| Clear Packets |
 |  |  |  |  |
 |
 |
| |
 |
| |
 |
| |
 |
| |
 |
| |
 |
| |
 |
| |
 |
| |
 |
| |
 |
| |
 |
Selectively permit or deny any network application or service for one or more groups of users. User role based application control simplifies the management, improves security and enhances resource utilization. |
| Application Control Based on Employee's Role |
There are two classes of applications:
For the first class of applications, FMS-Enterprise Gateway offers fine grained control to permit or deny a
request use them for a group of users. FMS checks if requesting user is allowed to run a particular
application, and permits or denies the request accordingly. Complete list of the first class of applications is
maintained in the system and the administrator can selectively permit or deny these for a specific group of
users.
For the second class of applications, which includes ultrasurf, skype, tor, aim, allpeers, bittorrent,
bypass, direct-connect, ebuddy, vtunnel, fasttrack, fileswire, gnunet, imesh, kazaa, kproxy, logmein
and many more, the system provides an extremely effective control based on policy to not only completely
shut them down but also provide real-time information on who is trying to use them. These applications use
extremely clever techniques like UDP-firewall-hole punching, encrypted tunnels to hide all data going in and
out, extremely random IP addresses from all over the world to connect to, use of random port numbers etc,
which practically eliminates all chances of a firewall being able to block them.
FMS-Gateway's overall architecture suites extremely well to not only control these applications but
effectively control whole class of them so that administrator need not have to keep fighting fires every day.
The real value proposition is not only in just being able to block these stealth
applications but also be able to make complete sense of the data going in and
out of the network and if the data happens to be protected data then effectively
blocking data leak attempts.
- The standard protocol based applications like FTP, Email, HTTP etc. which are extremely valuable
for every organization. They are often allowed for all users except for few like blocking FTP for
guest users. - Applications like Skype, Tor, UltraSurf, BitTorrent, VTunnel, logmein etc. which are mostly
considered security risks because of their behavior and unproven value proposition. Their stealth
nature makes it harder to know what are they being used for.
For the first class of applications, FMS-Enterprise Gateway offers fine grained control to permit or deny a
request use them for a group of users. FMS checks if requesting user is allowed to run a particular
application, and permits or denies the request accordingly. Complete list of the first class of applications is
maintained in the system and the administrator can selectively permit or deny these for a specific group of
users.
For the second class of applications, which includes ultrasurf, skype, tor, aim, allpeers, bittorrent,
bypass, direct-connect, ebuddy, vtunnel, fasttrack, fileswire, gnunet, imesh, kazaa, kproxy, logmein
and many more, the system provides an extremely effective control based on policy to not only completely
shut them down but also provide real-time information on who is trying to use them. These applications use
extremely clever techniques like UDP-firewall-hole punching, encrypted tunnels to hide all data going in and
out, extremely random IP addresses from all over the world to connect to, use of random port numbers etc,
which practically eliminates all chances of a firewall being able to block them.
FMS-Gateway's overall architecture suites extremely well to not only control these applications but
effectively control whole class of them so that administrator need not have to keep fighting fires every day.
The real value proposition is not only in just being able to block these stealth
applications but also be able to make complete sense of the data going in and
out of the network and if the data happens to be protected data then effectively
blocking data leak attempts.
Please note that this is just an example for illustration purpose only. The administrator can choose
permissions for any application any way s/he wants or to suite corporate policy requirements.
permissions for any application any way s/he wants or to suite corporate policy requirements.
| (C) Copyright 2008 Clear Packets, LLC. All rights reserved. | Terms and Conditions |
