CORPORATE.NET

Monitoring The Internet Is A Snap With SNAM

Simple Installation SNAM is a management tool that can monitor, filter and restrict access to your Internet pipe through IP protocol filtering. It monitors outbound requests and verifies inbound data packets by IP address, giving you control at the protocol as well at the port level. You can define a database of profiles for users, groups, machines, IP addresses and three separate management levels. This capability lets you enforce corporate policies or simply monitor usage patterns for technical planning.

To physically filter your Internet traffic, you need to insert SNAM between your LAN and your Internet ro uter by hosting it on a multihomed (dual network cards) machine. There's no other way to prevent your clients from pointing to y our actual Internet router to bypass SNAM. The SNAM host then needs to be set up for routing to the actual Internet gateway. Most routers give you some control for packet-level filtering and reporting, but not to the extent that SNAM does and not based on user or group criteria. SNAM requires a Microsoft SQL Server for back-end storage for its accumulated data. We didn't test SNAM's impact on performance, but typically it would be installed and running on a dedicated server. The administration client can be installed on any PC to give department-level managers control.

The installation procedure is thorough and easy to follow, since it holds your hand every step of the way. It could be more robust--a few wrong choices we made during installation required us to uninstall and reinstall no less than five times until we got it right. One choice in particular locked us out of SNAM's internal user database when we incorrectly se t up the administrators' initial access.

SNAM lets you import text files containing lists of existing users, groups and computers. It would be far more convenient if SNAM included support for Novell Directory Services (NDS) or Windows NT domains. There are holes in user monitoring, which is based on an IP address. We could tell SNAM that an IP address was shared, but the product couldn't determine which person was using that IP address. Support for directory services would allow SNAM to determine when and where a given user was logged in.

Site permissions let you direct traffic to all but a predefined list of sites, or deny all traffic to all but a predefined list of sites. The list is exclusive to enabling or denying; however, you can't have a list you want to allow access and a list you want to deny access.

The nature of the Web makes maintaining permissions based on site kind of ridiculous. You would be ha rd-pressed to keep up with all the off-limit sites and there are too many potentially use ful sites to list.

Concise and Clear Report Features Two features I found particularly useful were being able to restrict access to services such as Hypertext Transport Protocol (HTTP) based on time of day, and being able to set traffic quotas per user. The first feature let us set a policy that didn't preclude our users from accessing certain questionable sites, but established that some times are better to download than others. Quotas may seem heavy-handed but most of us don't think twice about imposing disk space quotas. The same should be true for limited resources such as network bandwidth.

To consolidate the filtered data and provide you with a glimpse of usage, SNAM provides five different reports: User Report, Profile Report, Activity Report, Exception Report and Quota Violations. Aside from possibly restricting access, the reports give SNAM value. Each can be generated based on a given user, group, site or protocol. The Activity Report for traffic volume and type was the most useful . The other predefined reports were concise and informative, but a report writer for customized reports would be beneficial. Nevertheless, the data is still accessible through SQL Server for import into another report-writing tool.

Anthony Frey can be reached at afrey@nwc.com.