• We’re currently investigating an issue related to the forum theme and styling that is impacting page layout and visual formatting. The problem has been identified, and we are actively working on a resolution. There is no impact to user data or functionality, this is strictly a front-end display issue. We’ll post an update once the fix has been deployed. Thanks for your patience while we get this sorted.

Best way to control, filter and monitor company web browsing...

N

NathanBWF

Golden Member
My company has finally come to its senses and have asked me to implement a system to control, monitor and filter our employees web browsing as it is getting out of hand. I'm looking for the most cost effective solution (not necessarily the cheapest) to do the job. Right now all traffic is pointed to the gateway, then out through our Cisco 506 PIX firewall, and out on to the internet. I checked into the PIX and don't think it can do what we're looking for by itself (natively anyway).

Tips, hints and suggestions will all be greatly appreciated...
 
I highly recommend St. Bernard's iPrism. The annual license is less expensive than websense, and it comes as an appliance instead of just software. It can work as a transparent bridge - just connect the firewall inside interface to the external port, and the internal port to the switch. The reports are nice, you can schedule them, and you don't have to enter a proxy in everyone's browser, i.e. they can't bypass the proxy. Their newest release includes malware categories. You can also create multiple profiles linked to active directory groups to give different departments/users different access.
 
Originally posted by: SagaLore
I highly recommend St. Bernard's iPrism. The annual license is less expensive than websense, and it comes as an appliance instead of just software. It can work as a transparent bridge - just connect the firewall inside interface to the external port, and the internal port to the switch. The reports are nice, you can schedule them, and you don't have to enter a proxy in everyone's browser, i.e. they can't bypass the proxy. Their newest release includes malware categories. You can also create multiple profiles linked to active directory groups to give different departments/users different access.
Click to expand...


After looking at their site and speaking with them on the phone, their product looks to be exactly what I would like to implement. The only thing is the price...

$2195 for the initial hardware purchase, then $1495/year for a 100 user license and another $300 for maintenance (american currency).

Not sure if my bosses will go for it, but I'll see what they have to say anyway.

Thanks for the link!
 
Originally posted by: NathanBWF
Originally posted by: SagaLore
I highly recommend St. Bernard's iPrism. The annual license is less expensive than websense, and it comes as an appliance instead of just software. It can work as a transparent bridge - just connect the firewall inside interface to the external port, and the internal port to the switch. The reports are nice, you can schedule them, and you don't have to enter a proxy in everyone's browser, i.e. they can't bypass the proxy. Their newest release includes malware categories. You can also create multiple profiles linked to active directory groups to give different departments/users different access.
Click to expand...


After looking at their site and speaking with them on the phone, their product looks to be exactly what I would like to implement. The only thing is the price...

$2195 for the initial hardware purchase, then $1495/year for a 100 user license and another $300 for maintenance (american currency).

Not sure if my bosses will go for it, but I'll see what they have to say anyway.

Thanks for the link!
Click to expand...

Okay now call up the leading web filtering vendor, Websense, and see how much it will cost for their software solution. And also give BlueCoat a call, which is another appliance based solution. Comparing iPrism to them in your proposal might justify the cost, because it's not as much as you think. 🙂

In the past I looked at setting up a Linux server with Squid, but then you'd need to purchase a SmartFilter subscription which comes to about the same cost fo the iPrism.

edit;
Now do you use anything for antispam? Because I could make a recommendation there too... 😉
 
Originally posted by: SagaLore
Originally posted by: NathanBWF
Originally posted by: SagaLore
I highly recommend St. Bernard's iPrism. The annual license is less expensive than websense, and it comes as an appliance instead of just software. It can work as a transparent bridge - just connect the firewall inside interface to the external port, and the internal port to the switch. The reports are nice, you can schedule them, and you don't have to enter a proxy in everyone's browser, i.e. they can't bypass the proxy. Their newest release includes malware categories. You can also create multiple profiles linked to active directory groups to give different departments/users different access.
Click to expand...


After looking at their site and speaking with them on the phone, their product looks to be exactly what I would like to implement. The only thing is the price...

$2195 for the initial hardware purchase, then $1495/year for a 100 user license and another $300 for maintenance (american currency).

Not sure if my bosses will go for it, but I'll see what they have to say anyway.

Thanks for the link!
Click to expand...

Okay now call up the leading web filtering vendor, Websense, and see how much it will cost for their software solution. And also give BlueCoat a call, which is another appliance based solution. Comparing iPrism to them in your proposal might justify the cost, because it's not as much as you think. 🙂

In the past I looked at setting up a Linux server with Squid, but then you'd need to purchase a SmartFilter subscription which comes to about the same cost fo the iPrism.

edit;
Now do you use anything for antispam? Because I could make a recommendation there too... 😉
Click to expand...

We have our own in house email server with it's own SPAM filtering capabilities. It's catching around 85-90% of SPAM right now which is a number we are happy with.

To me, the price of the iPrism product is understandable and just...

...it's just trying to convince my superiors to think the same way 😀
 
thanks SagaLore for the info 😀

not looking at this sortof thing right now but its very possible that the heads in my company will probably demand one soon
 
Originally posted by: NathanBWF
To me, the price of the iPrism product is understandable and just...

...it's just trying to convince my superiors to think the same way 😀
Click to expand...

It's just not about monitoring employee's web use, but even that is an incentive to keep your employee's productive. You have the proxy, which makes the requests to the outside world for you. You have the category blocking that's not just about restricting user access, but protecting the users. It's nice when a user manages to get adware and the popups can't load their ads. 😉 Also it helps monitor your total bandwidth usage. Based on the profiles you could also setup times so before and after hours, they aren't as restricted.

So your selling points is that A. the management has more control over policy and B. your network has additional security.

I'm still waiting for them to add more custom reports, like a time interval line graph. 😉 There is also a configuration page for blocking additional ports, which works great on the fly for instance if you want to block kazaa traffic, but there isn't any logging or reports for that yet.
 
Originally posted by: Czar
thanks SagaLore for the info 😀

not looking at this sortof thing right now but its very possible that the heads in my company will probably demand one soon
Click to expand...

Hmm... I should setup a referral program. 😀:light:
 
Originally posted by: SagaLore
Originally posted by: NathanBWF
To me, the price of the iPrism product is understandable and just...

...it's just trying to convince my superiors to think the same way 😀
Click to expand...

So your selling points is that A. the management has more control over policy and B. your network has additional security.
Click to expand...

*Writes this directly into his proposal*

😀

 
one question though, at work we have alot of special connections that go through another company and some other places I still dont know what do, this is all configured in checkpoint which I'm in charge of 😛

how would it affect this usage?
 
Originally posted by: Czar
one question though, at work we have alot of special connections that go through another company and some other places I still dont know what do, this is all configured in checkpoint which I'm in charge of 😛

how would it affect this usage?
Click to expand...

If you only have 1 connection to the Internet, then it wouldn't. The proxy only cares about the port 80 traffic, the rest just bridge between the interfaces. If the appliance were to be shutdown or crash, the nics would complete the connection and wouldn't affect traffic flow.
 
ok, good to know about that it only affects port 80 🙂

we actually have two connections to the internet, but only one that everyone uses
 
You must log in or register to reply here.
Back
Top