|
 |
|
|
|
Many network administrators deal with Internet threats by configuring firewalls to block certain IP addresses, ports, or protocols and use virus scanners to respond to problems after they come onto the network. Unlike other Internet filters, iPrism operates on the perimeter of your network, so it filters every packet of inbound traffic before it reaches the switch or web servers.
Growing threats don't try to trick security software; they circumvent the Internet filters by enticing users to initiate connections so the traffic looks like legitimate outbound web traffic. This is common for scams like phishing and pharming, which impersonate legitimate sites to steal personal information. This is a type of threat that firewall Internet filters can miss. Other social engineering dangers use peer-to-peer and instant messaging protocols to open dangerous sites or upload malware to your network. If ports used by those protocols are blocked by Internet filters, they can use a different port or send a standard HTTP request for the IM/P2P client on your employee's computer to initiate the connection. The most common Internet filters danger is still inappropriate content, but now pornographic and gambling sites have the added danger of using the sites to upload viruses. Even shopping sites can be an avenue to upload spyware, which hides deep within the operating system and collects personal information to send to unknown third parties.
There are two major problems trying to handle new kinds of Internet threats with limited Internet filters:
- These look like legitimate traffic to most Internet filters, so they can circumvent firewall protection of Internet filters.
- Once a threat gains access to your network, IT can only respond and try to fix the damage from viruses, spyware, adware, and malware, but the damage has already been done.
Even software Internet filters aren't a comprehensive solution, since many Internet filters are installed on web servers or locally on individual computers, so these threats have already gained access to the network by the time access is blocked to the user.
iPrism Internet filters are much more effective at protecting your network than using firewalls as Internet filters because it performs content-aware filtering for inbound and outbound traffic, regardless of port or protocol, to block access to dangerous sites. iPrism's position on the network is its greatest advantage - by acting on the perimeter of the network, iPrism Internet filters catch dangerous requests before those threats can get to the network.
To function as a transparent bridge, the iPrism Internet filters appliance is simply plugged into the existing physical network between the firewall and the switch. This location does not require you to reconfigure the firewall, servers, or any other part of the network and has a minor affect on overall network latency. By working at the perimeter of the network, every packet of traffic begins passing through the iPrism Internet filters appliance before it hits the web servers and infrastructure on your network. This stops spyware and malware before they can be uploaded; stops outbound connections to dangerous sites to protect against phishing, pharming, and identity scams; and stops outbound P2P connections. Additionally, the Internet filters appliance can't be circumvented like a proxy or stopped like software Internet filters alone and can't be hacked, so it is not a vulnerable point on your network.
Internet Filters Home
|
|
|
|
|
|
