Categorized Phrase Lists for Internet Filtering Applications

Jendai Solutions have available categorized phrase lists (or word lists or keyword lists) for XGuard, Redwood & DansGuardian internet content-filtering applications.

These phrase lists have been compiled by Jendai Solutions by crawling thousands of individual websites in various categories and analyzing each pages contents to generate and score the keywords and phrases that apply to sites in each category.

Jendai Solutions constantly update the phrase lists as more websites are crawled and analysed, and the phrase scores in each category are tested and optimized to increase their accuracy.

Categories available in the phrase lists include:

Abortion Abortion information excluding when related to religion
Ads Includes sites offering banners and banner creation as well as sites delivering banners to be shown in webpages and advertising companies
Adult Sites containing adult material such as swearing but not porn
Aggressive Sites with aggressive content such as racism and hate speech
Airlines Airlines
Alcohol Sites of breweries, wineries and destilleries. This category also covers sites that explain how to make beer, wines and spirits
AllURLs All URL’s
Anonvpn Sites providing vpn services to the public. The focus is on vpn sites used to hide the origin of the traffic, f.e. tor nodes
Antispyware Sites that remove spyware
automobile-bikes Sites related to motorcycles. Included are vendor sites, resellers, fan and hobby pages as well as and suppliers, scooters included
automobile-boats Sites related motorboats. Included are vendor sites, resellers, fan and hobby pages as well as and suppliers
Automobile-cars Sites related to cars. Included are automobile companies and automotive suppliers
Automobile-planes Sites related to planes ranging from small one and two seaters up to the large traffic planes, old and new, private, commercial and military. Vendors and supplier are included (airports are not). Helicopter sites are included as well
Badwords Bad Words
Chat Sites for real-time chatting and instant messaging
Conspiracy Conspiracy Theories
Costtraps Sites that lure with free of charge services but then give then give you a costly subscription
Dating Sites to contact people for love and living together. He seeks her, she seeks him and so on
DomainsForSale Parked Domains
Downloads This covers mostly filesharing, p2p and torrent sites. Other download sites (for software, wallpapers, ..) are included as well
Drugs Sites offering drugs or explain how to make drugs. Covers alcohol and tobacco as well as viagra and similar substances
Dynamic All domains where people login obtaining a dynamic IP address
Education-schools Schools, colleges and universities sites
Facebook Facebook
Filesharing File Sharing Sites
Finance-banking Home page of banking companies are listed here. This is not restricted to online banking
Finance-insurance Sites of insurance companies, information about insurances and link collections concering this subject
Finance-moneylending Sites one can apply for loans and mortgages or can obtain information about this business
Finance-other Finance in general
Finance-realestate Sites about all types of real estate, buying and selling homes, finding apartments for rent
Finance-trading Sites about and related to stock exchange
Fortunetelling Sites about astrology, horoscopes, numerology, palm reading and so on; sites that offer services to fortell the future
Forum Discussion sites. Covers explicit forum sites and some blogs. Sites where people can discuss and share information in a non interactive/real-time way
Gacking Sites with information and discussions about security weaknesses and how to exploit them. Sites offering exploits are listed as well as sites distributing programs that help to find security leaks
Gambling Sites offering the possibility to win money. Poker, Casino, Bingo and other chance games as well as betting sites
Games Sites about online games. The games are for fun only (no gambling)
Google_Images Google and Bing Images and videos
Government Sites belonging to the government of a country, county or city
Hobby-cooking Sites concerning food and food preparation
Hobby-games-misc Sites related to games. This includes descriptions, news and general information about games. No gambling sites
Hobby-gardening Sites about gardening, growing plants, fighting bugs and everything related to gardening
Hobby-pets Sites concerning pets: description, breed, food, looks, fairs, favorite pet stories and so on
Homestyle Sites about everything need to create a cozy home (interior design and accessories)
Hospitals Sites of hospitals and medical facilities
IDTheft ID Theft
Image-Search Image Search
Imagehosting Sites specialized on hosting images, photo galleries and so on
IP_Addresses IP Address
ISP Home pages of Internet Service Providers. Sites of companies offering webspace only are now being added, too
Jobsearch Portals for job offers and job seekers as well as the career and work-for-us pages of companies
Library Online libraries and sites where you can read e-books
LinkedIn LinkedIn
Magazines Magazine
Malware Malware
Military Sites of military facilities or related to the armed forces
Models Model agency, model and supermodel fan pages and other model sites presenting model photos. No porn pictures
Movies Sites offering cinema programs, information about movies and actors. Sites for downloading video clips/movies (as long as it is legal) are included as well
Music Sites that offer the download of music, information about music groups or music in general
Never-Block Never block these sites
News Sites presenting news. Homepages from newspapers, magazines and journals as well as some blogs
NoIP Noip.com Dynamic DNS
Nudist Nudist
Peer2Peer Peer-to-peer File Sharing
Personals Personals Ads
Pinterest Pinterest
Podcasts Sites offering podcasts or podcast services, includes audio books
Politics Sites of political parties, political organisations and associations; sites with political discussions
Pornography Sites about all kinds of sexual content ranging from bare bosoms to hardcore porn and sm
Proxies Online and Anonymous web proxies
Radio-TV Domains and urls of TV and radio stations
Recreation-humor Humorous pages, comic strips, funny stories, everything which makes people laugh
Recreation-martialarts Sites dedicated to martial arts such as: karate, kung fu, taek won do as well as fighting sports sites like ufc
Recreation-restaurants Sites of restaurants as well as restaurant descriptions and commentaries
Recreation-wellness Sites about treatments for feeling internally and externally healthy and beautiful again
Redirector Sites that actively help to bypass url filters by accepting urls via form and play a proxing and redirecting role
Religion Sites with religious content: all kind of churches, sects, religious interpretations, etc
RemoteControl Sites offering the service to remotely access computers, especially (but not limited to going) through firewalls. This does not cover traditional VPN
Ringtones Sites that offer the download of ringtones or present other information about ringtones
Science-Astronomy Sites of institutions as well as of amateurs about all topics of astronomy
Science-Chemistry Sites of institutions as well as of amateurs about all topics of chemistry
Search Engines Search engines and directory sites
SecretSocieties Secret Societies and Lodges
Sex-education Sites explaining the biological functions of the body concerning sexuality as well as sexual health
Sex-lingerie Sites selling and presenting sexy lingerie
Shopping Sites offering online shopping and price comparisons
Social_Networks Sites bringing people together (social networking) be it for friendship or for business
Sports All about sports: sports teams, sport discussions as well as information about sports people and the various sports themselves
Spyware Sites that try to actively install software or lure the user in doing so in order to spy the surfing behaviour (or worse). The home calling sites where the collected information is sent, are listed too
Tracker Sites keeping an eye on where you surf and what you do in a passive manner. Covers web bugs, counters etc mechanisms in web pages that do not interfere with the local computer yet collect information about the surfing person for later analysis
Translation Translation Sites
Travel Sites with information about foreign countries, travel companies, travel fares, accommodations and everything else that has to do with travel
Twitter Twitter
Updates List to allow necessary update downloads from vendors
Upstreamfilter Blocked by Another Filter
Urlshortener Sites offering short links for URLs
Vimeo Vimeo
Violence Sites about killing and harming people. Covers anything about brutality and beastiality
Warez Collection of sites offering programs to break licence keys, licence keys themselves, cracked software and other copyrighted material
Weapons Sites offering all kinds of weapons or accessories for weapons: Firearms, knifes, swords, bows, etc. Armory shops are included as well as sites holding general information about arms (manufacturing, usage)
Webmail Sites that offer web-based email services
Webphone Sites that enable user to phone via the Internet. Any site where users can voice-chat with each other
Webradio Sites that offer listening to music and radio live streams
WebTV Sites offering TV streams via Internet
Yammer Yammer
Youtube YouTube

 

Please contact Jendai Solutions for more information & pricing on obtaining categorized phrase lists (or word lists or keyword lists).

/0 Comments/by

Altaro Hyper-V Backup

Virtual Machine Backup for Hyper-V and VMware

Altaro VM Backup is a fast, affordable, high performance backup solution, specially developed for small and mid-market businesses. We’ve cut the waste and hassle to give you an agile, streamlined solution that is easy to implement, feature-rich, with outstanding support as part of the package.

Up and running quickly, without the need for complex configurations!

With Altaro VM Backup, you can install and run your first virtual machine (VM) backup in less than 15 minutes. Get up and running quickly, without the need for complex configurations or software dependencies.

Altaro VM Backup is designed to give you the power you need, without the hassle and steep learning curve.

  • Easy to use, intuitive UI – making it easy to implement a rock solid backup strategy
  • Managing and configuring backup/restore jobs across multiple hosts has never been simpler
  • Full control & scalability – Monitor and manage all your Hyper-V and VMware hosts from a single console

Powerful and fast centralised full control & scalability

Managing and configuring backup/restore jobs across multiple hosts has never been simpler.

  • Powerful functionality, easy to use – Offsite backup replication (with WAN acceleration), granular restore options for individual files and Exchange items, automated backup verification, and more!
  • Flexibility without the complexities – Simply drag and drop selected VMs to your chosen backup schedules and retention policies
  • Cloud Management Console – Cloud based tool to centrally monitor and manage all your Altaro VM Backup installations from a single online console.

Best deduplication in the industry – Augmented Inline Deduplication

Altaro VM Backup with Augmented Inline Deduplication drastically reduces your storage requirements for your backup repository. When compared to other vendors, it is the best deduplication in the industry creating the smallest backup size. Our deduplication runs across all backup jobs, you don’t need to group virtual machines together (no use of post processing). Requiring the least amount of backup space is only one of the benefits;Augmented Inline Deduplication also improves backup and restore speed.

  • Much lower storage requirements. When compared to other vendors Altaro creates the smallest backup size!
  • Faster backup and restore speed (less data to transfer)
  • Savings on storage requirements continue to improve as more VM backups are added
  • Augmented Inline Deduplication doesn’t tax server performance
  • Best deduplication in the industry not only for creating the smallest backup size but uses Variable Block Size for best efficiency.

Outstanding Support available as part of the package. No hidden costs.

No matter how good a solution is, every environment is unique and unexpected issues do happen. If something goes wrong, you need to be able to rely on fast, knowledgeable and effective support. Altaro’s Support team are experts on Hyper-V and VMware and go the extra mile for you.

  • Available by phone (in less than a minute), email (a reply within the hour) and live chat (almost instantly)
  • Get solutions quickly, from an actual person rather than receiving a canned response
  • Speak directly to a product expert – No tier 1 agents or ‘Gatekeepers’.
/0 Comments/by

XGuard Internet Filter

XGuard Firewall and Internet Filter

XGuard Firewall is a secure Filtering multi-function network appliance & management system based on FreeBSD OS. Each XGuard Firewall device utilises an industrial strength firewall and networking software providing advanced NAT network translation & transparent web filter and proxy services.  XGuard Firewall filters websites using advanced keyword page scoring algorithms as well as black and white lists of URL’s and provides both DNS record guarding and proxy based guarding which increases the strength of the Internet filtering.

Features:

Realtime Content filtering

XGuard’s advanced Realtime Content filtering utilises a large database of keywords and categories to determine whether an individual webpage should be allowed or block based on the contents of each page. In conjunction with traditional black/whitelists, XGuard’s Realtime Website filtering gives incredible flexibility to what users and groups of users are allowed to see.

URL Blacklisting/whitelisting

URL Blacklisting/whitelisting of sites and Realtime Content Filtering can be based on multiple categories and access control lists(ACL’s) to provide different & varied levels of internet access. ACL’s can be set per machine, IP address or username from either locally managed, Windows Active Directory, Radius or LDAP servers. ACL’s can also be set to allow or guard based on time periods for added flexibility. ACL’s can be set to force all search engines (if allowed) to search in ‘safe’ or ‘child’ mode. When enforced this mode cannot be worked around by the user, even by URL manipulation. Individual logging of ACL’s can be specified.

Logging & Monitoring

XGuard Firewall provides comprehensive system & network monitoring & customisable logging of filtering and guarding activities. All logs on the XGuard Firewall are automatically uploaded to the XGuard Control Server for analysis or diagnosis. XGuard Firewall provides complete SNMP support for integration with other vendors management systems. XGuard Firewall can provids complete logging & filtering of common Instant Messenger clients (MSN Messenger, AIM ICQ etc) connecting thru it. As well as logging user access & conversations, it can replace words in a customisable expletive wordlist with asterisks (‘*’) in any conversations. Filtering occurs for conversations in both directions. XGuard Firewall allows for a block/allow list for IM usernames that prohibits or inclusively allows the nominated contacts. For example, XGuard Firewall can allow staff to use the communication advantages of IM services like Live Messenger and AIM, while ensuring they can only communicate with team members & clients for productive business use.

Firewall

  • Filtering by source and destination IP, IP protocol, source and destination port for TCP and UDP traffic
  • Limit simultaneous connections on a per-rule basis
  • XGuard  utilizes p0f, an advanced passive OS/network fingerprinting utility to allow you to filter by the Operating System initiating the connection. Want to allow FreeBSD and Linux machines to the Internet, but block Windows machines? XGuard allows for that (amongst many other possibilities) by passively detecting the Operating System in use.
  • Option to log or not log traffic matching each rule.
  • Highly flexible policy routing possible by selecting gateway on a per-rule basis (for load balancing, failover, multiple WAN, etc.)
  • Aliases allow grouping and naming of IPs, networks and ports. This helps keep your firewall ruleset clean and easy to understand, especially in environments with multiple public IPs and numerous servers.
  • Transparent layer 2 firewalling capable – can bridge interfaces and filter traffic between them, even allowing for an IP-less firewall (though you probably want an IP for management purposes).
  • Packet normalization – Description from the pf scrub documentation – “‘Scrubbing’ is the normalization of packets so there are no ambiguities in interpretation by the ultimate destination of the packet. The scrub directive also reassembles fragmented packets, protecting some operating systems from some forms of attack, and drops TCP packets that have invalid flag combinations.”
    • Enabled in XGuard by default
    • Can disable if necessary. This option causes problems for some NFS implementations, but is safe and should be left enabled on most installations.
  • Disable filter – you can turn off the firewall filter entirely if you wish to turn your XGuard into a pure router.

State Table

The firewall’s state table maintains information on your open network connections. XGuard is a stateful firewall, by default all rules are stateful.

Most firewalls lack the ability to finely control your state table. XGuard has numerous features allowing granular control of your state table, thanks to the abilities of FreeBSD’s ported version of pf.

  • Adjustable state table size – there are multiple production XGuard installations using several hundred thousand states. The default state table size varies according to the RAM installed in the system, but it can be increased on the fly to your desired size. Each state takes approximately 1 KB of RAM, so keep in mind memory usage when sizing your state table. Do not set it arbitrarily high.
  • On a per-rule basis:
    • Limit simultaneous client connections
    • Limit states per host
    • Limit new connections per second
    • Define state timeout
    • Define state type
  • State types – XGuard offers multiple options for state handling.
    • Keep state – Works with all protocols. Default for all rules.
    • Sloppy state – Works with all protocols. Less strict state tracking, useful in cases of asymmetric routing.
    • Synproxy state – Proxies incoming TCP connections to help protect servers from spoofed TCP SYN floods. This option includes the functionality of keep state and modulate state combined.
    • None – Do not keep any state entries for this traffic. This is very rarely desirable, but is available because it can be useful under some limited circumstances.
  • State table optimization options – pf offers four options for state table optimization.
    • Normal – the default algorithm
    • High latency – Useful for high latency links, such as satellite connections. Expires idle connections later than normal.
    • Aggressive – Expires idle connections more quickly. More efficient use of hardware resources, but can drop legitimate connections.
    • Conservative – Tries to avoid dropping legitimate connections at the expense of increased memory usage and CPU utilization.

Network Address Translation (NAT)

  • Port forwards including ranges and the use of multiple public IPs
  • 1:1 NAT for individual IPs or entire subnets.
  • Outbound NAT
    • Default settings NAT all outbound traffic to the WAN IP. In multiple WAN scenarios, the default settings NAT outbound traffic to the IP of the WAN interface being used.
    • Advanced Outbound NAT allows this default behavior to be disabled, and enables the creation of very flexible NAT (or no NAT) rules.
  • NAT Reflection – NAT reflection is possible so services can be accessed by public IP from internal networks.
Limitations: PPTP / GRE Limitation – The state tracking code in pf for the GRE protocol can only track a single session per public IP per external server. This means if you use PPTP VPN connections, only one internal machine can connect simultaneously to a PPTP server on the Internet. A thousand machines can connect simultaneously to a thousand different PPTP servers, but only one simultaneously to a single server. The only available work around is to use multiple public IPs on your firewall, one per client, or to use multiple public IPs on the external PPTP server. This is not a problem with other types of VPN connections. PPTP is insecure and should no longer be used.

High Availability

The combination of CARP, pfsync, and our configuration synchronization provides high availability functionality. Two or more firewalls can be configured as a failover group. If one interface fails on the primary or the primary goes offline entirely, the secondary becomes active. XGuard also includes configuration synchronization capabilities, so you make your configuration changes on the primary and they automatically synchronize to the secondary firewall.

The firewall’s state table is replicated to all failover configured firewalls. This means your existing connections will be maintained in the case of failure, which is important to prevent network disruptions.

Limitations: Only works with static public IPs, does not work with stateful failover using DHCP, PPPoE, or PPTP type WANs.

Multi-WAN

Multi-WAN functionality enables the use of multiple Internet connections, with load balancing and/or failover, for improved Internet availability and bandwidth usage distribution.

Server Load Balancing

Server load balancing is used to distribute load between multiple servers. This is commonly used with web servers, mail servers, and others. Servers that fail to respond to ping requests or TCP port connections are removed from the pool.

Virtual Private Network (VPN)

XGuard offers three options for VPN connectivity, IPsec and OpenVPN.

IPsec

IPsec allows connectivity with any device supporting standard IPsec. This is most commonly used for site to site connectivity to other XGuard installations and most all other firewall solutions (Cisco, Juniper, etc.). It can also be used for mobile client connectivity.

OpenVPN

OpenVPN is a flexible, powerful SSL VPN solution supporting a wide range of client operating systems.

PPPoE Server

XGuard offers a PPPoE server. A local user database can be used for authentication, and RADIUS authentication with optional accounting is also supported.

Reporting and Monitoring

RRD Graphs

The RRD graphs in XGuard maintain historical information on the following.

  • CPU utilization
  • Total throughput
  • Firewall states
  • Individual throughput for all interfaces
  • Packets per second rates for all interfaces
  • WAN interface gateway(s) ping response times
  • Traffic shaper queues on systems with traffic shaping enabled

Real Time Information

Historical information is important, but sometimes it’s more important to see real time information.

  • SVG graphs are available that show real time throughput for each interface.
  • For traffic shaper users, the Status -> Queues screen provides a real time display of queue usage using AJAX updated gauges.
  • The front page includes AJAX gauges for display of real time CPU, memory, swap and disk usage, and state table size.

Dynamic DNS

A Dynamic DNS client is included to allow you to register your public IP with a number of dynamic DNS service providers.

  • Custom – allowing defining update method for providers not specifically listed here.
  • DNS-O-Matic
  • DynDNS
  • DHS
  • DNSexit
  • DyNS
  • easyDNS
  • freeDNS
  • HE.net
  • Loopia
  • Namecheap
  • No-IP
  • ODS.org
  • OpenDNS
  • Route 53
  • SelfHost
  • ZoneEdit

A client is also available for RFC 2136 dynamic DNS updates, for use with DNS servers like BIND which support this means of updating.

Captive Portal

Captive portal allows you to force authentication, or redirection to a click through page for network access. This is commonly used on hot spot networks, but is also widely used in corporate networks for an additional layer of security on wireless or Internet access. For more information on captive portal technology in general. The following is a list of features in the XGuard Captive Portal:

  • Maximum concurrent connections – Limit the number of connections to the portal itself per client IP. This feature prevents a denial of service from client PCs sending network traffic repeatedly without authenticating or clicking through the splash page.
  • Idle timeout – Disconnect clients who are idle for more than the defined number of minutes.
  • Hard timeout – Force a disconnect of all clients after the defined number of minutes.
  • Logon pop up window – Option to pop up a window with a log off button.
  • URL Redirection – after authenticating or clicking through the captive portal, users can be forcefully redirected to the defined URL.
  • MAC filtering – by default, XGuard filters using MAC addresses. If you have a subnet behind a router on a captive portal enabled interface, every machine behind the router will be authorized after one user is authorized. MAC filtering can be disabled for these scenarios.
  • Authentication options – There are three authentication options available.
    • No authentication – This means the user just clicks through your portal page without entering credentials.
    • Local user manager – A local user database can be configured and used for authentication.
    • RADIUS authentication – This is the preferred authentication method for corporate environments and ISPs. It can be used to authenticate from Microsoft Active Directory and numerous other RADIUS servers.
  • RADIUS capabilities
    • Forced re-authentication
    • Able to send Accounting updates
    • RADIUS MAC authentication allows captive portal to authenticate to a RADIUS server using the client’s MAC address as the user name and password.
    • Allows configuration of redundant RADIUS servers.
  • HTTP or HTTPS – The portal page can be configured to use either HTTP or HTTPS.
  • Pass-through MAC and IP addresses – MAC and IP addresses can be white listed to bypass the portal. Any machines with NAT port forwards will need to be bypassed so the reply traffic does not hit the portal. You may wish to exclude some machines for other reasons.
  • File Manager – This allows you to upload images for use in your portal pages.

Limitations: “Reverse” portal, i.e. capturing traffic originating from the Internet and entering your network, is not possible.Only entire IP and MAC addresses can be excluded from the portal, not individual protocols and ports.

DHCP Server and Relay

XGuard includes both DHCP Server and Relay functionality

Administration

Each XGuard Firewall can be remotely administered, via its own web browser based management centre, providing complete status, health, configuration and management of each XGuard Firewall by designated admins.

Hardware

XGuard Firewall can be supplied as either standalone or rackmount designs, or as a VMware virtual machine. XGuard Firewall can also be supplied with multiple network interfaces allowing multiple networks to be joined, bridged or given isolated internet access. XGuard Firewall hardware is chosen to provide a highly reliable, long life product while providing high network throughput and a low impact on internet performance. Current hardware typically only adds 2-3ms to internet latency, and 0.5% bandwidth impediment. XGuard Firewall can currently handle 1GB/s network traffic from WAN to LAN continuously with the above quoted losses.

XGuard Firewall is compatible with a variety of internet sources and routing equipment, DSL & Cable modems, satellite, dial-up modem etc. Full compatibility with all Microsoft Windows, Apple Mac OS X, Linux and Unix client and server operating systems, seamless interoperability with Cisco, HP, Dell, Apple, Canon (and other leading equipment providers) printing, routing & network devices ensures your XGuard Firewall will integrate with & enhance your existing IT systems & infrastructure.

Contact Jendai Solutions for details and help tailoring a system to suit your requirements.

/0 Comments/by