Petros Lam

1

• Petros Lam
• VP, Sales Marketing
• The Hong Kong School Net Ltd

2
School Network
Teachers Server
Intranet Server
Wifi
Workstations
Internet
Router
WebSAMS Crystal Report Workstation
WebSAMS HTTP Server
WebSAMS Server
3
School Network

• Difficulties in Daily Operation
• Method and types of attacks change rapidly,
  difficult for schools to follow the latest
  updates.
• Heavy teaching work load makes it difficult to
  maintain and update such an complicated network
  security environment by teachers themselves.
• Limited resources for schools
  to afford expensive solutions and services for
  commercial use.
• Many companies only sell products and lack
  skills, knowledge and the right to modify the
  product they provide.

Teachers Server
Intranet Server
Wifi
Workstations
Internet
Router
WebSAMS Crystal Report Workstation
WebSAMS HTTP Server
WebSAMS Server
4
School Network
Teachers Server
Intranet Server
Wifi
Workstations
Internet
Router

• Regular update managed by Professional Team who
  developed SCHOOLWALL.
• Tailored for Schools in Hong Kong.
• User Friendly Interface reduce time to learn
  and operate.
• Affordable price

WebSAMS Crystal Report Workstation
WebSAMS HTTP Server
WebSAMS Server
5
School Network
Teachers Server
Intranet Server
Wifi
Workstations
Internet
Router
WebSAMS Crystal Report Workstation
WebSAMS HTTP Server
WebSAMS Server
6
Latest and Upgraded Functions

• User Friendly Interface
• Packet Filtering
• URL Filtering
• Classroom Control
• Finer access control
• Bandwidth control
• Application Protection
• Web
• FTP
• Email
• Statistics
• Expansion Module

7
New User Friendly Interface
8
Packet Filtering

• Static NAT

9
URL Filtering

• Transparent Proxy (TCP/Port 80)
• Global default deny list
• Configuration
• Control Areas Domain, Keyword, URL, IP address
• Permit Allow exceptions in global deny list
• Deny Deny additional objects in control areas
• No-Cache Do not cache specific domains / IPs
• My Domains Permit all and do not cache self
  domains sites

10
URL Filtering
Transparent Proxy (TCP/Port 80) Global default
deny list
11
Classroom Control

• Additional control on a set of fixed IP addresses
• Examples IP range for staff, computer rooms
• Domain Blocking / Unblocking
• Allow List Default deny all but allow exception
  in domains
• Deny List Adding domain block list to global
  deny list
• Deny All Deny all access, no exceptions
• Allow All Allow all access (no blocking)
• Bandwidth Control
• Guarantee Bandwidth
• Maximum Bandwidth

12
Classroom Control

• Example of adding Deny List

13
Classroom Control

• Bandwidth Control

Testing URL ftp//download.speedtest.com.hk/100mb
.zip
G Guarantee Bandwidth M Maximum Bandwidth
Maximum Bandwidth limt the download speed
14
Application Protection - Web

• Example of blocking SQL injection

Setting up
Receiving Request
Analysis
Denied If not allowed
15
Application Protection - FTP
Set a password retry limit to the connection. If
exceed the limit, the IP will be banned for a
fixed period of time.
16
Application Protection - Email

• Sender blacklisting

• Anti-spam mechanisms
• DNSBL
• Greylisting
• SPF
• DKIM
• Sender White / Black Listing

17
Statistics - Network Traffic
Bandwidth Graphs
18
Statistics - Network Traffic
Email Gateway Statistics
19
Expansion Module Server Certificate
20
Comparison
Network Protection Investment Consequence
No Firewall 0 Serious!
Self Developed Firewall Time of Teachers Very difficult to upgrade
Commercial Firewall Very Expensive Lack maintenance and support
Very Affordable Install, Update, Upgrade, Support - VPN, Lab, Proxy, Filter
21

• The End
• Thank you!