Jon's Network » 8e6

Name Change for Marshal8e6

Jon — Wed, 02 Sep 2009 15:24:11 +0000

Web filtering vendor 8e6 Technologies merged with email security vendor Marshal in late 2008. They promptly changed the name to Marshal8e6. They just changed it again to M86 Security, which is much, much better.

8e6 Technologies

Jon — Sat, 17 Jan 2009 03:16:56 +0000

The 8e6 Professional Edition offers high-performance, enterprise-level filtering with the R3000 Internet Filter. An appliance optimized for speed and scalability, the R3000 provides 90+ categories and millions of Web sites in the 8e6 Database. Deployed in â€œpass-byâ€ or transparent mode, the R3000 sits outside the flow of network traffic to “watch” rather than “stop and check”, delivering unmatched network compatibility and performance. 8e6 and Marshal merged in November 2008 so there may be some branding changes around the corner. (Link: 8e6 Technologies Internet Filtering)

8e6 Active Directory Constraints

Jon — Fri, 15 Aug 2008 17:10:19 +0000

Interesting limitation on the 8e6 AD integration

For the AD Agent, it is currently has only been released for Active Directory environments with 2200 users or less.

Schools Battle Proxies

Jon — Thu, 29 May 2008 05:49:11 +0000

Stan Trevena, IT director for Modesto City Schools, penned The Internet Filtering Battlefield and describes the constant struggle to keep student and faculty behavior inline with the acceptable use policy. This is important to keep students safe and to keep the district out of legal trouble.

It is a great article that explains exactly how users have been bypassing filters over the years. I wanted to disagree on the part about encrypted proxies however:

Encryption brings us to the frontline of todayâ€™s war on circumvention. Encrypted proxies have been a hard target to hit. Because encryption involves keys and algorithms, thereâ€™s nowhere near enough processing power in an Internet filtering server to decrypt secure communications between client and server on the fly. Itâ€™s also unreasonable to block all HTTPS traffic on a districtâ€™s network because many transactions that are part of the daily business of running a school are conducted through such secure sites.

There is enough processing power to proxy SSL sessions. Blue Coat, Secure Computing and Palo Alto all do it. (Palo Alto does it fastest.) It can be a pain though. Some of the vendors make it easier to manage than others by maintaining your list of certificates for you and letting you control which types of sites you proxy for, e.g. you can ignore banking and shopping traffic but proxy other SSL traffic. If you deem the risk large enough to warrant the hassle of pushing your own cert to the browsers and pointing them to the proxy, then there is ample processing power to do this.

What I think is more effective than URL filtering is just straight monitoring of all internet use (not just the blocked sites) and reporting on activity by username to hold users accountable. Stan mentions this at the end of the article. Most filters offer the type of reporting that HR departments require. I also recommend Vericept to schools that want to augment their filter and increase their visibility into user behavior.

Mixed Mode URL filtering

Jon — Wed, 28 May 2008 23:54:57 +0000

I’m working with a midsize business looking to ditch their Surfcontrol/ISA setup. They want an inline filtering appliance and have already looked at Barracuda and 8e6 Technologies. The problem is they want most of the users filtered transparently (bridge mode proxy) and some using an explicit proxy. Barracuda needs two boxes to do this (one for each mode). 8e6 can’t function as a proxy at all so they would need to set up a proxy that then sends the traffic to 8e6.

This problem is easily solved using St. Bernard’s iPrism. St. Bernard offers “mixed mode” filtering which means they can be a transparent proxy and explicit proxy at the same time for different users, machines or protocols. It can be quite handy for organizations with mixed authentication or machine environments or that want granular reporting on web use by terminal server users.

Here is the KB article: iPrism Mixed-Mode Traffic Filtering.

In this case, it looks like iPrism is the best fit.