- Review Price: £866.00
With the focus constantly on the threats posed to businesses by viruses, spam and spyware it’s all too easy to overlook instant messaging (IM) and peer to peer (P2P) applications. There’s no doubt this dynamic duo can bring a lot of benefits to business communications but their usage needs to be strictly controlled. D-Link’s DFL-M510 is a new line of activity for the company as instead of providing the usual firewalling, anti-virus and anti-spam it focuses purely on managing, monitoring and controlling IM and P2P applications.
Many employees now use IM as unlike email it is immediate and provides high levels of control over who you want to talk to, who you don’t want to talk to and who can see if you are available online. However, with no restrictions in place users can happily transfer files or pass on company information in casual conversations and the network administrator would be none the wiser. P2P apps are as just as big a problem – I use GoToMyPC to allow me to control my systems in the lab from a remote location because by using HTTPS tunneling it’ll go straight through firewalls as if they didn’t exist. And I don’t need to point out the problems caused by P2P music sharing on the corporate network.
Installation is a cinch as using the Fast Ethernet LAN and WAN ports you drop the appliance in between your Internet connection and local network so it can monitor all traffic. The appliance functions purely as a transparent gateway so it’ll slot straight into your existing network with no requirement for any changes to the infrastructure. To allow it to identify IM and P2P specific traffic the appliance has to inspect all traffic at Layer 7 – the application layer. Rather than discuss how this works we’ll just say that these capabilities don’t come cheap and are normally found in enterprise level security appliances. This allows the M510 to associate a packet of data with an application so it can identify very specifically any traffic originating from or destined for IM and P2P applications.
The appliance is managed via a Java applet which we found can be a bit sluggish if you’re running it on a modest PC. As the M510 monitors traffic it builds up a list of PCs on the network along with their IP and MAC addresses. These can then be placed into different groups and access policies assigned to them to determine what, if anything, they are allowed to run. Before you start laying down the law you can run in a passive mode allowing you to see what traffic types are on the network. A real time monitor shows a traffic graph for IM, P2P, Web, FTP and mail whilst a pie chart alongside breaks it down into percentages and actual KBs transferred. You can also view a list of stations and see which are using particular protocols such as HTTP, HTTPS, POP3 and FTP or indulging in IM, P2P, or streaming media.
Policies provide high levels of control as you can decide what applications to block and what to allow and assign them to different groups of systems. These controls extend not just to IM and P2P but streaming media apps such as Windows Media Player, web browsing, FTP and mail as well. Pick MSN Messenger from the list and you can decide whether to block it wholesale or maybe allow chatting but no video and audio communications or file transferring. With file sharing you just pick a service from the list and block login attempts. For web browsing you get rudimentary URL blocking controls as you can apply up to three keyword lists to a policy and each list can contain multiple entries.
We tested a variety of scenarios and started by blocking MSN Messenger which caused the clients to fail to sign in. We blocked iTunes and although we could play locally accessible music we couldn’t log on to the iTunes music store anymore. Using URL keyword blocking stopped clients accessing listed sites with those words in their URL and we could stop specific groups using email. The M510 also blocked all attempts to log on to FTP sites. No entry was provided for GoToMyPC but we blocked it anyway by creating a custom policy that specified the relevant application server’s IP address. You can also create user defined patterns comprising source and destination ports or send a request to D-Link directly from the appliance for a new pattern file for a specific application.
So far, so good but the M510 really falls down on reporting. As we’ve already mentioned you can see what applications and protocols specific systems are using in real time but general reporting is limited to a system log which doesn’t give any details about blocked activities whilst the report tab just provides a graphic of the real-time monitor for the selected period.
The DFL-M510 offers a very cost-effective method of monitoring and controlling access to IM and P2P apps plus a whole lot more Internet activity. Policy based filters make it highly versatile but the weak reporting does let the side down
The real time monitor provides a useful insight into what is occurring on your network.
Plenty of common applications can be included in access policies.
The URL keyword blocking facility worked well and provides web based warnings to users.
With an M510 policy in the way QuickTime and iTunes users were denied Internet access.
We couldn’t get Win Popup warnings to work but the appliance could send out email alerts.
Unlike other sites, we thoroughly test every product we review. We use industry standard tests in order to compare features properly. We’ll always tell you what we find. We never, ever accept money to review a product. Tell us what you think - send your emails to the Editor.