Review by Alan Drury and John Watters
The Internet connection is vital for many Small to Medium or Large-sized enterprises, but it can also be one of the biggest headaches. How can you know who is doing what? How can you enforce a usage policy? And how can you protect your organisation against internet-borne threats? Larger companies tend to have sophisticated firewalls and border protection devices, but how do you protect yourself when your budget won’t run to such hardware? This is precisely the niche GFI has addressed with GFI WebMonitor.
How Does GFI WebMonitor 2012 Work?
Before we get into the review proper it’s worth taking a few moments to understand how it works. GFI WebMonitor installs onto one of your servers and sets itself up there as an internet proxy. You then point all your browsers to the internet via that proxy and voilà – instant monitoring and control.
The server you choose doesn’t have to be internet-facing or even dual-homed (although it can be), but it does obviously need to be big enough and stable enough to become the choke point for all your internet access. Other than that, as long as it can run the product on one of the supported Microsoft Windows Server versions, you’re good to go.
We tested it in a average company that had an adequate amount of PCs, laptops and mobile clients (phones), running on a basic ADSL internet connection and a dual-core Windows 2003 Server box that was doing everything, including being the domain controller and the print server in its spare time, and happily confirmed no performance impact on the server.
Installing GFI WebMonitor 2012
As usual with GFI we downloaded the fully functional 30-day evaluation copy (82Mb) and received the license key minutes later by email. On running the installer we found our humble server lacked several prerequisites but happily the installer went off and collected them without any fuss.
After that it offered to check for updates to the program, another nice touch:
The next screen is where you decide how you want to implement the product. Having just a single server with a single network card we chose single proxy mode:
With those choices made the installation itself was surprisingly quick and before long we were looking at this important screen:
We reconfigured several user PCs to point to our newly-created http proxy and they were able to surf as if nothing had happened. Except, of course, for the fact that we were now in charge!
We fired off a number of web accesses (to www.Firewall.cx of course, among others) and some searches, then clicked Finish to see what the management console would give us.
WebMonitor 2012 - The All-Seeing Eye
The dashboard overview (above) displays a wealth of information. At a glance you can see the number of sites visited and blocked along with the top users, top domains and top categories (more on these later). There’s also a useful trending graph which fills up over time, and you can change the period being covered by the various displays using the controls in the top right-hand corner. The console is also web-based so you can use it remotely.
Many of the displays are clickable allowing you to easily drill down into the data, and if you hover the mouse you’ll get handy pop-up explanations. We were able to go from the overview to the detailed activities of an individual user with just a few clicks. A user here is a single source IP, in other words a particular PC rather that the person using it. Ideally we would have liked the product to query the Active Directory domain controller and nail down the actual logged-on user but to be honest given the reasonable price and the product’s undoubted usefulness we’re not going to quibble.
The other dashboard tabs help you focus on particular aspects. The Bandwidth tab (shown below) and the activity tab let you trend the activity either by data throughput or the number of sessions as well as giving you peaks, totals and future projections. The real-time traffic tab shows all the sessions happening right now and lets you kill them, and the quarantine tab lists the internet nasties that WebMonitor has blocked.
To the right of the dashboard, the reports section offers three pages of ad-hoc and scheduled reports that you can either view interactively or have emailed to you. You can pretty much get anything here: the bandwidth wasted by non-productive surfing during a time period; the use of social networking sites and/or webmail; the search engine activity; the detailed activity of a particular user and even the use of job search websites on company time.
Underlying all this is a huge database of site categories. This, along with the malware protection, is maintained by GFI and downloaded daily by the product as part of your licensed support so you’ll need to stay on support moving forward if you want this to remain up to date.
Monitoring, however, is only half the story and it’s under the settings section that things really get interesting. Here you can configure the proxy (it can handle https if you give it a certificate and it also offers a cache) and a variety of general settings but it’s the policies and alerts that let you control what you’ve been monitoring.
By defining policies you can restrict or allow all sorts of things, from downloading to instant messaging to categories of sites allowed or blocked and any time restrictions. Apply the relevant policies to the appropriate users and there you go.
The policies are quite detailed. For example, here’s the page allowing you to customise the default download policy. Using the scrolling list you can restrict a range of executables, audio/video files, document types and web scripts and if the default rules don’t meet your needs you can create your own. You can block them, quarantine them and generate an alert if anyone tries to do what you’ve forbidden.
Also, hidden away under the security heading is the virus scanning policy. This is really nice - GFI WebMonitor can scan incoming files for you using several anti-virus, spyware and malware detectors and will keep these up to date. This is the part of the program that generates the list of blocked nasties we mentioned earlier.
Pull down the monitoring list and you can set up a range of administrator alerts ranging from excessive bandwidth through attempted malware attacks to various types of policy transgression. By using the policies and alerts together you can block, educate or simply monitor across the whole spectrum of internet activity as you see fit.
GFI WebMonitor is a well thought-out, thoughtfully focussed and well integrated product that provides everything a small to large-sized enterprise needs to monitor and control internet access at a reasonable price. You can try it for free and the per-seat licensing model means you can scale it as required. It comes with great documentation both for reference and to guide you as you begin to take control.