Subscribe to Windows IT Pro
October 01, 1997 12:00 AM

Session Wall-3

John Enck
Windows IT Pro
InstantDoc ID #229
Rating: (0)

In addition to the startup warning, SessionWall can automatically send all systems an email message warning users that you are monitoring them. This message struck me as an inherently sane thing to do: Monitoring people's activity with their knowledge is clearly more palatable than watching them without their knowledge. In many states, you are required to provide this notification, so please get some legal advice before you start wholesale monitoring.

Finally, you can configure SessionWall to disregard certain types of traffic. For example, you can tell SessionWall to watch your Web traffic but ignore your email traffic. This capability lets you establish policies that inform users that you can monitor certain types of traffic at any time but other types of traffic are off limits. Because the industry has a history of email-driven lawsuits, this capability is important.

Now, let's move out of this moral morass and look briefly at another aspect of SessionWall's monitoring capability: the ability to generate usage reports. Because SessionWall keeps track of detailed information, it can produce a variety of reports on network usage. You can see usage by server, by client, by protocol, and more; Screen 2 shows the report selection screen. Once you select a report, you can see the results on screen or in hard copy.

SessionWall's report information is invaluable to any network administrator. A network administrator can use this information to identify potential problem clients or bottlenecked servers. This capability to provide real and valuable data about network utilization certainly overshadows SessionWall's Big Brother specter. Furthermore, the content of the traffic doesn't appear in the report, so the reports are unlikely to upset people (although Web site names appear, so people visiting inappropriate Web sites must still beware.)

SessionWall as a Business Guardian
The final capability of SessionWall lets you establish and monitor acceptable conduct business practices in your network and monitor adherence to those practices. One obvious example is defining a policy that prohibits users from accessing adult-oriented sites. You can then configure SessionWall to monitor for that kind of traffic (based on Web page keywords) and alert you when a violation occurs. You might want to establish policies for email that prohibit use of words such as guarantee or preliminary in business correspondence. Again, SessionWall can monitor email traffic and alert you when a violation occurs.

As a business guardian, SessionWall doesn't prevent this type of traffic from occurring; it merely notifies you so that you can take appropriate action based on your local human resource policies. So you can't, for example, use this capability to block access to all X-rated sites; SessionWall will permit the access but will alert you that it is going on. Configuring SessionWall to be a guardian is similar to setting up SessionWall to be a firewall. In this case, though, you set up events to watch for. You can define events for all traffic or for traffic to or from certain stations.

For example, let's say that you work at a candy factory and you want to prevent your employees from visiting any Web sites about dentistry. First, you access SessionWall's Events menu. Then, in the WWW log row, you can configure the clients to watch for, the servers to watch for, the type of activity to monitor, the action to take, and when this policy is in effect. By default, events apply to all clients and all servers all day and night, so this configuration will accomplish your goal.

To implement your policy, left-click on the Type entry in the WWW row and choose Edit Item from the drop-down menu that appears. Then in the event description, choose the Body string match option, and enter some key words for SessionWall to watch for in Web page content. As Screen 3 shows, you could look for words such as dentist and dental. Whenever SessionWall sees a Web page go by with that content, it will move to the action phase.

You configure the action through the Events menu by left-clicking on the Action entry and choosing the Edit Item option. You can have SessionWall take a number of actions when this event occurs: It can send an alert message to your display, it can send you an email message, or it can fax you; or you can configure it to take a customized action. When you receive notification, you can look at your monitor logs, see who has violated your business policy, and take appropriate action in person.

SessionWall: Good or Evil?
When most people see SessionWall for the first time, they are amazed and alarmed at the information that it collects and displays. Seeing someone's email or Web visit through SessionWall is a very sobering experience. However, the reality is that network analysts and network administrators have had this capability for years. Network monitor software (e.g., Novell's LANalyzer, Cinco's NetXRay, and Microsoft's Systems Management Server--SMS) gives you access to the same information; it just doesn't put it together in such a nice, easy-to-read format. So in many ways, SessionWall is just taking a dirty little networking secret out of the closet for everyone to see.

I would hate to see SessionWall not considered or not implemented because people perceive it as a Big Brother product. Other network monitor products are just as intrusive. If you would consider implementing SMS but not SessionWall, I challenge you to rethink your logic.

More important, after you get over the emotional issues of seeing other people's traffic, you see the extremely useful capabilities that SessionWall offers. SessionWall is an easy-to-use firewall. It may not be as comprehensive as a traditional firewall, but running SessionWall is better than having no firewall at all. Even if you have a firewall, implementing SessionWall may make sense for the monitoring, reporting, and business guardian capabilities it offers. These capabilities are well worth the price of admission.

So my advice is simple. Rant and rave about the Big Brother aspects of SessionWall for a few minutes, and get those feelings out of your system. Then look at the warning and alerting features it supports to soften the blow of network monitoring (features, by the way, that you don't find in traditional network monitors). After that, look at the core capabilities the product offers. I think you'll find that SessionWall is more good than bad.

SessionWall-3
Contact: AbirNet * 817-251-7000 or 800-245-1688
Web: http://www.abirnet.com
Price: Starts at $995 (supports 125 concurrent sessions)
System Requirements: Windows 95, Windows NT 3.51, or Windows NT 4.0

Related Content:

ARTICLE TOOLS

Comments
Add A Comment
  • murad naser
    8 years ago
    Mar 03, 2004

    can we have more than one interface on the sessionwall server to monitor and spoof more than one network segment , and can we use span on cisco switches , to monitor more than one segment and send tcp-reset massages

  • Sseseven
    11 years ago
    May 08, 2001

    I cannot accept the argument that network technicians need the ability to view these communications as a reason for using SessionWall. By the same reasoning, telephone technicians would be granted full license to listen to and reveal voice communications. In fact, this ability now takes a court order. Where employees know that email is routinely inspected, the productivity expected from the use of this technology does not appear. Instead, employees use paper or meetings to continue to exchange sensitive but not secret materials.

  • This article is very good
    11 years ago
    May 03, 2001

    I have read the "Session wall-3" , i want the email address of the author to contact getting more information about the Products
    Thank you very much

  • Gerry M. Allen
    13 years ago
    Aug 10, 1999

    I read with interest John Enck’s October 1997 review of SessionWall-3. The conclusions about perusing email and other communications trouble me. I cannot accept the argument that network technicians need the ability to view these communications as a reason for using SessionWall. By the same reasoning, telephone technicians would be granted full license to listen to and reveal voice communications. In fact, this ability now takes a court order.
    Where employees know that email is routinely inspected, the productivity expected from the use of this technology does not appear. Instead, employees use paper or meetings to continue to exchange sensitive but not secret materials. A general feeling of mistrust between employer and employee is furthered, and employees see the IS staff as an enabler of spying.
    Products that treat employers as divine and employees as sinful encourage further division between them. Competent management detects inappropriate behavior by managing, not by abdicating that task to software. My company chooses not to inspect the content of employees’ email or spy on their Internet activities. Instead, we focus our limited resources on being better than the competition—quite successfully, I might add.

    --Gerry M. Allen

You must log on before posting a comment.

Are you a new visitor? Register Here

advertisement

advertisement

Dev Pro Left-Brain SharePoint Pro SQL Server Pro SuperSite for Windows Windows IT Pro

© 2012 Penton Media, Inc.

Home About Us Advertise Customer Service Privacy Statement Subscribe/Renew Terms Of Use

Windows is a trademark of the Microsoft group of companies. Windows IT Pro is used by Penton Media Inc. under license from owner.