Content filtering on the stream by the eSafe software and hardware complex
I would like to share the experience of providing content filtering using eSafe software and hardware.
eSafe is a proactive means of protection that is installed on the Internet gateway and prevents the penetration into the protected network of known and unknown malicious programs, spam, and also restricts access to data and applications that do not comply with corporate policies or moral and ethical standards.
eSafe is now developed by Aladdin SafeNet . eSafe has 4 modes of operation for eSafe Mail, eSafe Web, eSafe Web & Mail and eSafe Web SSL. eSafe can work in bridge mode and is invisible to users, except when the lock is on and the user sees the block page. The blocking page can be modified by correcting its code in the management console, or disabled.
Advantages of the complex:
')
Minuses:
We use eSafe to filter Internet traffic of users. At the beginning, eSafe was also responsible for anti-spam protection, but due to problems retrieving quarantine emails, it was decided to transfer email filtering to McAfee EWS. The extraction system from spam quarantine is sharpened on Microsoft Outlook, for other clients it is necessary to have an additional server with IIS on board, but this bundle does not always work correctly. For example, McAfee EWS has everything on board, but it can be transferred to a single quarantine server.
eSafe has antivirus onboard (versions up to 8.x - eSafe antivirus, version 8.x - Kaspersky antivirus), URL filters, application filters, content filters, version 8.x has DLP.
Anti-Virus scans traffic “on the fly”, any file is downloaded up to 80% transparent to the user, then the download is suspended for the user, and eSafe downloads the file and checks if the file is clean the user receives the remaining 20%, if not, the user downloads is interrupted. Visually, eSafe version 7.x seems faster than version 8.x, but I didn’t measure it.
URL filtering - the sites are divided into categories, there are initially predefined permission templates. Able to work with LDAP groups, that is, there is no need to get users on eSafe itself to provide privileged access. The list of sites in one category or another cannot be viewed. The site may be located in several categories at once, and the second level domain will appear everywhere, for example, if the user is prohibited from using web mail, but allowed to read blogs, he will not be able to access mail.ru. URL filter does not work if you open a site via HTTPS, a separate device with eSafe Web SSL mode is required to control HTTPS. It appears that the URL filter is used by IBM Proventia.
Application Filter - for its operation, it is necessary to provide privileged access either to ip addresses, or run the eslogin authorization utility on clients, which sends the user name and computer ip address to eSafe. Prior to version 8.5, you must specify user / ip addresses directly through the management console; in version 8.5, you can use LDAP groups. The application filter perfectly blocks: skype, IM, twitter, facebook, tunneling (TOR, ultrasurf, etc.), P2P, malware communication with the world wide web and much more.
Content filters can block selected file types, dangerous script functions, multivolume archives and archives with a password.
The use of this complex allowed to reduce the infection of computers through the Internet, to reduce the consumption of traffic for personal purposes.
One physical device quietly pulls up the simultaneous surfing of 1500 users.
eSafe is not alone in this segment, IBM Proventia and McAfee EWS's closest competitors
eSafe is a proactive means of protection that is installed on the Internet gateway and prevents the penetration into the protected network of known and unknown malicious programs, spam, and also restricts access to data and applications that do not comply with corporate policies or moral and ethical standards.
eSafe is now developed by Aladdin SafeNet . eSafe has 4 modes of operation for eSafe Mail, eSafe Web, eSafe Web & Mail and eSafe Web SSL. eSafe can work in bridge mode and is invisible to users, except when the lock is on and the user sees the block page. The blocking page can be modified by correcting its code in the management console, or disabled.
Advantages of the complex:
- filtering on the fly
- blocking applications (Skype, ICQ, XMPP, etc.) and anonymizer
- virus removal and blocking communications Trojans
- clustering capability
- The main network card has ByPass (only if an appliance was purchased); in the event of an emergency shutdown of the complex, the network continues to operate
')
Minuses:
- up to version 8.5, the application filter cannot work with LDAP groups
- To version 8.5, when configuring the bridge mode, it is required to enter ip addresses on the main network interfaces
- sophisticated quarantine release system
- supporting platform RedHat 9 - additional protection of the complex itself is required
We use eSafe to filter Internet traffic of users. At the beginning, eSafe was also responsible for anti-spam protection, but due to problems retrieving quarantine emails, it was decided to transfer email filtering to McAfee EWS. The extraction system from spam quarantine is sharpened on Microsoft Outlook, for other clients it is necessary to have an additional server with IIS on board, but this bundle does not always work correctly. For example, McAfee EWS has everything on board, but it can be transferred to a single quarantine server.
eSafe has antivirus onboard (versions up to 8.x - eSafe antivirus, version 8.x - Kaspersky antivirus), URL filters, application filters, content filters, version 8.x has DLP.
Anti-Virus scans traffic “on the fly”, any file is downloaded up to 80% transparent to the user, then the download is suspended for the user, and eSafe downloads the file and checks if the file is clean the user receives the remaining 20%, if not, the user downloads is interrupted. Visually, eSafe version 7.x seems faster than version 8.x, but I didn’t measure it.
URL filtering - the sites are divided into categories, there are initially predefined permission templates. Able to work with LDAP groups, that is, there is no need to get users on eSafe itself to provide privileged access. The list of sites in one category or another cannot be viewed. The site may be located in several categories at once, and the second level domain will appear everywhere, for example, if the user is prohibited from using web mail, but allowed to read blogs, he will not be able to access mail.ru. URL filter does not work if you open a site via HTTPS, a separate device with eSafe Web SSL mode is required to control HTTPS. It appears that the URL filter is used by IBM Proventia.
Application Filter - for its operation, it is necessary to provide privileged access either to ip addresses, or run the eslogin authorization utility on clients, which sends the user name and computer ip address to eSafe. Prior to version 8.5, you must specify user / ip addresses directly through the management console; in version 8.5, you can use LDAP groups. The application filter perfectly blocks: skype, IM, twitter, facebook, tunneling (TOR, ultrasurf, etc.), P2P, malware communication with the world wide web and much more.
Content filters can block selected file types, dangerous script functions, multivolume archives and archives with a password.
The use of this complex allowed to reduce the infection of computers through the Internet, to reduce the consumption of traffic for personal purposes.
One physical device quietly pulls up the simultaneous surfing of 1500 users.
eSafe is not alone in this segment, IBM Proventia and McAfee EWS's closest competitors
Source: https://habr.com/ru/post/111617/
All Articles