URL Filtering/P2P Filtering

URL filtering

 Conventional packet-filtering firewalls can control connections, but cannot limit the websites that can be viewed. In other words, if you allow the connection of the web, you can browse any website. Restricting the sites you browse requires educating your users, but there are limits to that.

 In addition, due to the increase in harmful websites, information leaks due to postings on bulletin board sites, etc., and the decrease in work efficiency due to access to websites unrelated to work, organizations are restricting access to websites. Introduction of products with "URL filter" function is progressing.

 A typical example of a URL filter installation form is to set up a proxy server within an organization and access the website via the proxy server.

 In this form, it is necessary to install an application such as Squid on the proxy server server and define the "URL filter", so it is a little difficult to introduce easily.

 Due to the growing need to easily introduce a "URL filter" function, the number of products that implement this function in routers is increasing. Although there are still few models that are implemented in inexpensive routers, there are many products that are implemented in affordable routers used by small and medium-sized companies, and the "URL filter" function is familiar. It's becoming

 In the "URL filter", you define the URLs of websites that you do not want to access, but since websites are constantly appearing and disappearing, it is necessary to constantly update the definition.

 Therefore, many products have a function that automatically downloads the latest database from the vendor via the Internet and updates it.

 Many old routers cannot use the URL filter function, but some models support the function by updating the firmware, so it is necessary to check the details on each vendor's website.

For example, YAMAHA routers support the following web filtering.

  • External database reference type URL filter
  • Internal database reference type URL filter

 "External database reference type URL filter" can automatically download the latest database from the vendor via the Internet and update it, but it is charged.

 The "internal database reference type URL filter" is maintained by the administrator himself registering all or part of the URL as a keyword in the router. This is free.

 Which one to use for URL filtering depends on the degree of accuracy you want to use for URL filtering. If you want to achieve a highly accurate URL filter, you will need to adopt the "external database reference type URL filter". This allows you to determine not only the URL string, but also the content of the page.

 Here, we have introduced the filtering function of YAHAMA routers, but other vendors' routers also have similar URL filtering functions.

P2P filtering

 P2P networks are flooded with harmful content. There are also threats such as information leakage due to virus infection. In addition, it may put pressure on communication bandwidth and router resources, and reduce business efficiency.

Since P2P communication has nothing to do with business, an increasing number of organizations are restricting P2P access.

 Against this background, routers that can filter P2P communication are also appearing. Even though P2P communication can be filtered, there are so many P2P software that it is not possible to filter all of them. However, you can expect an effect just by filtering P2P with many users.

 For example, YAHAMA routers support P2P software Winny and Share depending on the model and firmware version.

Wiiny・・・RTX1200,RTX1100,RTX3000 etc.
Share・・・RTX1200 etc.

 Isn't it difficult to set up filtering on a command basis? You may think that this is the case, but many products can be set using the GUI of the web interface, making it very easy to set up.

Setting in the GUI is as easy as checking the desired P2P software item.

P2P software that routers do not support will be handled by NAT's session limit function and bandwidth limit.

 This method is not intended to block P2P communication, but to limit the bandwidth used in communication and the diagram below to prevent monopolization of lines shared with other users. You can also reduce the load on your router by setting this limit.