 |
|
SmoothWall Outbound Internet Access Control
Outbound (Egress) Rules
|
|||||||||||
|
Allowing users unrestricted Internet access is almost certain to result in considerable time wastage, the illegal download of copyright music and increased problems from viruses, Trojans and spyware. With research showing that up to 40% of Internet usage by business users is unproductive; this is a problem that cannot be ignored. SmoothRule puts you in control of what Internet services users can access.
Peer to Peer (P2P) networks are a particular cause for concern. Not only are they likely to be used to download illegal copies of copyright music but many employees have inadvertently shared confidential information with other P2P users. Unchecked, P2P networks can consume huge amounts of bandwidth and are also a major source of viruses, Trojans and spyware. However, most P2P networks defeat traditional firewall port blocking by using port agile software, routing the P2P traffic through almost any available IP port. SmoothRule's Deep Packet Inspection technology examines the contents of all data packets passing through the firewall for P2P traffic patterns, so that P2P can be blocked regardless of whichever port it attempts to use.
Multiple outbound (egress) rule-sets define what Internet services and ports can or cannot be accessed by particular user groups. These rule-sets enforce security policies upon users, normally restricting access to a narrow set of Internet activities, such as only allowing a group of users to browse the web and send/receive email. SmoothRule is supplied with several pre-defined rule-sets to enforce common usage policies, which can be augmented by administrator created rule-sets to customise the firewall behaviour to specific user requirements. Rule sets can be applied to user groups by user identity, by IP addresses, IP address range or by subnet. Internet game playing and Instant Messaging are typical examples that would be blocked by the firewall egress rules. Likewise, the De-Militarized Zone (DMZ) can also be subject to its own rule-sets, avoiding the risk of servers exposing unnecessary services and hence security vulnerabilities, to the Internet.
SmoothRule can also control outgoing SMTP email, by configuring a list of email servers that can be used. Firstly this prevents the use of personal email accounts, which would not be subject to message logging, as required by corporate governance law. Secondly, it stops the spread of viruses that incorporate their own SMTP server, by preventing them from sending virus infected email
When one realises just how much non work-related Internet activity occurs, the potential trouble this can lead to and the increased risk of virus infestation and the bandwidth wastage - using SmoothRule to control employee Internet access makes perfect business sense.
 |