Freedom9 Capture 2000 User manual

Type
User manual

This manual is also suitable for

freeGuard Capture
Internet Content Recorder and
Email Archiver
USER’S MANUAL
Part#:
ICR 1000
ICR 2000
Rev 2.0
Copyright and Trademark Information
This document contains proprietary information that is protected by copyright. All
rights reserved. No part of this document may be photocopied, reproduced, or
translated into another language without prior expressed written consent from
Freedom9 Inc.
© Copyright 2008, the freedom9 company logo are trademarks or registered
trademarks of Freedom9 Inc. All rights reserved. Windows is a trademark or
registered trademark of Microsoft Corporation. Other trademarks or registered
trademarks are the property of their respective holders.
FCC Warning
This equipment has been tested and found to comply with the regulations for a
Class A digital device, pursuant to Part 15 of the FCC Rules. These limits are
designed to provide reasonable protection against harmful interference when the
equipment is operated in a commercial environment. This equipment generates,
uses, and can radiate radio frequency energy and, if not installed and used in
accordance with this user’s guide, may cause harmful interference to radio
communications. Operation of this equipment in a residential area is likely to cause
harmful interference, in which case the user will be required to correct the
interference at his/her own expense.
CE Mark Warning
This is a Class A product. In a domestic environment, this product may cause radio
interference, in which case the user may be required to take adequate measures.
VCCI Warning
This is a product of VCCI Class A Compliance.
UL Warning
a) Elevated Operating Ambient Temperature- If installed in a closed or multi-unit
rack assembly, the operating ambient temperature of the rack environment may be
greater than room ambient. Therefore, consideration should be given to installing
the equipment in an environment compatible with the manufacturer's maximum
rated ambient temperature (Tmra).
b) Reduced Air Flow- Installation of the equipment in a rack should be such that
the amount of air flow required for safe operation of the equipment is not
compromised.
c) Mechanical Loading- mounting of the equipment in the rack should be such that
a hazardous condition is not achieved due to uneven mechanical loading.
d) Circuit Overloading- Consideration should be given to the connection of the
equipment to the supply circuit and the effect that overloading of circuits might
have on over current protection and supply wiring. Appropriate consideration of
equipment nameplate ratings should be used when addressing this concern.
e) Reliable Earthing - Reliable earthing of rack-mounted equipment should be
maintained. Particular attention should be given to supply connections other than
direct connections to the branch circuit (e.g., use of power strips).
freeGuard Capture Appliance User’s Manual
1
TABLE OF CONTENTS
1 PRODUCT OVERVIEW ....................................................................................................................9
INTRODUCTION...........................................................................................................................9
FEATURE HIGHLIGHTS...............................................................................................................9
2 QUICK INSTALLATION..................................................................................................................10
APPLIANCE FRONT PANEL ......................................................................................................10
Front panel for ICR 1000 ................................................................................. 10
Front Panel for ICR2000 .................................................................................. 11
SYSTEM DEPLOYMENT............................................................................................................12
Bridge Mode................................................................................................... 12
Sniffer Mode .................................................................................................. 13
ADMINISTRATION LOGIN..........................................................................................................14
SETUP WIZARD .........................................................................................................................16
SYSTEM CLOCK SYNCHRONIZATION.....................................................................................20
USER GROUPS MANAGEMENT...............................................................................................21
3 SYSTEM .........................................................................................................................................22
INTERFACE OVERVIEW............................................................................................................22
ADMINISTRATOR ACCOUNTS..................................................................................................24
Admin Account ............................................................................................... 24
Read/Write Privileges ...................................................................................... 24
Group Administrator........................................................................................ 24
INTERFACE IP............................................................................................................................26
Setup Interface IP Address............................................................................... 26
SYSTEM / SETTING...................................................................................................................27
System setting overview.................................................................................. 27
Backup / Restore Configuration Settings ............................................................ 28
HTTP and HTTPS Communication Ports .............................................................. 28
Log Storage Time ........................................................................................... 28
Reboot the System ......................................................................................... 28
DATE / TIME ...............................................................................................................................30
Synchronize system clock ................................................................................ 30
Daylight saving time (Summer Time)................................................................. 30
PERMITTED IP ADDRESSES ....................................................................................................31
LANGUAGE ................................................................................................................................32
WIZARD ......................................................................................................................................32
2
LOG OUT ....................................................................................................................................32
Software Update............................................................................................. 33
4 USER LIST .....................................................................................................................................35
SETTING.....................................................................................................................................35
Setting – Upload User List................................................................................ 36
LOGGED USER LIST .................................................................................................................37
Logged User List – modify a user ...................................................................... 38
Logged User List – Search................................................................................ 39
Logged User List – Add new subnet to the group ................................................. 40
Logged User List – Dept/Group View.................................................................. 41
IGNORED USER LIST................................................................................................................42
5 INSTANT MESSAGING MANAGEMENT.......................................................................................43
CONFIGURE...............................................................................................................................43
Login Notice................................................................................................... 43
Login Notice - Examples .................................................................................. 44
AUTHENTICATION .....................................................................................................................47
Setting.......................................................................................................... 47
User ............................................................................................................. 47
RADIUS......................................................................................................... 48
POP3 ............................................................................................................ 48
LDAP ............................................................................................................ 48
RULES ........................................................................................................................................49
Default Rule................................................................................................... 49
Account Rule.................................................................................................. 51
6 P2P MANAGEMENT ......................................................................................................................52
DEFAULT RULE..........................................................................................................................52
USER RULE................................................................................................................................53
7 RECORD.........................................................................................................................................55
SETTING.....................................................................................................................................55
Signature Pattern Update (Web Mail, IM, P2P) .................................................... 56
User Name Binding ......................................................................................... 56
LAN to LAN Recording ..................................................................................... 57
The maximum entries to be displayed................................................................ 57
Default Character Encoding .............................................................................. 57
HTTP cache setting ......................................................................................... 58
RECORD - USER .......................................................................................................................59
freeGuard Capture Appliance User’s Manual
3
RECORDED SERVICE...............................................................................................................61
SMTP Messages .............................................................................................. 61
POP3/IMAP Messages ...................................................................................... 64
HTTP Records................................................................................................. 65
IM – Instant Messaging ................................................................................... 66
Web SMTP Messages ....................................................................................... 67
Web POP3 Messages ....................................................................................... 68
Record – FTP Sessions..................................................................................... 69
Record – Telnet Sessions ................................................................................. 70
8 FLOW ANALYSIS...........................................................................................................................71
OVERVIEW.................................................................................................................................71
TODAY TOP-10...........................................................................................................................72
HISTORY TOP-N ........................................................................................................................74
Flow Statistics ................................................................................................ 76
9 ANOMALY FLOW IP ......................................................................................................................77
OVERVIEW.................................................................................................................................77
ANOMALY FLOW IP SETTING...................................................................................................78
VIRUS INFECTED IP..................................................................................................................79
INTRUSION IP..........................................................................................................................80
10 LOCAL DISK ..................................................................................................................................81
STORAGE TIME .........................................................................................................................81
DISK SPACE...............................................................................................................................83
11 REMOTE BACKUP ........................................................................................................................86
SETTINGS ..................................................................................................................................87
Backup Settings ............................................................................................. 87
Browse Settings ............................................................................................. 88
Browse.......................................................................................................... 89
12 REPORT .........................................................................................................................................90
SETTING.....................................................................................................................................90
Settings – Scheduled Report / Periodic............................................................... 90
Settings - History Report ................................................................................. 94
STORAGE REPORT...................................................................................................................97
13 SYSTEM STATUS...........................................................................................................................99
SYSTEM INFO............................................................................................................................99
CURRENT SESSION................................................................................................................101
4
EVENT LOG..............................................................................................................................102
14 TECHNICAL SUPPORT ...............................................................................................................103
Online Support ..............................................................................................103
Telephone Support.........................................................................................103
freeGuard Capture Appliance User’s Manual
5
Index of Figures
Figure 1, ICR1000 Front Panel ........................................................................................ 10
Figure 2, ICR2000 Front Panel ........................................................................................ 11
Figure 3, Deployment - Bridge Mode ................................................................................ 12
Figure 4, Deployment - Sniffer Mode................................................................................ 13
Figure 5, Administration Login ........................................................................................ 14
Figure 6, Answer Yes to security alert for HTTPS on Web interface ....................................... 14
Figure 7, Setup Wizard .................................................................................................. 16
Figure 8, Choose default HTML character encoding method ................................................. 16
Figure 9, Choose name binding method............................................................................ 16
Figure 10, Enter the settings in interface address .............................................................. 17
Figure 11, Enter the subnet to capture ............................................................................. 18
Figure 12, System clock synchronization .......................................................................... 20
Figure 13, Set the name of department or group ............................................................... 21
Figure 14, User List / Logged .......................................................................................... 21
Figure 15, Menu – System.............................................................................................. 22
Figure 16, Create a Group Administrator – 1 ..................................................................... 25
Figure 17, Create a Group Administrator – 2 ..................................................................... 25
Figure 18, Interface IP address setup............................................................................... 26
Figure 19, System setting page....................................................................................... 27
Figure 20, Save the configuration file............................................................................... 28
Figure 21, Reboot confirmation ....................................................................................... 29
Figure 22, System date/time setting ................................................................................ 30
Figure 23, Add a new Permitted IP Address....................................................................... 31
Figure 24, Permitted IP address list ................................................................................. 31
Figure 25, Log out confirmation ...................................................................................... 32
Figure 26, Firmware update............................................................................................ 33
Figure 27, Update firmware – browse to find the file .......................................................... 33
Figure 28, User List menu .............................................................................................. 35
Figure 29, User List - Settings......................................................................................... 35
Figure 30, Save / export user groups to file ...................................................................... 36
Figure 31, User list in subnet view................................................................................... 37
Figure 32, User Name Details ......................................................................................... 37
Figure 33, Modify a user - 1............................................................................................ 38
Figure 34, Modify a user - 2............................................................................................ 38
Figure 35, Search for a user ........................................................................................... 39
Figure 36, Search for a user – search box......................................................................... 39
Figure 37, Search for a user - result ................................................................................ 39
Figure 38, Add a new subnet to the user group ................................................................. 40
Figure 39, Add a new subnet – Example........................................................................... 40
Figure 40, User List - Group View .................................................................................... 41
Figure 41, Confirm to ignore a user ................................................................................. 41
Figure 42, Ignored user list ............................................................................................ 42
Figure 43, Move Ignored user to Logged........................................................................... 42
6
Figure 44, IM Management menu (expended) ................................................................... 43
Figure 45, IM Login Notice - configuration ........................................................................ 44
Figure 46, IM Login Notice – MSN Example ....................................................................... 45
Figure 47, IM notice - NetBIOS example........................................................................... 45
Figure 48, IM notice – ICQ ............................................................................................. 46
Figure 49, IM Authentication Messages ............................................................................ 47
Figure 50, IM Authentication - Default Rules ..................................................................... 49
Figure 51, IM Authentication - Account Rules .................................................................... 51
Figure 52, P2P Management - Default Rule ....................................................................... 52
Figure 53, P2P Management - User Rule........................................................................... 53
Figure 54, General settings of capturing ........................................................................... 55
Figure 55, Example of the Record / Setting page ............................................................... 55
Figure 56, Default Character Encoding ............................................................................. 57
Figure 57, Captured data by user .................................................................................... 59
Figure 58, Customer view search by user ......................................................................... 60
Figure 59, Record / Service ............................................................................................ 61
Figure 60, Records Captured - SMTP................................................................................ 61
Figure 61, Records Captured - Forward ............................................................................ 62
Figure 62, Records Captured - SMTP Search ..................................................................... 62
Figure 63, Download the search result ............................................................................. 63
Figure 64, Records Captured - POP3/IMAP ........................................................................ 64
Figure 65, Records Captured - HTTP ................................................................................ 65
Figure 66, Records Captured - IM .................................................................................... 66
Figure 67, Records Captured - Web SMTP......................................................................... 67
Figure 68, Records Captured - Web POP3 ......................................................................... 68
Figure 69, Records Captured – FTP .................................................................................. 69
Figure 70, Records Captured - FTP, download a copy ......................................................... 69
Figure 71, Records Captured – Telnet Sessions ................................................................. 70
Figure 72, Telnet Session Details..................................................................................... 70
Figure 73, Flow Analysis - Menu ...................................................................................... 71
Figure 74, Flow Analysis - Today Top 10........................................................................... 72
Figure 75, Flow Analysis - Top N ..................................................................................... 74
Figure 76, Flow Analysis - Statistics Chart ........................................................................ 76
Figure 77, Anomaly flow IP menu .................................................................................... 77
Figure 78, Anomaly flow detect - general settings.............................................................. 78
Figure 79, Virus-infected IP ............................................................................................ 79
Figure 80, NetBIOS Notification Shown to the Victim User................................................... 79
Figure 81, Virus-infected IP Email alerts ........................................................................... 79
Figure 82, Example of Intrusion IP detection..................................................................... 80
Figure 83, Local Disk Menu............................................................................................. 81
Figure 84, Storage Time ................................................................................................ 82
Figure 85, Disk Space Usage .......................................................................................... 84
Figure 86, Disk Space Usage Report ................................................................................ 84
Figure 87, Disk space usage details (continued) ................................................................ 85
freeGuard Capture Appliance User’s Manual
7
Figure 88, Remote Backup menu..................................................................................... 86
Figure 89, Remote Backup - Backup Settings .................................................................... 87
Figure 90, Remote Backup - Browse Settings .................................................................... 88
Figure 91, Remote Backup – Browse POP3/IMAP ............................................................... 89
Figure 92, Report Settings.............................................................................................. 90
Figure 93, Daily report sent by the email.......................................................................... 91
Figure 94, Sample Report by Email – Network Traffic ......................................................... 92
Figure 95, Daily Report by Users (partial) ......................................................................... 94
Figure 96, Report Sample - Weekly Report ....................................................................... 95
Figure 97, Report Sample - Weekly Traffic ........................................................................ 96
Figure 98, System Status............................................................................................... 99
Figure 99, System Status - Current Session .....................................................................101
Figure 100, System Status - Current Session Search.........................................................101
Figure 101, Status - Event Log.......................................................................................102
8
freeGuard Capture Appliance User’s Manual
9
1 Product Overview
Introduction
Thank you for purchasing the freeGuard Capture appliance, the Internet Content Recorder
and Email Archiver.
The freeGuard Capture appliance allows organizations to capture, track and report on
Internet activities, such as: browsed web pages, web mail, SMTP/POP3 and IMAP mail,
Instant Messaging applications (MSN, Yahoo messenger, ICQ, AIM), FTP and Telnet.
The freeGuard Capture appliance can work as a powerful Email archiver and an instant
messaging archiver.
The freeGuard Capture appliance provides valuable information about internal Internet
usage and surfing patterns to Network Administrators and employee supervisors. With the
reporting and management tools, it can quick and easy to limit the access to certain
services, and by monitoring employee activity, organizations can quickly improve their
productivity.
Feature highlights
Key features:
z Supports Sniffing and Bridge modes
z Will capture a record of HTTP, SMTP, POP3, IMAP, IM, Web mail, FTP and Telnet
contents
z Supports remote backup to maintain historical data as far back as needed
z Multi permission levels for group administrators, up to 36 groups on ICR2000, 12
groups on ICR appliance
z Instant alarm when a potential virus is detected
z Detailed and graphical reporting with user names binded to IP or MAC addresses
z Supports remote monitoring
z LAN to LAN recording for internal mail servers (such as Exchange, Groupwise*, etc)
z Use IM/P2P management to block Internet content (Bridge Mode)
z Easy-to-use Web Interface
z User based bandwidth usage analysis **
z Unlimited users
* Some mail server configurations may be required.
** Only available on certain models
10
2 Quick Installation
Appliance front panel
Interfaces and layout for the ICR appliance are listed below,
z Power Led
Green: the appliance is powered on.
z Hard Disk LED
Flashing: System is accessing data from the hard drive.
z Console Port
One DB9 console port for serial cable connection.
z WAN/LAN ports
RJ-45 ports allow you to connect to your WAN and/or LAN.
Front panel for ICR 1000
Figure 1, ICR1000 Front Panel
freeGuard Capture Appliance User’s Manual
11
Front Panel for ICR2000
Figure 2, ICR2000 Front Panel
12
System Deployment
There are two ways for ICR appliance deployment: Bridge mode or Sniffer mode.
Before you connect the ICR appliance into your live network, you may want to
configure it according to your network topology and requirement.
Please note, each ICR appliance from Freedom9 Inc has been pre-configured with IP address
and one administration account. The default IP address for the ICR appliance is 192.168.1.1
with subnet mask set to 255.255.255.0, please make necessary changes to avoid IP conflict in
your network.
Bridge Mode
Connect the WAN port on the ICR appliance to firewall or gateway in our network, and the
LAN port to the internal network via hub or switch.
Figure 3, Deployment - Bridge Mode
freeGuard Capture Appliance User’s Manual
13
Sniffer Mode
Link one of the internet recorder’s port to the mirror port of core switch or any port of the
hub.
Figure 4, Deployment - Sniffer Mode
14
Administration Login
Connecting the administration PC and ICR Appliance’s LAN port to the same Hub or Switch,
make sure the administration PC is in the same network segment as the ICR appliance.
The default IP address for ICR appliance is 192.168.1.1 with subnet mask 255.255.255.0.
Start the web browser IE or Netscape, browse to http://
192.168.1.1.
Once you see the pop up login dialogue box, type in the correct User Name and
Password to login.
If it’s the first time of login, please use the default login:
z User name: admin
z Password: admin
Figure 5, Administration Login
If you are using HTTPS to access the Web interface of ICR appliance, please click “Yes”
when you see the security alert dialogue box pops up.
Figure 6, Answer Yes to security alert for HTTPS on Web interface
freeGuard Capture Appliance User’s Manual
15
16
Setup Wizard
If it’s the first time that user log into the system, the Setup Wizard page will be displayed
automatically.
Setup Wizard will guide you through the basic configurations for the ICR appliance, please
follow the instructions on each page.
This page can also be found under System Æ Setup Wizard.
Figure 7, Setup Wizard
Setup Wizard will help you on the configurations on:
Choose display language for the Web interface
Choose the default HTML Character Encoding method
Figure 8, Choose default HTML character encoding method
For unknown character encoding from the contents captured, the “Default Character
Encoding” will be used for display and storage.
z Choose the way of user name bindings. User names can be either binds to IP
address or binds to MAC Address
Figure 9, Choose name binding method
  • Page 1 1
  • Page 2 2
  • Page 3 3
  • Page 4 4
  • Page 5 5
  • Page 6 6
  • Page 7 7
  • Page 8 8
  • Page 9 9
  • Page 10 10
  • Page 11 11
  • Page 12 12
  • Page 13 13
  • Page 14 14
  • Page 15 15
  • Page 16 16
  • Page 17 17
  • Page 18 18
  • Page 19 19
  • Page 20 20
  • Page 21 21
  • Page 22 22
  • Page 23 23
  • Page 24 24
  • Page 25 25
  • Page 26 26
  • Page 27 27
  • Page 28 28
  • Page 29 29
  • Page 30 30
  • Page 31 31
  • Page 32 32
  • Page 33 33
  • Page 34 34
  • Page 35 35
  • Page 36 36
  • Page 37 37
  • Page 38 38
  • Page 39 39
  • Page 40 40
  • Page 41 41
  • Page 42 42
  • Page 43 43
  • Page 44 44
  • Page 45 45
  • Page 46 46
  • Page 47 47
  • Page 48 48
  • Page 49 49
  • Page 50 50
  • Page 51 51
  • Page 52 52
  • Page 53 53
  • Page 54 54
  • Page 55 55
  • Page 56 56
  • Page 57 57
  • Page 58 58
  • Page 59 59
  • Page 60 60
  • Page 61 61
  • Page 62 62
  • Page 63 63
  • Page 64 64
  • Page 65 65
  • Page 66 66
  • Page 67 67
  • Page 68 68
  • Page 69 69
  • Page 70 70
  • Page 71 71
  • Page 72 72
  • Page 73 73
  • Page 74 74
  • Page 75 75
  • Page 76 76
  • Page 77 77
  • Page 78 78
  • Page 79 79
  • Page 80 80
  • Page 81 81
  • Page 82 82
  • Page 83 83
  • Page 84 84
  • Page 85 85
  • Page 86 86
  • Page 87 87
  • Page 88 88
  • Page 89 89
  • Page 90 90
  • Page 91 91
  • Page 92 92
  • Page 93 93
  • Page 94 94
  • Page 95 95
  • Page 96 96
  • Page 97 97
  • Page 98 98
  • Page 99 99
  • Page 100 100
  • Page 101 101
  • Page 102 102
  • Page 103 103
  • Page 104 104
  • Page 105 105
  • Page 106 106
  • Page 107 107

Freedom9 Capture 2000 User manual

Type
User manual
This manual is also suitable for

Ask a question and I''ll find the answer in the document

Finding information in a document is now easier with AI