M86 Security R3000 Series Instruction sheet
R3000 Internet Filter
EVALUATION
GUIDE
Models: R3000 HL/SL/MSA
Software Version: 3.0.00
Document Version: 09.09.09
ii M86 SECURITY, R3000 EVALUATION GUIDE
R3000 INTERNET FILTER EVALUATION GUIDE
© 2009 M86 Security
All rights reserved. Printed in the United States of America
Local: 714.282.6111 • Domestic U.S.: 1.888.786.7999 • International: +1.714.282.6111
This document may not, in whole or in part, be copied, photocopied, reproduced, trans-
lated, or reduced to any electronic medium or machine readable form without prior writ-
ten consent from M86 Security.
Every effort has been made to ensure the accuracy of this document. However, M86
Security makes no warranties with respect to this documentation and disclaims any
implied warranties of merchantability and fitness for a particular purpose. M86 Security
shall not be liable for any error or for incidental or consequential damages in connec-
tion with the furnishing, performance, or use of this manual or the examples herein.
Due to future enhancements and modifications of this product, the information
described in this documentation is subject to change without notice.
Trademarks
Other product names mentioned in this manual may be trademarks or registered trade-
marks of their respective companies and are the sole property of their respective man-
ufacturers.
M86 SECURITY, R3000 EVALUATION GUIDE iii
CONTENTS
R3000 E
VALUATION
G
UIDE
.............................................................................1
Market Overview.............................................................................................................. 1
Product Overview............................................................................................................ 1
Note to Evaluators. ......................................................................................................... 2
I
NSTALL
THE
R3000, U
PDATE
L
IBRARIES
........................................................3
C
ONFIGURE
AND
T
EST
THE
R3000 ..................................................................4
Understand the most common and useful features. ................................................... 4
Group setup for different user types on the network. ................................................. 5
Apply different filtering levels for different types of users ......................................................... 5
How to create an IP Group ................................................................................................6
How to define members for this IP Group .......................................................................... 6
Rules and Profiles: Creating and using each ...........................................................................7
How is a Rule used? ..........................................................................................................7
How is a Profile used? . ...................................................................................................... 8
How to create a new Rule . ..............................................................................................10
Global Group Profile ...............................................................................................................11
Set the Global Group Profile ............................................................................................11
Create, edit a list of selected Categories .........................................................................11
Group Profile ..........................................................................................................................12
Set the Group Profile ....................................................................................................... 12
Create, edit a list of selected Categories for a Group Profile ...........................................13
Group settings tests. .................................................................................................... 14
Test the Rules and Profiles feature ........................................................................................ 14
Test the Rule ..........................................................................................................................15
Custom Categories. ...................................................................................................... 16
Create and configure a Custom Category ..............................................................................16
How to create a Custom Category ..................................................................................16
How to add URLs to the Custom Category ......................................................................16
Custom Category setup and usage test ..........................................................................17
Filtering profile features............................................................................................... 18
Time Profile feature ................................................................................................................ 18
Set up a Time Profile .......................................................................................................18
Test the Time Profile . ......................................................................................................19
Quota feature ......................................................................................................................... 20
Set up the Quota feature .................................................................................................20
Test the Quota feature .....................................................................................................21
White List feature ...................................................................................................................22
How to create and configure a White List ........................................................................22
Test the White List . ..........................................................................................................23
Warn feature ..........................................................................................................................23
How to test the Warn feature ...........................................................................................23
Google/Bing/Yahoo!/Ask/AOL Safe Search Enforcement ......................................................24
How to configure the Safe Search Enforcement feature .................................................24
CONTENTS
iv M86 SECURITY, R3000 EVALUATION GUIDE
How to test the Safe Search Enforcement feature ..........................................................24
Search Engine Keyword Filtering ...........................................................................................25
How to configure Search Engine Keyword Filtering ........................................................25
How to test Search Engine Keyword Filtering .................................................................26
Attachment filtering ................................................................................................................ 27
How to configure attachment filtering ..............................................................................27
How to test attachment filtering ....................................................................................... 28
Wildcard filtering .....................................................................................................................28
How to configure wildcard filtering ...................................................................................29
How to test wildcard filtering . ...........................................................................................30
Configure, test, block services. ................................................................................... 31
Anonymous proxies ................................................................................................................31
How to configure anonymous proxies .............................................................................31
How to test anonymous proxies ......................................................................................32
Block IM, P2P applications and streaming media ..................................................................33
Configure IM, P2P, streaming media blocking .................................................................33
How to test for IM ............................................................................................................34
How to test for P2P ..........................................................................................................34
How to test for streaming media ...................................................................................... 34
Real Time Probes and X-Strikes Blocking.................................................................. 35
Real Time Probes feature ......................................................................................................35
How to configure Real Time Probes ................................................................................35
How to test Real Time Probes .........................................................................................36
X-Strikes feature ....................................................................................................................37
How to configure the X-Strikes feature ............................................................................37
How to test X-Strikes .......................................................................................................40
R3000 EVALUATION GUIDE MARKET OVERVIEW
M86 SECURITY, R3000 EVALUATION GUIDE 1
R3000 EVALUATION GUIDE
Market Overview
In order to survive in today’s world, businesses continually come up with new prod-
ucts, more sales, and better service. But most often, the corporate world is finan-
cially threatened from the inside. Employees harm businesses when they view
pornography and other offensive Web content at work, which often result in sexual
and hostile work environment lawsuits. Organizations also lose time and money
when employees tie up network bandwidth with IM and P2P, and/or allow spyware
and malware into the system. And finally, a host of federal and state laws require
that organizations protect customer data, or risk severe penalties.
Filtering comes down to four simple objectives: Mitigate legal liabilities created by
inappropriate Web content; increase productivity by removing Internet distractions;
protect the network from threats delivered by Internet services and applications;
and preserve network resources. M86 Security has more than 10 years of
pioneering leadership in filtering technology and is widely recognized as the
premier appliance-based filtering solution on the market. The R3000 Internet
filtering solution features single-source support, simple and straight-forward
pricing, and product design that meets the needs of a wide range of filtering expec-
tations.
M86 Security offers a wide range of Internet filtering and reporting appliances that
not only help companies maintain compliance with laws such as the California
Security Breach Information Act (CSBIA) (see http://www.8e6.com/resources/
internet-security-compliance-laws/), but also help protect the security of a
company’s network infrastructure. With no premiums, easy to install and use, and
24-7 technical support, M86 Security is the perfect choice for overburdened IT
administrators and managers.
Product Overview
Thank you for choosing to review the 8e6 R3000 Internet Filter. The R3000 tracks
end users’ online activity and can be configured to block specific Web sites or
service ports, thereby protecting organizations against lost productivity, constricted
bandwidth and possible legal liability resulting from Internet content.
This product also features expansive content categories (called libraries), instant
message and peer-to-peer blocking, user authentication, and intuitive administra-
tive navigation. All of these features are provided in a true appliance that provides
speed and stability unmatched by any software product. In addition, the R3000 is
fail-safe giving administrators the peace of mind that filtering won’t ever impact the
network’s performance—or shut it down.
The R3000 appliance is designed to complement existing security measures by
providing protection from threats inside the network—the threats most often
unseen and discovered too late.
R3000 EVALUATION GUIDE NOTE TO EVALUATORS
2M86 SECURITY, R3000 EVALUATION GUIDE
Note to Evaluators
Thank you for taking the time to review 8e6’s R3000 Internet Filtering Appliance.
Your interest in our company and product is greatly appreciated.
This Evaluation Guide Is designed to provide product evaluators an efficient way to
install, configure and exercise the main product features of the R3000 Internet
Filter.
INSTALL THE R3000, UPDATE LIBRARIES NOTE TO EVALUATORS
M86 SECURITY, R3000 EVALUATION GUIDE 3
INSTALL THE R3000, UPDATE LIBRARIES
To install the appliance, configure the box and to test filtering is operational please
refer to the step-by-step instructions found in the Quick Start Guide provided in
the shipping carton.
We also recommend, prior to reviewing the R3000 that you perform a complete
library update.
This is done by going into the R3000 Administrator console.
1. Click the Library button at the top of the screen.
2. From the control panel, click Updates and select Manual Update from the pop-
up menu.
3. In the Manual Update to 8e6 Supplied Categories window, click the radio button
corresponding to Complete Update.
4. Click Update Now to begin the update process.
CONFIGURE AND TEST THE R3000 UNDERSTAND THE MOST COMMON AND USEFUL FEATURES
4M86 SECURITY, R3000 EVALUATION GUIDE
CONFIGURE AND TEST THE R3000
Understand the most common and useful features
One of the advantages of a hardware appliance, in addition to its compatibility and
extremely low profile on the network, is its ease of use. Configuration of the R3000
can seem disarmingly simple at times, but when the hardware and software are
designed to work together, the levels of complication decrease and robust power
and efficiency significantly increase.
One of the challenges of simplicity is that it offers little variation in the appearance
of the interface used to administer the R3000. Spending only a short time config-
uring and customizing the many capabilities of the R3000 quickly overcomes any
confusion related to this simple similarity, and the following exercises are meant to
provide a very explicit and easy-to-follow way to become comfortable with the
administrator console.
This section of the evaluation manual is to guide the evaluator, in a linear fashion,
through the most common and useful features of the R3000, starting with the
elements that should be configured first and continuing with features that require
an understanding of the steps learned while configuring those first elements. Once
one gets the basic flow of how filtering options are set up, it becomes quite simple
to quickly make adjustments, if needed. And, the R3000’s incredible capacity to be
configured once and left alone, or to support extensive customization and special-
ization, make it the most versatile and network friendly filter on the market.
CONFIGURE AND TEST THE R3000 GROUP SETUP FOR DIFFERENT USER TYPES ON THE NETWORK
M86 SECURITY, R3000 EVALUATION GUIDE 5
Group setup for different user types on the network
Apply different filtering levels for different types of users
Description: There are two primary Groups to understand when administering the
R3000. The first, the Global Group, sets the default filtering policy for all users. In
other words, the Global Group’s set of filtering parameters (called a profile, to be
explained later) governs every user’s Internet access restrictions and permissions,
unless a user or a group that user belongs to, has been assigned custom filtering
parameters. Those exceptions to the Global Group (and there can be many) are
simply called Groups. For example, setting aside an IP range for the sales depart-
ment and altering their filtering restrictions and permissions would be considered
creating a Group, likely called something as generic as Sales, and represented as
an IP subset in the Global Group tree.
The main Group screen
The GROUP administrative feature on the R3000 allows the administrator
maximum control over setting appropriate filtering levels across a broad spectrum
of users. In the work environment, this could be represented by sales, accounting,
research, marketing and shipping all sharing the same IP range, but requiring
different levels of filtering. The GROUP feature allows the administrator to set up
these groups, assign custom filtering parameters to each, and adjust those para-
meters as needed.
Configuration: For the purpose of evaluating the ease and effectiveness of the
R3000’s group filtering, the following example addresses the most common config-
uration—grouping by IP address. The R3000 can also group by LDAP domains.
Should you wish to test the group features in one of these configurations, please
refer to the Authentication User Guide located in the DOCS directory on the CD
you were provided with your evaluation unit. The set up is not complicated, but
CONFIGURE AND TEST THE R3000 GROUP SETUP FOR DIFFERENT USER TYPES ON THE NETWORK
6M86 SECURITY, R3000 EVALUATION GUIDE
there are system settings required that must be initiated prior to establishing the
groups in these environments, and it will be helpful and save time to work with a
Solutions Engineer the first time these settings are initiated.
How to create an IP Group
1. Navigate the top level administrator console to GROUP.
2. Click on IP and select Add Group.
3. Provide the appropriate Group name (use AllUsers for this evaluation) and
supply a password for this group. Click OK.
How to define members for this IP Group
IP group members
1. Click the newly created Group and select Members.
2. Add members to this Group by either an IP Range or Subnet within the Range
to Detect parameters of the Global Group defined earlier when setting up the
R3000. These IP Addresses should be the IP Addresses of the computers
filtered for the purposes of your testing.
CONFIGURE AND TEST THE R3000 GROUP SETUP FOR DIFFERENT USER TYPES ON THE NETWORK
M86 SECURITY, R3000 EVALUATION GUIDE 7
Rules and Profiles: Creating and using each
Description: Rules and Profiles may seem confusing as it often appears that they
are used interchangeably. And, while the administrative windows controlling the
creation of Rules and Profiles are very similar, they each serve two distinct
purposes.
NOTE: The general rule of thumb: A Rule can be applied to a Profile, but a Profile
can’t be applied to a Rule. A Rule is a custom configuration of Blocked, Passed,
Warned, and Always Allowed categories. A Profile contains the particular filtering
parameters that are unique to a group or individual, and consists of Library Catego-
ries, Rules, Ports and numerous other filtering features that can be turned on or off.
How is a Rule used?
A Rule is a custom set of Library Categories. For example RuleX can be named
LegalLiability and be set to block the library categories Pornography/Adult
Content, Child Pornography, Explicit Art, Obscene and Tasteless, and R-Rated.
This Rule is then saved, eliminating the need to rebuild that set of Library Catego-
ries the next time that same particular set of categories needs to be applied to a
group or individual. The Rule becomes part of a Profile that defines the filtering
parameters for a group or individual.
Rule tab in profile window
CONFIGURE AND TEST THE R3000 GROUP SETUP FOR DIFFERENT USER TYPES ON THE NETWORK
8M86 SECURITY, R3000 EVALUATION GUIDE
How is a Profile used?
A Profile defines the particular filtering parameters assigned to a group or indi-
vidual. There are two kinds of Profiles. The first is the Global Group Profile.
Category Profile tab
The default for the Global Group Profile is set up under the Category Profile tab of
the Global Group’s administrative controls. Its default is set at custom and uncate-
gorized sites are not blocked (note the Uncategorized Sites pull-down menu at the
bottom of the window). The custom setting allows the administrator to immediately
assign Library Categories to be passed, always allowed, warned or blocked to
establish the initial default level of filtering assigned to every user (IP address) until
that user (IP address) is assigned a sub-group or individual profile. The Global
Group Profile setting doesn’t use Rules, only library categories.
The second profile is the Group Profile. A Group Profile is assigned to an IP
Group under the Global Group and can contain filtering parameters different from
the Global Group default. For example, a company may have a Global Group
Profile that blocks access to all sites in the earlier LegalLiability Rule example, i.e.
Pornography/Adult Content, Child Pornography, Explicit Art, Obscene and Taste-
less, and R-Rated. That means every employee (or every computer the employees
use) is subject to those filter parameters. However…
Let’s say the employees in the marketing department need to access photo
services, online publications and other sites that might contain some adult content
—or at least suggestive images. An administrator can set up a Group that is
subject to a custom profile, which might be called Marketing, which is different*
from the Global Group Profile, to allow access to the R-Rated library category. This
group, or range of IP addresses, now exists within the Global Group, but with
different filtering criteria. The rest of the Global Group (all other IP addresses)
remain filtered by the default Global Group Profile, which includes R-Rated.
CONFIGURE AND TEST THE R3000 GROUP SETUP FOR DIFFERENT USER TYPES ON THE NETWORK
M86 SECURITY, R3000 EVALUATION GUIDE 9
NOTE: * Different doesn’t necessarily mean that a group is no longer filtered by the library
Categories in the Global Group Profile. In fact, different may mean the group is filtered by
several categories in addition to those in the Global Group Profile. There are many ways
a Group can be set up. The thing to remember is that a Group is set up to provide a
different profile from the Global Group.
Rules window
The Rules window displays when Rules is selected from the Global Group menu.
This window is used for adding a filtering rule when creating a filtering profile for an
entity. By default, Rule 1 BYPASS displays in the Current Rules pull-down menu.
The other choices in this pull-down menu are Rule 2 BLOCK Porn, Rule 3 Block IM
and Porn, Rule4 8e6 CIPA Compliance (which pertains to the Children’s Internet
Protection Act) and the Block All rule. By default, Rule 1 displays in the Rule # field,
BYPASS displays in the Rule Description field, and Uncategorized Sites are
allowed to pass.
NOTE: Uncategorized sites are those sited which have not been identified and placed
within one of the 100+ categories in the R3000’s Library database. The Pass default will
allow those URLs to be viewed. Block will prevent those sites from being viewed.
CONFIGURE AND TEST THE R3000 GROUP SETUP FOR DIFFERENT USER TYPES ON THE NETWORK
10 M86 SECURITY, R3000 EVALUATION GUIDE
How to create a new Rule
1. From the top level administrator console, select GROUP.
2. Click Global Group and select Rules.
3. In the Rule Details frame click New Rule to populate the Rule # field with the
next consecutive rule number available.
4. Enter a unique Rule Description that describes the theme for that Rule.
5. By default, all library categories are included in the Pass Categories column. All
categories are grouped in logical Category Groups. For example, in the Adult
Content category group you would find the categories Child Pornography,
Explicit Art, Obscene and Tasteless, R-Rated, and Pornography. To move all
categories within a category group to another column, select the column next to
the category group. To move a single category, expand the category group, and
select the column for just that category.
• Double click the Block column to move the library category to the blocked
categories column.
• Double click the Allow column to move the library category to the always
allowed column.
6. Select Pass, Warn, or Block to specify whether all Uncategorized Sites should
pass, warn the user, or be blocked.
7. Click Save Rule to include your Rule to the list that displays in the pull-down
menu.
CONFIGURE AND TEST THE R3000 GROUP SETUP FOR DIFFERENT USER TYPES ON THE NETWORK
M86 SECURITY, R3000 EVALUATION GUIDE 11
Global Group Profile
Global Group Profile Category tab
The Global Group Profile window displays when Global Group Profile is selected
from the Global Group menu.
Set the Global Group Profile
The Category Profile displays by default when Global Group Profile is selected
from the Global Group menu. This window is used for selecting library categories
that will be passed, warned, always allowed or blocked for the Global Group
Profile.
By default, Custom Profile displays in the Available Filter Levels pull-down menu,
and Uncategorized Sites are allowed to pass.
Create, edit a list of selected Categories
To define which categories will be passed, warned, always allowed or blocked in
the Global Group Profile:
1. Select a library category from the Pass categories column.
2. Click in the appropriate column:
• Double click the Block column to move the library category to the blocked
categories column.
• To remove a library category from the Block column, double click the Pass
column.
CONFIGURE AND TEST THE R3000 GROUP SETUP FOR DIFFERENT USER TYPES ON THE NETWORK
12 M86 SECURITY, R3000 EVALUATION GUIDE
• Double click the Allow column to move the library category to the always
allowed column.
3. Choose Pass, Warn or Block to specify whether Uncategorized Sites should
pass, warn the user, or be blocked.
4. Click Apply to save the settings.
Group Profile
Group Profile window, Category Profile tab
The Group Profile window displays when Group Profile is selected from an IP
Group.
Set the Group Profile
Setting up a Group Profile is exactly the same as setting up the Global Group
Profile, except that Rules can be used to define the Profile.
Category Profile displays by default when Group Profile is selected from an IP
Group. This tab is used for selecting library categories that will be passed, warned,
always allowed or blocked for the Group filtering profile.
By default, Rule0 Minimum Filtering Level displays in the Available Filter Levels
pull-down menu, and Uncategorized Sites are allowed to pass.
To set the Profile of the Group, the administrator can either select a pre-set Rule or
go through the process of moving library categories into the Pass, Allow, Warn or
Block fields—or use both Rules and library Category selections to create a unique
profile.
CONFIGURE AND TEST THE R3000 GROUP SETUP FOR DIFFERENT USER TYPES ON THE NETWORK
M86 SECURITY, R3000 EVALUATION GUIDE 13
Selecting the library categories to be in the Pass, Allow, Warn or Block columns is
just like configuring the Global Group Profile library Categories.
Create, edit a list of selected Categories for a Group Profile
To define which categories will be passed, warned, always allowed or blocked in
the Global Group Profile:
1. Select a library category from the Pass categories column.
2. Click in the appropriate column:
• Double click the Block column to move the library category to the blocked
categories column.
• To remove a library category from the blocked categories column, double
click the Pass categories column.
• Double click the Allow column to move the library category to the always
allowed column.
• To remove a library category from the always allowed column, double click
the Pass column to move that category back to the pass categories column.
3. Choose Pass, Warn or Block to specify whether Uncategorized Sites should
pass, warn the user, or be blocked.
4. Click Apply to save the settings.
CONFIGURE AND TEST THE R3000 GROUP SETTINGS TESTS
14 M86 SECURITY, R3000 EVALUATION GUIDE
Group settings tests
Test the Rules and Profiles feature
To test the Rules and Profiles feature, first define a Rule.
Rules window
1. Select Rules under Global Groups.
2. Click New Rule (the Rule # will reflect the next sequential number available for
a rule).
3. Move categories from Pass categories to Allow, or Block as desired. Leave
categories that don’t need to be blocked in Pass.
NOTE: For the purposes of the evaluation, it is recommended that you only place two
categories in Block and Allow. Leave the remainder in Pass.
4. Specify whether Uncategorized Sites should pass or be blocked.
5. Give the Rule a Description/Name.
6. Click Save Rule.
7. Select Yes when asked if you want to add the Rule.
CONFIGURE AND TEST THE R3000 GROUP SETTINGS TESTS
M86 SECURITY, R3000 EVALUATION GUIDE 15
Test the Rule
To test the Rule, apply it to an IP Group.
IP group profile window with rule applied
1. Select AllUsers from the IP Groups.
2. Select Group Profile.
3. In the Available Filter Levels field, select the Rule you created.
4. Click Apply in the bottom right corner.
5. Access the Internet from an IP address within the Sales group.
6. Attempt to access a Web site obviously included within the blocked categories
contained in the Rule. The site will be blocked.
7. Access the Internet via an IP address not included in the Sales range and
attempt to access the same URLs. Access will not be blocked.
8. Repeat with several Web sites and different categories, if desired.
CONFIGURE AND TEST THE R3000 CUSTOM CATEGORIES
16 M86 SECURITY, R3000 EVALUATION GUIDE
Custom Categories
Create and configure a Custom Category
Description: The R3000 allows an administrator to create a new category not
listed among the 100+ options in the Library Categories. With literally tens of
millions of URLs researched and screened among those existing categories, it
might seem like a case of overkill to create a new one, but many of the most useful
and powerful features of the R3000 depend on the creation of Custom Categories.
Custom Categories in Library tree menu
How to create a Custom Category
1. Navigate the top level administrator console to LIBRARY.
2. Click Custom Categories and select Add Category.
3. Provide a name and description for your custom category.
4. For evaluation purposes, call the new category Evaluation Category.
5. Add a Short Name description (7 characters maximum) and click Apply.
How to add URLs to the Custom Category
1. Select the newly created Custom Category.
2. Select the URLs option. The R3000 provides the interface to add and remove
sites from the custom category.
This manual suits for next models
3
Table of contents
Other M86 Security Network Hardware manuals
