...lay names of an instant messaging chat it can also capture and archive file s transferred during the text conversation Figure 66 Records Captured IM More examples for captured IM chats To search for t...

Страница 71: ...rted Web based email server may vary Currently ICR appliance supports web mail service provided by Yahoo GMail Hotmail Seednet PChome Hinet Sina Sohu 163 126 Yam and Tom An example of the captured rec...

Страница 72: ...liance supports web mail service provided by Yahoo GMail Hotmail Seednet PChome Hinet Sina Sohu 163 126 Yam and Tom An example of the captured records through Web POP3 communication to view the email...

Страница 73: ...s It archives files transferred via FTP protocol Figure 69 Records Captured FTP To download the captured FTP transfer click on the URL under File Name column Figure 70 Records Captured FTP download a...

Страница 74: ...ession communicated through Telnet protocol Figure 71 Records Captured Telnet Sessions To view the details for the session click the icon under Detail column The screen shot below is an example of the...

Страница 75: ...Logged are used as a basis for displaying the User Name z 8 Recorded Others indicates respectively the sum total of traffic of 8 major services namely SMTP POP3 HTTP IM Web SMTP Web POP3 FTP and Teln...

Страница 76: ...mpled in bits per second z Y axis indicates time z Blue line signifies the continuous variation of the major services z Brown line signifies the continuous variation of other services z Gray line indi...

Страница 77: ...freeGuard Capture Appliance User s Manual 73 Detailed statistics per user can be displayed by clicking on the user name with the URL link...

Страница 78: ...requently used services of a specific period of time will be displayed page navigation is provided in order to view the data for all the users Figure 75 Flow Analysis Top N In History statistics in Se...

Страница 79: ...nistrator to send a copy of the report by email the recipient will get an email with a PDF formatted report attached The administrator can also download the report to local hard drive for future refer...

Страница 80: ...76 Flow Statistics This page displays the statistics chart of the packets processed in the certain period Figure 76 Flow Analysis Statistics Chart...

Страница 81: ...z Threshold sessions of anomaly flow per Source IP Threshold value to identify the anomaly flow z Anomaly Flow IP Blocking Block the IP which generates the Anomaly flow z Alert Notification Send the a...

Страница 82: ...ert notification to designated email address If the Enable Anomaly Flow IP Blocking is checked all sessions created by an anomaly flow IP will be dropped to ensure the Internet access for other users...

Страница 83: ...ose might be infected by Virus When a DDoS attack occurs the ICR appliance will add an entry to the list and send out alert by email and or NetBIOS notification Figure 79 Virus infected IP Figure 80 N...

Страница 84: ...source IP address and the time of the event happened The administrator can click the Clear button to remove all the records in the list or click Download to have a plain text version displayed on the...

Страница 85: ...igure 83 Local Disk Menu Storage Time z Total Hard Disk Space Total usable capacity of the local hard drive for record capturing z Service The 8 major services to be recorded namely SMTP POP3 HTTP IM...

Страница 86: ...82 Figure 84 Storage Time...

Страница 87: ...ge space move the cursor over a color and then it shows what service it is and the used storage space z SMTP It indicates the total used storage space of SMTP records and list of the top 10 users z PO...

Страница 88: ...84 Figure 85 Disk Space Usage An example to the disk space usage report Figure 86 Disk Space Usage Report...

Страница 89: ...freeGuard Capture Appliance User s Manual 85 Different color will be used for each protocol which makes the chart easy to read Figure 87 Disk space usage details continued...

Страница 90: ...Backup which will be run automatically to create a copy of the captured records to a remote storage device such as a NAS Network Attached Storage device or a network share Figure 88 Remote Backup men...

Страница 91: ...tion Status of Remote Hard Disk Displays the access validity assigned access privilege read write space requirement for next backup and current available space of remote storage space z E mail Setting...

Страница 92: ...e the duration is defined the required hard drive space will be displayed on the screen Browse Settings z Connection Status of Remote Hard Disk It displays the status of the connection to the remote s...

Страница 93: ...jor network services supported by the ICR appliance Click the service name to show captured records of it To search in the same service click the search icon to forward the selected records tick the c...

Страница 94: ...ng the management on corporate network Setting Settings Scheduled Report Periodic Under Report Settings you can define how the report will be generated and sent to the administrator s email address wh...

Страница 95: ...freeGuard Capture Appliance User s Manual 91 Figure 93 Daily report sent by the email...

Страница 96: ...92 Figure 94 Sample Report by Email Network Traffic...

Страница 97: ...freeGuard Capture Appliance User s Manual 93...

Страница 98: ...generated at 12 00 am on the first day of the week 4 Daily report gets generated at 12 00 am everyday Settings History Report You can also retrieve the history report by specifying a period in the pas...

Страница 99: ...freeGuard Capture Appliance User s Manual 95 Figure 96 Report Sample Weekly Report...

Страница 100: ...96 Figure 97 Report Sample Weekly Traffic Weekly report by user...

Страница 101: ...orage Report Storage Report shows the bar charts of disk usage indicating the disk space utilization of each service It has viewed by day week month or year How to read the chart z Y axis indicates th...

Страница 102: ...98...

Страница 103: ...System Status page shows the resource usage session amount and system event log of the ICR appliance System Info Includes the usage of CPU hard disk memory and RAM disk all information are illustrate...

Страница 104: ...100...

Страница 105: ...created by each service such as HTTP FTP POP3 SMTP IM Telnet Web Mail and P2P Figure 99 System Status Current Session Records can be searched with criteria such as service status protocol source IP de...

Страница 106: ...ICR appliance Older event will be removed from the system based on the expiration date for the event log is defined in System Settings Log storage time area Figure 101 Status Event Log To view more in...

Страница 107: ...ial Web site please check the support page www freedom9 com support for latest information on technical articles frequently asked questions successful stories etc Telephone Support All the customers w...

Отзывы: