Faster and lighter
Traditionally we have created a web filter based on an HTTP proxy server. There are many commercial products based on Squid Proxy. But with this approach, you could have a serious latency problem on your network. This is because your web traffic must go through a point in your network that is your web filter and it becomes a bottleneck in your network. This latency problem becomes more important when you have a larger number of users. But there is another approach. This is the DNS filtering and NxFilter is a DNS filter. It's basically a DNS forwarding server with filtering capability. Since it uses a lightweight DNS protocol, it is not necessary that your traffic goes through anywhere. You do not get any latency issues with NxFilter.
Boost Your Internet Speed
Some users have reported that after installing NxFilter on their network, their Internet speed has improved dramatically. Indeed, NxFilter keeps the local cache for the DNS lookup. Suppose that in your network, everyone uses the Google public DNS server or the DNS server of your ISP. Their DNS requests must be sent to these DNS servers on the Internet and your users must wait for these servers to respond. But if you have NxFilter in your network, it keeps the cache for the DNS response of its upstream DNS servers and significantly reduces network traffic and your users do not have to wait for the response of these DNS servers. on the Internet.
Authentication
Even though it is faster and lighter than traditional web proxy filtering, DNS filtering had its own limit in the past. It has not supported the authentication of the user. This is natural because the DNS protocol does not have an authentication scheme. This was the biggest hurdle for a DNS filter used in a real business environment.
However, being a DNS filter, NxFilter provides 4 types of authentication methods for user identification.
- IP-Based Authentication
- Authentication by password
- LDAP Authentication
- Single Sign On with Active Directory
With NxFilter, you can differentiate users and apply different filtering policies.
Control of Application
NxFilter supports application control through its agents, NxLogon and NxClient. With this feature, you can block UltraSurf, Tor, uTorrent, Skype, Minecraft and other applications that you want to block.
- NxLogon is the NxFilter Active Directory Single Sign-On Agent and NxClient is the Remote Users Filter Agent for NxFilter.
Web proxy filtering
The benefits of a DNS filter are many, but we had to give up several things if we wanted to use a DNS filter up to now. You can not apply the secure search feature and you can not filter keywords based on the URL because it works at the DNS level. But now, NxFilter provides Web proxy filtering through its agents, NxLogon and NxClient. NxLogon and NxClient themselves are local web proxies and they can do everything that a web filter can do. Currently, it supports the enhancement of secure search and filtering of URL keywords, blocking the IP host.
One might think that providing these web proxy agents, NxFilter is no longer a lightweight filtering solution. But that is always the case. These Web proxy agents function as a local Web proxy only for a user, which causes no network performance issues.
Easy deployment
When you deploy a web filter on your network The hardest part would be to force filtering on your users without much hassle. If you choose a filtering product based on a web proxy, you must configure all browsers that point to your web filter as a proxy server. To make things easier, you can use what is called the transparent proxy configuration, so you do not need to configure all browsers one by one. But with the transparent proxy configuration, you have a problem for HTTPS filtering because it is breaking the browser restriction for attacking "man in the middle". Your browser will not send HTTPS requests to your proxy if you try to redirect traffic transparently. And besides, this transparent proxy configuration is quite difficult even for a seasoned system engineer.
If you go with a DNS filter, you are free from all these hassles. You just need to configure your DHCP server using NxFilter as a DNS server for its clients. Then your users will use NxFilter as a DNS server and they will be filtering. Forcing filtering to users is also possible. You can block outgoing port 53 on UDP and TCP except from NxFilter. Now, NxFilter becomes the only DNS server that your users can use. It is already transparent and does not cause any attack problem through HTTPS.
This is not just for HTTP traffic
If it's a filtering product based on a web proxy, you can only filter HTTP and HTTPS, but with DNS filtering, you can filter almost any protocol, including including HTTP, HTTPS, FTP, P2P.
Malware Detection / Botnets
NxFilter is also able to detect malware and zombie networks based on the inspection of DNS packets. This is possible because NxFilter works at the DNS level.
What's New:
- Search a keyword on UserDao to apply on a token column.
- Application of version 4.2.3 of & quot; domain-pattern.txt & quot ;.
- Do not add subdomains & nbsp; & nbsp; & nbsp; & nbsp; & nbsp; & nbsp; & nbsp; & nbsp; & nbsp; & nbsp; in the NxClassifier queue.
- The HX protocol sends domains instead of resolving them.
- Resetting the permanent cache for changing the serialization ID.
- Config.rqDropSize added for DDOS prevention.
- Add a domain to the queue NxClassifier even if it is filed by domain model parser.
- Added support NxRelay.
- Message for the free Jahaslist license on the added dashboard.
- Added "continue" after "allowedIpDic.isBypassAll".
- Jahaslist has been updated to 2060034.
[ad_2]
Source link