While security programs for computers and networks are well-documented, there is often little attention paid to ways of physically stopping a person from entering the workplace.

Getting it right

Research into social engineering by security organizations, including the SANS Institute, found this to be a dangerous and overlooked method of weakening the security of any office workplace.

Providing physical access by using ID cards and/or swipe cards has been successfully implemented for decades as both a visual method of security and convenient physical access through doors. However, best practice improvements should also be kept up in this “offline” area, using the latest technologies to ensure adequate protection.

Picture Perfect

While photographic ID cards are not new, they do provide the initial protection that any business needs. Simple policy rules requiring that photographic ID be worn using a lanyard and visible at all times are common, often with the use of a proximity “fob” card that staff use to swipe themselves into protected areas.

The most common types of proximity cards in use are from the HID IsoProx II range which give the benefit of allowing businesses to print directly onto one side of the card. A number of ID card printers are available at Avon Security, with varying quality. These cards are not as effective, however, if the business has a high rate of staff turnover.

Proximity vs Convenience

An increasingly common method is to use a clamshell ID card, whereby the actual ID card can be used alongside the Photo ID, usually inserted into the back of the ID holder. The combination of proximity sensors and visible photos provides a much needed baseline of protection for staff, however, priority must be given to ensuring these are adequately tested prior to use.

The use of an ID card printer on-site is not a requirement, but having to order each new card will lead to increases in the lead time for any new staff to be able to walk around the office unaccompanied.

Ensuring the industry standard brands are used in combination with a high-bitrate proximity sensor are important factors to consider before making an investment in any ID card system.

Visitors and Temporary Protection

It is important not to overlook the importance of getting the right ID card protection for visitors to any organization. While many will simply provide a sticker on a blank card, there may be times when this does little to appease the concerns of those who need the assurance that everyone in the office is authorized to be there.

Authorizing and recording visitors with a temporary badge, such as the commonly used Avon Visitor Management Kit, is acceptable if visitors are accompanied around the office and not given swipe cards. However, there are times when the reception or security team won’t always be able to verify their status.

A further method of assurance can come from the use of expiring visitor badges which display a clear VOID after a number of hours of use. In areas where contractors may be working alone, these badges provide the benefit of assuring that visitors truly are authorized to be working in remote and out-of-reach areas.

Combination of Methods

As with security in the technology arena, providing a layered approach when it comes to physical office access is highly recommended, especially in sensitive areas such as legal and financial places of work.

While biometric readers and methods can provide a certain degree of accuracy, organizations can immediately build upon the ID card system by using heat-sealed holograms on all employee ID cards.

It would take a determined fraudster some time to clone an existing employee’s card for a social engineering attack, but they still would be unlikely to replicate the exact hologram in use. This is especially true if it is branded in a unique way to the business through a logo or company statement.

About the Author: George Hillston is and expert data security blogger, you can find more of his work on his Google+

Performing a VA doesn’t have to be difficult or complex. If you have the right plan, it’s something you can readily do for yourself. To that end, here are 11 key components for your VA plan.

1. Documented Policy

Vulnerability assessment plans should include a policy that addresses the purpose, the frequency, and the expectations for remediation when you detect a vulnerability. And believe me, you will. Set a frequency that is manageable for your staff and other duties, but that doesn’t leave things unknown for too long. A good vulnerability assessment application (more on that below,) once configured and tuned to your environment, should be able to run as a scheduled task. Make sure your policy addresses what systems to be assessed, and how long a system owner has to remediate any vulnerabilities detected.

2. Management Support

You need support of management, to provide the authority for your policy, to support you in conducting your VAs, and to require that any vulnerabilities you detect be remediated. It does you no good at all to find a flaw only to have the system owner say they are too busy to fix it. Management support ensures that your vulnerability assessment plan is not for naught.

3. The Right Application for Your Environment

A vulnerability assessment plan requires the right vulnerability assessment application to succeed. There are many on the market, and finding the right one for you is critical to your success. Get one that is easy to update and maintain, that runs on an operating system with which you are already familiar, and that can assess all the systems on your network.

4. Coverage for operating systems, applications, and network hardware

Make sure your vulnerability assessment application can cover all the operating systems and mobile devices, especially if you are going to support BYOD. If you have a mix of Windows, Macs, and Linux systems, plus the myriad mobile devices and tablets that are everywhere today, you want to make sure you can assess them all.

5. Regular Assessment from the Inside

You should run regularly scheduled assessments on your internal network, scanning your servers and workstations as thoroughly as possible. Don’t just time your scans to match a cadence of new systems… new vulnerabilities are detected all the time. Scan at least monthly.

6. Regular Assessment from the Outside

Many, though not all, attempts to exploit your systems will come from the outside. Assess your DMZ systems from outside the corporate network if possible to get the same point of view that attackers will have over the Internet.

7. Review and respond to all deficiencies

Your policy, your management’s support, and common sense should all say that remediating each and every vulnerability detected should happen immediately. You’re going to find that sometimes, common sense is lacking, so you’re going to need to rely upon that policy and management authority to get sysadmins to patch their systems and tighten up their configurations when your VA finds problems.

8. Assessment of all new systems before production

Before a system goes into production, it’s easy to patch it. You don’t need a change control or a maintenance window. Once it is in production, it can be much more challenging to get it patched. That’s why your vulnerability assessment plan should include a need to assess all systems before they go into production, so they are as secure as they can be on day one.

9. Remediation

Once a vulnerability has been detected, and supposedly fixed, you need to scan the impacted system again. There’s a couple of reasons for this. First, you want to confirm that the vulnerability has been resolved. The second is that you want to make sure that changes to one aspect don’t create or uncover another vulnerability in remediating the first. Follow up scans should happen immediately after remediation.  Don’t wait to be told it’s done. Verify!

10. Risk Acceptance and Responsibility

In a perfect world, we’d be able to get every single system fully and completely patched and up to date, and resolve every vulnerability the moment it was detected. Unfortunately, the world is not perfect. At some point or another, you are going to find a sysadmin who has a reason NOT to remediate a particular vulnerability. Information security may want to prevent any and every threat, but at the end of the day, the business may choose to accept some risk. If you have identified it, quantified it, and explained what could happen if it is not remediated, then you have done what you can. If the business wishes to accept the risk and take responsibility for the outcome should a vulnerability be exploited, so be it. Make sure your vulnerability assessment plan includes a provision for this and that you document when you have done your job and the business has accepted the risk.

New vulnerabilities are discovered all the time, so it’s critical to ensure your vulnerability assessment plan includes selecting a VA application that can be regularly updated, and that you obtain those updates. As a best practice, you should check for updates to your VA app every time you use it, at the beginning of the assessment cycle. That way, if a new vulnerability has been discovered, your VA app stands the best chance of detecting it if it exists in your environment.

A good vulnerability assessment plan includes policy, management support, regularly scheduled scans, the right application, and several best practices to ensure that every possible vulnerability on your network can be detected and whenever possible, remediated. Since that’s not always going to be possible, it also allows for risk acceptance and responsibility so that the business can operate, and you have a “get out of jail free” card should an unpatched system get owned!

Author: Peter Walsh on behalf of GFI Software. 

For more sysadmin and IT related resources visit GFI’s Blog.

With online security breaches becoming increasingly more common, small business owners will need to devote more resources to protecting their data. If personal information is obtained from a business through malevolent means, the business’s reputation will likely suffer. In some cases, security problems can even lead to financial losses that will be hard to recoup. Due to the increase in data related security breaches businesses will want to evaluate and implement additional security measures for a number of very important reasons.

Improved Relations with Customers

Because most small businesses look to build a viable customer base , they will need to assure prospective clients that all personal data collected will be carefully guarded. If a breach occurs, business owners will likely experience problems with customer service, sales, and reputation. Through appropriate security measures, businesses can ensure that all confidential client information is kept safe. Adequate passwords and quality virus protection is two security measures that all businesses should use.

Better Insurance Options

In the online world of ecommerce, insurance companies will generally ask businesses to prove that certain security measures have been implemented. In many cases, for example, small businesses will have access to social security numbers, bank account numbers, and personal identification information. Businesses that do not comply with the insurance company’s requirements will not qualify for reasonable rates. Properly implementing a firewall is one way to reduce the risk to the sensitive data that is collected by a business.

Physical Information Security

Online based attacks against a business is not the only way sensitive information is obtained by criminals.  Some crooks might scour exterior waste areas for personal information, others are adept at stealing computer hardware from unsecured offices. In some cases, sensitive information can even be stolen by employees of the company. For this reason, it is often a good idea to bar low-level workers from certain high-security areas. Passcodes and other security measures can be used so that only appropriate employees will be able to access sensitive data.

Data Destruction

Small business owners who are using traditional paper based filing systems will dispose of old paperwork on a regular basis. Though destruction of old paperwork can proceed in several ways, paper shredding often makes the most sense. In fact, industrial shredding companies like Shred-It offer a range of services to companies with large volumes of sensitive documents. After the documents have been shredded, the resulting materials will be taken to a secure location and dumped. Paper shredding machines come in various sizes and can be either bought or rented. Only honest employees should be allowed to take part in the process.

The Bottom Line

Though most people associate data security with larger corporations, small business owners should also familiarize themselves with key concepts. By protecting data, businesses can avoid adverse relations with customers while also allowing themselves the best possible insurance options. Because physical security is just as important as electronic security, paper shredders are a vital method of data destruction. With dedication and foresight, business owners will ultimately be able to adequately protect and dispose of any sensitive data the business might collect.

About the author: George Hillston is an expert data security blogger, you can find more of his work on his Google+.

This type of network threat can even allow an attacker to take control of a victim’s machine and cause it to run slow, lose, or deny connection. An attack-related outage, which can lead to extended downtime for a business, can happen if an infrastructure was not protected ahead of time. With many security reports and findings these days showing a great number of businesses that have experienced some sort of DDoS attack and with indications that continuing threats are on the rise for this year and next, it becomes paramount to come up with a strategy for DDoS protection and mitigation.

These attacks are considered by many to be the greatest threat that businesses normally face in their everyday online activity; preventing the attacks has to be a priority for all companies when considering their online presence and planning their own information systems.

Mitigation Strategy

DDoS attacks take many forms, making it important to understand the different types, like UDP flood and ICMP (Ping) flood to name a few, and the special techniques used by IT and security experts to prevent them.

Possible solutions include use of firewalls and intrusion detection and prevention systems, like one designed to address anomaly-based intrusion and prevention; these may be effective in helping businesses cope with DDoS threats.

Alternately, one can always choose a hosted company specializing in DDOS mitigation. This is a good option for those that do not want to take security matters in their own hands and prefer a cloud-based solution to prevent DDoS attacks. Security is assured through a third-party which obviously helps businesses by tapping into high-end technology without bearing the full costs of it.

DDoS mitigation service providers have the capacity to mitigate these threats, prevent future attacks, and keep network traffic flowing without being interrupted. Outsourcing centers are able to provide the hardware and software, as well as other needed equipment, like load balancers, to prevent DDoS attacks. Moreover, they offer 24/7 real-time protection to detect and address suspicious botnet activity before it disrupts services and wreaks havoc on the business server causing it to overload.  They can monitor and stop acts of countless external communication requests or other mischief to either the network or application layer of one’s network that could take down the entire system or website.

Having knowledge about DDoS and following good security practices to prevent attacks may be not enough to avoid them.  Ddos may also be prevented by increasing bandwidth allocation and considering a third-party load balancing product. One can also choose to install and maintain anti-virus software and use VPN services, switches, and routers as defensive mechanisms to help keep one’s identity and location completely secure.  Other options include separate network services, like those that may be public from private, diverse systems for intranet, extranet and Internet services, or single-purpose servers.

Some companies have already started taking measures to combat the problem of DDoS attacks or at least have prepared solid contingency plans in case they become victim of one. This is a reflection of the ever-increasing concerns of how such acts can be crippling to businesses if one does nothing to prepare and at least know how to stop DDoS attacks.

About the author: George Hillston is professional freelance writer and passionate information security blogger.

1. Security concerns

Event log monitoring with a tool that can handle Security Information and Event Management (SIEM) can help you detect security issues before they become incidents.  Event log monitoring can quickly alert you to all kinds of security concerns such as password guessing, people snooping around in data they shouldn’t snoop into, and signs of a compromised system,.

2. Proactive management

One of the best ways to get ahead of things, and to find what needs to be done before failures and outages occur is to perform regular event log monitoring. Your logs have all the information you need, and almost all problems start with events that can be detected long before incidents occur. Event log monitoring is your best way to react before users experience problems.

3. Baselining

Is the Internet slower today? Is that system less responsive than normal? Is there something going on? Event log monitoring is the best way to quickly create accurate baselines of system activities across your network.  Those baselines can then be used to evaluate changes or perceived performance challenges.

4. Spotting trends

You can also use event log monitoring to spot trends, such as load at week’s, month’s, or quarter’s end; or to find changes in network utilization during launches; or after earnings reports are released. All the information needed is in the logs.

5. Forecasting

Do you need to budget for next year’s upgrades? Forecast your storage utilization for next quarter? Prove that there is a surge in user log-ons each day at 8:00 AM? Event log monitoring can help you to forecast your future needs by establishing patterns and providing you with the specific data you need for a particular request.

6. Addressing issues before they become problems

Very few outages just occur. There’s usually a series of events that lead to an outage, and these are easy to spot after the reboot when you go digging through the logs. Of course, event log monitoring can spot those early warning signs so you can address the issue before it becomes the outage.

7. Compliance

Any number of federal regulations and compliance standards require not only that you log, but also that you regularly review those logs. Nothing makes regular reviews easier than event log monitoring, which automates the process and makes it simple to prove compliance.

If you ever want to get out of the non-stop fire-fighting mode and get into proactive management of your systems, event log monitoring is the fastest, easiest, and most affordable way to do so. Deploy event log monitoring in your network today, and you’ll have a much more enjoyable tomorrow.

This guest post was provided by Casper Manes on behalf of GFI Software Ltd. GFI is a leading software developer that provides network security, content security and messaging solutions. Read a review on GFI EventsManager 2013.  All product and company names herein may be trademarks of their respective owners.

The skyrocketing use of mobile devices among employees has also ushered in new and extraordinary threats to information security. As a result, those organizations that have preventative measures against these risks can enhance employee efficiency and secure a competitive advantage. Within this context, information security refers to protecting both the data storage and data transmission whether it refers to personally identifiable information of employees and customers, corporate data or intellectual property.

Complicating Factors For Information Security

There are many factors that have influenced the implementation of effective information security strategies and policies within an organization. Some of these factors include:

• Diversity of mobile devices as far as divergent operating systems.
• Multiplication of mobile devices and, consequently, difficulty in controlling hardware.
• Use of familiar devices by the employees instead of those offered by the company.
• Frequently upgraded devices to keep up with technology.
• Increase in social networking among employees on their mobile devices.
• Ubiquity of cloud computing.

Security Threats To Mobile Devices

As the number and types of mobile devices increase, so do the attempts to exploit them. Consequently, cyber criminals tend to target mobile devices more than ever before and, unfortunately, with increased efficiency. G Data Security Labs reveals that malware targeting of smart phones and tablets rose by 273% compared to 2011.

Managing Security In A Mobile Workplace

It is true that mobile devices bring substantial hurdles to enterprises. However, these hurdles are not insurmountable, and businesses can still transform information technology to minimize risks for data, networks, and applications while taking advantage of mobility through new governance, support processes, and outstanding IT skills. In order to manage information security in a mobile workplace, businesses should:

• Start by understanding exposure of regulated data, including trade secrets, industrial designs, and patents;
• Be aware of the unique risks that define each business and build a security framework on a platform that caters to those risks;
• Explore how and when employees use technology on and off the job to establish the most appropriate security measures;
• Determine a set of mobile devices that can access the network and prevent the addition of new mobile devices by the employees;
• Create preventive controls to ensure that unproved units cannot access the network;
• Establish the type of corporate information that approved devices can store and also the type of data that can be exchanged between the approved device and the corporate network;
• Determine encryption and authentication security measures to protect data on approved units;
• Establish measures that allow the distinction between corporate and personal information;
• Establish where corporate data is allowed to reside (device, network, cloud, or a combination);
• Assess application and services to determine potential risks so that only approved users can access the network;
• Ensure that cloud and data service providers meet the security requirements;
• Implement mechanisms to enforce the controls and standards.

When a business has finished implementing the proper security strategies and policies, employees need to be made aware and trained in best practices for secure use of mobile devices. Since most technical issues can be overcome through training and knowledge, employee awareness is often the weakest link of mobile security. Employee compliance becomes a crucial element of a successfully implemented security strategy for mobile devices.

About the author: George Hillston is professional freelance writer and passionate information security blogger. To ensure complete security with your business’s confidential information, he recommends Shred-It for all your data destruction needs.

Open Internet access for your employees is a wonderful privilege. It can boost morale, improve productivity and provide your users with a sense that they are trusted when you treat them as adults, rather than untrustworthy children. However, truly open and unrestricted Internet access can present significant risks to your users, their workstations and the company’s data. No matter how well-intentioned your users may be, accidents happen. Human error can result in malware infections, data leakage, credential compromise and productivity loss. It is up to you to protect your network from common human errors. Here’s how to do just that:

User Education

The weakest link in your defensive chain is also the one best able to help you protect the company. Your users are the ones surfing the web, reading emails full of links and searching throughout the day. Educating your users about the risks, how to recognize them and what to do when the inevitable human error occurs, is the first and most important thing you can do to protect all concerned.

Antivirus Software

Antivirus software is not a panacea, but it is a critical part of your defense in-depth approach to making Internet access safe. All systems should run antivirus software and the real-time protections should be on. Definitions should be updated regularly and you should implement a web security solution that also scans all downloads to minimize the chance that anything gets through. When you use multiple engines, you greatly improve your chances.

Patches and Updates

Far more systems are compromised due to missing patches than any other reason. Keeping workstations up-to-date and browsers and media players patched helps minimize the number of ways surfing the web can be dangerous. When a user does click somewhere they shouldn’t, an up-to-date system is far less likely to be exploited than one that is out of date.

Email Content Filtering

Clicking links in email or opening infected attachments are human errors that occur daily. Even seasoned sys admins can make these mistakes with surprising regularity. Email content filtering is the best way to stop these sorts of threats before a human has the opportunity to click.

Internet Content Filtering

An Internet security solution can go a very long way towards securing your network against human error, because it can provide so many protections for your users. Databases of compromised websites, sites that do not comply with company policy, and sites with questionable content, can all be screened to prevent users from accidentally visiting them. Malware filtering can add another level of defense against dangerous files and phishing sites can be blocked so that when an email makes it through, your users and your network are still protected.

Internet Usage Monitoring

Sometimes, human error doesn’t jump out at you. It’s more subtle, behind the scenes, and as the phrase suggests, it’s an error, not an intentional deed. Internet usage monitoring can provide aggregate reports of websites and content accessed, so that you can address any issues company-wide, rather than singling someone out. Of course, when the situation calls for it, you can also drill down to the specific user.

Monitoring Internet usage doesn’t mean you have to be Big Brother, or even that you must review individual’s activities. Using a web security application to automatically block compromised websites and those that are counter to company policy, to scan all downloads for malware, and to safeguard users from phishing sites, makes this job easy and respects users and their privacy.

This guest post was provided by Casper Manes on behalf of GFI Software Ltd. GFI is a leading software developer that provides a single source for network administrators to address their network security, content security and messaging needs. Learn more about why you need Internet monitoring software.

All product and company names herein may be trademarks of their respective owners.

How? Read on to discover five great benefits that this solution can offer.

 1) A fast setup

Cloud-based solutions only require the deployment of an agent on each workstation or server to be up and running. This takes just a few minutes and there is no user downtime during the setup process. Best of all, you won’t need to worry about software compatibility or vulnerabilities, or even hardware installations, that often plague new deployments.

2) Does not put a strain on budgets

A good cloud-based remote server monitoring solutions allow you to add in servers and workstations based on a low cost subscription model. This means your budgets won’t be eaten up by unnecessary software licensing costs, or hardware purchases. Even better, cloud-based solutions remove complexity so you won’t need expensive, highly specialized IT administrators to dedicate their time to it.

3) Check in wherever you are

Whether you are out on the road, at a client’s site, or on your daily commute, you can keep your finger on the pulse of your network. You can be notified of specific events by email, or even by text message to your mobile phone. Then, cloud-based remote server monitoring solutions allow you to log in to a web-based management console and view real-time statistics about your network at a glance. You can even view this on your phone, allowing you to stay in the loop wherever you are.

4) An extra pair of hands

While cloud-based solutions allow you to log in to a management console from wherever you are, good remote server monitoring solutions can also perform remedial actions without administrator intervention. It thus provides you with an extra pair of hands, taking corrective action automatically. This saves you time and can often cut down incoming support calls.

5) Easy maintenance

Updates and upgrades are immediately deployed from a central location to each server and workstation connected to the cloud-based service. That means IT administrators do not have to visit each computer to check and monitor for this. Cloud-based solutions also have the advantage of being able to do this without any worries about compatibility, dependencies or conflicts.

As can be seen from the above, remote server monitoring – and especially cloud-based solutions – offers busy system administrators many benefits, allowing you to save time and relieve some of the pressure on your IT department. Also, system administrators can attend to tasks even while they are out of the office, giving them some measure of freedom, while enabling organizations to enjoy smooth running networks.

About the Author: This guest post was provided by Jeff Smith on behalf of GFI Software Ltd.

Get your free eBook for more expert insights on remote server monitoring here: http://landnsmcd.gficloud.com/ebook-download-cloud-network-monitoring/.

All product and company names herein may be trademarks of their respective owners.

Back when I first heard about GFI LanGuard, it was just a vulnerability scanner. While it is still a vulnerability scanner for networks and network devices, today it can do so much more.  Let’s look at some of the current features.

GFI LanGuard Features

The best feature of GFI LanGuard is still it’s vulnerability scanner:

• Scans your network by IP address looking for security issues.  LanGuard will use a list of over 45,000 different security vulnerabilities to scan all computers and servers (as well as routers, network printers, and other types of devices) on your network, including Windows, Mac, Unix, and Linux systems.  In addition, it will also detect virtual machines running on the network.
• Will detect outdated anti-virus and anti-spyware definition files for a variety of software during the scanning phase.  It will not detect outdated definition files for every type of anti-virus and anti-spyware software, but it covers a lot of them.
• Can check the password policy while scanning systems on your network.
• Will look for software applications that run automatically – a key sign of a possible trojan running on a system.

GFI LanGuard will also assist with remediation of security issues with a built-in patch management system:

• Assists with patch management for Microsoft Windows as well as non-Microsoft software and third-party software applications.  In addition, GFI LanGuard will allow IT to upgrade to the newest version of some software such as the newest version of Adobe Flash or the newest version of a web browser.
• Able to remove unauthorized software applications.
• Able to remote into a computer to fix security issues that cannot be fixed automatically by GFI LanGuard.  Even though I did not try the remote feature, looking at GFI Languard as well as all the documentation, I am presuming it is available when an agent is being used on the remote machine.

Agent or Agent-less Vulnerability Scans

With GFI LanGuard, you can choose to use agents on the devices to be scanned or you can run the scan agent-less.  Agents can only be deployed on Microsoft Windows systems.  Non-Microsoft systems must be scanned using agent-less scans.  One nice feature, though, is that you do not need to install the agent software on each Microsoft system locally (meaning when you are sitting in front of the machine).  GFI LanGuard allows the agent software to be installed on a Microsoft machine as long as it is reachable from the machine on which you are running GFI LanGuard.

The advantage of running GFI LanGuard without any agents is that you can scan any type of device on the network, not just Microsoft Windows machines.  In addition, with no agent running on the client machine, no hardware resources will be used, and, in turn, no performance issues will be noticed by someone using the client machine.

When an agent is used, there is better performance (meaning the scan won’t take as long) because the scanning is shared between the machine that is running GFI LanGuard and the client machine.  The agent setup works on networks where there is lower bandwidth which would slow down the scan if the machine that is running GFI LanGuard is doing all the work and sending more data to the client machine.

The most noticeable advantage to using agents is that accuracy of the information received from the scan will be better because access to the client machine is greater than if a more passive (agent-less) scan is performed.  Unfortunately, agents can only be used on Microsoft Window machines.  Depending on the type of network you are scanning, this could be a problem since not all networks are one hundred percent Windows-based.

GFI LanGuard Conclusions

Overall, I like the features offered by GFI LanGuard and believe it can be a good fit for a variety of business types and sizes.  In addition, the documentation that comes with the product is thorough and covers how to install, set up, use, and modify the software.  Do make sure you read the documentation if you decide to give GFI LanGuard a try because it will save you a lot of headaches.

Also, pay attention to the recommended hardware requirements for not only the machine that you will be using to run GFI LanGuard but also the machines that you plan on installing a software agent on.  Pay close attention to this, and again it will save you a lot of headaches.  Software restrictions are simple, whatever machine you will run GFI LanGuard on as well as the machines you will use a software agent on will need to be running Microsoft Windows. Both hardware and software requirements are clearly noted in the documentation.

While the default setting for the number of scans is three IP addresses simultaneously, the setting can be changed to a maximum of ten.  Make sure your hardware is up to the task before increasing the number of IP’s scanned at one time.

GFI LanGuard requires the use of a database and comes with the Microsoft Access Database. It is noted in documentation, however, that larger businesses such as ones that will be scanning over 250 IP addresses will need to have Microsoft SQL Server database – a separate expense for a business if they do not already have this database product.  The default Microsoft Access Database should be adequate for  most small and medium-sized businesses.

Being a Linux user, I would like to see GFI LanGuard be improved to run on more than just Microsoft machines. I would also prefer it to be used with databases other than just Microsoft products, whether that be open-source databases or other paid products.  These two changes would allow businesses to use GFI LanGuard no matter what they are currently running in their IT environment.

I like this product and think most customers will be satisfied with GFI LanGuard once they have it up and running.  As with the use of any new piece of software, though, there is a learning curve.  Give it a try, and let me know what you think.  Feel free to leave comments about your experience with GFI LanGuard.

In most cases, I install and test the software that I review, but this time it was not possible because of the limitations of my current test network.  This review is based on reviewing the features of the product.

As in the older version, GFI WebMonitor comes in three editions:

• WebFilter Edition – Allows the business to control employees’ internet access by  blocking certain categories of websites or specific URL’s.  Can also control internet access based on time and bandwidth usage.
• WebSecurity Edition – Capable of controlling downloads and scans for viruses using a variety of anti-virus engines.  Also has anti-phishing protection and can control the use of most IM (instant message) clients.
• Unified Protection Edition – A combined edition with features of both the WebFilter and WebSecurity Editions.

Installation Requirements

GFI WebMonitor can now be installed in three modes.  As before, the software can be installed either on a company’s internet gateway server (Gateway Mode) or as a simple proxy server (Simple Proxy Mode).  The third way of installing GFI WebMonitor is with the use of a dedicated plug-in for Mircosoft ISA /TMG Server.

System requirements vary depending on which installation mode you choose to use.  Supported operating systems include Windows Server 2003, Windows Server 2008, Windows XP with at least SP2, Windows Vista, and Windows 7.  I would suggest that you follow at least the recommended  system requirements (especially when using it in a choke point such as a internet gateway) so there is less chance of your internet access or network slowing down.   Because GFI WebMonitor must scan and inspect all HTTP traffic, a lower end server or gateway can cause network speeds to suffer.

Please note:  a small business using a home network setup with no server and using basic residential grade routers would need to invest in additional hardware before using software such as GFI WebMonitor.  Look closely at the requirements laid out in the downloadable manuals prior to investing in GFI WebMonitor or any software similar to it.

Before trying GFI WebMonitor, and definitely before installing and configuring it, read the Getting Started Guide and the Administration Guides.  The manuals are well-written and provide a wealth of information beyond the marketing information provided on the main GFI site.  You can download the manuals from the GFI WebMonitor page.

GFI WebMonitor Overview

Since there are three editions of GFI WebMonitor, make sure you have determined the needs of your company prior to choosing which one to install.  The edition you choose will depend on your business needs and what you want to accomplish with this security solution.  Look at the detailed descriptions for each edition prior to either trying a free trial of the software or purchasing this security solution.

The look and layout of the software are some of the improvements made to the 2012 edition of WebMonitor.  According to GFI, the software layout has been completely redesigned to include what they call smart dashboards, new policy screens, and a better report generating engine.

Smart dashboards allow others outside the IT department to generate and view reports.  These smart dashboards include the following:

Activity Dashboard – Provides information and reports related to what categories and websites have resulted in the most losses in productivity.  It will identify users who are browsing non-productive websites as well as inappropriate websites.  You can also rank users based on browsing activity and generate a variety of other reports related to internet usage activity.
Bandwidth Dashboard – Users will be able to see reports related to download and upload volumes.  This includes identifying particular websites and website categories that are contributing to the highest bandwidth usage.  The dashboard will also reveal peak bandwidth consumption days, users using the most bandwidth, and other related bandwidth information.
Real-time Traffic Dashboard – Displays real-time data related to internet usage such as which categories, websites, and/or users that are causing problems at a given moment in time.  This dashboard also allows the business to monitor and cut off internet connections that are causing issues.

In this newer version of GFI WebMonitor, policy screens provide one central interface to create and implement internet usage policies.  Policy management is now grouped by needs and/or functions such as security, productivity loss, bandwidth issues, and download issues.

The new report generator is more robust than the previous version of GFI WebMonitor.  Reports can be generated right from the main interface and can be narrowed down by department, website category, browsing activity, bandwidth issues, or security/download issues.  The software can also be configured to contact the correct person or department when certain issues occur.  These alerts can be sent to specific individuals as soon as an issue arises. Finally, the WebFilter edition can monitor what employees are searching for using most major search engines.

The Unified Protection edition has the capabilities of both the WebFilter and WebSecurity edition.  I would recommend that businesses who really want to protect their information and network using a tool such as GFI WebMonitor spend the extra money and implement the Unified Protection solution. By using the combined edition, you won’t have to spend extra money and/or time implementing a separate solution to cover either the web filtering or the anti-virus capabilities of GFI WebMonitor.

Since the review of the older edition of GFI WebMonitor, it now appears that filtering of HTTPS traffic in all three editions has improved.  According to the documentation, the new editions decrypt all HTTPS traffic as well as re-encrypt the traffic after inspection. This is accomplished by creating a new certificate in GFI WebMonitor or by importing an existing certificate.

GFI WebMonitor is a subscription-based product with which you can purchase licenses according to the number of seats (the number of users or IP’s) needed.  There is general pricing information available on the GFI WebMonitor for each edition available.

Conclusions

I liked GFI WebMonitor when I reviewed it back in 2010, but it appears that they have now refined the product further giving the user a simpler and more understandable interface with the necessary information to identify and handle issues more easily.  Remember, as with any similar type of product, this software must be set up and then continually monitored using the dashboards and report engines to be effective.

In my opinion, GFI WebMonitor is geared more toward small and medium-sized businesses with the right IT capabilities.  GFI WebMonitor requires network and system requirements that most small businesses may not have or wish to have.  Make sure you have the recommended requirements for this product prior to purchasing  it.  There is a free 30-day trial with GFI products so I would recommend trying it before purchasing to make sure it gives you the solution you are looking for and that your network/systems  are capable of running GFI WebMonitor.