Concepts >> WFilter Technologies and Security

1. Technologies Introduction

WFilter is an internet monitoring and filtering software program that can help organizations to monitor and manage employees Internet behaviors in their networks. WFilter is available as a standalone product for Microsoft Windows, while it can also work with Microsoft ISA Server with full compatibility.

WFilter is a sniffer. All functions are based on network packets analysing. The main technologies of WFilter are the "Passby Filtering Technology" and the "Protocol Identify Technology". WFilter uses "Protocol Identify Technology" to recognise network applications and protocols, and uses "Passby Filtering Technology" to block unauthorized traffic.

1.1 Protocol Identify Technology

"Protocol Identify" depends on network traffic analysing. WFilter does not indentify a protocol by ip address or port, but by digital signature matching. WFilter has a protocol signature database which is maintained by IMFirewall Software R&D team. When a new connection comes, WFilter will try to search the protocol database to get the protocol name. And common protocols even can be completedly parsed to get the content on transfering. To see a list of protocols supported by WFilter, please check the Protocols Supported by WFilter.

1.2 Passby Filtering Technology

In "pass-by mode", WFilter uses "Passby Filtering Technology" to block Internet connections. A TCP connection can easily be destroyed by some fake packets. When unauthorized connections are detected, WFilter will send 1-2 packets to kill these tcp connections. That is called "Passby Filtering".

Benefits of using "Passby Filtering":

  1. If the Monitoring/Filtering machine goes down, the Internet connection stays alive.
  2. The computer can be taken down with no adverse affect on the network Internet connection, except that there's no monitoring or blocking.
  3. Does not hold Internet-bound packets, so it does not delay connection to Internet website.
  4. Eliminates unnecessary Internet requests, improving network performance.

The disadvantage of "Passby Filtering" is that it can not block UDP traffic. To block udp traffic, you need to block certain ports in your router/firewall, or deploy WFilter in pass-through mode.

2. WFilter Security

WFilter is designed with security in mind. Influence on the network has been minimized. And we've paid much attention on the security of WFilter system to defend attack from hackers.

2.1 Influence on Network Performance

WFilter uses "Passby Filtering Technology" to block Internet connections. WFilter only analyses copy of network packages from a mirroring port of switch. So it will not cause any delay of the network communication. Upon blocking, WFilter will send 1-2 packets to block certain connections. These packets are with minor size and will only be sent upon unauthorized connections being detected. This will not cause much traffic on your network.

2.2 Security of the Monitored Data

WFilter runs in your local network and it does not access Internet except for application version check. All messages are archived at local computer or in your database. So you will not face the risk of exposing your organization's privacy.

2.3 Security of the WFilter System

The security of the WFilter system is very important. If someone hacks into WFilter system, all monitored data will be exposed and the network policy can be changed. WFilter's security is enhanced by three ways below:

  1. Remote access control. One will not be able to connect to WFilter from other computers until "Remote Access" of WFilter is enabled.
  2. Allowed IP Addresses List. You may enable "Allowed IP Addresses List" to restrict ip addresses which can connect to WFilter. All connections from untrusted ip addresses will not be accepted.
  3. Password Protection. Correct username and password are required for those who can connect to WFilter remotely.