St. Bernard's iPrism Clears Up Web Filtering Job for Small Organizations

St. Bernard's iPrism appliance is a content and application filter that lives up to its name: Like a prism, it transparently fits into your network and reflects or divides Internet traffic into 60 distinct categories for easy monitoring.It monitors and blocks objectionable Web traffic using a comprehensive URL database of Web sites. Although it does not filter by keywords or phrases, it makes use of complete URL path names, letting you block objectionable subdirectories while allowing access to top-level directories that may be permitted according to your acceptable-use policy. The URL database is updated automatically and reviewed by human editors for accuracy.

IPrism also denies Internet services by IP address and port or by protocol -- FTP, HTTP, ICQ, IMAP, POP3 or telnet, for example. And you can block a custom service based on the same criteria.

Blocking Positions

A sleek Pentium 500-MHz appliance running FreeBSD and with 128 MB of RAM, iPrism almost fits in a briefcase and can act as a standalone server, bridge or router. You can install and configure iPrism from any workstation with a Web browser and a JVM (Java Virtual Machine).

I placed the appliance between two switches in Network Computing's Syracuse University Real-World Labs® to act as a bridge, passing traffic from one subnet to another. IPrism interrogated each packet as it passed through.

iPrism offers three basic monitoring and blocking profiles to start with: PassAll, MonitorOffensive or BlockOffensive. Every profile contains URL access lists that can be viewed and/or modified with a right-mouse click. You can create new access lists to identify and block sites specific to your organization and specify access based on the day and time.The site lists are compiled by St. Bernard and updated on a subscription basis -- you can choose a one-year or three-year subscription. The administrator can set iPrism to get Filter Lists manually or automatically at a specified time every day.

St. Bernard recommends choosing automatic updates and scheduling them for nonpeak hours. The client side initiates a request to St. Bernard's servers and after both the server and the client verify each other and exchange the handshake information, a secure session is established and Filter Lists are updated.

Sites containing pornography, nudity, hacking information and a few more predefined categories are blocked under the BlockOffensive profile. In addition to blocking the active profile, iPrism monitors the rest of the categories by IP address and user names. Its integration with Active Directory and LDAP makes it easy to track activities by IP addresses or users once they authenticate through the directory service they use.

Block, Filter, Pass

I set up the network configuration from a console using a serial port (9600,8,N,1) and HyperTerminal. Next I accessed the Java-based console via Web browser and began to work the default profiles containing the filtering policies and access lists. I allowed access to certain categories -- hacking sites, for example -- to be available during specified hours. iPrism performed as advertised: If a user tried to access a site that was blocked, he or she received a configurable, default Web page, telling him or her the site was inaccessible.iPrism includes a feature that lets administrators override the filtering process for trusted users. I added a trusted user in the administration console with a click of the mouse. That user had unfettered access to the Internet by accessing a URL served by iPrism and entering the assigned user name and password combination. The trusted-user feature can be assigned permanently or set to run for a specific length of time. You also can override filtering by workstation, IP address range, specific URL or entire domain.

Monitoring and Reporting

iPrism offers 19 predefined reports. I was able to view network usage by category, IP addresses and blocked status of a site. I also could choose from reports from "today," "yesterday" or for the past week.

The graphics features in iPrism do not compare with the GUIs used for log analyzers, but reports are laid out in an easy-to-read format. In addition to using the canned reports, I could customize my search queries. Also, I set up e-mail alerts to let me know if a specified category of Web sites was accessed or when a predefined threshold was reached.

Console ConcernsIPrism's Java-based console is intuitive and easy to use, but slow to load. It also frequently crashed when running from within both Netscape and Microsoft browsers. St. Bernard representatives had no answer for the slow moving console, but recommended I use iPrism's Win32 binary program for more stability. When I did, I got the stability and functionality I expected but lost the freedom to administer the box from any workstation. The utility did not bring a great increase in the speed but at the same time there were no crashes and it saved all changes I made to the configuration.

With SSL authentication, easy to use console and effective reports, St. Bernard's iPrism hardware solution does what it's designed to do very well. Functionally comparable to the enterprise-focused 8e6 Technology's R2000, iPrism is designed instead for small enterprises, workgroups within a larger organization or departmental LANs. Although it is less mature than the R2000 and similar products because of problems with slow loading and crashing, it's still worth a look if you are willing to install the Win32 client on administration PCs. And if you qualify, St. Bernard will let you try the product for 30 days before you decide.

Saurabh Bhasin is a research associate with the Center for Emerging Network Technologies at Syracuse, N.Y. He has extensive experience in open source, systems administration and various wireless networking technologies. Send your comments on this article to him at [email protected].