GFI Network Security

GFI OneConnect – Stop Ransomware, Malware, Viruses, and Email hacks Before They Reach Your Exchange Server

2016-11-24T00:19:41+11:00

GFI Software has just revealed GFI OneConnect Beta – its latest Advanced Email Security Protection product. GFI OneConnect is a comprehensive solution that targets the safe and continuous delivery of business emails to organizations around the world.

GFI has leveraged its years of experience with its millions of business users around the globe to create a unique Hybrid solution consisting of an on-premise server and Cloud-based solution that helps IT admins and organizations protect their infrastructure from spam, malware threats, ransomware, virus and email service outages.

GFI OneConnect not only takes care of filtering all incoming email for your Exchange server but it also works as a backup service in case your Exchange server or cluster is offline.

The solution consists of the GFI OneConnect Server that is installed on the customer’s premises. The OneConnect server connects to the local Exchange server on one side, and the GFI OneConnect Data Center on the other side as shown in the diagram below:

Figure 1. Deployment model of GFI OneConnect (Server & Data Center)

Email sent to the organization’s domain is routed initially through the GFI OneConnect . During this phase email is scanned by the two AntiVirus engines (ClamAV & Kaspersky) for virus, ransomware, malware etc. before forwarding them to the Exchange Server.

In case the Exchange server is offline GFI OneConnect’s Continuity mode will send and receive all emails, until the Exchange server is back online after which all emails are automatically synchronised. All emails received while your email server was down are available to users at any moment, thanks to the connection to the cloud and the GFI OneConnect’s Datacenter.

Figure 2. GFI OneConnect Admin Dashboard (click to enlarge)

While there is currently a beta version out - our first impressions show that this is an extremely promising solution that has been carefully designed with the customer and IT staff in mind. According to GFI – the best is yet to come – and we know that GFI always stands by its promises so we are really looking forward seeing the final version of this product in early 2017.

If you’ve been experiencing issues with your Exchange server continuity or have problems dealing with massive amounts of spam emails, ransomware and other security threats – give GFI OneConnectBeta a test run and discover how it can help offload all these problems permanently, leaving you time for other more important tasks.

Enforcing ICT Policies - How to Block Illegal & Unwanted Websites from your Users and Guests

2016-11-13T18:21:24+11:00

Ensuring users follow company policies when accessing the internet has become a real challenge for businesses and IT staff. The legal implications for businesses not taking measures to enforce acceptable user policies (where possible) can become very complicated and businesses can, in fact, be held liable for damages caused by their users or guests.

A good example, found in almost every business around the world, is the offering of guest internet access to visitors. While they are usually unaware of the company’s ICT policies (nor do they really care about them) they are provided with free unrestricted access to the internet.

Sure, the firewall will only allow DNS, HTTP and HTTPS traffic in an attempt to limit internet access and its abuse but who’s ensuring they are not accessing illegal sites/content such as pornography, gambling, etc., which are in direct violation of the ICT policy?

This is where solutions like GFI WebMonitor help businesses cover this sensitive area by quickly filtering website categories in a very simple and effective way that makes it easy for anyone to add or remove specific website categories or urls.

How To Block Legal Liability Sites

Enforcing your ICT Internet Usage Policy via WebMonitor is a very simple and fast process. From the WebMonitor web-based dashboard, click on Manage and select Policies:

Note: Click on any image to enlarge it and view it in high-resolution

Figure 1. Adding a new Policy in GFI WebMonitor

At the next screen, click on Add Policy:

Figure 2. Click on the GFI WebMonitor Add Policy button

At the next screen add the desired Policy Name and brief description below:

Figure 3. Creating the Web Policy in GFI WebMonitor using the WEBSITE element

Now click and drag the WEBSITES element (on the left) into the center of the screen as shown above.

Next, configure the policy to Block traffic matching the filters we are about to create and optionally enable temporary access from users if you wish:

Figure 4. Selecting Website Categories to be blocked and actions to be taken

Under the Categories section click inside the Insert a Site Category field to reveal a drop-down list of the different categories. Select a category by clicking on it and then click on the ‘+’ symbol to add the category to this policy. Optionally you can click on the small square icon next to the ‘+’ symbol to get a pop-up window with all the categories.

Optionally select to enable full URL logging and then click on the Save button at the top right corner to save and enable the policy.

The new policy will now appear on the Policies dashboard:

Figure 5. Our new WebMonitor policy is now active

If for any reason you need to disable the policy all you need to do is click on the green power button on the left and the policy is disabled immediately. A very handy feature that allows administrators to take immediate action when they notice unwanted effects from the new policies.

After the policy was enabled we tried accessing a gambling website from one of our workstations and received the following message on our web browser:

Figure 6. Our new policy blocks users from accessing gambling sites

The GFI WebMonitor Dashboard reporting Blocking/Warning hits on the company’s policies:

Figure 7. GFI WebMonitor reports our Internet usage ICT Policy is being hit (click for full dashboard image)

Summary

The importance of properly enforcing an ICT Internet Usage Policy cannot be underestimated. It can not only save the company from legal implications but also its users and guests from their very own actions. Solutions such as GFI WebMonitor are designed to help businesses effectively apply ICT Policies and control usage of high-risk resources such as the internet.

Minimise Internet Security Threats, Scan & Block Malicious Content, Application Visibility and Internet Usage Reporting for Businesses

2016-07-25T19:44:31+10:00

For every business, established or emerging, the Internet is an essential tool which has proved to be indispensable. The usefulness of the internet can be counteracted by abuse of it, by a business’s employees or guests. Activities such as downloading or sharing illegal content, visiting high risk websites and accessing malicious content are serious security risks for any business.

There is a very easy way of monitoring, managing and implementing effective Internet usage. GFI WebMonitor can not only provide the aforementioned, but also provide real – time web usage. This allows for tracking bandwidth utilisation and traffic patterns. All this information can then be presented on an interactive dashboard. It is also an effective management tool, providing a business with the internet usage records of its employees.

Such reports can be highly customised to provide usage information based on the following criteria/categories:

Most visited sites
Most commonly searched phrases
Where most bandwidth is being consumed
Web application visibility

Some of the sources for web abuse that can be a time sink for employees are social media and instant messaging (unless the business operates at a level where these things are deemed necessary). Such web sites can be blocked.

GFI WebMonitor can also achieve other protective layers for the business by providing the ability to scan and block malicious content. WebMonitor helps the business keep a close eye on its employees’ internet usage and browsing habits, and provides an additional layer of security.

On its main dashboard, as shown below, the different elements help in managing usage and traffic source and targets:

Figure 1. WebMonitor’s Dashboard provides in-depth internet usage and reporting

WebMonitor’s main dashboard contains a healthy amount of information allowing administrators and IT managers to obtain important information such as:

See how many Malicious Sites were blocked and how many infected files detected.
View the Top 5 Users by bandwidth
Obtain Bandwidth Trends such as Download/Upload, Throughput and Latency
Number of currently active web sessions.
Top 5 internet categories of sites visited by the users
Top 5 Web Applications used to access the internet

Knowing which applications are used to access the internet is very important to any business. Web applications like YouTube, Bittorrent, etc. can be clearly identified and blocked, providing IT managers and administrators a ringside view of web utilisation.

On the flip side, if a certain application or website is blocked and a user tries to access it, he/she will encounter an Access Denied page rendered by GFI WebMonitor. This notification should be enough for the user to be deterred from trying it again:

Figure 2. WebMonitor effectively blocks malicious websites while notifying users trying to access it

For the purpose of this article, a deliberate attempt was made to download an ISO file using Bittorent. As per the policy the download page was part of the block policy. Hence GFI WebMonitor not only blocked the user from accessing the file, it also displayed the violation stating the user’s machine IP Address and the policy that was violated. This is a clear demonstration of how the management of web application can be effective.

Some of the other great dashboards include bandwidth insight. The following image shows the total download and upload for a specific period. The projected values and peaks can be easily traced as well.

Figure 3. WebMonitor’s Bandwidth graphs help monitor the organisation’s upload/download traffic (click to enlarge)

Another useful dashboard is that of activity. This provides information about total users, their web request, and a projection of the next 30 days, as shown in the following image:

Figure 4. WebMonitor allows detailed tracking of current and projected user web requests with very high accuracy (click to enlarge)

The Security dashboard is perhaps one of the most important. This shows all the breaches based on category, type and top blocked web based applications that featured within certain policy violations.

Figure 5. The Security dashboard allows tracking of web security incidents and security policy violations (click to enlarge)

Running Web Reports

The easiest way to manage and produce the information gathered is to run reports. The various categories provided allow the user to run and view information of Internet usage depending on management requirements. The following image shows the different options available on the left panel:

Figure 6. WebMonitor internet web usage reports are highly customisable and provide detailed information (click to enlarge)

But often management would rather take a pulse of the current situation. GFI WebMonitor caters to that requirement very well. The best place to look for instant information regarding certain key aspects of resource usage is the Web Insights section.

If management wanted to review the bandwidth information, the following dashboard would give that information readily:

Figure 7. The Web Insight section keeps an overall track of internet usage (click to enlarge)

This provides a percentage view of how much data contributes to download or upload.

Security Insights shows all current activities and concerns that needs attention:

Figure 8. WebMonitor Security Insights dashboard displaying important web security reports (click to enlarge)

Conclusion

There is no doubt GFI WebMonitor becomes a very effective tool that allows businesses to monitor and control internet access for employees, guests and other internet users. Its intuitive interface allows administrators and IT Managers to quickly obtain the information they require but also put the necessary security policies in place to minimise security threats and internet resource abuse.

Increase your Enterprise or SMB Organization Security via Internet Application & User Control. Limit Threats and Internet Abuse at the Workplace

2016-05-24T18:00:50+10:00

In this era of constantly pushing for more productivity and greater efficiency, it is essential that every resource devoted to web access within a business is utilised for business benefit. Unless the company concerned is in the business of gaming or social media, etc. it is unwise to use resources like internet/web access, and the infrastructure supporting it, for a purpose other than business. Like they say, “Nothing personal, just business”

With this in mind, IT administrators have their hands full ensuring management of web applications and their communication with the Internet. The cost of not ensuring this is loss of productivity, misuse of bandwidth and potential security breaches. As a business it is prudent to block any unproductive web application e.g. gaming, social media etc. and restrict or strictly monitor file sharing to mitigate information leakages.

It is widely accepted that in this area firewalls are of little use. Port blocking is not the preferred solution as it has a similar effect to a sledge hammer. What is required is the fineness of a scalpel to parse out the business usage from the personal and manage those business requirements accordingly. To be able to manage web application at such a level, it is essential to be able to identify and associate the request with its respective web application. Anything in line with business applications goes through, the rest are blocked.

This is where WebMonitor excels in terms of delivering this level of precision and efficiency. It identifies access requests from supported applications using inspection technology and helps IT administrators to allow or block them. Hence, the administrators can allow certain applications for certain departments while blocking certain other applications as part of a blanket ban, thus enhancing the browsing experience of all users.

So, to achieve this, the process is to use the unified policy system of WebMonitor. The policies can be configured specifically for application control or, within the same policy, several application controls can be combined using other filtering technologies.

Let’s take a look at the policy panel of WebMonitor:

Figure 1. WebMonitor Policy Panel interface. Add, delete, create internet access policies with ease (click to enlarge)

In order to discover the controls that are available against a certain application, the application needs to be dragged into the panel. For example, if we were to create a policy to block Google Drive we would be dragging that into the panel itself.

Once the related controls show up, we can select an application or application category the policy will apply to.

The rest of the configuration from this point will allow creating definitions for the following:

Filter options
Scope of the policy
Actions to be taken
Handling of exceptions
Managing notifications

All of the above are ready to be implemented in a ‘drag – and – drop’ method. GFI WebMonitor will commence controlling access of the configured application to the Internet the moment the policy is saved.

So, going back to the example of creating the ‘block Google Drive’ policy, the steps are quite simple:

1. Click on ‘Add Policy’ as show in the following image:

Figure 2. Click on the “Add Policy” button to being creating a policy to block internet access

Enter a Name and description in the relevant fields:

Figure 3. Adding policy name and description in WebMonitor to block an application network-wide (click to enlarge)

3. As this policy applies to ‘all’, at this moment there is no need to configure the scope. This can be done on a per user, group or IP address only basis.

4. Drag in the Application Block from the left panel (as shown in the following image), Select ‘Block’ in the ‘Allow, Block, Warn, Monitor’ section.

5. In the Application Category section, select ‘File Transfer’ as shown in the image below:

Figure 4. WebMonitor: Blocking the File Transfer application category from the internet (click to enlarge)

6. Click on the ‘Applications’ Tab and start typing ‘Google Drive’ in the field. The drop down list will include Google Drive. Select it and then press enter. The application will be added. Now Click on Save.

We need to keep in mind that the policy is operational the moment the Save button, located at the top right corner, is clicked.

Now if any user tries to access the web application Google Drive, he/she will be presented with the ‘Block Page’ rendered by GFI WebMonitor. At the same time, any Google Drive thick client installed on the user’s machine will not be able to connect to the Internet

As mentioned earlier, and reiterated through the above steps, the process of creating and implementing a web access management policy in WebMonitor is quite simple. Given the length and breadth of configuration options within the applications and the scope, this proves to be a very powerful tool that will make the task of managing and ensuring proper usage of web access, simple and effective for IT Administrators in small and large enterprise networks.

GFI WebMonitor Installation: Gateway / Proxy Mode, Upgrades, Supported O/S & Architectures (32/64bit)

2016-03-14T17:11:18+11:00

WebMonitor is an awarded gateway monitoring and internet access control solution designed to help organizations deal with user internet traffic, monitor and control bandwidth consumption, protect computers from internet malware/viruses and other internet-based threats plus much more. GFI WebMonitor supports two different installation modes: Gateway mode and Simple Proxy mode. We’ll be looking into each mode and help administrators and engineers understand which is best, along with the prerequisites and caveats of each mode.

Proxy vs Gateway Mode

Proxy mode, also named Simple Proxy mode is the simplest way to install GFI WebMonitor. You can deploy this on any computer that has access to the internet. In Simple Proxy mode, all client web-browser traffic (HTTP/HTTPS) is directed through GFI WebMonitor. To enable this type of setup, you will need an internet facing router that can forward traffic and block ports.

With GFI WebMonitor functioning in Simple Proxy mode, each client machine must also be configured to use the server as a web proxy for HTTP and HTTPS protocols. GFI WebMonitor comes with built-in Web Proxy Auto-Discovery (WPAD) server functionality that makes the process easy - simply enable automatic discovery of proxy server for each of your client machines and they should automatically find and use WebMonitor as a proxy. In case of a domain environment, it is best to regulate this setting using a Group Policy Object (GPO).

When WebMonitor is configured to function in Internet Gateway mode, all inbound and outbound client traffic will pass through GFI WebMonitor, irrespective of whether the traffic is HTTP or non-HTTP. With Internet Gateway mode, the client browser does not need to point to any specific proxy – all that’s required is to enable the Transparent Proxy function in GFI WebMonitor.

Supported OS & Architectures

Whether functioning as a gateway or a web proxy, GFI WebMonitor processes all web traffic. For a smooth operation that amounts to using a server architecture capable of handling all the requests every day. When the environment is small (10-20 nodes), for instance, a 2 GHz processor and 4 GB RAM minimum with a 32-bit Windows operating system architecture will suffice.

Larger environments, such as those running the Windows Server operating system on a minimum of 8 GB RAM and multi-core CPU will require the 64-bit architecture. GFI WebMonitor works with both 32- as well as 64-bit Windows operating system architectures starting from Windows 2003 and Windows Vista.

Installation & Upgrading

When installing for the first time, GFI WebMonitor starts by detecting its prerequisites. If the business is already using GFI WebMonitor, the process determines the prerequisites according to the older product instance. If the installation kit encounters an older instance, it imports the previous settings and redeploys them after completing the installation.

Whether installing for the first time or upgrading an older installation, the installation kit looks for any setup prerequisites necessary and installs them automatically. However, some prerequisites may require user interaction and these will come up as separate installation processes with their own user interfaces.

Installing GFI WebMonitor

As with all GFI products, installation is a very easy follow-the-bouncing-ball process. Once the download of GFI WebMonitor is complete, execute the installer using an account with administrative privileges.

If WebMonitor has been recently downloaded, you can safely skip the newer build check. When ready, click Next to proceed:

Figure 1. Optional check for a new WebMonitor edition during installation

You will need to fill in the username and/or the IP address that will have administrative access to the web-interface of GFI WebMonitor, then click Next to select the folder to install GFI WebMonitor and finally start the installation process:

Figure 2. Selecting Host and Username that are allowed to access the WebMonitor Administration interface.

Once the installation process is complete, click Finish to finalize the setup and leave the Open Management Console checked:

Figure 3. Installation complete – Open Management Console

After this, the welcome screen of the GFI WebMonitor Configuration Wizard appears. This will allow you to configure the server to operate in Simple Proxy Mode or Gateway Mode. At this point, it is recommended you enable JavaScript in Internet Explorer or the web browser of your choice before proceeding further:

Figure 4. The welcome screen once WebMonitor installation has completed

After clicking on Get Started to proceed, we need to select which of the two modes GFI WebMonitor will be using. We selected Gateway mode to ensure we get the most out of the product as all internet traffic will flow through our server and provide us with greater granularity & control:

Figure 5. Selecting between Simple Proxy and Gateway mode

The Transparent Proxy can be enabled at this stage, allowing web browser clients to automatically configure themselves using the WPAD protocol. WebMonitor shows a simple network diagram to help understand how network traffic will flow to and from the internet:

Figure 6. Internet traffic flow in WebMonitor’s Gateway Mode

Administrators can select the port at which the Transparent Proxy will function and then click Save and Test Transparent Proxy. GFI WebMonitor will confirm Transparent Proxy is working properly.

Now, click Next to see your trial license key or enter a new license key. Click on Next to enable HTTPS scanning.

HTTPS Scanning gives you visibility into secure surfing sessions that can threaten the network's security. Malicious content may be included in sites visited or files downloaded over HTTPS. The HTTPS filtering mechanism within GFI WebMonitor enables you to scan this traffic. There are two ways to configure HTTPS Proxy Scanning Settings, via the integrated HTTPS Scanning Wizard or manually.

Thanks to GFI WebMonitor’s flexibility, administrators can add any HTTPS site to the HTTPS scanning exclusion list so that it bypasses inspection.

If HTTPS Scanning is disabled, GFI WebMonitor enables users to browse HTTPS websites without decrypting and inspecting their contents.

When ready, click Next again and provide the full path of the database. Click Next again to enter and validate the Admin username and password. Then, click Next to restart the services. You can now enter your email details and click Finish to end the installation.

Figure 7. GFI WebMonitor’s main control panel

Once the installation and initial configuration of GFI WebMonitor is complete, the system will begin gathering useful information on our users’ internet usage.

In this article we examined WebMonitor Simple Proxy and Gateway installation mode and saw the benefits of each method. We proceeded with the Gateway mode to provide us with greater flexibility, granularity and reporting of our users’ internet usage. The next articles will continue covering in-depth functionality and reporting of GFI’s WebMonitor.

GFI WebMonitor: Monitor & Secure User Internet Activity, Stop Illegal File Sharing - Downloads (Torrents), Web Content Filtering For Organizations

2016-02-07T12:11:34+11:00

In our previous article we analysed the risks and implications involved for businesses when there are no security or restriction policies and systems in place to stop users distributing illegal content (torrents). We also spoke about unauthorized access to company systems, sharing sensitive company information and more. This article talks about how specialized systems such as WebMonitor are capable of helping businesses stop torrent applications accessing the internet, control the websites users access, block remote control software (Teamviewer, Remote Desktop, Ammy Admin etc) and put a stop to users wasting bandwidth, time and company money while at work.

WebMonitor is more than just an application. It can help IT departments design and enforce internet security policies by blocking or allowing specific applications and services accessing the internet.

WebMonitor is also capable of providing detailed reports of users’ web activity – a useful feature that ensure users are not accessing online resources they shouldn’t, and provide the business with the ability to check users’ activities in case of an attack, malware or security incident.

WebMonitor is not a new product - it carries over a decade of development and has served millions of users since its introduction into the IT market. With awards from popular IT security magazines, Security Experts, IT websites and more, it’s the preferred solution when it comes to a complete web filtering and security monitoring solution.

Blocking Unwanted Applications: Application Control – Not Port Control

Senior IT Managers, engineers and administrators surely remember the days where controlling TCP/UDP ports at the Firewall level was enough to block or provide applications access to the internet. For some years now, this is no longer a valid way of application control, as most ‘unwanted’ applications can smartly use common ports such as HTTP (80) or HTTPS (443) to circumvent security policies, passing inspection and freely accessing the internet.

In order to effectively block unwanted applications, businesses must realize that it is necessary to have a security Gateway device that can correctly identify the applications requesting access to the internet, regardless the port they are trying to use – aka Application Control.

Application Control is a sophisticated technique that requires upper layer (OSI Model) inspection of data packets as they flow through the gateway or proxy, e.g. GFI WebMonitor. The gateway/proxy executes deep packet level inspection to identify the application requesting access to the internet.

In order to correctly identify the application the gateway must be aware of it, which means it has to be listed in its local database.

The Practical Benefits Of Internet Application Control & Web Monitoring Solution

Let’s take a more practical look at the benefits an organization has when implementing an Application Control & Web Monitoring solution:

Block file sharing applications such as Torrents
Stop users distributing illegal content (games, applications, movies, music, etc)
Block remote access applications such as TeamViewer, Remote Desktop, VNC, Ammy Admin and more.
Stop unauthorized access to the organization’s systems via remote access applications
Block access to online storage services such as DropBox, Google Drive, Hubic and others
Avoid users sharing sensitive information such as company documents via online storage services
Save valuable bandwidth for the organization, its users, remote branches and VPN users
Protect the network from malware, viruses and other harmful software downloadable via the internet
Properly enforce different security policies to different users and groups
Protect against possible security breaches and minimize responsibility in case of an infringement incident
And much more

The above list contains a few of the major benefits that solutions such as WebMonitor can offer to organizations.

Why Web Monitoring & Content Filtering is Considered Mandatory

Web Monitoring is a very sensitive topic for many organizations and its users, mainly because users do not want others to know what they are doing on their computer. The majority of users perceive web monitoring as spying on them to see what sites they are accessing and if they are wasting time on websites and internet resources unrelated to work, however, users do not understand the problems and security risks that are mostly likely to arise if no monitoring or content filtering mechanism is in place.

In fact the damage caused by users irresponsibly visiting high-risk sites and surfing the internet without any limits is way bigger than most companies might think and there are some really great examples that help prove this point. The USA FBI site has a page with examples of internet scams and risks from social media network sites.

If we assume your organization is one of the luckiest ones that hasn’t been hit (yet) from irresponsible user internet activities, then we are here to assure you that it’s simply a matter of time.

Apart from the imminent security risk, users who have uncontrollable access are also wasting bandwidth – that’s bandwidth the organization is paying for - and are likely to slow down the internet for the rest who are legitimately trying to get work done. In cases where VPNs are running over the same lines then VPN users, remote branches and mobile users are most likely to experience slow connection speeds when accessing the organization’s resources over the internet.

This problem becomes even more evident when asymmetrical WAN lines are in use, such as ADSL lines. With asymmetrical WAN lines, a single user who is uncontrollably uploading photos, movies (via torrent) or other content can affect all other users downloading since bottlenecks can easily occur when one of the two streams (downstream or upstream) is in heavy usage. This is a main characteristic of asymmetrical WAN lines.

Finally, if there is an organization security policy in place it’s most likely to contain fair internet usage guidelines for users and specify what they can and cannot do using the organization’s internet resources. The only way to enforce such a policy is through a sophisticated web monitoring & policy enforcement mechanism such as GFI WebMonitor.

Summary

In this article we analysed how specialized web monitoring and control application software, such as WebMonitor, are able to control which user applications are able to access the internet, control websites users within an organization can access, block internet content while saving valuable bandwidth. With such solutions, organizations are able to enforce their internet security policies while at the same time protecting themselves from unauthorized access to their systems (remote desktop software), stop illegal activities such as torrent file sharing and more.

Dealing with User Copyright Infringement (Torrents), Data Loss Prevention (DLP), Unauthorized Remote Control Applications (Teamviewer, RDP) & Ransomware in the Business Environment

2016-01-25T16:20:34+11:00

One of the largest problems faced by organizations of any size is effectively controlling user internet access (from laptops, mobile devices, workstations etc), minimizing the security threats for the organization (ransomware – data loss prevention), user copyright infringement (torrent downloading/sharing movies, games, music etc) and discover where valuable WAN-Internet bandwidth is being wasted.

Organizations clearly understand that using a Firewall is no longer adequate to control the websites its users are able to access, remote control applications (Teamviewer, Radmin, Ammyy Admin, Remote desktop etc), file sharing applications - Bittorrent clients (uTorrent, BitComet, Deluge, qBittorrent etc), online cloud storage services (Dropbox, OneDrive, Google Drive, Box, Amazon Cloud Drive, Hubic etc) and other services and applications.

The truth is that web monitoring applications such as GFI’s WebMonitor are a lot more than just a web proxy or internet monitoring solution.

Web monitoring applications are essential for any type or size of network as they offer many advantages:

They stop users from abusing internet resources
They block file-sharing applications and illegal content sharing
They stop users using cloud-based file services to upload sensitive documents, for example saving company files to their personal DropBox, Google Drive etc.
They stop remote control applications connecting to the internet (e.g Teamviewer, Remote Desktop, Ammy Admin etc)
They ensure user productivity is kept high by allowing access to approved internet resources and sites
They eliminate referral ad sites and block abusive content
They support reputation blocking to automatically filter websites based on their reputation
They help IT departments enforce security policies to users and groups
They provide unbelievable flexibility allowing any type or size of organization to customise its internet usage policy to its requirements

The Risk In The Business Environment – Illegal Downloading

Most Businesses are completely unaware of how serious these matters are and the risks they are taking while dealing with other ‘more important’ matters.

Companies such as the Motion Picture Association of America (MPAA) and the Recording Industry Association of America (RIAA) are in a continuous battle suing and fighting with companies, ISPs and even home users for illegally distributing movies and music.

Many users are aware of this and are now turning to their company’s internet resources, which in many cases offer faster and unlimited data transfer, to download their illegal content such as movies, games, music and other material.

An employer or business can be easily held responsible for the actions of its employees when it comes to illegal download activities, especially if no policies or systems are in place.

In the case of an investigation, if the necessary security policies and web monitoring systems are in place with the purpose of preventing copyright infringement and illegal downloading, businesses are less vulnerable to the illegal implications of their users, plus it allows them to track down and find the person responsible.

Data Loss Prevention (DLP) – Stop Users From Uploading Sensitive/Critical Documents

While illegal downloading is one major threat for businesses, stopping users sharing company data and sensitive information (aka Data Loss Prevention or DLP) is another big problem.

With the explosion of (free) cloud-based storage services such as DropBox, OneDrive, Google Drive and others, users can quickly and easily upload any type of document directly from their workplace to their personal cloud storage and instantaneously share it with anyone in the world, without the company’s consent or knowledge.

The smartly designed cloud-storage applications are able to use HTTP & HTTPS to transfer files, and circumvent firewall security policies and other types of protection.

More specialised application proxies such as GFI’s WebMonitor can effectively detect and block these applications, saving businesses major security breaches and damages.

Block Unauthorized Remote Control Applications (TeamViewer, Ammy Admin, Remote Desktop, VNC etc) & Ransomware

Remote control applications such as Teamviewer, Ammy Admin, Remote Desktop and others have been causing major security issues in organizations around the world. In most cases, users run these clients so they can then remotely access and control their workstation from home, continuing their “downloads” or transfer files to their home PC and other unauthorized activities.

In other cases, these remote applications become targets for pirates and hackers, who try to hijack sessions that have been left running by users.

Ransomware is a new type of threat where, through an application running on the user’s workstations, hackers are able to gain access and encrypt files found on the computers, even network drives and shares within a company.

In late 2015, popular Ammy Admin – a remote control software, was injected with malicious code and unaware home and corporate users downloaded and used the free software. Infected by at least five different malware versions, they gave attackers full access and control over the PC. Some of the malware facilitated stealing banking details, encrypting user files in exchange for money to decrypt them and many more.

In another case during 2015, attackers began installing ransomware on computers running Remote Desktop Services. The attackers obtained access via brute-force attack and then installed their malware which started scanning for specific file extensions. A ransom of $1000 USD was requested in order to have the files decrypted.

Blocking this type of applications is a major issue for companies as users uncontrollably make use of them, not realizing they are putting their company at serious risk.

Use of such applications should be heavily monitored and restricted because they pose a significant threat to businesses.

GFI’s WebMonitor’s extensive application list has the ability to detect and effectively block these and many other similar applications, putting an end to this major security threat.

Summary

The internet today is certainly not a safe place for users or organizations. Security threats resulting from users downloading and distributing illegal content, sharing company sensitive information, uncontrollably accessing their systems from home or other locations and the potential hazard of attackers gaining access to internal systems via RDP programs, is real. Avoid getting your company caught with its pants down and seek ways to tighten and enforce security policies that will help protect them from these ever present threats.

Automate Software Deployment with the Help of GFI LanGuard. Quick & Easy Software Installation on all PCs – Workstations & Servers

2015-12-31T17:44:42+11:00

Deploying a single application to hundreds of workstations or servers can become a very difficult and time-consuming task. Thankfully, remote deployment of software and applications is a feature offered by GFI LanGuard. With Remote Software Deployment, we can automate the installation of pretty much any software to any amount of computers on the network, including Windows servers (2003,2008, 2012), Domain Controllers, Windows workstations and other.

In this article we’ll show how easy it is to deploy any custom software using GFI LanGuard. For our demonstration purposes, we’ll deploy Mozilla Firefox to a Windows server.

To begin configuring the deployment, select the Remediate tab from GFI LanGuard, then select the Deploy Custom Software option as shown below:

Figure 1. Preparing the network-wide deployment of Mozilla Firefox through GFI LanGuard

Next, select the target machine from the left panel. We can select one or multiple targets using the CTRL key. For our demonstration, we selected the DCSERVER which is a Windows 2003 server.

Now, from the Deploy Custom Software section, click on Add to select the software to be deployed. This will present the Add Custom Software window where we can select the path to the installation file. GFI LanGuard also provides the ability to run the setup file using custom parameters – this handy feature allows the execution of silent installations (no window/prompt shown at the target machine desktop), if supported by the application to be installed. Mozilla Firefox supports silent installation using the ‘ –ms ‘ parameter:

Figure 2. GFI LanGuard custom software deployment using a parameter for silent installation

When done, click on the Add button to return back to the main screen where GFI LanGuard will display the target computer(s) & software selected, plus installation parameters:

Figure 3. GFI LanGuard ready to deploy Mozilla Firefox on a Windows Server

Clicking on the Deploy button brings up the final window where we can either initiate the deployment immediately or schedule it for a later time. From here, we can also insert any necessary credentials but also select to notify the remote user, force a reboot after the installation and many other useful options:

Figure 4. Final configuration options for remote deployment of Mozilla Firefox via GFI LanGuard

GFI LanGuard’s remote software deployment is so sophisticated that it even allows the configuration of the number of threads that will be executed on the remote computer (under the Advanced options link), helping ensure minimum impact for the user working on the remote system.

Once complete, click on OK to proceed with the remote deployment. LanGuard will then return back to the Remediation window and provide real-time update of the installation process, along with a detailed log below:

Figure 5. GFI LanGuard Remote software deployment of Mozilla Firefox complete

Installation of Mozilla Firefox was incredibly fast and to our surprise, the impact on the remote host was undetectable. We actually didn’t realise the installation was taking place until the Firefox icon appeared on the desktop. CPU history also confirm there was no additional load on the server:

Figure 6. Successful installation of Mozilla Firefox, without any system performance impact!

GFI LanGuard’s software deployment feature is truly impressive. It not only provides network administrators with the ability to deploy software on any machine on their network, but also gives complete control on the way the software will be deployed and resources that will be used on the remote computer during the installation. Additional options such as scheduling the deployment, custom user messages before or after the installation, remote reboot and many more, make GFI LanGuard it a necessary tool for any organization.

How to Manually Deploy – Install GFI LanGuard Agent When Access is Denied By Remote Host (Server – Workstation)

2015-12-22T18:20:32+11:00

When IT Administrators and Managers are faced with the continuous failure of GFI LanGuard Agent deployment e.g (Access is denied), it is best to switch to manual installation in order to save valuable time and resources. The reason of failure can be due to incorrect credentials, disabled account, firewall settings, disabled remote access on the target computer and many more. Deploying GFI LanGuard Agents is the best way to scan your network for unpatched machines or machines with critical vulnerabilities.

Figure 1. GFI LanGuard Agent deployment failing with Access is denied

Users interested can also check our article Benefits of Deploying GFI LanGuard Agents on Workstations & Servers. Automate Network-wide Agent Scanning and Deployment.

Step 1 – Locate Agent Package On GFI LanGuard Server

The GFI LanGuard Agent installation file is located in one of the following directories, depending on your operating system:

For 32bit operating systems: c:\Program Files\GFI\LanGuard 11\Agent\
For 64bit operating systems: c:\Program Files (x86)\GFI\LanGuard 11\Agent\

Figure 2. The location of GFI LanGuard Agent on our 64bit O/S.

Step 2 – Copy The File To The Target Machine & Install

Once the file is copied to the target machine, execute it using the following single line command prompt:

c:\LanGuard11agent.msi /qn GFIINSTALLID="InstallationID" /norestart /L*v "%temp%\LANSS_v11_AgentKitLog.csv

Note: InstallationID is an ID that can be found in the crmiini.xml file located on the GFI LanGuard server directory for 32bit O/S: c:\Program Files\GFI\LanGuard 11 Agent or c:\Program Files (x86)\GFI\LanGuard 11 Agent for 64bit O/S.

Following is a screenshot of the contents of our crmiini.xml file where the installation ID is clearly shown:

Figure 3. Installation ID in crmiini.xml file on our GFI LanGuard Server

With this information, the final command line (DOS) for the installation of the Agent will be as follows:

LanGuard11agent.msi /qn GFIINSTALLID=" e86cb1c1-e555-40ed-a6d8-01564bdb969e" /norestart /L*v "%temp%\LANSS_v11_AgentKitLog.csv

Note: Make sure the command prompt is run with Administrator Privileges (Run as Administrator), to ensure you do not have any problems with the installation.

Here is a screenshot of the whole command executed:

Figure 4. Successfully Installing GFI LanGuard Agent On Workstations & Servers

Notice that the installation is a ‘silent install’ and will not present any message or prompt the user for a reboot. This makes it ideal for quick deployments where no reboot and minimum user interruption is required.

A restart will be necessary to complete the Agent initialization.

Important Notes

After completing the manual installation of the GFI LanGuard Agent, it is necessary to remote deploy the Agent from the GFI LanGuard console as well, otherwise the GFI LanGuard server will not be aware of the Agent manually installed on the remote host.

Also, it is necessary to deploy at least one Agent remotely via GFI LanGuard server console, before attempting the manual deployment, in order to initially populate the Crmiini.xml file with the installation id parameters.

This article covered the manual deployment of GFI’s LanGuard Agent on Windows-based machines. We took a look at common reasons why remote deployment of the Agent might fail, and covered step-by-step the manual installation process and prerequisites to ensure the Agent is able to connect to the GFI LanGuard server.

Benefits of Deploying GFI LanGuard Agents on Workstations & Servers. Automate Network-wide Agent Scanning & Deployment

2015-12-10T01:08:35+11:00

GFI LanGuard Agents are designed to be deployed on local (network) or remote servers and workstations. Once installed, the GFI LanGuard Agents can then be configured via LanGuard’s main server console, giving the administrator full control as to when the Agents will scan the host they are installed on, and communicate their status to the GFI LanGuard server.

Those concerned about system resources will be pleased to know that the GFI LanGuard Agent does not consume any CPU cycles or resources while idle. During the time of scanning, once a day for a few minutes, the scan process is kept at a low priority to ensure that it does not interfere or impact the host’s performance.

GFI LanGuard Agents communicate with the GFI LanGuard server using TCP port 1070, however this can be configured.

Let’s see how we can install the GFI LanGuard Agent from the server’s console.

First open GFI LanGuard and select Agents Management from the Configuration tab:

Figure 1. Select Agents Management and the Deploy Agents

Next, you can choose between Local domain or Custom to define your target(s):

Figure 2. Defining Target rules for GFI LanGuard Agent deployment

Since we’ve selected Custom, we need to click on Add new rule to add our targets.

The targets can be defined via their Computer name (shown below), Domain name or Organization Unit:

Figure 3. Defining our target hosts using their Computer name

When complete, click on OK to return to the previous window.

We now see all computer hosts selected:

Figure 4. Viewing selected hosts for Agent deployment

The Advance Settings option on the lower left area of the window, allows us to configure the automatic discovery of machines with Agents installed, setup up the Audit schedule of the agent (when it will scan its host and update the LanGuard server), Scan profile used by the Agent, plus an extremely handy feature called Auto Remediation which enables GFI LanGuard to automatically download and install missing updates, service packs, uninstall unauthorized applications and more, on the remote computers.

Figure 5. GFI LanGuard - Agent Advanced Settings – Audit Schedule tab

The screenshot below shows us the Auto Remediation tab settings:

Figure 6. Agent Advanced Settings – Auto Remediation tab

When done, click on OK to save the selected settings and return back to the previous window.

Now click on Next to move to the next step. At this point, we need to enter the administrator credentials of the remote machine(s) so that GFI LanGuard can log into the remote machines and deploy the agent. Enter the username and password and hit Next and then Finish at the last window:

Figure 7. Entering the necessary credentials for the Agent deployment

GFI LanGuard will now being the deployment of its Agent to the selected remote hosts:

Figure 8. GFI LanGuard preparing for the Agent deployment

After a while, the LanGuard Agent will report its installation status. Where successfully, we will see the Installed message, otherwise a Pending install message will continue to be displayed along with an error if it was unsuccessful:

Figure 9. LanGuard Agent installation status

Common problems not allowing the successful Agent deployment are incorrect credentials, Firewall or user rights.

To check the status of the installed Agent, we can simply select the desired host, right-click and select Agent Diagnostic as shown below:

Figure 10. Accessing GFI LanGuard Agent Diagnostics

The Agent Diagnostic window is an extremely helpful feature as it provides a great amount of information on the Agent and the remote host. In addition, at the end of the Diagnosis Activity Window, we’ll find a zip file that contains all the presented information. This file can use email to GFI’s support in case of Agent problems:

Figure 11. Running the Agent Diagnostics report

The GFI LanGuard Agent is an extremely useful feature that allows the automatic monitoring, patching and updating of the host machine, leaving IT Administrators and Managers to deal with other important tasks. Thanks to its Domain & Workgroup support, GFI LanGuard it can handle any type and size of environment. If you haven’t used it yet, download your copy of GFI LanGuard and give it a try – you’ll be surprised how much valuable information you’ll get on your systems security & patching status and the time you’ll save!

How to Configure Email Alerts in GFI LanGuard 2015 – Automating Alerts in GFI LanGuard

2015-11-23T09:00:00+11:00

One of the most important features in any network security monitoring and patch management application such as GFI’s LanGuard is the ability to automate tasks e.g automatic network scanning, email alerts etc. This allows IT Administrators, Network Engineers, IT Managers and other IT Department members, continue working on other important matters while they have their peace of mind that the security application is keeping things under control and will alert them instantly upon any changes detected within the network or even vulnerability status of the hosts monitored.

GFI LanGuard’s email alerting feature can be easily accessed either from the main Dashboard where usually the Alerting Options notification warning appears at the bottom of the screen:

Figure 1. GFI LanGuard email alerting Option Notification

Or alternatively, by selecting Configuration from the main menu and then Alerting Options from the left side area below:

Figure 2. Accessing Alerting Options via the menu

Once in the Alerting Options section, simply click on the click here link to open the Alerting Options Properties window. Here, we enter the details of the email account that will be used, recipients and smtp server details:

Figure 3. Entering email, recipient & smtp account details

Once the information has been correctly provided, we can click on the Verify Settings button and the system will send the recipients a test notification email. In case of an IT department, a group email address can be configured to ensure all members of the department receive alerts and notifications.

Finally, at the Notification tab we can enable and configure a daily report that will be sent at a specific time of the day and also select the report format. GFI LanGuard supports multiple formats such as PDF, HTML, MHT, RTF, XLS, XLSX & PNG.

Figure 4. GFI LanGuard Notification Window settings

When done, simply click on the OK button to return back to the Alerting Options window.

GFI LanGuard will now send an automated email alert on a daily basis whenever there are changes identified after a scan.

This article showed how GFI LanGuard, a network security scanner, vulnerability scanner and patch management application, can be configured to automatically send email alerts and reports on network changes after every scan.

How to Scan Your Network and Discover Unpatched, Vulnerable, High-Risk Servers or Workstations using GFI LanGuard 2015

2015-11-17T15:16:00+11:00

This article shows how any IT Administrator, network engineer or security auditor can quickly scan a network using GFI’s LanGuard and identify the different systems such as Windows, Linux, Android etc. More importantly, we’ll show how to uncover vulnerable, unpatched or high-risk Windows systems including Windows Server 2003, Windows Server 2008, Windows Server 2012 R2, Domain Controllers, Linux Servers such as RedHat Enterprise, CentOS, Ubuntu, Debian, openSuse, Fedora, any type of Windows workstation (XP, Vista, 7, 8, 8.1,10) and Apple OS X.

GFI’s LanGuard is a swiss-army knife that combines a network security tool, vulnerability scanner and patching management system all in one package. Using the network scanning functionality, LanGuard will automatically scan the whole network and use the provided credentials to log into every located host and discover additional vulnerabilities.

To begin, we launch GFI LanGuard and at the startup screen, select the Scan Tab as shown below:

Figure 1. Launching GFI LanGuard 2015

Next, in the Scan Target section, select Custom target properties (box with dots) and click on Add new rule. This will bring us to the final window where we can add any IP address range or CIDR subnet:

Figure 2. Adding your IP Network – Subnet to LanGuard for scanning

Now enter the IP address range you would like LanGuard to scan, e.g 192.168.5.1 to 192.168.5.254 and click OK.

The new IP address range should now appear in the Custom target properties window:

Figure 3. Custom target properties displays selected IP address range

Now click on OK to close the Custom target properties window and return back to the Scan area:

Figure 4. Returning back to LanGuard’s Scan area

At this point, we can enter the credentials (Username/Password) to be used for remotely accessing hosts discovered (e.g domain administrator credentials is a great idea) and selectively click on Scan Options to reveal additional useful options to be used during our scan, such as Credential Settings and Power saving options. Click on OK when done:

Figure 5. Additional Scan Options in GFI’s LanGuard 2015

We can now hit Scan to begin the host discovery and scan process:

Figure 6. Initiating the discovery process in GFI LanGuard 2015

GFI LanGuard will being scanning the selected IP subnet and list all hosts found in the Scan Results Overview window area. As shown in the above screenshot, each host will be identified according to its operating system and will be accessed for open ports, vulnerabilities and missing operating system & application patches.

The full scan profile selected will force GFI LanGuard to run a complete detailed scan of every host.

Once complete, GFI LanGuard 2015 displays a full report summary for every host and an overal summary for the network:

Figure 7. GFI LanGuard 2015 overall scan summary and results

Users can select each host individually from the left window and their Scan Results will be diplayed on the right window area (Scan Results Details). This method allows quick navigation through each host, but also allows the administrator or network security auditor to quickly locate specific scan results they are after.

This article explained how to configure GFI LanGuard 2015 to scan an IP subnet network, identify host operating systems, log into remote systems, scan for vulnerabilities, missing operating system and application patches, open ports and other critical security issues. IT Managers, network engineers and security auditors should defiantely try GFI LanGuard and see how easy & automated their job can become with such a powerfull network security tool in their hands.