iSentryIII
Appliance frequently asked
questions.
What is the iSentryIII Content Filtering Appliance?
The iSentryIII Content Filtering Appliance is a fully
integrated hardware/software package which includes its own hardened Linux distribution, firewall,
content filtering application program and blocking database. For
detailed specifications and proper sizing go to:
iSentryIII appliance data
sheet.
[return to top]
How much time will be required to install and configure the iSentryIII
Appliance?
Typically the iSentryIII
appliance can be
installed in your network in about 15 minutes.
[return to top]
Will iSentryIII work with my existing firewall?
iSentryII can be installed next to or behind your
existing firewall. If the appliance
is installed behind a firewall it will require permission to download database updates.
[return to top]
How much time will I have to spend maintaining iSentryIII?
iSentryIII content filtering
appliances have been designed to require minimal
administrative time. All updates to the blocking
list occur automatically. Automated log and disk space management and reporting utilities
eliminate administrative chores.
[return to top]
How are Web sites blocked?
Using the client’s IP address or user ID
the iSentryIII appliance determines which categories will be blocked.
The iSentryIII application program looks up the requested
URL in each of the applicable databases using high speed constant data bases. If the site
is listed in any of the categories (such as pornography or hate) the request is denied and
the user is notified. All requests are logged in the http access log.
[return to top]
How do you create your database of blocked Web sites?
The URL Content Filter database is maintained by
Firewall Servers and uses proprietary software tools that search the Internet looking for
new or updated sites that may contain material for each of the managed categories.
Additional software excludes legitimate sites from the database and removes redundancies.
[return to top]
How many Web site categories do you have?
The iSentry software provides 15
selectable content filtering categories. We have combined the dozens
of minor groupings used by some other approaches into these highly
relevant compilations. This provides the network administrator an
easily managed solution with optimum flexibility while maintain
filtering policy criteria integrity.
A useful feature of iSentryIII
is a category "trusted-only". This category blocks ALL sites except those
specifically added to this category. This feature is highly useful in school environments
where only specific sites are to be used. This is easily updated or changed as needed.
Additional sites can be added dynamically by businesses or schools as needed.
[return to top]
How many URLs do you block?
iSentryIII blocks access to more than 200 million Web
pages.
[return to top]
Are Web sites blocked by keyword?
Keywords are searched as part of a
regular expression search and attempts to search for banned keywords on search engines are
blocked. Keyword-only approaches can produce very inaccurate results.
[return to top]
Do you block Web sites by IP address?
iSentryIII uses both the full URL name and the IP
address. If the matching site on the list contains one or more path names then only the
data in the path(s) will be blocked. If no pathname is included the entire site is
blocked. This provides for maximum flexibility and precise control over all blocking. URL
based filtering is required to properly handle virtual Web site hosting. Since many ISPs
host multiple Web sites on the same server, products that block based only upon IP address
will incorrectly block every site on the hosted Web server, even though some sites do not
contain inappropriate content. Use of the IP address also prevents by passing the blocking
filter by entering the IP address rather than the host name.
[return to top]
Can iSentryIII block all hosts from a single domain?
Yes. Some sites allow any host name to precede
their domain name making it difficult to block their site by host name, as any host name
will resolve to their server’s IP address. iSentryIII defends against this clever ploy
that circumvents other blocking lists.
[return to top]
What happens if someone enters an IP address to access a site?
iSentryIII automatically detects IP address entry and
properly handle them as if the site had been entered by URL name. This prevents a user
from bypassing a blocking list based only on hostname.
[return to top]
Can I provide a list of users that do not get blocked?
Yes. There are 5 groups which can be used to define
what access is available to the user base. The default setting has all users passing
through a "transparent" proxy and are filtered according to the rules chosen by
the policy. This requires NO changes to the existing user's workstation.
Selected users can be assigned to another group with different filtering criteria,
including NONE.
[return to top]
Can I Define a Private Access List?
Yes. The private access control facility restricts URL access
to a specified list of URLs. These can be easily be defined and maintained by the
Administrator.
[return to top]
Can an authorized user bypass the iSentryIII filtering?
Yes. The iSentryIII URL filter appliance has a "Bypass" feature which allows the user to access
the Internet unfiltered. This requires the user to obtain both a login name and password.
The "Bypass" feature works only in the Transparent Mode or Group 5. The default period for unfiltered access from this particular workstation is 1 hour but
can be changed by the administrator.
[return to top]
Can I add my own sites and site categories to iSentry’s database?
Yes. The administrator can easily add sites to the iSentryIII
database.
[return to top]
How often do I receive database updates?
Updates are automatically downloaded twice weekly
into your iSentryIII. Updates are usually scheduled for early AM hours but can be scheduled
at a time that you choose.
[return to top]
How do I receive software updates?
As long as your have a current support license,
software updates will be automatically shipped to you. Updates can be applied while the
system is running without disrupting active users.
[return to top]
Does iSentryIII offer reporting?
Yes. In addition to proactive filtering and blocking
of inappropriate Internet access, iSentryIII provides full monitoring and logging of all
successful and unsuccessful Internet accesses. Even though access to disallowed Web sites and Internet services have
been successfully blocked, it can be very important to be able to analyze the
patterns of attempted access. This can be helpful as user feedback for corrective action
as well as documentation for disciplinary proceedings if necessary.
[return to top]
How do I administer the iSentryIII Appliance?
iSentryIII is administered through an ordinary
browser. Remote administration enforces strong user authentication to ensure only
authorized persons can administer the system. All transmissions are encrypted to keep
hackers from snooping.
[return to top]
How does the iSentryIII Appliance connect to my network?
An iSentryIII Content Filter appliance has dual
10/100Mbps network interface cards and is typically connected between your router and LAN
switch.
[return to top]
Will the iSentryIII
appliance impact network performance?
The iSentryIII Content Filter Appliances
can actually
improves network performance, by blocking unauthorized access to content that would
otherwise consume network resources. It also acts as a caching server and caches
frequently accessed pages and saves the round trip to the server.
[return to top]
