Version 3 September 1, 2003
The products described in this User's Guide are licensed products of NetPurifier, Inc. This User's Guide contains proprietary information protected by copyright, and this User's Guide and all accompanying software and documentation are copyrighted. NetPurifier, Inc.
Table of Contents........................................................................ i Introduction and Getting Started ........................................... 1-1 Features .............................................................................................1-1 How NetPurifier Works.......................................................................1-2 Overview ........................................................................................1-2 Filtering System ...................
DNS ................................................................................................3-8 Completing the DNS/Gateway Configuration.................................3-8 DHCP Configuration...........................................................................3-9 Using an existing DHCP Server .....................................................3-9 Using the NetPurifier DHCP Server ...............................................3-9 Port Blocker..................................................
! " # NetPurifier™ stops the pornography, the on-line gambling, the hate sites at the Internet gateway, before the offensive material reaches children. You don’t have to worry about kids surfing the Net. With NetPurifier, if they accidentally misspell a word or use a search word that takes them to the “dark side,” they will see a friendly message telling them the site has inappropriate content. Features NetPurifier offers the following features: Stops access to pornography, hate and gambling sites.
How NetPurifier Works Overview NetPurifier is a hardware-and-software, set-it-and-forget-it device that plugs into your network and redirects all Internet traffic to itself. Only the NetPurifier communicates directly with the Internet. Internet information for all other computers (e.g., Windows, Apple, Linux) must first go through the filter system built into the NetPurifier. Filtering System A three-tier filter system ensures that inappropriate content does not reach the user.
Sensitivity Levels Level 1 This level is suggested only for the youngest children or where the strictest policy is enforced. Incorporates very strict filtering and minimal downloading capabilities. Porn, hate, hacking and gambling are not allowed. Web based email is not allowed at common sites such as Hotmail and Yahoo. Downloading of files including exe, mp3, dll, avi, visual basic extensions and many more are not allowed. Many automatic program updates will not work with this setting.
Level 4 This level is suggested for public access points such as kiosks and library terminals, High School and colleges and filtered adult use. Porn is not allowed. Web based email allowed. Downloading of all files is allowed. Using This User’s Guide This User's Guide is designed to install, configure, use, and troubleshoot the NetPurifier network content filtering device. The following list summarizes the chapters and appendixes that follow this chapter.
through this document, we have added blue-colored hot links to the Table of Contents, index, chapters, and appendixes in this User’s Guide. Clicking one of these hot links automatically moves you to that location in this User’s Guide. For example, if you click one of the blue-colored chapter or appendix titles in the previous section, you automatically move to the first page in that chapter or appendix.
Getting Started NetPurifier suggests that the following order of installation and configuration is followed. 1. Have the following information available when installing and configuring NetPurifier. Network IP range _________________________ (i.e. 192.168.1.0-254) Network subnet mask _________________________ (i.e. 255.255.255.
" ) $ # ) In this chapter we will discuss the physical installation of NetPurifier and how to connect a browser to NetPurifier in preparation for configuration. Installation Location NetPurifier should be installed in a clean, dry location located within near available hub/switch port of the network that is to be filtered. AC Power Connect the supplied AC Power cord to the NetPurifier and a properly grounded 115VAC outlet.
" ) Power On and Indicator Lights After all connections are made NetPurifier may be powered on by pressing the power switch on the front of the unit. The green indicator light indicates that NetPurifier is powered on and functioning normally. The yellow light indicates disk activity. Note: After power on, NetPurifier will take approximately two minutes before it is ready for operation. To power off NetPurifier press the power button. All indicator lights will extinguish.
" ) Windows 2000/XP 1. Right click My Network Places 2. Click Properties of the Local Area Network you are using. 3. Double click Internet Protocol. 4. Set the IP address, Subnet mask and Default gateway as shown in Fig 2-1. Figure 2-1: Setting Windows2000/XP IP Address MAC OS10 Note: After configuring NetPurifier to your network subnet you may then set your computer back to its original network settings.
" ) Making a connection NetPurifier is accessed by pointing your browser to 192.168.1.9:10000. Upon a successful connection you will see: Figure 2-2: Webmin Login You are now ready to configure NetPurifier as described in the next chapter.
" " ) % # # ) Security Configuration Upon connection to NetPurifier you will be presented with a login screen to Webmin. Webmin is the web based interface used to configure NetPurifier. Figure 3-1: Webmin Login The default Username is: netpurifier The default Password is: netpurifier Note: It is recommended that you immediately change the default password to a password of your own choosing. This is described below.
" " ) Changing the default password Upon successful login you will be presented with the Webmin interface. Figure 3-2: Select Webmin Users After clicking on Security you will be presented with a choice of Webmin Users. Clicking on Webmin Users will bring up the Webmin Users menu. By clicking on netpurifier you will be able to change the default password.
" " ) To change the default password enter the new password, change the Password drop down selection to set to, click on Save. Important: NetPurifier is factory configured to allow login access from any computer on the local network (after proper authentication). This access may be further limited by entering the IP of only the computer(s) that you want configuring NetPurifier in the User IP Access control dialog box.
" " ) DNS/Gateway Configuration Figure 3-4: Select Network Configuration In this section the DNS and Gateway settings of your network will be configured. To access these settings click on DNS/Gateway and then on Network Configuration.
" " ) Network Interfaces (IP Address Configuration) NetPurifier is factory configured to an IP of 192.168.1.9 with a subnet mask of 255.255.255.0. If your network does not use this subnet then change the IP of NetPurifier as described in this section. Click on Network Interfaces. This will expose the Active Interfaces Now dialog. Figure 3-6: Selecting Network Interface Click on Interfaces Activated at Boot Time.
" Warning: " ) Entering the wrong IP address and subnet mask will cause you to lose communication with NetPurifier. If you do not remember the information entered you will not be able to reconnect with NetPurifier. Change the Netmask and IP Address to reflect your network requirements. When completed click on Save. Figure 3-7: Entering IP and Subnet Mask Continue to the next section, Routing and Gateways.
" " ) Routing and Gateways Figure 3-8: Entering Gateway IP Enter the IP address of the Internet Gateway that NetPurifier will use to access the Internet. This may be the same Internet gateway address as client computers were previously using to access the Internet. When completed click on Save. Continue to the next section, DNS.
" " ) DNS Figure 3-9: Entering DNS Settings Enter the DNS settings that NetPurifier will use to resolve Domain Names. These may be the same DNS servers that the client computers are using. When completed click on Save. Completing the DNS/Gateway Configuration Figure 3-10: Apply Configuration The final step in completing the DNS/Gateway configuration is to click the Apply Configuration button Warning: %+ This step will change the IP of NetPurifier.
" " ) DHCP Configuration NetPurifier can operate in conjunction with an existing DHCP server or with its own built-in DHCP server. In either case the key to the successful operation of NetPurifier is a redirect of the Internet Gateway IP address from the true Internet Gateway to NetPurifier. This allows NetPurifier to sit between the requesting computer and the true Internet Gateway. Using an existing DHCP Server If using an existing DHCP Server the following items must be configured: 1.
" " ) Setting up the Subnet Figure 3-11: Selecting Network Click on the current IP address as shown above to expose the DHCP subnet settings Figure 3-12: Setting the DHCP Subnet The above example shows the factory defaults for setting the DHCP Subnet. If your network uses a different subnet then replace the values shown with your network’s settings.
" " ) Edit Client Options The example below shows the factory defaults for setting the DHCP Client options If your network uses different settings then replace the values shown with your network’s settings. Figure 3-13: Entering Client DHCP Option Starting and Stopping the DHCP Server Upon completion of configuring the DHCP server the server must be started. Click on Apply Changes - Start Server, as shown in Fig. 313, to accomplish this task.
" " ) Port Blocker Port Blocker allows the selective enabling and disabling of ports. This can restrict or allow the use of certain applications such as email, peer-to-peer music sharing and instant messenger chat. By default Port Blocker allows all ports. Figure 3-14: Port Blocker Commands Note: % $ Port Blocker is not a firewall. NetPurifier is designed to sit inside the trusted network.
" " ) Changing Port Blocker Configuration Figure 3-15: Changing Port Blocker Configuration Enabling Common Ports To enable services such as FTP, email and instant messenger click on the Yes button for the service and then click Change Port Blocker Configuration. When Change Port Blocker Configuration is clicked NetPurifier will close all ports and then open only the ports that have been selected. Note: Port Blocker will never block browser access to the Internet (Port 80).
" " ) Adding User Defined Ports If a port is not listed it may be entered manually by entering the port number in User Defined Ports. A range of ports may be entered by using range:range. Enabling All Ports Enabling all ports opens all ports. This is the default setting of NetPurifier. Router Compatibility Mode NetPurifier uses latest generation Statefull Packet Inspection (SPI) to determine ports that should be opened or closed in response to settings in Common Ports.
" " ) Changing levels, lists and messages Changing Levels Changing Sensitivity Levels on NetPurifier is as simple as clicking on the level desired. When clicked the level is changed and NetPurifier is restarted. Each level and its filtering capabilities are described below in the Filter Matrix. Figure 3-16 Changing Sensitivity Levels Note: Upon changing a level NetPurifier will restart with the new level. A restart may take up to one minute to complete.
" " ) Filter Matrix Smart Filter Technology B=banned Description Smart Filter Threshold Level Level Level Level 1 2 3 4 50 100 150 200 Banned Sites Filter B=banned Description Level Level Level Level 2 3 4 1 Banned Sites ads B B B aggressive B B B audio-video B B B drugs B B B gambling B B B B hacking B B mail B B porn B B B proxy B B B violence B B B warez B B B B PICS Filter B=banned PICS Ratings % ( Description Level Level Level Level 1 2 3 4 On On
" " ) Banned File Extensions B=banned Description Level Level Level Level 1 2 3 4 .cpl Control Panel extension B .crt Security certificate B .dll Windows system file B .exe Program B .hlp Help file B .ini Windows system file B .hta HTML program B .inf Setup Information B .ins Internet Naming Service B .isp Internet Communication settings B .lnk Windows Shortcut .mda Microsoft Access add-in program B .mdb Microsoft Access program .
" " ) B=banned Description Level Level Level Level 1 2 3 4 .pif Shortcut to MS-DOS program B .prf Microsoft Outlook profile settings B .reg Windows registry entries B .scf Windows Explorer command B .scr Screen saver B .sct Windows Script Component B .sh Shell script B .shs Shell Scrap object B .sys Windows system file B .url Internet shortcut B .vb Internet shortcut B .vbe VBScript Encoded script file B .vbs VBScript file B .vxd Windows system file B .
" " ) B=banned Description Level Level Level Level 1 2 3 4 .cdr Mac disk image B .dmg Mac disk image B .smi Mac self mounting disk image B .sit Mac compressed file B .sea Mac compressed file, self extracting B .bin Mac binary compressed file B .hqx Mac binhex encoded file B .rar Similar to zip B .mp3 Music file B .mpeg Movie file B .avi Movie file B asf this can also exploit a security hole allowing virus infection B .iso CD ISO image B .ogg Music file B .
" " ) Adding to the Exception Site list To access the Exception Site list click on Exception Site List. Place sites that you wish to except from NetPurifier filtering in the Exception Site List. Figure 3-17: Adding to the Exception Site List Note: When entering sites in the list you do not need to preface with www. A # sign will cause the entry to be ignored. When completed click on Save.
" " ) Adding to the Exception IP list To access the Exception IP list click on Exception IP List. Place the IP’s of computers that you do not want filtered by NetPurifier in this list. This may include administrator workstations and servers. Figure 3-18: Adding to the Exception IP List Note: When entering sites in the list use the standard IP (i.e. 192.168.1.1). A # sign will cause the entry to be ignored. When completed click on Save.
" " ) Changing the Access Denied page message Figure 3-19: Changing Access Denied Message When NetPurifier determines that an Internet page should not be shown to the requesting user an “Access Denied” page is sent to the user. The page shows what site was not allowed, the reason why and a message that may be configured to meet your requirements. Enter the message that you would like to appear on the “Access Denied” page. When completed click on Save.
" " ) Add to Banned Site List If a site is found that you believe should be banned it may be easily added using the Banned Site List. To add a site, enter the name of the site. It is not necessary to use the www prefix. Figure 3-20: Banned Site List When completed click on Save. Note: Upon changing the Banned Site List, NetPurifier will restart. A restart may take up to one minute to complete. During this time user access to the Internet will be denied.
" % $& " )
) ) & ) NetPurifier operates as an in-line filter between the requesting computer and the Internet.
) ) Network Flow 1. User requests web page (1). NetPurifier checks internal cache for page. If locally cached, NetPurifier responds to request immediately (6). 2. If not locally cached NetPurifier requests page from Internet by way of Router/Firewall (2). 3. Request for page is sent to Internet (3). 4. Request is received from Internet (4). 5. Returned page is routed to NetPurifier (5). 6. If clean NetPurifier serves page to end user (6). If not clean NetPurifier sends "Access Denied" page (6).
) ) Blacklist NetPurifier maintains a Blacklist of sites that have been deemed unacceptable. The list is categorized as follows: Categories Advertising Aggressive Audio-video Drugs Gambling Hacking Mail Pornography Proxy Violence Warez Blacklist Update The staff at NetPurifier constantly adds and removes sites from its blacklists. NetPurifier will update its blacklists either daily or weekly, depending on the service contract you have acquired.
) ) Smart Filter Technology Blacklists and the PICs rating system are very effective if the offending web site is known and if they properly rate themselves. 100’s of new sites catering to pornography and other inappropriate content are added to the Internet weekly. To insure that these sites are blocked, until they can be added to the Blacklist, NetPurifier uses Smart Filter Technology. Smart Filter scans and assigns a numeric weight to each word on the requested page.
. " / #
. $ "
0 / ! 1 For your convenience, NetPurifier provides a number of ways for you to contact us. Location NetPurifier, Inc. is located at: 1646 Elderberry Way San Jose, CA 95125 Phone, Main Sales Support Fax 866-875-1254 (toll free in U.S.) 866-875-1254 (toll free in U.S.) 866-875-1254 (toll free in U.S.) 408-265-5249 Website Our website is at http://www.netpurifier.
0 Technical Support NetPurifier provides technical phone support at 866 875-1254. Email support is available at support@netpurifier.com. You can also fax your questions to us at our 24-hour fax number: 408-2655249.
) / ! ! Network Network Type - 10/100baseT NetPurifier operates in a Network Address Translation mode (NAT). In this mode only non-routable IP addresses are used on the internal LAN (192.xxx.xxx.xxx). Number of Computers When used with it’s built in DHCP server, NetPurifier is configured to allow access to up to 230 computers. Typical Access Time Access time per HTTP request is less than 20ms. DHCP Requirements NetPurifier is configured with an active DHCP server. The scope is 192.168.1.10 to 192.168.1.
) Caching Proxy NetPurifier incorporates a caching proxy that caches web pages that have been accessed and filtered. Subsequent accesses to these pages are served from the caching proxy – not from the Internet. Access time from the cache is near instantaneous and depending on network usage patterns may result in a substantial reduction in Internet network traffic.
