FoxTalk

NetFox Online is coming along in leaps and bounds and we have almost completed our pre-release beta testing. The product will be available for Schools and Business before the new year so stay tuned!

Today I had to build some complex functions for my postgresql server. Well, ordinarily they wouldn't be THAT complex but when limited to PL/PGSQL things like operations on timestamps can be quite tricky. So I thought I'd give PLRuby a go. You can get it from Rubyforge.

Building it on Ubuntu

Once downloaded, I needed to build it against my postgresql install. Ensure that when you are building it, that you use --enable-conversions to make things easier for you when handling native SQL types.

sudo apt-get install postgresql-server-dev-8.3
tar -zxpvf plruby-0.5.3.tar.gz
cd plruby-0.5.3/
ruby ./extconf --enable-conversions \
  --with-pgsql-include=/usr/include/postgresql/8.3/server/
make
sudo make install

Creating a Function

Creating a function was easy! All you need to know is that your arguments come as the 'args' array and that if you compiled with --enable-conversions the arguments will be native ruby types. You can find more examples of PLRuby functions here. Happy Rubying!

CREATE OR REPLACE FUNCTION bin(timestamp with time zone,
     integer) RETURNS timestamp AS '
  esec = args[0].to_i
  return Time.at(esec - (esec % args[1]))
' LANGUAGE 'plruby';

The South Australian Department of Education and Children's Services have recently announced the “Dual ISP” program. This means that schools can choose to use a secondary ISP at their school for redundancy or performance reasons.

DECS has also announced that schools must use the same filtering system as mandated centrally and cannot use alternative filtering products. They have also stated that schools must use the standard infrastructure ISA Proxy appliances provided by DECS to manage access to a second ISP.

What are the problems with this?

When managing student activities at the school a range of tools are required. While the DECS solution may provide schools with good levels of Internet filtering, there are several other issues that must be dealt with and the following systems should be put in place.

• Internet Quota Control or Billing systems
• Detailed and effective Internet Reporting
• Auditing for student Internet access
• Auditing for staff Internet access

How can NetFox help?

If you are using NetFox currently, or are looking at doing so in the future, the above issues can be addressed. Furthermore, NetFox can be implemented to work with the DECS guidelines and ensure that you are following the correct practices.

How can NetFox be implemented to work with DECS?

There are two options for implementing NetFox with the standard DECS infrastructure.

Using the NetFox Appliance

The NetFox applicance can be placed in your network as an “intermediate” proxy server. It will perform billing and reporting as normal and can also offer additional filtering to the DECS solution. NetFox provides more filtering options than the DECS solution for example, forcing the use of safe google searches.

When implemented, NetFox will connect to the your school's ISA proxy as an upstream proxy. You will need to create a “netfox” user on your ISA server and use the “single user” upstream option in the NetFox configuration. You can also set NetFox to choose an upstream proxy depending on the site that is requested.

Using NetFox Business Online

The NetFox Business Online service will be available in South Australia around the end of August. Schools will be able to use it for reporting on staff and student Internet usage from their DECS ISA Proxy server without the need for any additional hardware. An agent is installed on the ISA proxy server which sends all logs to the NetFox Business Online servers. See our product page for more details.

Soon after launch we will be adding billing capabilities and a portal designed specifically for teaching staff to manage their students on-line.

How do I find out more?

Send us an email or give us a call if you need assistance or have questions you need answered. Our details are here.

This year at CeBIT, we did a prelaunch of the new NetFox Business Online service. Over 50 businesses signed up for the Beta trial starting in June. We also got so much interest in our product from resellers and managed service providers that we are now planning a formal reseller and affilliate program.

More details to come so stay tuned!

Once again, NetFox will be attending CeBIT.AU in Sydney. The conference, running from the 12th to the 14th of May at Sydney's Exhibition Centre, will showcase some of Australia's best and most innovating technology. Please visit us at CeBit on the South Australian stand in Hall 4, stand K40.

Internet censorship simply will not work. It is open to error and abuse and threatens to destroy the web as we know it. Not to mention that there is presently no feasible method to effectively and accurately censor Internet access to very large groups of users.

However, child pornography, illegal downloads, malware and access to pornography by minors are very real issues that must be addressed.

The question is how do we fix these issues whilst maintaining a free and open Internet?

I believe that users of the Internet should be allowed to view whatever they deem appropriate but that they must be accountable for their actions.

Perhaps the answer is for ISPs to log user access to the Internet rather than to censor it. Furthermore, these data should be bound by privacy laws so that they may only be accessed with a warrant or injunction.

I realise there will be opponents to this philosophy but surely this is the far lesser of two evils?

Will Conroy listen to reason?

• Mailing Address: PO Box 253, Hindmarsh, SA 5007
• Office: 08 8121 9724
• Fax: 08 8125 5838

The Game

Information services are critical to modern business. Email has has become ubiquitous and most communication on which business relies would be impossible without it. Providing at least email and web access is mandatory to business nowadays.

Managing information services in your enterprise is difficult. One must make trade-offs between security and usability. Your users (and probably the boss) want usability, while common sense and (in many sensitive industries) the law requires high security.

How can you hope to make the best trade-off between the two?

The Players

The users want an unlimited network experience. They want to be able to access online collaboration tools, they want to take their laptop and work from anywhere; and they want wireless access in the office so they can work from the couch on occasion. The user has become technologically clued up and will use online tools to help with every aspect of his job – usually with little thought to privacy and security.

You, as the network administrator you want security. You want to block access to external mail providers, instant messaging, VoIP, file sharing and social networking sites. Why wouldn’t you? Once sensitive company information is on a web service you don’t control you’ve lost control of the sensitive information; how can you tell who is reading it?

The Myth

• Blocking everything non work related (Facebook, Hotmail, etc) will make my users more productive

This is not actually correct. If you take the time to block these sites your users will take the time to find ways around your blocks. This may range from as harsh as cracking your systems to circumvent the block to something as trivial as coming to work late or taking longer lunches in order to sit at a cafe with their laptop on wireless and catch up with their personal sites.

It is more beneficial to allow (but monitor) use of these sites. If users are aware they are being monitored they will keep their use to a reasonable amount and focus on work.

The Blow By Blow

Achieving balance requires providing users with the resources they want and need. Retaining control of the resources mitigates the risk of information leakage and security breaches. Simple tools such as a web mail server and wiki which are accessible outside the company can make all the difference. You will be able to protect these tools with SSL and require authentication to use them – something that a lot of free online providers can’t or won’t do.

Moving further, providing a single sign on tool can make a huge difference; users could have a dozen weak, easy to remember passwords or a single strong, slightly difficult to remember password. Microsoft provides this through Active Directory and NTLM on most of their products. Software from other vendors supports at least LDAP, and many can be rigged to speak NTLM if required. It’s possible to get most *NIX machines authenticating against NTLM or Windows talking to LDAP if needed.

More advanced services may be provided if the users have enhanced needs. A VPN can make a huge difference for road warriors. Make sure the VPN server is highly secured and ensure it can route directly into the company network – without NAT – and the company routers can route back to the VPN. Your firewall can then open up the services that are needed over the VPN.

Making a VoIP extension of your PBX available over the VPN will allow users to place and receive calls as easily and cheaply as when they are in the office, without resorting to running up huge mobile or hotel phone bills or using their kinky_kitty69 screen name to communicate with business contacts.

Wireless network access is a vital tool of late. Provide good wireless coverage in your organisation. Tie it into your company’s central authentication database so the user’s regular login will allow them to authenticate their wireless connection. If you fail to provide or make wireless too difficult then users will resort to plugging their own (usually unsecured) access points into the network.

In many cases users will download and try tools to improve their work. This can be mitigated by granting only the permissions needed for the user to do their job. The downfall of this is that it’s rather limiting, and in a lot of industries where interfacing to hardware (electronics, manufacturing machines, robotics, etc) is required the user may need to run as an Administrator on the machine to talk to the hardware and this also grants them the ability to install software on their machine.

The SNAITG (Sensitive New Age IT Guy)

The IT admin should regularly engage the users and be aware of their changing needs. An open door policy to getting things done is the easiest way to ensure your users don’t go behind your back and do things themselves. If you are approachable and willing to help the users with their needs then they are more likely to come and see you rather than hacking it together themselves.

Staying aware of what tools the users are finding useful is also vital to this strategy. If there is talk of a particular service being trialled, it pays to go and learn the basics. If it looks like the service is gaining traction preempt the users and configure it on a server you control rather than trusting a user to run it from his or her desktop PC. Being seen to be proactive and helpful will keep the users coming to you to ask rather than doing it themselves.

The Post-Mortem

Being proactive about monitoring is also important. Some users will invariably go against you no matter if you indulge their needs or not. Being able to identify detrimental activity on your network useful. Being made aware as soon as something bad happens allows rapid action to be taken. Being able to identify who did what is beneficial when it comes to rapping knuckles for inappropriate behaviour.

A good proxy server can filter inappropriate material and log users web browsing activity in real time. This reduces the tendency to perform non-work related tasks on the Internet, and allows accounting for those times when it may be required.

Network monitoring software can scan your network looking for new services, verifying the availability of known services and ensuring that no unauthorised software is installed in the user’s desktop PC.

NetFox provides both of these services and more. Please see http://www.netfox.com for more information.

During Movember 2008 (the month formerly known as November) some of the NetFox team are growing Mos to support the Movember cause. That’s right we’re bringing the Mo back because we care about tackling men’s health issues and being proactive in the fight against men’s depression and prostate cancer.

1. Click this link https://www.movember.com/au/donate/donate-details.php?action=sponsorlink&rego=1849976&country=au and donate online using your credit card or PayPal account, or
2. Write a cheque payable to ‘Movember Foundation’, referencing the NetFox Team’s Registration Number 1849976 and mailing it to: Movember Foundation PO Box 292 Prahran VIC 3181

Remember, all donations over $2 are tax deductible.

The money raised by Movember is used to raise awareness of men’s health issues and donated to the Prostate Cancer Foundation of Australia and beyondblue – the national depression initiative. The PCFA and beyondblue will use the funds to fund research and increase support networks for those men who suffer from prostate cancer and depression.

• Depression affects 1 in 6 men….most don’t seek help. Untreated depression is a leading risk factor for suicide.
• Last year in Australia 18,700 men were diagnosed with prostate cancer and more than 2,900 died of prostate cancer – equivalent to the number of women who will die from breast cancer annually.

For those that have supported Movember in previous years you can be very proud of the impact it has had and can check out the details at: Fundraising Outcomes.

NetFox is very excited to announce that NetFox Internet Data Centre Edition (NetFox IDC) will be released soon and will make the NetFox technology available as a service! We are launching the NetFox SaaS in partnership with Seccom Networks and Broadband Anywhere.

• ONE – A hosted Internet management solution that requires no on-site client installation of applications.
• TWO – Internet content filtering with intelligent page scanning technology. Client organisations can apply ‘user friendly’ content filtering that filters dynamically based on page content rather than having to block large cross sections of data based on slow response URL lists. The filtering is very effective against proxy site hacking.
• THREE – Full management reporting of Internet usage.
• FOUR – Users can introduce the concept of personal Internet activity times during lunch hours, and before and after work, and provide controlled open Internet access to users without worrying about uncapped productivity drains due to unproductive Internet surfing.
• FIVE – Users can turn on quota management if required. Different types of internet user activity can be billed at different rates and users/departments can establish quotas that they can use to manage Internet access. Quotas can be general or only applicable to material a client deems as inappropriate – for example, a client may allow zero-cost access to work/research related Internet activity but apply a per-megabyte charge for traffic such as Facebook, social networking, webmail, etc.

NetFox has, this week, released the 3.10 series of its Internet reporting, billing and filtering software. This release has been a long time in the making and incorporates many enhancements and fixes.

• Greatly improved performance: An order of magnitude performance increase has been achieved in logging web usage. This translates directly to a zippier product for all users.
• Better multi-processor support: NetFox now better leverages newer multi-core machines for greatly improved performance.
• New system management console: Getting your NetFox box configured to work on your local network is now easier than ever before.
• User accounts may have two credit balances: One balance represents the balance supplied by your school or company while the other handles credit where the user has paid for access with real cash. This greatly simplifies management of cash-backed accounts.
• Supervisors now have the ability to block or allow content, without logging in as a system administrator.
• Improved online help in the Scope interface
• Streamlined integration with LDAP or Active Directory services
• New web and/or email-based support system: allows customers and NetFox support team to better manage and resolve issues. This system includes a knowledge base which allows users to identify and resolve common matters.

Several common bugs have been fixed in this release, and a number of obscure bugs have been found and exterminated by our new testing regime.

The most recent of the NetFox 3.9 series introduced individual customer subscriptions for updates and support. Existing customers should have been provided with their username and password by now. New customers will receive their details when they complete the subscription process. If you are a current NetFox customer and have not received your login details then please contact support AT netfox.com to arrange to receive them. Your unique customer login will enable you to receive the 3.10.0 update to your existing NetFox 3.9 product and continue to receive updates for the 3.10 series.

This release is available on the NetFox update servers as of 9am on October 15th. Current update subscribers should see a two stage update over two days. On the first day the NetFox operating system is updated to the 3.10 version and on the second day the NetFox core components are updated to the 3.10 version. Users of multi-core CPUs will need to reboot in order to properly leverage enhanced multi-CPU support.

This release is not suitable for users of the Monitor coin loading system, as the revised API is not compatible with Monitor. We have addressed the issue and a fix is being trialled. In order to install the fix a NetFox support technician will visit your site and install a supplementary NetFox DLL on your Monitor system. This visit will be provided at no charge.

In addition to the major feature enhancements and bug fixes, there have been major improvements to internal architecture which will allow NetFox to achieve a faster time to market for features and improvements to meet customer needs. All of these enhancements have paved the way for a number of very interesting NetFox developments. Stay tuned to the blog in the coming weeks and months to find out more.

Our new baby, Netfox 3.10, took his first venture outside today. All is going well and he doesn’t seem to have caught any bugs in his venture outside. He’s growing up so fast. It won’t be long now until he’s able to go out without us holding his hand.

On a more serious note, NetFox are rolling out the product update to a handful of selected Beta sites today and tomorrow. We hope that after a thorough beta test we will be able to release the update to all of our current update subscribers.

The update process should be seamless from 3.9 to 3.10, and most sites will receive the updates automagically at the release date. Stay tuned to find out when that will be.

NetFox would like to assure our loyal customers that our 3.10 series is coming along nicely. We have been busy working away at several key pieces of the product. There have been major improvements to security, stability and performance. As a result, internal architecture of our software has evolved considerably. This major evolution has resulted in a lengthy development process, but lays the groundwork for us to build some very cool features on in the future.

Our team has paid particular attention to backwards compatibility throughout the development process. As a result existing 3.9 customers should be able to seamlessly upgrade to the 3.10 series when it is released.

We are currently working through our internal testing and quality assurance phase, and hope to begin Beta testing of the new system at selected sites very shortly.