Advanced CSM Functions in Vigor Routers
CSM (Content Security Management) is a powerful tool for network management; it sets rules for passing or blocking of traffic to and from web pages or web applications based on the content of data packets. DrayTek’s implementation of CSM simplifies settings, making complicated configuration with traditional firewalls just tick and click exercises.
With CSM, the network administrators do not need to deal with IP, port numbers, etc. – tasks that can be tedious and repetitive, but instead can tick applications for P2P, Online Video, etc. directly. This is a very desirable feature for network administrators who sometimes scratch their heads and pull out their hair trying to set up the firewall rules.
DrayTek’s CSM will save network administrators a lot of time because:
- Many applications no longer use fixed IP or port numbers, rendering traditional firewalls unable to stop traffic from such applications
- No need to figure out port numbers and rules that are used by individual applications, or how to configure the router – a time consuming task.
Parents at home do not need a Degree in Computer Science to be able to configure firewall rules to prevent children from accessing undesirable web pages with sex, violence, on-line gambling, etc. Vigor2820』s CSM GUI has these applications listed and the user only needs to tick or un-tick as desired.
In situations where someone is using up too much of the bandwidth quota, the administrator can set the rules at ease to limit traffic from applications, such as P2P or large video files.
What are DrayTek’s Advanced CSM Functions?
With new applications for file/resource sharing, remote accessing, video streaming, etc. popping up in the market regularly, it is daunting for network administrators to keep up to date with every potential threat to the network. Keeping up with the new threats coming to the networked world in conjunction with these developments, DrayTek has provided improved CSM blocking capability for applications that, while serving customers on certain applications, incur extra loop holes for internal or external intruders to explore.
DrayTek has designed the GUI for the Advanced CSM functions to make setting these applications as easy as tick and click, as shown in this configuration page:
There are 3 types of techniques by which these software adapt for their applications: Tunneling, Streaming and Remote Control/Access.
Traditional HTTP proxy uses tunneling techniques to provide Internet accesses to remote users. However, intruders can make use of the proxy and encode the browser packets to avoid detection by the firewall settings, therefore jeopardizing the network security. VPN is another application that uses tunneling techniques that can penetrate the firewall and threaten network security (by a disgruntled employee, for instance).
Some recent applications pose worse security threats. For instance, if an insider installs the well known SoftEther software in one of the PCs, the program would allow an outsider’s PC to access the local LAN freely as if from a local PC – a very scary thought for any responsible network administrator.
Another software application, UltraSurf encodes Web surfing packets by SSL and tunneling, making the packets invisible to traditional firewalls.
With increasing Internet speed and coverage, it’s more and more common for people to watch video applications, including YouTube and its lookalikes/followers, and other VOD and P2P applications such as PPLive, SopCast, etc. on the Internet.
Most people do not understand the problems that streaming techniques bring about: high bandwidth usage, slow network speed, reduction in work efficiency, etc. For instance, many people start to substitute daily paper reading with YouTube or YouTube-like viewing, resulting in large traffic volume. Video file sizes can easily be tens or hundreds of MBytes, and for households/businesses that have data volume quota, there may be surprises when bills are received. Network administrators cannot filter these packets through URL Filtering.
Some applications, including SopCast, PPLive, are stream video based on P2P techniques, meaning that when people are viewing the video from the downstream, the upstream are open to other peers to share the contents – a bad news for ADSL2/2+ users who have slower upstream speed than downstream speed. When the upstream is crowded, the downstream speed is also restricted.
Blocking video streaming will prevent such situation from occurring, with the added benefits of increased work productivity.
Remote Access is a convenient tool for network administrators or users to be able to access and control remote PCs – a wonderful time saver increasing in popularity with many new software packages joining the market regularly. Common applications include: operating the PC in the office from home (e.g., downloading a file to a remote PC), configuring servers remotely (so you don’t need to drive to the server room at wee hours), etc. Only one problem – it’s also a God-sent tool for would be network intruders.
Network intruders can remotely access the PCs in the office or at home, bypassing the office firewall, for activities that may or may not be legal and causing potential trouble for the company or household. The company/personal data can also be stolen or privacy infringed.
Not only that DrayTek’s advanced CSM functions have included most of the current software for remote access/control making it a matter of ticking the applications as desired, DrayTek’s Object Based Firewall design also means that users can save the CSM settings as profiles for repetitive use or for time scheduled settings. Therefore, with CSM, Object Based Firewall and Time Scheduler, the network administrators can have stress-free lives (at least as far as network security is concerned).