With the focus constantly on the threats posed to businesses by viruses, spam and spyware it’s all too easy to overlook instant messaging (IM) and peer to peer (P2P) applications. There’s no doubt this dynamic duo can bring a lot of benefits to business communications but their usage needs to be strictly controlled. D-Link’s DFL-M510 is a new line of activity for the company as instead of providing the usual firewalling, anti-virus and anti-spam it focuses purely on managing, monitoring and controlling IM and P2P applications.
Many employees now use IM as unlike email it is immediate and provides high levels of control over who you want to talk to, who you don’t want to talk to and who can see if you are available online. However, with no restrictions in place users can happily transfer files or pass on company information in casual conversations and the network administrator would be none the wiser. P2P apps are as just as big a problem - I use GoToMyPC to allow me to control my systems in the lab from a remote location because by using HTTPS tunneling it’ll go straight through firewalls as if they didn’t exist. And I don’t need to point out the problems caused by P2P music sharing on the corporate network.
Installation is a cinch as using the Fast Ethernet LAN and WAN ports you drop the appliance in between your Internet connection and local network so it can monitor all traffic. The appliance functions purely as a transparent gateway so it’ll slot straight into your existing network with no requirement for any changes to the infrastructure. To allow it to identify IM and P2P specific traffic the appliance has to inspect all traffic at Layer 7 – the application layer. Rather than discuss how this works we’ll just say that these capabilities don’t come cheap and are normally found in enterprise level security appliances. This allows the M510 to associate a packet of data with an application so it can identify very specifically any traffic originating from or destined for IM and P2P applications.
The appliance is managed via a Java applet which we found can be a bit sluggish if you’re running it on a modest PC. As the M510 monitors traffic it builds up a list of PCs on the network along with their IP and MAC addresses. These can then be placed into different groups and access policies assigned to them to determine what, if anything, they are allowed to run. Before you start laying down the law you can run in a passive mode allowing you to see what traffic types are on the network. A real time monitor shows a traffic graph for IM, P2P, Web, FTP and mail whilst a pie chart alongside breaks it down into percentages and actual KBs transferred. You can also view a list of stations and see which are using particular protocols such as HTTP, HTTPS, POP3 and FTP or indulging in IM, P2P, or streaming media.