Home > 8e6 Filtering Advantages

8e6 Filtering Advantages

Tags:  

Why 8e6 Filtering?

  1. easy 8e6 appliance deployment on network with minimal or no changes to network architecture
  2. R3000 filter appliance completely passive on network
  3. packet analysis of network traffic to monitor all web traffic, regardless of server port.
  4. all web, IM, and Peer to Peer traffic captured and analyzed.
  5. all web searches captured and logged.
  6. multiple authentication options:   transparent integration for windows domains and Novel environments.
  7. block based on specific URL, URL wildcard, IP, URL keyword, and search engine keyword.
  8. block SSL-enabled HTTPS sites by web server certificate contents and/or IP address.
  9. proxy pattern blocking to detect URL patterns that are known (or resemble) proxy or anonymizer engines.  

8e6 R3000 "by-pass" Filtering

The "by-pass" deployment architecture of 8e6 filter appliance insures all web, IM, and P2P traffic is captured, logged, and checked against policy.   The 8e6 R300 filter is a completely passive device until policy violation is detected.

The 8e6 R3000 filter operation insures that little or no changes required to existing network architecture.    The core requirement of 8e6 R3000 filter operation is "visibility" of network traffic passing through perimeter of network.    

The traditional deployment of 8e6 R3000 filter leverages a "mirror port" on managed switch connected to perimeter firewall or router.   Alternative names for this switch configuration is "monitor session" and "SPAN port" (specific Cisco jargon).

By leveraging the switch monitor port, the 8e6 R3000 filter appliance receives a read-only copy of network traffic and passively logs all web, IM, and P2P traffic.  

The 8e6 filter leverages packet analysis to ensure that all HTTP traffic is analyzed, regardless if web server running a non-standard port.   SSL enabled HTTPS web servers will be interrogated and policy enforced based on contents of server certificate contents.  

8e6 R3000 Network Connections

The 8e6 filter appliance has two embedded network interfaces which provide the following core functionality:

  1. one interface dedicated to capturing network traffic (ie. SNIFF network traffic),
  2. second interface for management and block page enforcement (ie. sending blocks for policy violations).
The 8e6 filter platform only applies policy against traffic provided to appliance "sense" interface.  Thus, the location of switch monitor session (or network TAP) explicitly determines who is "filtered".


  

 

 RSS of this page