IAR-5000 Internet Activity Recorder User’s Manual GP User’s Manual
Declaration of Conformity We, Manufacturer/Importer OvisLink Corp. 5F., NO.6, Lane 130, Min-Chuan Rd.
RS-4000 / IAR-5000 CE Declaration Statement Country cs Česky [Czech] Declaration OvisLink Corp. tímto prohlašuje, že tento RS4000 / IAR-5000 je ve shodě se základními požadavky a dalšími příslušnými ustanoveními směrnice 1999/5/ES. da Undertegnede OvisLink Corp. erklærer herved, Dansk [Danish] at følgende udstyr RS-4000 / IAR5000overholder de væsentlige krav og øvrige relevante krav i direktiv 1999/5/EF. de Hiermit erklärt OvisLink Corp.
This device uses software which is partly or completely licensed under the terms of the GNU General Public License. The author of the software does not provide any warranty. This does not affect the warranty for the product itself. To get source codes please contact: OvisLink Corp., 5F, No. 96, Min-Chuan Rd, Hsin-Tien City, Taipei, Taiwan, R.O.C. A fee will be charged for production and shipment for each copy of the source code.
Copyright The contents of this publication may not be reproduced in any part or as a whole, stored, transcribed in an information retrieval system, translated into any language, or transmitted in any form or by any means, mechanical, magnetic, electronic, optical, photocopying, manual, or otherwise, without the prior written permission. Trademarks All products, company, brand names are trademarks or registered trademarks of their respective companies. They are used for identification purpose only.
Table of Contents Chapter 1 Introduction ................................................................................................................... 3 1.1 Functions and Features ......................................................................................................................4 1.2 Deployment...........................................................................................................................................5 1.3 Front Panel .................................
C Chhaapptteerr 11 IInnttrroodduuccttiioonn Instead to restrict the access right of communication software, the AirLive brings you a brand new model of Internet Activity Recorder, IAR-5000. It can record the defined service packets in its hard disk, and provide the log to administrator for monitoring. With Sniffer mode or Bridge mode, network administrator will not need to change current network topology, and construct the advanced secure mechanism to protect the confidential information.
1.1 Functions and Features z Sniffer and Bridge mode IAR-5000 supports sniffer mode and bridge mode; both installation types will not need to change current network structure. The IM/P2P management is available only at bridge mode. z Content Recorder IAR-5000 provides the ability to record the contents of several network communicating programs, such as Mail, Web Mail, IM, HTTP, FTP and Telnet.
1.2 Deployment Bridge Mode:Link one of the internet recorder’s ports to firewall or gateway, the other port connects to the internal network via hub or switch. Sniffer Mode:Link one of the internet recorder’s ports to the mirror port of core switch or any port of the hub. 1.
1.
C Chhaapptteerr 22 S Sooffttw waarree IInnssttaallllaattiioonn Step1. Connecting the administrator’s PC and IAR-5000 (port1 or port2) to the same hub or switch , and then use the web browser ” IE or Netscape” to connect IAR-5000. The default IP port address in IAR-5000’s management interface is http://192.168.1.1。 Step2. The management of IP interface is to fit the company’s network environment, so we set the same subnet IP in LAN. If the LAN is not the subnet of IP address192.168.1.0.
Step4. When user is first time to use the IAR-5000 management interface, system will automatically enter System Æ Wizard. It will guide user to make settings, and then click Next (Figure 2-2). Figure 2-2 Enter the setting wizard Step5. Select the language (System will change to the selected language automatically) and click Next (Figure 2-3). Figure 2-3 Select the language Step6. Select the correct time zone and enter the time, and click Next (Figure 2-4).
Step7. Select the needed Default Character Encoding, and click Next (Figure 2-5). Figure 2-5 Select the default character encoding When system can not identify the character encoding to save the data into database, it will use the default setting. Step8. Select the deployment mode in Network Deployment Mode, and click Next (Figure 2-6).
Step9. Select User Name binds to IP or MAC Address, and click Next (Figure 2-7). Figure 2-7 Select which method to save the data User Name – IP binding: The log can be recorded depends on the user IP address, when it comes from the same IP address, will be decided to the same user. This function is usually use for the corporation which use the static IP.
Step10. Enter the settings in Interface Address (Figure 2-8). Enter the available IP (the IP is settled in the same subnet as LAN) to be the IAR-5000 management interface. Set the netmask, default gateway and DNS server settings. If company use VLAN, then it’s necessary to select Enable VLAN of port 1 / 2 and enter the settings. Enter the Downstream and Upstream bandwidth settings.
Step11. Enter the subnet information to record, and click Finish (Figure 2-9). Figure 2-9 Enter the subnet information to record If we change the interface IP after click Finish, then enter the custom interface IP in address column of web browser, so that we can log in to IAR-5000 again. Step12. In User List Æ Logged, system will shows the default recorded list in the same subnet as the IAR-5000 interface address and the subnet.
C Chhaapptteerr 33 S Syysstteem m The so-called system administration refers the competency to manage the IAR-5000. In this Chapter it will be defined to the Admin, Interface IP, Setting, Date/Time, Permitted IPs, Language, Logout and Software Update. The IAR-5000 is managed by the main system administrator. The main system administrator can add or delete any system settings and monitor the system status.
View Groups: The group administrator can divide the internal network into several groups. And he can appoint the specific administrator to view the group but can not view across groups. Interface IP: Interface Address: The administrator can set the IP login information in IAR-5000. Ping: Enable the function, the user can send Ping (ICMP) packets to Interface. HTTP: Enable this function, the user can login IAR-5000 Web UI through HTTP protocol.
When the port number of HTTP and HTTPS had been changed, if the system administrator wants to log in to WebUI, he must change the WebUI port number. (For example: http://172.20.108.172:8080 and https:// 172.20.108.172:1025) Log Storage Time System administrator can set the log storage time. Date/Time: Synchronize system clock: This option can synchronize the Date/Time in IAR-5000, the administrator’s PC and the WAN server. GMT: The international standard time (Greenwich Mean Time: GMT).
3.1 Admin Add New Group-Admin Step1. In admin setting window, click the New-Group Admin. Step2. In add new group-admin window, enter the following information. (Figure 3-1) Step3. Group-Admin set group_admin. Password enters 12345. Confirm Password enters 12345. In View Groups column, select the permitted group record to see. Click OK to login the user or click cancel, to delete the new group administrator. Figure 3-1 Add new group-admin Change Admin password Step1.
Figure 3-2 To change the admin password 17
3.2 Interface IP Step1. In System Æ Interface IP, enter the following setting: Enter the available IP of the LAN subnet in IP Address, Netmask and Default Gateway column. Enter DNS server 1 or DNS server 2. If necessary, select to enable VLAN feature and provide the VLAN ID based on the setting. Enter Max Downstream Bandwidth and Max Upstream Bandwidth. (It depends on the applied flow statistics of the user.) Enable the setting of Ping, HTTP and HTTPS function. Click OK.
3.3 Setting Export the configured file Step1. In System Setting, select Internet Recorder Configuration Æ Export System setting to client, and click the download button at the right place. Step2. When it appeared File Download window, click Save button, and it will show where the file will be saved, then click Save button again. The settings of IAR-5000 will be copied to the appointed directory. (Figure 3-4) Figure 3-4 Choose where the export file will be saved Import the configured file Step1.
Figure 3-6 Import the file name to the directory to saved Figure 3-6 Confirm the import setting 20
Reset Factory Default Step1. In System Æ Setting Æ Internet Recorder Configuration, select Reset Factory Setting and Format Hard Disk. Step2. Click the OK in the lower right, it will restore to the factory setting of IAR-5000 and format the disk at the same time.
Configure Email Notification Step1. Select E-Mail Setting Æ Enable Email Alert Notification. Step2. Company Name, enter the name of the company which belong the IAR-5000. Step3. Device Name, enter the name of IAR-5000. Step4. Sender Address, sending the e-mail address of the sender.(Some of the ISP have request to enter in the sender address column) Step5. SMTP Server, enter the IP address of the delivered e-mail in SMTP server. Step6.
Reboot Step1. Select Reboot Internet Recorder Appliance Æ Reboot button. Step2. It will show ”Are you sure to reboot ?“ Step3. Click OK to reboot IAR-5000, or click Cancel to cancel reboot IAR-5000. (Figure 3-9) Figure 3-9 Reboot the internet recorder appliance 3.4 Date/Time Step1. Select Enable Synchronize with an Internet Time Server. (Figure 3-10) Step2. Click Set Offset Hours from GMT pull down menu, and choose the correct time. Step3. Enter the Server IP address into Server IP/Name. Step4.
Select Synchronize Æ Sync button, the system time in IAR-5000, will synchronize to the administrator’s computer. The settings of Set offset hours from GMT and Server IP can be entered with using Assist. If the local area executes the daylight saving time, then enable the daylight saving time setting.
3.5 Permitted IP Step1. In System Æ Permitted IPS Æ New Entry, add the new setting: (Figure 3-11) Name enters master. IP Address enters 192.168.139.30. Netmask enters 255.255.255.255. Service selects Ping, HTTP and HTTPS. Click OK. Complete Permitted IPs settings.
3.6 Logout Step1. Click the Logout icon in the up right of Web UI, it can let the system administrator to log out from the system admin anytime, and also prevent other person change the settings of IAR-5000. (Figure 3-13) Figure 3-13 Confirm to logout Step2. Click OK, it shows the logout information.
3.7 Software Update Step1. In System Æ Software Update, the user can update the firmware step by step: In Version Number, we can know the current version of the software. Go on the internet to gain the newest version of the firmware and download into the storage disk in IAR-5000. Click Browse Æ Choose file, select the newest version of the software. Click the lower right OK, it will process the update.
C Chhaapptteerr 44 U Usseerr LLiisstt This chapter is about the users can be monitored by the IAR-5000. It can automatic search and add the new users, and the system administrator can add the lists by himself. Setting User List Configuration: Administrator can export the monitor user list and some related settings to the PC or import these settings into IAR-500.
The company can be divided into several departments, and part of the user (department) settled in different subnet. Step1. In User List Æ Setting, set the following settings: To set the Department / Group depends on the real network deployment. Click OK (Figure 4-1) Figure 4-1 Set the user list Step2. In User List Æ Logged, add the new user. Click of 192.168.1.0 subnet and the IAR-5000 will search the new user in the subnet. (Figure 4-2) Wait 1~2 minutes until search complete.
Figure 4-3 Starting to search new user Figure 4-4 Select the new user to add 30
Figure 4-5 Complete to add the new user After finished the setting of System Æ Interface IP, system will set the subnet to be the first user group in logged user list, which the interface correspond to. The IAR-5000 can automatically add the user who has ever used the internet in logged user list. In System Æ Interface IP, if the DNS server set to be the company’s internal DNS server, then the IAR-5000 will also look up the user DNS name correspond to the internal DNS server when searching the user list.
Figure 4-6 Select the user to modify Figure 4-7 Enter the user information to modify Figure 4-8 Complete to modify the user information 32
Figure 4-9 Select the user to modify Figure 4-10 Enter the user information to modify Figure 4 -11 Move the user to ignored user list 33
Figure 4-12 Complete to modify the user list In Ignored user list, the system administrator can also select the user to move to logged user list. Step4. In User List Æ Logged, add the new subnet: Click Add. Subnet, enter 192.168.139.1. Netmask, enter 255.255.255.0. Add a New user to this Department / Group, select R.D. Click OK.
Change the user list by import the user list configuration (excel list) Step1. In User List Æ Setting Æ User List Configuration Æ Export User List to Client PC Æ click Step2. . When it appears File Download, click Save, choose the position to save the download file, then click Save again. The user list settings will be saved in IAR-5000. (Figure 4-14) Figure 4-14 Select the position to save the download file Step3. Use excel to open the user list configuration settings (user_set.
The way to use the user list:(the contents of user_set.csv) ################################################ #Format: # ~1 How to use the Group_1 ……. User List? ################################################ Department / Group : ~1 ~2 Internal_Sales …….
Step4. Change the information of Department / Group. (Figure 4-15) Change the 8th Department / Group information, and the original Customer_Service will change into Support. Add the 12th Department /Group information, and change Group_12 into R.D._2. Figure4 -15 Change the Department / Group information from excel Step5. To add and modify the user information in the first subnet. (Figure 4-16) Change 192.168.1.
In the Logged / Ignored user information, the ” 0” number represents Ignored, the “ 3 “ number represents Logged. The “ * “ symbol represents no information in the excel tablet. Step6. Add the third subnet and user’s information. (Figure 4-17) Please enter the third subnet basic information under the second subnet user list . (the range of IP, Netmask, and Default Group). Please enter the basic user information under the third subnet.
C Chhaapptteerr 55 IIM MM Maannaaggeem meenntt IM Management included 3 main parts: Configure(Login Notice): MIS engineer can customize the contents of IM login notice and IAR-5000 can also send the IM login notice to user while he / she use the IM software. Authentication: MIS engineer can request user to pass the IM authentication first or IAR-5000 will block the user’s IM connection. Rule: Default Rule: Can set the default rule of MSN, Yahoo, ICQ and QQ.
5.1 Configure MIS engineer can customize the contents of IM login notice and IAR-5000 can also send the IM login notice to user while he / she use the IM software. Step1. Select which IM notification to be enabled Step2. In sender column, enter the sender name. Step3. Fill in the notice content and click OK.
ICQ Alert Notification: IAR-5000 will notice the user by ICQ notification about he processed ICQ messages or activities after login to ICQ. (Only available in bridge mode) Yahoo Alert Notification: IAR-5000 will notice the user by Yahoo notification about he processed Yahoo messengers or activities after login to Yahoo messenger.
5.2 Authentication MIS engineer can request user to pass the IM authentication first or IAR-5000 will block the user’s IM connection. And the user does not need to do any authentication once he/she had passed the IM authentication. Authentication Messages MIS engineer can customize the authentication messages. (Figure 5-2) And user will see the authenticaiton messages while he/she login the authenticaiton screen. (Figure 5-3) User It’s the built-in mechanism of user authentication.
Figure 5-2 Authentication message setting Figure 5-3 User login authentication 43
How To Use ….. The Authentication function is only available in Bridge mode. If MIS engineer use Sniffer mode to deploy IAR-5000, then appliance can not block the IM connection and MIS engineer also can not manage the internal user to use IM software. In other words, IAR-5000 can only record the user’s IM conversation contents while using Sniffer mode. If user’s IM account passed the authentication, then there is no more action of IM authentication.
Internal user must pass the IM authentication then he/she is allowed to create MSN connection. (Use the built-in user authentication) Step1. Add authentication user in Authentication Æ User. (Figure 5-5) Figure 5-5 Set the authentication user Step2. Select IM Management Æ Rule Æ Default Rule Æ Accept : Authentication passed and MSN Message not encrypted. (Figure 5-6). Click OK.
Step3. If the internal user wants to use MSN, then he/she must apply the use privilege of MSN from IM authentication management interface. The management interface is: ”http:// IAR-5000 interface/auth”, default setting is http://192.168.1.1/auth: Enter the Name and Password. Enter the MSN account. (Figure 5-7) Click OK.
Figure 5-8 Authentication success Step4. User can use the authenticated MSN account and there is no more authentications to process in the future.
Internal user must pass the IM authentication then he/she is allowed to create Yahoo connection. Use external RADIUS Server authentication. (Windows 2003 built-in authentication) Deployment of Windows 2003 RADIUS Server Step1. Click Start Æ Control Panel Æ Add / Remove Programs, select Add / Remove Windows Components, then it shows the Windows Components Wizard. Step2. Select Networking Services, then click Details.
Step3. Select Internet Authentication Service.
Step4. Click Start Æ Control Panel Æ Administrative Tools, select Network Authentication Service.
Step5. Right click RADIUS Clients Æ New RADIUS Client.
Step6. Enter the Name and Client Address (It is the same as IAR-5000 IP Address).
Step7. Select RADISU Standard, enter the Shared secret and Confirm Shared secret. (It must be the same setting as RADIUS in IAR-5000).
Step8.
Step9. Select Use the wizard to set up a typical policy for a common scenario, and enter the Policy name.
Step10. Select Ethernet.
Step11. Select User.
Step12. Select MD5-Challenge.
Step13.
Step14. Select Grant remote access permission, and Remove the original setting, then click Add.
Step15. Add Service-Type. (Figure 5-22) Figure 5-22 Add new RADIUS properties attribute Step16. Add Authenticate Only from the left side.
Step17. Click Edit Profile, select Authentication, and check Unencrypted authentication (PAP, SPAP).
Step18. Add Auth User, click Start Æ Setting Æ Control Panel Æ Administrative Tools, select Computer Management.
Step19. Right click on Users, select New User. (Figure 5-26) Figure 5-26 Add new user Step20. Complete the Windows 2003 RADIUS Server settings. Step21. In Authentication Æ RADIUS function, enter IP, Port and Shared Secret. (The setting must be the same as RADIUS server). (Figure 5-327) Figure 5-27 The RADIUS server setting Click Test, it can detect if the IAR-5000 and RADIUS server can real working.
Step22. Select IM Management Æ Rule Æ Default Rule Æ Yahoo Æ Accept : Authentication passed. (Figure 5-28) Figure 5-28 Default IM rule Step23. If the internal user wants to use MSN, then he/she must apply the user privilege of MSN from IM authentication management interface. The management interface is http://IAR-5000 interface/auth. Default setting is http://192.168.1.1/auth. Enter the Name and Password. Enter the Yahoo account.
Click OK. (Figure 5-30) Figure 5-30 Authenticated successful User can use the authenticated Yahoo account and there is no more authentication to process.
Internal user must pass the IM authentication then he / she is allowed to create QQ connection. (Use external POP3 Server authentication) Step1. Select Accept : Authentication passed and QQ Password valid in IM Management Æ Rule Æ Default Rule Æ QQ. (Figure 5-31) Figure 5-31 Set the QQ default rule Step2. Enter the POP3 setting in Authentication Æ POP3:(Figure 5-32) Figure 5-32 POP3 setting Click Test, to see if IAR-5000 can connect to POP3 Server properly.
Step3. If the internal user wants to use QQ account, then he/she must apply the use privilege of MSN from IM authentication management interface. The management interface is http: //IAR-5000 interface/auth. Default setting is http://192.168.1.1/auth. Enter the POP3 Server account name and password. (It is the mail account and password that used for receiving e-mails.
Click OK. (Figure 5-34) Figure 5-34 QQ account authenticated succeed Step4. User can use the authenticated QQ account and there is no more authentication to process in the future.
Internal user must pass the IM authentication then he/she is allowed to create ICQ connection. Use external LADP Server authentication. (Windows 2003 Server built-in authentication) Windows 2003 LDAP Server Deployment Step1. Click Start Æ Program Æ Administrative Tools Æ Manage MIS engineer Server. Step2. In Manage MIS engineer Server window, click Add or remove a role Æ Configure MIS engineer Server Wizard.
Step3. In Preliminary Steps window, click Next.
Step4. In Server Role window, select Active Directory and click Next.
Step5. In Summary of Selections window, click Next.
Step6. In Active Directory Installation Wizard window, click Next.
Step7. In Operating System Compatibility window, click Next.
Step8. In Domain Controller Type window, select Domain controller for a new domain, click Next.
Step9. In Create New Domain window, select Domain in a new forest, click Next.
Step10. In New Domain Name window, enter the Full DNS name for new domain, click Next.
Step11. In NetBIOS Domain Name window, enter the Domain NetBIOS name, click Next.
Step12. In Database and Log Folders window, enter the routes of Database folder and Log folder, click Next.
Step13. In Shared System Volume window, enter the Folder location, click Next.
Step14. In DNS Registration Diagnostics window, select I will correct the problem later by configuring DNS manually (Advanced), click Next.
Step15. In Permissions window, select Permissions compatible only with Windows 2000 or Windows Server 2003 operating systems, click Next.
Step16. In Directory Services Restore Mode Administrator Password window, enter the Restore Mode Password and Confirm password, click Next.
Step17. In Summary window, click Next.
Step18. Complete the Active Directory installation wizard.
Step19. Click Start Æ Programs Æ Administrative Tools Æ Active Directory Users and Computers.
Step20. In Active Directory Users and Computers window, right click on the Users, select New Æ User.
Step21. In New Object–User window, enter the settings, click Next.
Step22. In New Object –User window, enter the password, click Next.
Step23. Complete to add the user. (Figure 5-56) Figure 5-56 Complete to add the user Step24. Select IM Management Æ Default Rule Æ ICQ Æ Accept : Authentication passed.
Step25. In Authentication Æ LDAP, enter the following setting:(Figure 5-58) Figure 5-58 The LDAP Server setting Click Test, it can detect if the IAR-5000 and LDAP server is real working.
Step26. Internal user type http://IAR-5000 interfac/auth in address cloumn of browser. For example, http://192.168.1.1/auth.: Enter the authentication name and password. Enter ICQ account. Click OK.
Step27. User can create the ICQ connection after authenticated.
5.3 Rule Default Rule MIS engineer can make the default IM rule for MSN, Yahoo, ICQ and QQ. When IAR-5000 detects new IM account and it will put the new account in Default Rule. On the other hand, MIS engineer can separately set the IM rule for every IM account in Account Rule, and the IM account will not affected by Default Rule. Default Rule (For MSN, Yahoo, ICQ, QQ, Skype and Web Mail.) Accept :Always Everyone can freely use the IM account.
QQ Special Default Rule QQ send messages by encryption function. If IAR-5000 has user’s QQ account and password then it can decrypt and record the QQ messages. There are two ways that user can type his/her QQ account and password. 1. If MIS engineer request user to use QQ by authentication, then user must type needed information in IM authentication management interface. The management interface is http://IAR-5000interface/auth. The default setting is http://192.168.1.1/auth. 2.
Apply the use privilege of QQ messenger from IAR-5000 The system administrator can find there is one user who does not has the use privilege of QQ messenger from the record in IAR-5000. Step1. In Record Æ Service Æ IM, there is one QQ record can not be recorded normally. (Figure 5-61) Figure 5-61 Found the QQ account which can’t be recorded Click the QQ record, it can not correctly shows the QQ message contents.
Step2. Request the user to apply to modify his QQ password from IAR-5000: Enter the address of http://192.168.1.1/qq_accounts in browser ( enter the string of “ /qq_accounts ”at the end of IAR-5000 interface IP address), then it shows the interface of Add New QQ Account (Figure 5-64) Figure 5-64 Enter Add New QQ Account interface User must enter the QQ ID and password, then click Test, to see if all of them are correct.
Step3. In IM Management Æ QQ Account, the administrator can see all the QQ account list. (Administrator can not get user’s QQ password.) (Figure 5-67) Figure 5-67 Password authenticated succeed Step4. IAR-5000 can record the QQ contents successfully.
User had changed QQ password then applied the modify privilege of QQ password from IAR-5000. Step1. The user’s QQ password is not correct. (Figure 5-70) Figure 5-70 The QQ password is wrong Step2. Request user to apply to modify his/her QQ password from IAR-5000. Enter the address of http://192.168.1.1/qq_accounts in browser (enter the string of “ /qq_accounts ”at the end of IAR-5000 interface IP address), then it shows the interface of Add New QQ Account.
Click OK to complete to modified the QQ password. (Figure 5-73) Figure 5-73 Complete to modify the QQ password Step3. When the user re-login QQ, the IAR-5000 will auto complete the QQ account authentication. Step4. In IM Management Æ QQ Account, the system administrator can see the user’s QQ account has certificated. (Administrator can not get the QQ password.) (Figure 5-74) Figure 5-74 QQ account authenticated succeed Step5. IAR-5000 can record the QQ message contents.
To modify the IM account information by importing the User Account List Configuration (Excel list) Step1. Download the User Account List Configuration file. Click Download near Export Account Rule to Client PC in IM Management Æ Rule Æ Default Rule. (Figure 5-77) Figure 5-77 Download the user account list configuration In File Download dialogue box, click Save. Then assign the saved location and click Save again.
Step2. Open the user account list by Excel.(IM_Rule_List.csv) ######################################################### “#” means the description #Format: # IM_Type Account Rule AuthName IP MAC AuthType # # ######################################################### MSN airlive_test01@hotmail.com Default sales 172.19.50.24 00:0C:29:8A:BB:46 USER MSN airlive_test02@hotmail.com Default account 172.19.70.201 00:0A:48:0C:A6:20 - MSN airlive_test03@hotmail.com Accept account 172.19.50.
Step3. Assume that MIS engineer want to modify one MSN account: To modify the rule type and change Default to Accept : MSN airlive_test01@hotmail.com Default sales 172.19.50.24 00:0C:29:8A:BB:46 USER MSN airlive_test01@hotmail.com Accept 172.19.50.24 00:0C:29:8A:BB:46 USER sales To modify the IP and MAC address: MSN airlive_test01@hotmail.com Accept sales 172.19.50.24 00:0C:29:8A:BB:46 USER MSN airlive_test01@hotmail.com Accept sales 172.19.52.
Step4. Click Browse near Import Account Rule form Client PC in IM Management Æ Rule Æ Default Rule. Import the file and click OK. (Figure 5-79) Figure 5-79 Select the location to save the file Step5. Now the IM account information in IAR-5000 is the modified document edited by MIS engineer. The CSV files can only modify the already existed IM account content or add new IM account, but can not remove the IM account.
Account Rule Types of Account Rule: Default Account: When IAR-5000 detects new IM accounts, it will define them to Default Rule and these accounts are Default Account. On the other hand, MIS engineer can separately set the IM account to be Accept Account or Drop Account. Accept Account MIS engineer can assign the IM account to be accepted account so that user can use the accepted account to log in IM software without affecting by Default Rule.
To Modify the IM Account Rule: Step1. Select IM accout to be moved to other position. Click OK. (For example, select one MSN accout and click To Accept , to move the MSN account to Accept Accout.) (Figure 5-80, 5-81) Figure 5-80 Select IM account Figure 5-81 Confirm to move the account to accept account Step2. Complete to move the IM account to accept account.
Remove IM Account: Select the IM account and click Remove. Add IM Account: Step1. Select which IM service to add in IM Service function. For example, MSN. Click Add at the right column in MSN Account of Default Rule. (Figure 5-83) Figure 5-83 Add MSN account of default rule Step2. Enter the related information in the column of Add Account Policy.
Step3. Complete to add a MSN account to default rule.
C Chhaapptteerr 66 P P22P PM Maannaaggeem meenntt Default Rule MIS engineer can make the default P2P rule, and he can also separately set the P2P rule for every P2P account in User Rule, and the P2P account will not affected by Default Rule. Default Rule (Figure 6-1) Accept :Always Everyone can freely use the IM account. Drop : Always No one can use the IM account.
Drop Account MIS engineer can assign the P2P account to be Drop Account so that user can not use the Drop Account to log in P2P software. Drop Account will not affected by Default Rule. Figure 6-2 P2P Management User Rule P2P management only can provide or deny P2P Account the access right, but it can not create or remove P2P account in P2P Management.
C Chhaapptteerr 77 R Reeccoorrdd IAR-5000 can record the user’s internet activities, and administrator easy to manage all of the information by clearly group / department division. And assure the data transmission security and monitor the employee‘s internet activities. In other words, IAR-5000 can prevent the employee to use the network resources to access private activity via internet. 7.
The maximum entries to be displayed on the page In Record option, user can assign how much data to display in the page. Default Character Encoding When the administrator does not specify which character encodes to use, then IAR-5000 will use default character encode to display the records. HTTP cache setting System administrator can choose to enable the http cache setting, as IAR-5000 process the http recording.
7.2 User IAR-5000 can record the user’s internet activities, and administrator easy to manage all of the information by clearly group / department division. And assure the data transmission security and monitor the employee‘s internet activities. In other words, IAR-5000 can prevent the employee to use the network resources to access private activity via internet. Monitor the internet record of the specific User Step1. In Record Æ User Æ Logged, can select the division of user.
Step2. Click the user to see (For example, use the subnet 192.168.1.0, User of Jacky), it shows the service record. (Figure 7-3) Figure 7-3 The service types of specific user Step3. Click Today Log, to know what kind of internet activities has done by the employees. Step4. Click the event, to know the content of the internet activities done by the user. (For example, HTTP) Step5. Click SMTP, to know what kind of e-mail has sent by the user in SMTP service. Step6.
Step7. Click POP3, to know what kind of e-mail has received by the user in POP3 service. Step8. Click the record, it shows the e-mail contents, and users can also forward this e-mail to the specific e-mail box. The user can also choose to open or save the attachment. (Figure 7-5) Figure 7-5 The e-mail contents received by the user Step9. Click HTTP, to know which web page did the user browsed. Step10. Click the record, it shows the web page. Step11.
Step14. Click the recorded subject, then it shows the e-mail contents, and it can be opened or saved. Step15. Click Web POP3, to know what kind of e-mail has the user received in Web POP3. Step16. Click the Subject, it shows the e-mail contents. If the mail included the attached file, but user only read the mail content from Web POP3 records without downloading the attached file. Then IAR-5000 will only notice the user about the mail has attached file and also its file name. Step17.
Step20. Click view the content, then it shows the contents.
7.3 Service IAR-5000 includes eight services, it can let the MIS easy to manage all the information, insecure the security of data transmission, and monitor the employees who use the network resources to access personal activities. (1) SMTP:Record the e-mail sent by the user mail server. (2) POP3: Record the e-mail received by the user through mail server. (3) HTTP: Record the web page browsed by the user. (4) IM:Record the communication record of IM(For example, MSN, Yahoo Messenger, I CQ).
Search According to the characteristic and keywords of mail recipient, sender, subject, name and specific date in the mail attachment, we can offer POP3, SMTP, WebPOP3, Web SMTP services, to search the mail record saved in IAR-5000. The function icon is「 」. In the SMTP, for example: 1. Sender enter the key words about e-mail account 2. Select attach. 3.
Forward: The system administrator can choose some records to forward to the specific mail box, according to the search results in POP3 and SMTP. In other words, the records backup function will be more flexible. We will add some settings in this function menu. 1. Select the record to forward. 2. Click forward icon「 」. 3. It shows the forward dialogue box, enter the sender e-mail address, Click OK. SMTP Record Step1. Click Record Æ Service Æ SMTP, it shows SMTP window. Step2.
HTTP Record Step1. Click Record Æ Service Æ HTTP. Step2. Click Web Site to view. Step3. It shows the web site record.
IM Record Step1. Click Record Æ Service Æ IM. (Figure 7-12) Figure 7-12 IM Step2. Click the IM record to view.
Step3. It shows the communication contents.
Web SMTP Record Step1. Click Record Æ Service Æ Web SMTP. (Figure 7-15) Figure 7-15 Web SMTP Step2. Click Subject to view the e-mail content.
Step3. It shows the Web mail content sent by the user. (Figure 1-37) Figure 7-17 The mail content in Web SMTP This window shows the mail content, and the user can select to view or save the attachment.
Web POP3 Record Step1. Click Record Æ Service Æ Web POP3. (Figure 7-18) Figure 7-18 Web POP3 Step2. Click the Subject to view the mail content.
Step3. It shows the web mail contents browsed by the user. (Figure 7-20) Figure 7-20 The mail content in Web POP3 It shows the mail content, and the user can choose to view or save the attachment.
FTP Record Step1. Click Record ÆService ÆFTP. Step2. Click the FTP record to view. (Figure 7-21) Figure 7-21 Click the FTP record Step3. The user can select to open or save files via the FTP tools.
Telnet Record Step1. Click Record Æ Service Æ TELNET. (Figure 7-24) Figure 7-24 TELNET Step2. Step3. Click the TELNET content to view. It shows the TELNET content.
C Chhaapptteerr 88 A Annoom maallyy FFlloow w IIP P IAR-5000 can block the internal anomaly mount of packets sent from external hackers and also included the mechanism of co-defense system, can enhance the enterprise network security and stability. In this chapter, we will make the introduction and settings of Anomaly Flow IP.
Set the anomaly flow setting alarm and block the intrusion packets which sent by internal virus-infected PCs. Step1. In Anomaly IP Æ Setting : Set The threshold sessions of anomaly flow(per source IP)(The default setting is 100 Session / Sec). Select Enable Anomaly Flow IP Blocking , and set the Blocking Time(The default setting is 60 seconds). Select Enable E-Mail Alarm Notification. Select Enable NetBIOS Alarm Notification. IP Address of Administrator, enter 172.19.100.254.
After complete the alarm setting, if the system has detected that there are many intrusion packets, it will show the alert message in Virus – Infected IP, or send NetBIOS alert message to the virus – infected user and MIS engineer’s PC.
If the system administrator selects Anomaly Flow IPÆ SettingÆ Enable E-Mail Alert Notification, the IAR-5000 will automatic send the mail to alarm the system administrator.(Figure 8-4) Figure 8-4 The E-Mail notification of virus – infected IP When we complete the notification setting, the system will instant show the message at intrusion IP or send NetBIOS alarm notification to the invader and administrator ‘s PC after system has detected there are many intrusion packets from the external computer.
C Chhaapptteerr 99 LLooccaall D Diisskk MIS engineer can easily know the current disk utilization included disk space and the estimated disk utilization and percentage of 8 services depends on the storage time that MIS engineer had set. 9.1 Storage Time Total Hard Disk Space The total hard disk space in IAR-5000.
9.2 Disk Space Hard Disk Utilization :(Figure 9-2) The 8-recorded services are displayed in different colors, the white color represents the free disk space .Use the mouse point to each color, it shows the service name and the 8-recorded services utilization in the storage disk. The 8-Recorded Services Utilization: It will arrange the TOP 10 user by the service utilization in graphic charts, it depends on the 8-recorded services of SMTP, POP3, HTTP, IM, Web SMTP, Web POP3, FTP, TELNET.
Figure 9-2 The Storage disk information 137
C Chhaapptteerr 1100 R Reem moottee B Baacckkuupp MIS engineer can backup the IAR-5000 recorded files to remote NAS or file server. Advantages of remote backup: 1. No storage limitation. 2. To avoid losing recorded files. For example, the records are removed by IAR-5000 when over the storage time or system makes the unpredictable errors. 3. MIS engineer can still browse the remote share directory which contains the backup files. Please refer to Chapter 6 (Service) for more information.
Remote Hard Disk It is where the remote share directory located. Connection Status of Remote Hard Disk Connection Status:To show if IAR-5000 can connect to remote hard disk. Disk Space for Backup:To show the needed disk space for backup. Hard Disk Utilization:To show the total remote hard disk space and remained disk space. E-mail Setting IAR-5000 will send the mail notice to recipient after backup completed.
To set the backup folder Step1. Select The recorder appliance sends mail notice after backup had completed (Figure 10-1) Figure 10-1 Set the mail notice setting Step2. To set the backup path. Enter the Computer Name / IP. Enter the name of Shared Directory. Enter the login ID for IAR-5000 to login. Enter the password for IAR-5000 to login(Figure 10-2) Figure 10-2 Set the backup path Step3. Click Test ,and system shows a pop up window.
Step4. Select the Service type to backup and also choose the backup time then click OK. (Figure 10-4) Figure 10-4 Select the service to backup and choose backup time If IAR-5000 can connect to the remote backup disk then system will show the message in Connection Status of Remote Hard Disk(Figure 10-5) Figure 10-5 Connection Status of Remote Hard Disk Step5. The IAR-5000 will backup the records to the IP address that MIS engineer had set in Backup Setting Æ Computer Name / IP at 00:00 AM.
To set Backup Immediately Step1. Select the backup time. Step2. Select the service type to backup. Step3. Click OK(Figure 10-7) Figure 10-7 Set backup immediately Step4. IAR-5000 will send mail notice after backup completed.
Backup the record of Shared Directory If MIS engineer want to backup the remote backup record of shared directory to other place, for example, to backup the contents by Compact Disc or backup the records of specific day to other folder, then MIS engineer must prepare the following files. The way to name the files in shared directory is Service name_File type_Date. Extension file name.
All data types of every service category: Service Name Data Type HTTP article event FTP article event IM article article_file SMTP article event POP3 event event Telnet article event WEB SMTP Ms_article Ms_event Ms_event_att WEB POP3 Mr_article Mr_event Mr_event_att 144 icon event
Set Browse Folder Step1. Set the backup folder to browse. And the way to set Browse Setting is the same as Backup Setting.(Figure 10-9) Figure 10-9 Set the browse setting Step2. MIS engineer can see the record contents saved in remote shared directory in Remote Backup Æ Service after MIS engineer had completed the browse setting.
C Chhaapptteerr 1111 R Reeppoorrtt The report can display the flow status and data in storage disk by the graphic charts. It also can mail the statistics report to specific e-mail address depends on the administrator’s demand. The report included three main parts:Setting, Flow report and Storage report. In this chapter, we will make the introduction of these three sections. Periodic Report: Send the report to the recipient periodically, depends on the date of selected report.
Figure 11-1 The periodic report setting Figure 11-2 The storage report 147
Figure 11-3 The history report mail setting Figure 11-6 The storage report 148
The IAR-5000 will mail the statistics report to recipients by PDF attachment.
In Record Æ Service, it contains the 8 different services as the same as the record in Storage Report. It shows the status of storage space and flow report. The Storage Report is displayed in , , , . Step1. Hard Disk Utilization:The 8 services are record in different colors. When the mouse point to the colors, it will show the service name and the usage space.(Figure 11-7) Figure 11-7 The hard disk utilization Step2. Today’s Utilization, it is displayed in .
Step3. According to the time unit in every service. It is displayed in Ordinate:The service usage. Its unit is Mbytes. Horizontal ordinate:It represents the Time. Figure 11-9 The storage report of every service 151 .
C Chhaapptteerr 1122 S Sttaattuuss To know about the system information, ARP table, 8 services records and event log of IAR-5000. 1. System Info: It shows the IAR-5000 CPU utilization, hard disk utilization, memory utilization and ram disk utilization. 2. ARP Table: To record all the host ARP connected to IAR-5000. 3. Session Record: It shows the current 8 services connection information.(HTTP, FTP, POP3, SMTP, IM, TELNET, Web Mail) 4.
System Info Step1. In Status Æ System Info, it shows the current system information of IAR-5000. (Figure 12-1) System Uptime:The cumulate time in the IAR-5000 until the current time. CPU Utilization:The CPU utilization in IAR-5000. HardDisk Utilization:The hard disk utilization in IAR-5000. Memory Utilization: The memory utilization in IAR-5000. RamDisk Utilization:The ramdisk utilization in IAR-5000.
ARP Table Step1. In Status Æ ARP Table, it shows the information of user name, computer name, IP address and MAC address connected to the IAR-5000.(Figure12-2) User Name:The identified name of record in the computer. Computer Name:The identified name on the internet in this computer. IP Address:The IP address on the internet in the computer. MAC Address:The identified address in the network adapters in the computer.
Session Record Step1. In Status Æ Session Record Info, it shows the current 8 services connection information (HTTP, FTP, POP3, SMTP, IM, TELNET, Web Mail) (Figure 12-3) Select the refresh time period in Manually drop down menu. Or click Refresh, and system will instantly refresh the connection record information. Click the service item to view, then system shows all connections of the chosen items. (Figure 12-4) Click , to search the related connection information.
Figure 12-5 Search the related connection information 156
Event Log Step1. In Status Æ Event Log, it records events occurred in IAR-5000, such as modify settings, anomaly flow alert, forwarding mails, file delete action and etc.(Figure 12-6) Click , and search the event.(Figure 12-7) Click , IAR-5000 shows the event information in detail.