Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

CensorNet ISP Filtering

Overview of ISP filtering components available from CensorNet

  • Login to see the comments

CensorNet ISP Filtering

  1. 1. CensorNet LtdAn introduction to ISP filteringPresented by:Firstname LastnameJob TitleEmail: first.last@censornet.comTel: 1234567890
  2. 2. Company OverviewCensorNet v1.0 releasedas open source CensorNet open 02/07 CensorNet 11/09 Development of source protects Professional launched Cloud CensorNet started over 1million end users 11/07 CensorNet shortlisted for BETT CensorNet launches Award MailSafe, e-mail SaaS security 07/05 CensorNet Ltd CensorNet incorporated launches VMWare CensorNet 2008 Certified product joins the CensorNet Ltd 08/10 CensorNet ICAP Forum • Mobile filtering solution joins the IWF achieves BECTA accreditation • Cloud Service for CensorNet Pro achieves MSP/ISP Checkmark Premium from West Coast Labs
  3. 3. Customer Segmentation Business Education Government
  4. 4. ISP filtering
  5. 5. Challenges Traditional filtering proxy servers may not scale well Web access is real time ∴ performance critical Large data flows must be handled High availability is mandatory Integrate with often complex existing infrastructure
  6. 6. Our solution – “CensorNet ICAP Server” Integrates easily with existing ICAP enabled equipment Provides technology components to rapidly build a bespoke web filtering service High speed and reliability – designed specifically for examining content Based on open standards – ICAP Wrap-around consultancy service for planning and deployment
  7. 7. Key benefits Scalable architecture Highly optimised proprietary ICAP Server (64-bit)  Pipelining for early responses  Dynamically sized thread pools  Zero-copy policy on data buffers  Minimal inter-thread locking  Highly optimised DFSA protocol grammar parsers Supports 3rd party URL classification engines RESTful API for integration with existing portal Low total cost of ownership
  8. 8. Example deployments CensorNet builds bespoke web filtering platforms that meet the exact requirements of its customers.
  9. 9. Simple ISP deployment with ICAP environment
  10. 10. Complex ISP deployment
  11. 11. Redirected traffic – no ICAP infrastructure (ISP)
  12. 12. Redirected traffic – no ICAP infrastructure (ISP,blade and HA)
  13. 13. Hot Spot Nework Deployment
  14. 14. Managed Services Platform (MSP)
  15. 15. Why ICAP (Internet Content Adaptation) ?  Open Standards – compliant with 3rd party proxy/cache/router devices  Designed specifically to solve this type of problem  Scalable – multiple ICAP servers to service requests & responses from multiple caches/proxies/routers More efficient than HTTP proxying Preserves source IP (transparent) Special “Preview” and “204 responses” designed to reduced traffic/bandwidth requirements
  16. 16. Performance expectations  Each ICAP Server instance with 1 CPU core can handle up to 10,000 persistent connections*  If squid/tproxy servers are required to simulate ICAP Client, each squid proxy can handle up to 4,000 persistent connections per CPU core*  URL categorisation ~ 50,000 transactions per second on 2.5GHz x64 core * Dependent on policy complexity
  17. 17. ICAP Server Components  ICAP Server  Policy engine & manager  “Whitelist” management  Source IP / Username via RADIUS cached lookup  Local URL database cache  Policy scheduler  URL database and real-time lookups  Management  SSH  XML Configuration  Web User Interface (Q1, 2011)
  18. 18. Content Classification 144 URL categories Multiple language support Embedded URL scanning Up to 5 categories per URL “In the cloud” rating of new URLs 100+ multi-lingual analysts 24x7 “Nocats” typically classified in 20 minutes
  19. 19. Deployment options  Bare metal servers  Virtual servers (VMware ESX/i)  Blade system  3rd party load balancers (CISCO)
  20. 20. Thank youAny questions?