On Tuesday, we took another step in broadening the Application Management functionality in our web filtering products. We released the first set of patterns for blocking network games, commonly called Massively Multi-Player Online Role Playing Games (MMORPGs). We wrote patterns for World of Warcraft, Legend and the Steam Network, which is used by many games.

We also block a number of games through simple URL filtering. Some games rely on HTTP or HTTPS access to certain domains, so they can be shut down that way. Second Life and Lineage II are good examples of these.

There are two obvious issues with online games that should be of interest to enterprise and education IT departments: productivity and bandwidth. Cumulatively, online games have more than 16 million subscribers, with World of Warcraft alone accounting for more than 10 million of those subscribers. Blocking these applications at the gateway provides a simple, centralized way to prevent employees and students from violating what is undoubtedly already a part of your acceptable use policy.

This is the first expansion of application management in the R3000 beyond IM, P2P and proxies, leveraging a feature in the recently released 2.0.10 version of the R3000 that allows us to extend pattern coverage to any category. In the near future, we will be expanding the scope of our pattern blocking to include remote access applications like Terminal Services (RDP) and VNC, as well as streaming media protocols like RTSP.

Please submit requests for pattern coverage of other games and applications to mudcrawler [at] 8e6 [dot] com.

The guys at OpenDNS made an interesting announcement yesterday. They’re building a community authored directory of web sites to enhance their DNS-based web filtering service. OpenDNS is a free DNS service that anybody can use simply by changing their computer’s DNS settings.

This is how a DNS-based filtering service works. You change your network settings (typically the one’s served up dynamically by your DHCP server) to use the DNS servers from OpenDNS. When a user types playboy.com into the address bar, the web browser attempts to find the IP address for playboy.com using DNS. But the OpenDNS servers don’t return the real IP address for playboy. Instead they return the IP address of a server that sends the user a block page. Hey presto, the user is blocked. Frankly, it’s brilliant in its simplicity. And the community categorization approach is extra brilliant.

A DNS-based filtering solution is great at snuffing out inadvertent browsing of bad web content. When my five-year-old uses our home computer and starts clicking around on stuff, I’d like to simply prevent him from accidentally viewing nasty sites that might come back in a Google search. A DNS-based approach will absolutely solve this problem.

But my five-year-old is not what I would call a determined attacker.

(more…)

We have just released the latest version of our core web filtering appliance - version 2.0.10 of the R3000. General availability of the patch is set for January 7th, but you can contact Tech Support and request it today if you like. We’re going GA after the Holidays to reduce the load on Tech Support, which always sees a spike in activity after a major patch release (despite our best efforts).

There is lots of great stuff in this release. However, in this post I’m going to focus on the changes that affect how we handle proxies: improvements in our HTTPS filtering and pattern-based blocking. I’m going to cover:

• Block page on a pattern block
• New options that enhance HTTPS Medium and tame HTTPS High
• Whitelist feature for pattern detection

Let’s take a look at the details.

(more…)

I am often asked about IPv6, especially as it relates to the 8e6 product line. For those that are unfamiliar with IPv6, it’s a new IP protocol that will replace the current IPv4 protocol at some point in the future. The major driver for the transition to IPv6 is the total number of available IP Addresses. With the current IPv4 protocol the total number of IP addresses available is 4,294,967,296 (2³²).

When IPv4 was originally envisioned the primary users of IP Addresses were research facilities and governments. As more business joined the online community, they of course needed IP Addresses as well. In the 90s there was an explosion in the number of IP Addresses allocated to home users for Internet access from home computers. Now we are seeing more devices using IP Addresses. Cell Phones, wireless e-Books, and wireless MP3 players are now using IP Addresses in order to communicate online.

The problem is that at some point in the future we will simply run out of available IPv4 Addresses. IPv6 on the other hand supports 2¹²⁸ (about 3.4×10³⁸) or (3.4 times 10 with 38 zeros following.) That would leave approximately 5×10²⁸ IP addresses for each and every person alive on our planet today. Needless to say, that’s a lot of addresses.

(more…)