. IAR-5000 Internet Activity Recorder User’s Manual
Copyright and Disclaimer Copyright & Disclaimer No part of this publication may be reproduced in any form or by any means, whether electronic, mechanical, photocopying, or recording without the written consent of OvisLink Corp. OvisLink Corp. has made the best effort to ensure the accuracy of the information in this user’s guide. However, we are not liable for the inaccuracies or errors in this guide. Please use with caution.
Table of Contents Table of Contents 1. Introduction ................................................................................................1 1.1 Overview ..............................................................................................1 1.2 Firmware Upgrade and Tech Support ..................................................1 1.3 Features...............................................................................................2 2. Installing the IAR-5000 ..........................
Table of Contents 6.1 Settings..............................................................................................46 6.2 Auth User ...........................................................................................48 6.3 RADIUS .............................................................................................49 6.4 POP3 .................................................................................................60 6.5 LDAP ...................................................
Table of Contents 11.5 Accessing Emails Sent via Web-Based Email Service...................146 11.6 Accessing Emails Received via Web-Based Email Service ...........147 11.7 Accessing Files Transferred via FTP Protocol................................149 11.8 Accessing Details of Sessions Established via TELNET Protocol..151 12. Content Auditing ..................................................................................153 13. Anomaly Flow IP ..........................................................
1. Introduction 1 1. Introduction 1.1 Overview Instead to restrict the access right of communication software, the AirLive brings you a brand new model of Internet Activity Recorder, IAR-5000. It can record the defined service packets in its hard disk, and provide the log to administrator for monitoring. With Sniffer mode or Bridge mode, network administrator will not need to change current network topology, and construct the advanced secure mechanism to protect the confidential information. 1.
1. Introduction 1.
2. Install the IAR-5000 2 2. Installing the IAR-5000 This section describes the hardware features and the hardware installation procedure for the IAR-5000. For software configuration, please go to chapter 3 for more details. 2.1 Before You Start It is important to read through this section before you install the IAR-5000 The IAR-5000 is built-in with hard disk installed, so please install IAR-5000 gently and carefully.
2. Install the IAR-5000 2.
2. Install the IAR-5000 2.
2. Install the IAR-5000 2.5 Hardware Installation Bridge Mode: Connect the Port 1 to the firewall or gateway and Port 2 to a LAN hub or switch.
2. Install the IAR-5000 Sniffer Mode: Connect the Port 1 to the mirror port of a core switch or any port available on a LAN hub and Port 2 to the network adaptor of the management PC.
2. Install the IAR-5000 2.6 Restore Settings to Default If you have forgotten your IAR-5000s IP address, you can restore your IAR-5000 to the default settings by console. Please see diagram below for details. 1. Connect 9-pin RS-232 cable to PC and IAR-5000 console port. 2. Open Hyper Terminal program and configure the following settings. 3. Specify a name to the program 4.
2. Install the IAR-5000 5. Fill in Port Setting as following value and click OK to save the setting 6. Press “Enter” and input Login name “admin” and password “airlive”.
2. Install the IAR-5000 7. Type “ls” to display the command list 8. Type “reset” to reset the device as default.
3. Configuring the IAR-5000 3 3. Configuring the IAR-5000 You can configure through standard web browser (http), secured web (https) management. In this chapter, we will explain IAR-5000’s available management interfaces and how to get into them. Then, we will provide the introduction on Web Management and recommended initial settings. 3.1 Important Information The following information will help you to get start quickly. However, we recommend you to read through the entire manual before you start.
3. Configuring the IAR-5000 You are ready now to configure the IAR-5000 using your PC. 3.3 Management Interface The IAR-5000 can be configured using one the management interfaces below: Web Management (HTTP): You can manage your IAR-5000 by simply typing its IP address in the web browser. Most functions of IAR-5000 can be accessed by web management interface. We recommend using this interface for initial configurations. To begin, simply enter IAR-5000’s IP address (default is 192.168.1.
3. Configuring the IAR-5000 Secured Web Management (HTTPS): HTTPS is also using web browser for configuration. But all the data transactions are securely encrypted using SSL encryption. Therefore, it is a safe and easy way to manage your IAR-5000. We highly recommend the Internet service provider to use HTTPS for management. To begin, simply enter https://192.168.1.1 on your web browser. A security alert screen from your browser will pop up. Please grant all permission and get certificate to IAR-5000.
3. Configuring the IAR-5000 Normal Web Management (HTTP) To get into the Normal Web Management, simply type in the IAR-5000’s IP address (default IP is 192.168.1.1) into the web browser’s address field. Secured Web Management (HTTPS) To get into the Secured Web Management, just type “https://192.168.1.1” into the web browser’s address field. The “192.168.1.1” is IAR-5000’s default IP address. If the IP address is changed, the address entered in the browser should change also.
3. Configuring the IAR-5000 Firefox: 1. Select “or you can add an exception” 1 2. Click on “Add Exception” 2 3. Click on “Get Certificate”. Then, please enter IAR-5000’s IP address. Finally, please click on “Confirm Security Exception.
3. Configuring the IAR-5000 3 4 3.5 Initial Configurations We recommend users to browse through IAR-5000’s web management interface to get an overall picture of the functions and interface. Below are the recommended initial configurations for first time login: Step1. Connecting the administrator’s PC and IAR-5000 (port1 or port2) to the same hub or switch, and then use the web browser ” IE or Netscape” to connect IAR-5000. The default IP port address in IAR-5000’s management interface is http://192.168.
3. Configuring the IAR-5000 Step3. You will be brought to the Installation Wizard screen during your first login. It will guide you through the settings. Step4. Select the language and character encoding for your management interface. Default character encoding will be used on emails with unspecified character encoding Step5. Tick Synchronize with an Internet time server as well as configure the offset hours from GMT to ensure the time correctness.
3. Configuring the IAR-5000 Step6. Select an operating mode based on how the device is deployed. Step7. Choose the basis for recording users’ online activities.
3. Configuring the IAR-5000 Step8. Configure the related interface addresses. Type a valid IP address from the LAN subnet in the IP Address field and configure its netmask, default gateway and DNS address accordingly. To use VLAN, tick Enable VLAN over Port 1 or 2 based on your case and also assign a VLAN ID to the port. Specify the maximum downstream and upstream bandwidth respectively. For your reference, you may configure your management address based on the subnet ranges below: 10.0.0.0 - 10.
3. Configuring the IAR-5000 Step9. Configure the device to record the online activities of specific departments or groups by specifying its subnet and mask address. Step10. Click on Finish. Step11. Navigate to User List Æ Settings, and then give each department or group a friendly name.
3. Configuring the IAR-5000 Step12. Under User List Æ Logged, users within the same subnet as the management address will be included in the same subnet category. In another word, IAR-5000 classifies users by the identity of subnet. Also, the device allows system administrator to customize user lists for users resided in other subnets. 3.6 About IAR-5000’s Menu Structure The device’s user interface consists of the following two areas: The left panel contains all the selectable menu items.
4. System 4. System 4 The so-called system administration refers the competency to manage the IAR-5000. In this Chapter it will be defined to the Admin, Interface IP, Setting, Date/Time, Permitted IPs, Language, Logout and Software Update. The IAR-5000 is managed by the main system administrator. The main system administrator can add or delete any system settings and monitor the system status.
4. System Group Monitoring: The group administrator can divide the internal network into several groups. And he can appoint the specific administrator to view the group but can not view across groups. Add New Group-Admin: Step1. In admin setting window, click the New-Group Admin. Step2. In add new group-admin window, enter the following information. (Figure 4-1) Group-Admin set group_admin. Password enters 12345. Confirm Password enters 12345.
4. System Figure 4-2 To change the admin password 4.2 Interface Interface Address: The administrator can set the IP login information in IAR-5000. Ping: Enable the function, the user can send Ping (ICMP) packets to Interface. HTTP: Enable this function, the user can login IAR-5000 Web UI through HTTP protocol. HTTPS: Enable this function, the user can login IAR-5000 Web UI through HTTPS protocol.
4. System Figure 4-3 The interface IP setting Please do not cancel HTTP and HTTPS before setting the Interface, because it will let the system administrator could not enter the WebUI of IAR-5000. 4.3 Settings System Settings: The system administrator can import or export the system settings, or they can also reset the factory setting and format the disk. Database Check / Repair: The records can be inspected and / or fixed if damaged or displayed improperly.
4. System Sniffer mode operates as: Port 1 serves as a packet receiver connected to the mirror port of a core switch whereas port 2 connected to any other port available on that core switch acting as a management use for system administrator. Management over Web Browser: Management port enables the device to be remotely accessed from anywhere via a Web browser. The port number for whether HTTP or HTTPS protocol is alterable.
4. System Import the configured file Step1. In System Æ Setting Æ System Settings, select Import System Settings, then click Browse button at right place. Step2. In Choose File window, choose the directory of former saved file in IAR-5000, and choose the correct setting, then click Open. (Figure 4-5) Step3. Click the lower right OK, the window will closed. Step4. Click the OK inside the confirm dialogue box, the setting will import to IAR-5000.
4. System Reset Factory Default Step1. In System Æ Settings Æ System Settings, select Reset Factory Setting and Format Hard Disk. Step2. Click the OK in the lower right, it will restore to the factory setting of IAR-5000 and format the disk at the same time. (Figure 4-7) Figure 4-7 Select Reset Factory Setting Configure System Email Notification Step1. Select Enable email notification under System Email Notification section. Step2.
4. System Figure 4-8 Enable the instant mail message alarm of IAR-5000 Select Enable SMTP authentication and enter the username and password, then click Mail Test button to test Notification Address 1 and Notification Address 2, to see if the e-mail sending address can receive the current caution message. Device Reboot Step1. Click on the Reboot button next to Reboot System. Step2. A confirmation conversation box appears saying, ”Are you sure to reboot ?“ Step3.
4. System 4.4 Date/Time System Clock Settings The date and time settings can be configured by either syncing to an Internet time server or syncing to the computer’s clock. GMT The short form for Greenwich Mean Time. It is the international standard time. Daylight Saving Time Daylight saving time (DST; also summer time) is the portion of a year in which a region's local time is advanced by an hour from its standard official time. Step1. Select Enable Synchronize with an Internet Time Server.
4. System If the local area executes the daylight saving time, then enable the daylight saving time setting. 4.5 Permitted IPs Creating a Permitted IP Address Step1. In System Æ Permitted IPS Æ New Entry, add the new setting: (Figure 4-11) Name enters master. IP Address enters 172.16.0.2. Netmask enters 255.255.255.255. Service selects Ping, HTTP and HTTPS. Click OK. Complete Permitted IPs settings.
4. System 4.6 Logout Logging out the Management Interface Step1. Click the Logout icon in the up right of Web UI, it can let the system administrator to log out from the system admin anytime, and also prevent other person change the settings of IAR-5000. (Figure 4-13) Figure 4-13 Confirm to logout Step2. Click OK, it shows the logout information. (Figure 4-14) Figure 4-14 The logout WebUI 4.7 Software Update Updating Firmware Step1.
4. System Figure 4-15 Software update It needs 3 minutes to update the software, and will reboot after updated the system. Please do not turn it off, off line and exit the web page during the update, or it will cause the error in IAR-5000. (It is recommended using the LAN to update.
5. User List 5 5. User List This chapter is about the users can be monitored by the IAR-5000. It can automatic search and add the new users, and the system administrator can add the lists by himself. User List Configuration: Administrator can export the monitor user list and some related settings to the PC or import these settings into IAR-500. Department / Group : The administrator can group the users according to the network structure, so that he can manage the system more easily.
5.
5. User List Figure 5-5 Complete to add the new user The subnet in which management address resided is set to be the first subnet on user list. Users from that subnet will be shown under User List Æ Logged. A user will be automatically added on Logged list once the device detects his / her accessing the Internet. Given that the Primary DNS Server (or secondary) is using an internal DNS server, then the device would request that DNS server for users’ DNS names while performing user searching.
5. User List Step3. Modify the user in user list: Click User Name of JACKY User Name, enter Jacky_PC. Department / Group, select Laboratory. Click OK. (Figure 5-6, 5-7, 5-8) Click User Name of OCT1005. User Name, enter Gateway. Department / Group, select Device_Room. Select move this user to ignored user list. Click OK, then the user will be removed to ignore user list. (Figure 5-9, 5-10, 5-11) Repeat the steps to complete modifying the user list.
5.
5. User List Figure 5-12 Complete to modify the user list In Ignored user list, the system administrator can also select the user to move to logged user list. Step4. In User List Æ Logged, add the new subnet: Click Add. Subnet, enter 192.168.139.1. Netmask, enter 255.255.255.0. Add a New user to this Department / Group, select RD. Click OK.
5. User List Change the user list by import the user list configuration (excel list) Step1. In User List Æ Setting Æ User List Configuration Æ Export User List to Client PC Æ click . Step2. When it appears File Download, click Save, choose the position to save the download file, then click Save again. The user list settings will be saved in IAR-5000. (Figure 5-14) Figure 5-14 Select the position to save the download file Step3. Under User List Æ Settings, import the edited user list onto IAR-5000.
5. User List Figure 5-15 Editing the User List in Excel Step4. Change the information of Department / Group. Change the 8th Department / Group information, and the original Customer_Service will change into Support. Add the 12th Department /Group information, and change Group_12 into R.D._2.
5. User List Figure5 -16 Change the Department / Group information from excel Step5. To add and modify the user information in the first subnet. (Figure 5-17) Change 192.168.1.2(Jacky)Department / Group information, and change the 1th Department / Group into 9th Department / Group. Insert a row under the user list in the first subnet, and enter the new user information in the row.
5. User List Step6. Add the third subnet and user’s information. (Figure 5-18) Please enter the third subnet basic information under the second subnet user list .(the range of IP, Netmask, and Default Group). Please enter the basic user information under the third subnet.(User IP, User Name, PC Name, Logged / Ignored List, User MAC, User Department / Group).
5. User List !Figure 5-19 Selecting the Edited User List to Import Step10. Click the lower right OK, the user list setting files will import into IAR-5000. Modify the Information of the desirable user: Step1. Click on the desirable user to change its user information. (Figure 5-20) Step2. Type a proper user name. Step3. Select the proper dept. / group. (Figure 5-21) Step4. Modification is completed.
5. User List Figure 5-21 Modifying the User Information System administrator can record or ignore the online activities of a specific internal user simply by selecting the user on the user list and then click on Logged or Ignored button on the top of the first list. Add a new subnet: Step1. Navigate to User List Æ Logged, and then add a new subnet. Click on Add next to Subnet. Subnet Address: Type 192.168.139.0 Netmask: Type 255.255.255.0 Classify new users into: Select R.D.
6. Authentication 6 6. Authentication The device supports four types of authentication: RADIUS, POP3, LDAP and the device’s inbuilt user authentication. The IT administrator may regulate users’ Internet access using these authentication mechanisms. 6.1 Settings Authentication Settings: Authentication Port: The port number used for authentication mechanism. It is “82” by default. Log users off if idle for: You can specify a period of time to log off idle users.
6. Authentication Surf any webpage, user will see: (Figure 6-2) Figure 6-2 The Login Screen for Authentication Mechanism The designated web site will show up after passing authentication. (Figure 6-3) Figure 6-3 The Designated Web Site for Authentication Login The device’s authentication mechanism requires Bridge mode deployment.
6. Authentication 6.2 Auth User Auth Name: The authentication name for a user. Password: The password for the authentication. Confirm New Password: The confirmation of the password. Regulate Users’ Internet Access: Step1. Under Authentication Æ Auth User, create as many authenticated users as needed. (Figure 6-4) Figure 6-4 Creating Authenticated Users Step2. The login screen for authentication will show upon users’s web browsing attempt.
6. Authentication Step3. To log out of the authenticated session, click on Logout in the Authentication Logout window. If the window has been closed, please enter http://device’s management address:authentication port/logout.html (ex. http://192.168.1.1:82) in the Address field of a web browser to re-open the window.. (Figure 6-6) Figure 6-6 The Window for Logging Out the Authenticated Session 6.3 RADIUS RADIUS Server Secret The password for the RADIUS authentication. 802.
6. Authentication Step3. Select Internet Authentication Services. (Figure 6-8) Figure 6-8 Adding Internet Authentication Services from the Subcomponents Step4. Navigate to Start Æ Control Panel Æ Administrative Tools and then select Internet Authentication Service.
6. Authentication Step5. Right-click on RADIUS Clients and then select New RADIUS Client. (Figure 6-10) Figure 6-10 Adding a New RADIUS Client Step6. Type a name and the client address (the device’s management address) respectively in the corresponding fields.
6. Authentication Figure 6-11 Configuring the New RADIUS Client Step7. Select RADIUS Standard for the Client-Vendor, enter the shared secret and then confirm it. (Note: The shared secret must be identical with the one specified for IAR-5000.
6. Authentication Step8. Right-click on Remote Access Polices and then select New Remote Access Policy. (Figure 6-13) Figure 6-13 Creating a New Remote Access Policy Step9. Select a policy configuration method and then type a policy name.
6. Authentication Step10. Select Ethernet for the access method. (Figure 6-15) Figure 6-15 Selecting Ethernet for the Access Method Step11. Grant access based on User.
6. Authentication Step12. Select MD5-Challenge for EAP type. (Figure 6-17) Figure 6-17 Selecting MD5-Challenge for EAP Type Step13. Right-click on the newly added policy and then select Properties.
6. Authentication Step14. Choose Grant remote access permission, remove the existing policy conditions and then click on Add. (Figure 6-19) Figure 6-19 Configuring the Properties of the Policy Step15. Select Service-Type from the attribute types.
6. Authentication Step16. Select Authenticate Only from available types and then click on Add. (Figure 6-21) Figure 6-21 Adding a Service Type Step17. Click on Edit Profile button and then Authentication tab. Next, select Unencrypted authentication (PAP, SPAP) as the method.
6. Authentication Step18. Navigate to Start Æ Control Panel Æ Administrative Tools and then select Computer Management. (Figure 6-23) Figure 6-23 The Location of Computer Management on the Start Menu Step19. On Local User and Groups, right-click on Users and then select New User.
6. Authentication Step20. The RADIUS server setup is completed. Step21. Under Authentication Æ RADIUS, type the IP address, port number and shared secret respectively in the corresponding fields. (Figure 6-25) Figure 6-25 Configuring the RADIUS Server Settings Click on Test connection to test the connection to the RADIUS server. Step22. The login screen for authentication will show upon users’s web browsing attempt. If the login information is correctly applied, authentication will be successful.
6. Authentication 6.4 POP3 Using a POP3 Server to Regulate Users’ Internet Access: Step1. Under Authentication Æ POP3, type the IP address (or domain name) and port number respectively in the corresponding fields. (Figure 6-27) Figure 6-27 Configuring the POP3 Server Settings Click on Test connection to test the connection to the POP3 server. Step2. The login screen for authentication will show upon users’s web browsing attempt.
6. Authentication 6.5 LDAP LDAP Search Distinguished Name: The distinguished name for the LDAP authentication. LDAP Filter: The criteria to use in selecting elements within scope. User’s Distinguished Name: The distinguished name for the LDAP authentication. Configuring LDAP Server on Windows Server 2003: Step1. Go to Start Æ Administration Tools Æ Manage Your Server. Step2. Click Add or remove a role.
6. Authentication Step3. Click Next. (Figure 6-30) Figure 6-30 Server Configuration Wizard Step4. Select Active Directory then click Next.
6. Authentication Step5. Click Next. (Figure 6-32) Figure 6-32 Summary of Selections Step6. Click Next.
6. Authentication Step7. Click Next. (Figure 6-34) Figure 6-34 Installation Wizard Step8. Select Domain Controller for a new Domain then click Next.
6. Authentication Step9. Select Domain in a new forest then click Next. (Figure 6-36) Figure 6-36 Create New Domain Step10. Type the DNS name for the domain then click Next.
6. Authentication Step11. Enter the NetBIOS domain name then click Next. (Figure 6-38) Figure 6-38 NetBIOS Domain Name Step12. Enter the Domain NetBIOS name then click Next.
6. Authentication Step13. Enter the folder location then click Next. (Figure 6-40) Figure 6-40 Shared System Volume Step14. Select I will correct the problem later by configuring DNS manually.
6. Authentication Step15. Select Permissions compatible only with Windows 2000 or Windows Server 2003 operating systems. (Figure 6-42) Figure 6-42 Permissions Step16. Enter a restore mode password and retype it in the Confirm password field.
6. Authentication Step17. Click Next. (Figure 6-44) Figure 6-44 Summary Step18. Settings complete (Figure 6-45).
6. Authentication Step19. Go to Start Æ Administrative Tools Æ Active Directory Users and Computers. (Figure 6-46) Figure 6-46 Active Directory Settings Complete Step20. In the Active Directory Users and Computers window, right click on Users and create a new user.
6. Authentication Figure 6-47 Creating a New User Step21. Enter in the user’s data, then click Next.
6. Authentication Step22. Enter in a password and click Next. (Figure 6-49) Figure 6-49 Creating a New User Step23. Settings Complete.
6. Authentication Step24. Go to Authentication Æ LDAP and enter the settings. (Figure 6-51) Figure 6-51 LDAP Server Settings Clicking on Test connection provides a connectivity test to the LDAP server. Step25. When the user attempts to access the Internet though a browser, the following screen will appear requesting authentication via the IAR-5000.
7. IM Management 7 7. IM Management IM management provides system administrator with the flexibility and the facility to manage IM access. IAR-5000 can be configured to grant or deny IM access based on account or IM application. IM Management comprises three major settings: 1. Login Notice: System administrator may compose a message to advise users not to abuse the IM access for private use or to announce company policy. The message is issued automatically to users who logs on to his / her IM account.
7. IM Management 7.1 Login Notice When a user successfully logs on to his / her IM account, he /she shall receive the login notice via a NetBIOS broadcast, or receive the alert notification from IAR-5000 presented in a conversation window of the IM application. Following are the configuration example: Step1. Select IM Management Æ Configure Æ Login Notice Step2. Tick Enable NetBIOS Login Notice Step3. Tick Enable MSN Login Notice (Bridge Mode Only) Step4.
7.
7.
7. IM Management 7.2 Default Rule MIS engineer can make the default IM rule for MSN, Yahoo, ICQ, QQ and else IM software. IAR-5000 will follow the Default Rule setting to assign the access right for new account. Import / Export Settings of IM Account Rule The account rule can be exported as a file for archive purposes and later imported onto IAR-5000 device to restore the settings.
7. IM Management 7.3 Account Rule Default … Accounts (Rule Status) Accounts resided in this category are subject to default rule. Accepted … Accounts Accounts resided in this category are granted with IM access. Accepted … Accounts (No File Transfer) Accounts resided in this category are granted with IM access, yet without the support of file transfer. Dropped … Accounts Accounts resided in this category are denied with IM access.
7. IM Management 7.4 Configuration Example Configuring the Default Rule for IM Access Navigate to IM Management Æ Rule Æ Default Rule, and then set as below: (Figure 7-6) Select Accept: Everyone for MSN, Yahoo, ICQ / AIM, Skype, Gadu-Gadu and Google Talk as the default rule. Select Accept: Authenticated user with valid password Drop / Unauthenticated user or invalid password for QQ as the default rule. Select Accept: User running IR_Plugin.exe / Drop: Others for Skype as the default rule.
7.
7. IM Management Step1. Step2. To record Skype conversations, it requires installing the plug-in (IR_Plugin.exe) onto clients’ PCs. (Please refer to chapter 9 for advanced configuration) To access QQ messenger, users must verify their account by logging on to the management address appended with “/qq”, such as http://192.168.1.1/qq. (Figure 7-7, 7-8) Figure 7-7 Creating an Account on the Device for Account Verification Figure 7-8 New QQ Account Added Step3.
7. IM Management When the QQ password has been changed, please go to the management address appended with “/qq”, such as http://192.168.1.1/qq, to modify the original password. Step4. Users merely have the access to MSN Web Messenger. Access to other Web-based messengers will be denied. The IAR-5000 is capable of denying access to Web-based messengers. The system will automatically update itself with new Web-based messenger signatures when they become available. Step5.
7. IM Management Modify the IP and MAC addresses. (Figure 7-13) Create a new Yahoo account: Insert a blank row right beneath the last row of MSN accounts and type all necessary information. (Figure 7-14) After edited, click on File Æ Save on the menu bar and save the file as “IM_Rule_List.csv”. Click on Browse button on the right of Import IM Account Rule Settings to locate the edited account rule and then click on OK.
7. IM Management Figure 7-13 IP and MAC Addresses Changed Figure 7-14 New Yahoo Account Whether an account is purposely or accidentally deleted during editing, it does not affect the existing account rule on IAR-5000 after imported the edited file. Only newly added account(s) or account(s) had been modified makes changes in the account rule. The authentication method should not be modified.
7. IM Management Figure 7-16 Confirming to Import the Account Rule Step7. Navigate to IM Management Æ Rule Æ Account Rule, and then follow the steps below: On the Default … Accounts (Rule Status) list, grant IM access to the specific accounts by ticking them. Click on To the accepted and then click on OK on the confirmation conversation. (Figure 7-17) On the Default … Accounts (Rule Status) list, block file transfer of specific accounts by ticking them.
7.
7. IM Management Figure 7-22 Confirming to Remove an Account Figure 7-23 Modification Completed IAR-5000 will use default rule (see Rule Status) on newly added IM accounts.
8. Application Management 8 8. Application Management Application Management determines the users’ right to access applications (peer-to-peer sharing, multimedia streaming, online gaming, VPN tunneling and remote controlling). System administrator may grant or deny access to applications based on which application is used or who the user is. Application Management comprises two major settings: 1.
8. Application Management Configuring the Default Rule for Application Access Step1. Navigate to Application Management Æ Default Rule, and then set as below: (Figure 8-1) Select Drop for all Peer-to-Peer sharing applications. Figure 8-1 Configuring the Default Rule for Application Access Step2. After configured the default rule, eMule will not be accessible.
8. Application Management 8.2 Custom Rule … Users under Default Rule (Rule Status) Users resided in this category are subject to default rule. Accepted … Account Accounts resided in this category are granted with application access. Dropped … Account Accounts resided in this category are denied with application access. Configuring the Custom Rule for Application Access Step1.
8. Application Management Figure 8-4 Denying P2P Access to Specific Accounts Figure 8-5 Modification Completed IAR-5000 will use default rule (see Rule Status) on newly added P2P accounts.
9. Record: Settings 9. Record: 9 Settings IAR-5000 can record the user’s internet activities, and administrator easy to manage all of the information by clearly group / department division. And assure the data transmission security and monitor the employee‘s internet activities. In other words, IAR-5000 can prevent the employee to use the network resources to access private activity via internet. 9.
9. Record: Settings Plug-In for Binding Username to AD Server and Recording Skype Conversations (Text & Voice) Plug-In installation location: AD Server: z The user’s computer will automatically install and run the plug-in when the user logs on to the AD server. Skype text and conversation will be recorded.
9. Record: Settings The IAR-5000 automatically modifies the plug-in file to suite the currently attached network. Thus, it is important to download the plug-in only once the network has been deployed. LAN to LAN Activity Recording: IAR-5000 is capable of recording the data transmission among LANs. Supposing users must access the Internet through an on-site proxy server, then that is the case it is used.
9. Record: Settings 9.2 Settings Example Binding User Names to IP Addresses: Step1. Navigate to Record Æ Settings Æ Settings, and then set as below: (Figure 9-1) Figure 9-1 Record Analysis Settings Step2. Under User List Æ Logged, you will see: (Figure 9-2) Users are identified by computer name or DNS name. IP address is used for user identification if no information (e.g., user name, DNS name, etc.) is available for displaying. Figure 9-2 User Names Binding to IP Addresses Step3.
9. Record: Settings Binding User Names to MAC Addresses: Step1. Navigate to Record Æ Settings Æ Settings, and then set as below: (Figure 9-4) Figure 9-4 Record Analysis Settings Step2. Under User List Æ Logged, you will see: (Figure 9-5) Users are identified by computer name or DNS name. MAC address is used for user identification if no information (e.g., user name, DNS name, etc.) is available for displaying. Figure 9-5 User Names Binding to MAC Addresses Step3.
9. Record: Settings Binding User Names to AD Server: Step1. Navigate to Record Æ Settings Æ Settings, and then set as below: (Figure 9-7) Figure 9-7 Record Analysis Settings Step2. Right-click on your domain, point to New, and then click on Organizational Unit. Next, create as many users as desirable in the newly created Organizational Unit folder.
9. Record: Settings 1. Each AD object has a unique identifier known as a Distinguished Name (DN). DNs are used to uniquely identify entries in an LDAP directory. The following string-type attributes represent the set of standardized attribute types for accessing an LDAP directory. DC - DomainComponent CN - CommonName OU - OrganizationalUnitName O - OrganizationName STREET – StreetAddress L - LocalityName ST - StateOrProvinceName C – CountryName UID:Userid 2.
9.
9. Record: Settings Step3. Under User List Æ Logged, you will see: (Figure 9-12) Users are displayed by the given name from the Organizational Unit in the AD server. IP address is used for user identification if the plug-in has not been installed onto the client’s computer or user itself has not been authenticated. Figure 9-12 User Names Binding to AD Server Step4. Download the plug-in from the device and install it into your AD server.
9. Record: Settings Step5. Download the plug-in and installed it onto the AD server: Navigate to Start Æ All Programs Æ Administrative Tools Æ Active Directory Users and Computers, and then right-click on the domain and choose Properties. (Figure 9-15) Select the Default Domain Policy and then click on Edit. (Figure 9-16) In the Group Policy Object Editor window, select User Configuration Æ Windows Settings Æ Scripts (Logon/Logoff). After that, double-click on Logon scripts.
9.
9.
9. Record: Settings Figure 9-20 Logon Script Configuration Completed Step6. A user logs on to Windows using Active Directory authentication.
9. Record: Settings For non-AD client users, you may download the plug-in yourself and install it onto your computer. The device will then be able to use your user name, namely the name you use to log on to Windows, as a basis for recording online activities.
9. Record: Settings Figure 9-24 Installing the Plug-In onto Client PC Step7. User name helps track and control user’s online activities. Eight kinds of IP service logs are available under Record Æ Service. (Figure 9-25) Figure 9-25 User’s Online Activities Binding User Names to Authentication Names: Step1.
9. Record: Settings Step2. Under User List Æ Logged, you will see: (Figure 9-27) Users are identified by authentication name. IP address is used for user identification if no information (e.g., user name, DNS name, etc.) is available for displaying. Figure 9-27 User Names Binding to Authentication Name Step3. User name helps track and control user’s online activities. Eight kinds of IP service logs are available under Record Æ Service.
10. Record: User and Service 10 10. Record: User and Service The AirLive IAR-5000 classifies the most frequently seen online activities into 8 services. By monitoring 8 services of each user, system administrator may easily secure the corporate information assets and also avoid network bandwidth from being abused for private purposes.
10.
10. Record: User and Service Figure 10-3 The Search Results of SMTP Click on a desirable message subject to read its contents Figure 10-4 Downloading the Search Results as a “.
10. Record: User and Service Figure 10-5 Exporting the Search Results as a “.mbx” File How to open a “.mbx” file on your local computer: Convert the “.mbx” file into a “.eml” file with a mbx2eml application (e.g., IMAPSize) and then run Outlook Express to open the “.eml” file. Run IMAPSize, navigate to Tools Æ mbox2eml on the menu bar, and then click on it. (Figure 10-6) In the mbox2eml window, click on “Select mbox files to convert” button, locate the “.
10. Record: User and Service Figure 10-6 Navigating to Tools Æ Mbox2eml on the Menu Bar Figure 10-7 Specifying the “.
10. Record: User and Service Figure 10-8 Converting the “.mbx” File into a “.
10. Record: User and Service Figure 10-10 Click oning and Dragging the “.eml” File into Outlook Express to Open It 10.2 HTTP Search Visited Webpages via HTTP: Records are available if searched by criteria, such as Web site address, content, session direction, transmission direction and date, as keyword or pattern.
10.
10. Record: User and Service Figure 10-13 The Search Results of HTTP Click on a desirable Web site log to view the visited page. Figure 10-14 Downloading the Search Results as a “.
10. Record: User and Service 10.3 IM Search IM Conversations: Records are available if searched by criteria, such as type, session direction, user account, participants, content, file name, auth name and date, as keyword or pattern. Under System Æ Settings, tick Enable email notification and configure its related settings; and then navigate to Record Æ Settings Æ Settings to Enable report hyperlinks as well as configure its related settings. Refer to the steps below to start a search: 1. 2. 3. 4. 5.
10.
10. Record: User and Service Figure 10-18 Downloading the Search Results as a “.txt” File 10.4 Web SMTP Search Emails Sent via Web-Based Email Services: Records are available if searched by criteria, such as recipient, sender, subject, content, session direction, no attached file, attached file and date, as keyword or pattern.
10.
10. Record: User and Service Figure 10-21 The Search Results of Web SMTP Click on a desirable message subject to read its contents. Figure 10-22 Downloading the Search Results as a “.
10. Record: User and Service Figure 10-23 Exporting the Search Results as a “.mbx” File To open the exported “.mbx” file, please refer to Figure 10-6 to 10-10. 10.5 Web POP3 Search Emails Received via Web-Based Email Services: Records are available if searched by criteria, such as recipient, sender, subject, content, session direction, no attached file, attached file and date, as keyword or pattern.
10.
10. Record: User and Service Figure 10-26 The Search Results of Web POP3 Click on a desirable message subject to read its contents. Figure 10-27 Downloading the Search Results as a “.
10. Record: User and Service Figure 10-28 Exporting the Search Results as a “.mbx” File To open the exported “.mbx” file, please refer to Figure 10-6 to 10-10. 10.6 FTP Search Files Transferred via FTP: Records are available if searched by criteria, such as file name, host name, user name, size, session direction and date, as keyword or pattern.
10.
10. Record: User and Service Figure 10-31 The Search Results of FTP Click on a file name to download it onto your local computer Figure 10-32 Downloading the Search Results as a “.
10. Record: User and Service 10.7 Telnet Search Sessions Established via TELNET: Records are available if searched by criteria, such as user name, host name, session direction and date, as keyword or pattern. Under System Æ Settings, tick Enable email notification and configure its related settings; and then navigate to Record Æ Settings Æ Settings to Enable report hyperlinks as well as configure its related settings. Refer to the steps below to start a search: 1.
10. Record: User and Service Figure 10-34 The Search Results of TELNET Attached to an Email Figure 10-35 The Search Results of TELNET Click on the detail symbol "©" to view the captured image of a TELNET session.
10. Record: User and Service Figure 10-36 Downloading the Search Results as a “.txt” File 10.8 Custom Log The recording of a user’s online activities via SMTP, POP3/ IMAP, HTTP, IM (MSN, Yahoo Messenger, QQ, ICQ, AIM, Skype, Gadu-Gadu), Web SMTP, Web POP3, FTP and Telnet for a specified date is obtainable through the Custom Log. Records are produced based on search criteria, such as user name, host name, session direction, date, keyword or pattern.
10.
10.
10.
11. Record: Access Record 11 11. Record: Access Record 11.1 Accessing Emails Sent via SMTP Protocol Navigate to Record Æ Service Æ SMTP to obtain the details of user’s using SMTP protocol. To view an archived email, click on the desirable email subject. (Figure 11-1) Then it displays the content of the email. (Figure 11-2) To retrieve an archived email, tick the corresponding box and then click on (Forward) at the top of the chart icon.
11. Record: Access Record Figure 11-2 An Archived Email This window offers users not only a view of email content but also the function to forward the email or to save the attachment.
11. Record: Access Record Figure 11-4 Confirming to Remove the Selected Email Figure 11-5 Confirming the date of log deletion ranges To import emails from MS Outlook (including Outlook Express) or other email applications: to import the emails. (Figure 11-6) Click on In the Email Import Settings window, specify the location and file extension of the messages file. (Figure 11-7) Emails are chronologically archived according to their sending or receiving time.
11.
11. Record: Access Record 11.2 Accessing Emails Sent via POP3/IMAP Protocol Navigate to Record Æ Service Æ POP3/IMAP to obtain the details of user’s using POP3/IMAP protocol. To view an archived email, click on the desirable email subject. (Figure 11-10) Then it displays the content of the email. (Figure 11-11) To retrieve an archived email, tick the corresponding box and then click on (Forward) at the top of the chart icon.
11. Record: Access Record Figure 11-11 An Archived Email This window offers users not only a view of email content but also the function to forward the email or to save the attachment.
11. Record: Access Record Figure 11-13 Confirming to Remove the Selected Email Figure 11-14 Confirming the date of log deletion ranges 11.3 Accessing Visited Webpages via HTTP Protocol Navigate to Record Æ Service Æ HTTP to obtain the details of user’s using HTTP protocol. To view a visited page, click on the desirable page. (Figure 11-15) Then it displays the visited page. (Figure 11-16) To remove unwanted visited pages, tick the corresponding boxes and then click on icon.
11.
11. Record: Access Record Figure 11-18 Confirming the date of log deletion ranges 11.4 Accessing Details of an IM Conversation Navigate to Record Æ Service Æ IM to obtain the details of user’s using instant messaging applications. Click on the corresponding total message entries on the right to access to the history messages. (Figure 11-19) Then it displays the conversation between the two participants.
11.
11. Record: Access Record Checking Skype voice conversations: 1. The symbol indicates a voice conversation. (Figure 11-23) 2. The voice conversation can be played online or downloaded onto a local PC.
11. Record: Access Record 11.5 Accessing Emails Sent via Web-Based Email Service Navigate to Record Æ Service Æ Web SMTP to obtain the details of user’s using Web SMTP protocol. To view an archived email, click on the desirable email subject. (Figure 11-26) Then it displays the content of the email. (Figure 11-27) To remove unwanted emails, tick the corresponding boxes and then click on icon. Click on OK to confirm to remove selected emails. The selected emails are removed.
11. Record: Access Record This window offers users not only a view of email content but also the function to forward the email or to save the attachment. Figure 11-28 Confirming to Remove the Selected Emails Figure 11-29 Cleaning up Archived Emails (Web SMTP Logs) 11.6 Accessing Emails Received via Web-Based Email Servi ce Navigate to Record Æ Service Æ Web POP3 to obtain the details of user’s using Web POP3 protocol. To view an archived email, click on the desirable email subject.
11. Record: Access Record Figure 11-30 Click on the Desirable Email to View Figure 11-31 An Archived Email This window offers users not only a view of email content but also the function to forward the email or to save the attachment. The attachment, if any, will not be archived, provided that it had not been opened or downloaded. IAR-5000 merely records its file name for users’ reference.
11. Record: Access Record Figure 11-32 Confirming to Remove the Selected Emails Figure 11-33 Cleaning up Archived Emails (Web POP3 Logs) 11.7 Accessing Files Transferred via FTP Protocol Navigate to Record Æ Service Æ FTP to obtain the details of user’s using FTP protocol. To open or download a transferred file, click on its file name. (Figure 11-34) Then a conversation box prompts you to open or save the file.
11.
11. Record: Access Record Figure 11-37 Cleaning up Archived Files (FTP Logs) 11.8 Accessing Details of Sessions Established via TELNET Protocol Navigate to Record Æ Service Æ Telnet to obtain the details of user’s using Telnet protocol. To view the details of a session, click on the Details icon corresponding to the desirable session. (Figure 11-38) Then it displays the session in details. (Figure 11-39) To remove unwanted session details, tick the corresponding boxes and then click on icon.
11.
12. Content Auditing 12 12. Content Auditing Internet services can be regulated through specifying inspection criteria for SMTP, POP3, HTTP, IM, Web SMTP, Web POP3, FTP and TELNET respectively; IAR-5000 allows system administrator to determine whether a service is subject to company policies. Name: The name for audit rule.
12. Content Auditing Everyday at 00:30 a.m., the device automatically searches for logs of the previous day that meet audit criteria, and then sends a summary report to the designated recipient. Apart from existing criteria, you may use Perl-compatible regular expressions to search for more detailed information. Regular Expression (RE): An expression that describes a set of strings, giving a concise description without having to list all elements.
12. Content Auditing | () Matches either the expression before or the expression after the operator. E.g., abc|def matches "abc" or "def". Allows the regular expression in the parentheses to be treated as a single unit. E.g., severity:(1|2) matches the pattern severity:1 or severity:2.
12. Content Auditing Figure 12-2 The Audit Rule Created for SMTP Service Figure 12-3 The Audit Report of SMTP Service Figure 12-4 The Audit Result of SMTP Service Step2. Under Content Auditing Æ Settings, create an audit rule for POP3 service: (Figure 12-5) Click on New Entry. Type “POP3_Audit” in the Name field. Select “POP3” for Service. Type “[0-9a-zA-Z_.-]+@[a-zA-Z_0-9.-]+\.[a-zA-Z_0-9.-]+” in the Content field. (In the search of any email address) More example for the content, “([0-9]{3}.
12. Content Auditing Select “No” for Attachment. Select “All” for Department / Group. Specify a recipient in the Send Audit Report to field. Click on OK to complete the audit rule. (Figure 12-6) The device automatically searches for logs according to the criteria and generates a corresponding report. Designated recipient will be receiving the report once it is generated.
12. Content Auditing Figure 12-8 The Audit Result of POP3 Service Step3. Under Content Auditing Æ Settings, create an audit rule for HTTP service: (Figure 12-9) Click on New Entry. Type “HTTP_Audit” in the Name field. Select “HTTP” for Service. Type “(yahoo|google).com” in the Content field. (Using RE to match the content of “www.google.com” or “www.yahoo.com”) Select “No” for Attachment. Select “All” for Department / Group. Specify a recipient in the Send Audit Report to field.
12. Content Auditing Figure 12-11 The Audit Report of HTTP Service Figure 12-12 The Audit Result of HTTP Service Step4. Under Content Auditing Æ Settings, create an audit rule for IM service: (Figure 12-13) Click on New Entry. Type “IM_Audit” in the Name field. Select “IM” for Service. Select “All” for IM Application Type “(iar|rs|es)-?[0-9]+” in the Content field. (Using RE to match the content of IAR-5000, RS-3000, RS-2500, RS-1200, RS-2000, ES-4000, ES-6000…) Select “No” for Attachment.
12. Content Auditing Select “All” for Department / Group. Specify a recipient in the Send Audit Report to field. Click on OK to complete the audit rule. (Figure 12-14) The device automatically searches for logs according to the criteria and generates a corresponding report. Designated recipient will be receiving the report once it is generated.
12. Content Auditing Figure 12-16 The Audit Result of IM Service Step5. Under Content Auditing Æ Settings, create an audit rule for Web SMTP service: (Figure 12-17) Click on New Entry. Type “WebSMTP_Audit” in the Name field. Select “Web SMTP” for Service. Type “[A-Z][0-9]” in the Content field, it indicates with using RE to match the content of A2, B368, S2693548, … Select “No” for Attachment. Select “All” for Department / Group. Specify a recipient in the Send Audit Report to field.
12. Content Auditing Figure 12-19 The Audit Report of Web SMTP Service Figure 12-20 The Audit Result of Web SMTP Service Step6. Under Content Auditing Æ Settings, create an audit rule for Web POP3 service: (Figure 12-21) Click on New Entry. Type “WebPOP3_Audit” in the Name field. Select “Web POP3” for Service. Type “[0-9a-zA-Z_.-]+@[a-zA-Z_0-9.-]+\.[a-zA-Z_0-9.-]+” in the Content field. (In the search of any email address) More example for the content, “http://.?.?.?\..?.?.?\.
12. Content Auditing Select “No” for Attachment. Select “All” for Department / Group. Specify a recipient in the Send Audit Report to field. Click on OK to complete the audit rule. (Figure 12-22) The device automatically searches for logs according to the criteria and generates a corresponding report. Designated recipient will be receiving the report once it is generated.
12. Content Auditing Figure 12-23 The Audit Report of Web POP3 Service Figure 12-24 The Audit Result of Web POP3 Service Step7. Under Content Auditing Æ Settings, create an audit rule for FTP service: (Figure 12-25) Click on New Entry. Type “FTP_Audit” in the Name field. Select “FTP” for Service. Select “All” for Department / Group. Specify a recipient in the Send Audit Report to field. Click on OK to complete the audit rule.
12.
12. Content Auditing Figure 12-28 The Audit Report of FTP Service Step8. Under Content Auditing Æ Settings, create an audit rule for TELNET service: (Figure 12-29) Click on New Entry. Type “Telnet_Audit” in the Name field. Select “TELNET” for Service. Select “All” for Department / Group. Specify a recipient in the Send Audit Report to field. Click on OK to complete the audit rule.
12.
13. Anomaly Flow IP 13 13. Anomaly Flow IP When the corporate network is under an attack (which causes excessive network traffic), IAR-5000 will take action to against it. Besides, by joining forces with an IDP-enabled switch, you can defend various threats from the Internet, avoiding losing revenue opportunities as a result of the network being paralyzed. This chapter will be discussing the functionality and application of Anomaly Flow IP.
13. Anomaly Flow IP Figure 13-1 Anomaly Flow IP Settings To block intrusion packets, enable co-defense system to notify the designated switch to act against the attack. Safe IP Addresses can be used for excluding specific IP from detection. Step2. When a DDoS attack occurs, IAR-5000 will warn about the anomaly flow under Anomaly Flow IP Æ Safe IP Addresses or alert both the victim user and the system administrator about it through a NetBIOS broadcast.
13. Anomaly Flow IP Figure 13-3 NetBIOS Broadcast Shown to the Victim User Figure 13-4 NetBIOS Broadcast Shown to the System Administrator Step3. The figure below shows the system administrator receives the alert notification through an email message.
13. Anomaly Flow IP Figure 13-5 The Alert Notification Sent through an Email Message Step4. When a DDoS attack occurs, IAR-5000 will warn about the anomaly flow under Anomaly Flow IP Æ Intrusion IP or alert the intruder and the system administrator about it through a NetBIOS broadcast.
13. Anomaly Flow IP Figure 13-7 A NetBIOS Broadcast Shown to the Intruder Figure 13-8 A NetBIOS Broadcast Shown to the System Administrator Step5. The figure below shows the system administrator receives the alert notification through an email message.
13.
14. Local Disk 14 14. Local Disk The records of online activities are stored in the built-in hard disk. Local Disk has a utilization summary of each service according to which system administrator may decide the storage time for records of every kind separately. This helps optimize the use of built-in hard disk, avoiding insufficient storage space for new records. 14.1 Storage Time Total Hard Disk Drive Space: The total available storage space on IAR-5000’s built-in hard disk.
14. Local Disk Configuring the Storage Time Based on the Traffic of Each Service: Navigate to Local Disk Æ Storage Time and then configure accordingly. (Figure 14-1) 14-1 Configuring the Storage Time for Each Service 14.2 Disk Space Hard Disk Utilization: The indicative bar uses different colors to demonstrate the utilization of storage space. Each color represents a service (the color white means available storage space.
14. Local Disk Viewing the Used Storage Space and Top 10 Users of Each Service: Under Local Disk Æ Disk Space, there it shows the details of built-in hard disk usage.
15. Remote Backup 15 15. Remote Backup Running a storage is always a disaster especially when calling for archiving valuable information for a long-term storage. Accordingly, IAR-5000 features Remote Backup which helps resolve the storage quandary by periodically duplicating online activity records to a remote storage device, such as a NAS or Samba server. In this chapter, it will be discussing the functionality and application of Remote Backup. Benefits from using Remote Backup: 1.
15.
15. Remote Backup Step2.
15. Remote Backup System administrator may backup logs of a specific period of time. (Figure 15-3) 15-3 Immediate Backup Settings 15.2 Browse Settings Connection Status of Backup Storage Device: Displays the status of the connection to the remote storage, and the access privilege (e.g., read / write) of backup storage device. Browse Settings: Determines of which location to access archives.
15. Remote Backup Configuring IAR-5000 to Gain Access to Archives: Step1. Navigate to Remote Backup Æ Settings Æ Browse Settings, and then configure as below: (Figure 15-4) 15-4 Browse Settings Step2. View the connection status and the access privilege of remote storage. (Figure 15-5) 15-5 Viewing the Connection Status of Backup Storage Step3. Service logs are sorted by the eight services and duplicated periodically to the designated NAS server or file server.
16. Reporting 16 16. Reporting Reporting delivers system administrator a quick insight to network traffic and storage space utilization with graphical charts, enhancing the management on a corporate network. In this chapter, it will be discussing the functionality and application of Reporting. Periodic Report Scheduling Settings: It generates and sends out the periodic report to the designated recipient(s) on schedules.
16.
16.
16.
16.
16. Reporting Step1. Step2. Step3. Under Reporting Æ Storage Report, bar charts indicate the disk space utilization of each service. In the upper left corner, click on a time unit from which the bar charts are derived. Click on Day for bar charts derived from daily operation; click on Week for bar charts derived from weekly operation; click on Month for bar charts derived from monthly operation; click on Year for bar charts derived from yearly operation.
17. Status 17 17. Status Status presents system administrator with the system performance, authentication, current sessions and event logs. 17.1 System Info System Info: The usage of CPU, hard disk, memory and RAM disk are illustrated separately in different histograms. (Figure 17-1) Under Status Æ System Info, there it shows the resource usage and system uptime. System Uptime: The time the device has been up and running. CPU Utilization: The resource usage of CPU.
17.
17. Status 17.2 Authentication Authentication: The related information of User Authentication, such as client’s IP address, login name, login time, and the remove selection for administrator. 17-2 Authentication Info 17.3 Current Session Current Session: Shows the traffic and amount of sessions created by each service, such as HTTP, FTP, POP3, SMTP, IM, TELNET, Web Mail and applications.
17. Status Step1. Under Status Æ Current Session, there it shows the sessions created by each service. (Figure 17-4) 17-4 Current Sessions – Overall Information Step2. Click on Total to view the used port number and traffic of each service session. (Figure 17-5) 17-4 Current Sessions – Specific Details Step3. In the Total IP Service screen, a mouse click on a Source IP or Destination IP will show its corresponding IP address, host name, domain name, port number and traffic in a pop-up window.
17. Status 17-6 Searching for a Specific Log 17.5 Even Log Event Log: Records all modifications on IAR-5000, such as deleting a setting. Search Event Logs: Records are available if searched by criteria, such as event and date, as keyword or pattern. Refer to the steps below to start a search: 1. Enable the searching duration and specify a period of time to search within. 2. Click on Search. (Figure 17-7) 3. Click on Download to download the search results onto local computer.
17.
17.
18. Specifications 18. Specifications 18 The specification of IAR-5000 is subject to change without notice. information with caution. Category System Configuration Name Admin Interface Settings Date/Time Permitted IPs Language Installation Wizard Software Update User List Settings Logged Ignored Settings Please use the Function Chapter Used for creating and modifying 4 system administration accounts. Used for setting the interface’s IP address, subnet mask, etc.
18. Specifications Auth User RADIUS POP3 LDAP Record Analysis Behavior Management Settings Settings User Service Logged SMTP POP3 / IMAP HTTP IM Web SMTP Web POP3 FTP TELNET Login Notice IM Management Specifies the authentication name accounts. Used for enabling a Radius server to manage authentication. Used for enabling a POP3 server to enable authentication. Used for enabling an LDAP server to manage authentication.
18. Specifications Local Disk Storage Time Disk Space Remote Backup Settings Browse Reporting Backup Settings Browse Settings SMTP POP3 / IMAP HTTP IM Web SMTP Web POP3 FTP TELNET Settings Storage Report Status System Info Current Session IM/Application Log Event Log Provides individual storage time 14 settings for each of the recorded services based upon their importance. Provides hard disk utilization statistics based upon the service, user and group.
