The release of iBoss 3.0 brings many new features to the iBoss. These features include much broader support for the control and filtering of programs including file sharing, chat and more. We never stop working hard to ensure that iBoss continues to lead the pack with unmatched hardware based web filtering, hardened secure firewall, and an easy to use interface.

In order to get these new features, all you have to do is log into your iBoss (http://www.myiboss.com) and click on the Update Firmware menu option from the homepage. If you are showing a firmware version that looks like 3.X.X.X, then you are already on the 3.0 release. Otherwise, click on the download button at the bottom of the page to begin downloading the new firmware.

The iBoss uses deep packet inspection to filter even the most complex Internet traffic. Below are some features which I will be talking about in more detail in following posts. They have been released throughout iBoss series 2.0 and 3.0. Of course, they are all included in the new 3.0 release. Most web filtering options are available under the main menu item “Configure Internet Controls".

Strict Safe Search Enforcement - This option allows you to double layer the web filtering capability of the iBoss with that of the Google and Yahoo search engines. When this option is enabled, users that are assigned to this group will not be able to perform a search on those search engines unless the option for strict safe searching is enabled from within the search engine’s options. In essence, you get all of the iBoss filtering options (including categories, keywords, etc) on top of the search engine’s filtering capability.

Block Specific Programs - This page allows you to turn on the iBoss filtering engines for programs such as Bit Torrent, Edonkey, IRC, and more. When the box is checked for a specific program, the iBoss filtering engine turns on for that program analyzing traffic as it flows to and from the Internet. This is much more effective than simply peforming port blocking as most applications today will easily circumvent a port if blocked.

Block Specific File Extensions - This option allows you to block the downloading of specific file extensions from the web. For example, if you would like to prevent users from downloading “.exe” files, then you can add .exe in the list and the iBoss will analyze and detect when these are downloaded through a browser and through FTP. If blocked, the iBoss will block and log this as a violation. Although programs on Windows are typically .exe’s, it is typically a bad idea to download these from the web unless you are absolutely sure of who you are receiving it from. For the unsuspecting user who may not be aware of this, the iBoss will handle blocking this so that they do not make this mistake and end up with a virus on their computer.

Restrict Domain Extensions - This option is great for limiting users to specific domain extensions (like .com, .net, .gov). If you would like to prevent access to foriegn domain extensions, you can use this option to restrict users to only the extensions you enter. You can also use this feature to just prevent certain extensions from being reached. If you would like to block the domain extension “.ru” for example, you can enter this extension into the list and configure the iBoss to allow all but this extension.

Updated Identify Computers & Users Interface - This page (available from the main menu), has been augmented to make it easier to read and provide more information about the computer nodes on the network.

I’ll be talking more about the features above in future posts with examples of how to use them. See you again soon!

Individual user login has been available on the iBoss for quite some time now. With the iBoss, you can apply internet filtering rules to a computer by using either fixed filtering policies or by using individual user login. In this post, I’ll explain how to use each of these features and describe the differences between them.

The two primary filtering methods the iBoss uses to apply chosen Internet filtering rules are:

Fixed Filtering: With this technique, the iBoss will apply a particular set of rules to a computer at all times. These rules are applied regardless of who is using the computer.

User Login: With this technique, the iBoss will prompt the user for a username and password the first time a browser is opened. Once the user is logged in, the iBoss will apply the filtering rules configured for that user on the computer. The rules will stay in effect until the user logs out. Once the user logs in, a small browser session window is opened. The user remains logged in until they click on the “Logout” button on the session window or close the session window. This allows the user to open more browsers and use the Internet without having to log in every time.

Unlike most other Internet filters, the iBoss is completely hardware based. Thus, both techniques are performed without installing any software. The iBoss performs its filtering identification based off of the computer’s MAC address. Most other filters identify computers based on Ip Address. Filtering based on Ip Address is troublesome because Ip Addresses on a network may change often where computers are configured to use DHCP. This can cause a computer to get misidentified and provide either incorrect reporting or incorrect filtering policies. On the other hand, a comptuer’s MAC address is fixed and is used to uniquely identify a computer on a network. This allows to iBoss to not only correctly apply filtering rules to a computer, but also provide accurate reporting.

The first step to configuring filtering policies on a computer is to identify it. This allows you to give the computer a nickname which will display in the reports and allow you to recognize it when applying filtering rules. The iBoss makes identifying computers easy. From the computer you wish to identify that is connected behind the iBoss, open a web browser and enter the address:

http://myiboss.com

in the Internet browser’s address bar. If you iBoss has a password, you will have to enter it to get to the iBoss homepage. From the main menu, click on “Identify Computers and Users".

This will take you to the section of the iBoss that allows you to identify computers, create users, and rename filtering groups. To switch between these sections, click on the tabs on the top of the page.

From this page, click on the button that is labeled “Identify This Computer".

Once this button is clicked, the iBoss will automatically extract the MAC address from the computer which is used to identify the computer internally by the iBoss. All you have to do is enter a nickname for the computer and choose the filtering technique you would like.

In the example above, I chose to required user login on the computer. This means that the iBoss will prompt the user for a username and password and use the browser session window to keep track of users. If you would like a fixed filtering policy, simply choose the filtering group that you would like this computer to belong to.

When you create filtering rules on the iBoss, you create rules that are assigned to a filtering group. You then assign computers or users to the filtering group which is how the iBoss know which rules to use for the computer. You can assign many computers to each filtering group.

When you are done entering the information, click on the “Save” button. You should get a success screen like the one below.

When you click on the “Done button", the iBoss will take you back to the general “Identify Computer” page. You should see the newly identified computer in the list of Identified computers.

This computer is now set to require user login. The first time a browser is opened, the iBoss will prompt for a username and password. We need to create a user so that we can log in when asked to do so. To do this, click on the “Users” tab on the top of the page. Once on this page, click on the “Add New User” button toward the top of the page.

On the add user page, fill in the username and password for the user. Additonally, give the user a first name, last name, and filtering group.

In the example above, I created a user with username “pmartini” and assigned the user to “Group 3″. Any rules that are set in “Group 3″ will apply to the computer whenever the user logs in. You can additionally create time limts for the user. This will limit the amount of time the user has access to the Internet for a given day. After the timelimit has expired, the user will automatically be logged off an not be allowed to log in until the following day. Below is a sample of configuring time limits on this page.

Click on “Save” and the “Done” on the success page to take you back to the users page. The new user should appear in the users list.

User log has now been prepared for this computer and a user has also been created to log in. The new user can log onto any computer on the network that is set to require user login. You do not have to create a user for each computer, just for the number of users that will be accessing computers on the network. The iBoss will automatically apply the correct filtering rules depending on which user is logged into the computer.

If you choose to have fixed filtering on the computer by selecting a filtering group for the computer instead of the “Require User Login” option we chose above when identifying the computer, no user login would be required on the computer. Instead, a fixed filtering group policy would be applied to the computer.

The first time I open a browser on tihs computer, I should see a login screen similar to the one below.

This window will appear regardless of the browser and operating system you are using. Enter the username and password of the user created. In this case, the user we created earlier is pmartini.

Upon successful login, you will be taken to the session window shown below.

Click on the continue button to get the small login session window below.

As long as this window is open, the user will remain logged in. The user may be automatically logged out if you set a timelimt for the user.

That’s all there is to it. You’ll want to set filtering rules for “Group 3″. You do this by going to the myiboss.com home page and clicking on “Internet Controls". I’ll talk more about that in another post.

Hope you’ve found this explanation useful. I’ll be featuring different aspects of the iBoss from here on at and explaining how to use them. I hope to help you get the most out of your iBoss hardware, so stay tuned.

I apologize for the long delay in posting! We’ve been very busy over here!

We’re all very excited that iBoss has been named a finalist as Best Security Product 2008 by the Mark of Excellence awards. This is awarded by the Consumer Electronics Association (CEA), the largest consumer electronics association in the world. The iBoss has been gaining great recognition and we’re continuing to work hard to keep it the best hardware based Internet content filter out there. We’ve gotten great feedback from all of you (our customers) and are very grateful for your feedback. Without this, it would be very difficult to figure out what you really need. Keep those comments and suggestions coming! We’re glad to be able to deliver a product that has helped so many people.

There are very big features slated to be released in the next week or so which is reaching the final phase of testing now. The iBoss will now support individual user logins allowing a computer to be shared amongst many users with different filtering policies. Of course it is still all hardware based and it will continue to support our Mac, Windows and Linux following seamlessly. This feature will be released with a variety of other features and customizations that will improve the iBoss tremendously.

Anyhow, we’ll touch base again on my next post.

The International Consumer Electronics Show 2008 in Las Vegas, Nevada was a great success for the iBoss! We debuted the new iBoss line with built-in wireless access point and firewall router. We also gave many demos of some of the stuff to come as well as had a peek of our new Enterprise rackmount solutions which will soon be servicing many companies and schools very soon. There was great traffic through the Phantom booth, and it was great to see a lot of you guys stop by and say hello! It’s amazing how much the popularity of the iBoss has grown and are happy to see it is helping so many people!

Thanks again for helping make us a success!

As many of you know, the iPhantom has not been available for purchase for a while now. You may be wondering where it went. Although I’ve heard of some wild theories out there regarding its MIA status, the answer is actually quite straight forward.

For a quick backgrounder, the iPhantom was a hardware device that could be added to a network to add gateway-level antivirus/anti-spyware, encryption, SPI firewall, and identity protection. Typically, the iPhantom was plugged in between the router and modem like this:

Network of Computers -> Router -> iPhantom -> Modem

At that point it would transparently intercept all traffic coming from the network, encrypt it using AES encryption, send it out to our gateways which would then scan the data, unencrypt it and send it on to its destination on the Internet. On the way back, the destination would respond to our gateways at which point the data would be scanned and encrypted back to the iPhantom. When the iPhantom received the encrypted data, it would decrypt it and pass it back to the network of computers as if none of this ever happened. In essence, the network of computers received clean pre-scanned data without ever knowing that all of these actions were taking place. The iPhantom did a great job at its function. It provided gateway-level security that was only found in appliances costing thousands of dollars and in addition, added encryption for privacy that those appliances lacked.

About a month ago, we rolled out our next generation line of products. As always, our goal was to improve on the technologies we had by making the best compromises with the all of the good and bad aspects of our product line to deliver a superior product. As you know, we have been offering the iBoss product line for quite some time, and we decided to merge our product line into a single product. The single product we decided on was the iBoss.

Just like the iPhantom, the iBoss has been growing strong since its introduction. The iBoss had a primary function of Internet Content filtering and Internet Parental Control. The iBoss would transparently scan the data on the network applying advanced patterns and algorithms to determine the good content from the bad. The iBoss was also great at preventing spyware and viruses in that it prevented users from accessing sites that contained these items. Although it was not scanning the Internet stream against virus definitions like the iPhantom, we noticed that the iBoss did a great job at keeping a network clean by just preventing access to these items in the first place. The main difference between the iPhantom and iBoss, however, was that the iBoss processed and made decisions locally, within the device itself. This is in contrast to the iPhantom which relied on our gateways for the scanning. This had a lot to do with our decision, as you’ll see.

With broadband connection speeds reaching higher and higher limits (which is awesome!), there were some fundamental speed concerns with routing data through our gateways which was the case with the iPhantom. Since the gateways act as the middle man between the network and the rest of the Internet, all traffic had to be routed through there. Although the gateways are sitting at datacenters with access to high-end backbones of the Internet, there is always latency whenever a packet has to make additional hops on the Internet. These additional hops, although necessary, added some latency to the connection. In addition to the extra hops, the iPhantom had to perform strong AES CCM-mode encryption on every packet entering and leaving the network. This not only guaranteed privacy, but also authenticated that the data was coming from the gateways (in a sense, it let the iPhantom know that the data had also been scanned and processed). In addition to the encryption, there was the scanning for viruses and spyware, stream re-assembly, Intrusion prevention/protection and some other algorithms performed on the data while it was at the gateway. Each of these processes required a little bit of time, and added a little bit of latency.

The amount of latency, or slowdown, depended heavily on the user’s Internet connection speed. For the iPhantom, we saw throughput of around 4Mbits/sec. But again, depending on the location and the Internet Service provider for the end user, this was sometimes more and sometimes less. Don’t get me wrong, 4Mbits/sec is actually quite fast considering everything that is going on within the iPhantom system and the iPhantom performed extremely well. That’s equivalent to more than 4 T1 connections with encryption and all the other processing included. Businesses usually survive on a single T1 connection for all the employees on the network. But then again, with media and voice being integrated into the Internet, the need for more bandwidth will not go away but only get greater.

For the next generation product, we wanted to avoid having to route Internet traffic through our gateways and instead perform the functionality locally inside of the device. This is what we had been doing with the iBoss. Basically, we got as much of the functionality that made sense and was feasible from the iPhantom line and integrated it into the iBoss product line. Since the iBoss routed traffic through the user’s own connection already and had a mature filtering engine, we decided to continue with it as a base. This would allow for greater expandibility and flexibility.

Since the iBoss worked in transparent mode, we needed to integrate the firewall aspect of the iPhantom into the iBoss. We were getting a lot of feedback from customers who also wanted an all-in-one appliance, especially in the home and small business. Although the iPhantom provided a firewall for a single IP (whether it was connected to a router or single computer), we knew that network sharing through NAT was a definite necessity. Since we wanted the strongest most reliable security out there, we went with Linux as a base for the firewall. We then hardened it to provide an even higher level of security. With this, the new iBoss provides a local Linux based hardened firewall bringing the firewall portion of security in the iPhantom locally. This includes deep Stateful Packet Inspection (SPI) and a variety of other firewall rules for instrusion prevention.

We also integrated a built-in switch to allow the user to plug multiple computers directly into the iBoss. The iBoss, now with the NAT firewall incorporated locally, can allow the end user to share a network connection with all devices on the network. Next we integrated wireless b/g to allow filtering of wireless devices. This was another request we got from customers of both iPhantom and iBoss that was included in this generation of product.

We next improved on our proprietary real-time packet scanning filtering engine. We wanted to avoid scanning at the gateways, so in the new product line all scanning is done locally. The iBoss still relies on the gateways for its URL database and some other features, but basically the iBoss makes small queries out to the gateways and passes the traffic directly through the user’s Internet connection. This allows for centralized real-time updates as well as simplified remote management. In addition, the iBoss can take advantage of large amounts of storage space on the gateways. Although the iPhantom performed scanning of the data against antivirus definitions, the iBoss does not. Instead, we chose to take advantage of the fact that the iBoss can be configured to block out malicious sites. This, in addition to the hardened Linux firewall and other scanning features, we felt was enough to keep a network very safe.

Since data is not routed through our gateways, one aspect that is lost is the anonymous feature of the iPhantom. The only way to truly make a connection anonymous is to route it through a proxy or gateway. Since the iBoss does not do this, there is no anonymous feature in the iBoss. We felt this tradeoff was OK due to the great benefits we got with local packet processing. Also, behind NAT, you’re computer IP Address is in a sense “private". Not in the same sense as with the iPhantom, but intruders cannot access your PC directly as it is firewalled and contains a private IP Address.

One final aspect that we remained true to is keeping our products all hardware based. This means there is absolutely no software to configure. In addition, this makes the iBoss compatible with MAC, Linux, and Windows as well as any other device that communicates on the Internet. This reduces any risk for conflict and makes installation very easy.

So, in essence, the iPhantom never really disappeared. Many of its features were just incorporated into our next generation iBoss line. As an all-in-one appliance, I feel that the iBoss will come a long way of not only protecting your network from attacks, but also allow IT, schools, businesses, and homes to control content on their networks. Our user base is growing rapidly, and we’re now protecting thousands of people. As we continue to grow, we will continue to make the best Internet Content Filters and Internet Parental Controls on the planet. I might be biased, but I sure think so!

Our new iBoss Home Parental Control can be found at:
iBoss Home Internet Parental Controls

Our new iBoss Pro 80 Internet Content Filter can be found at:
iBoss Business Internet Content Filters

We’ll be at the Consumer Electronics Show in Las Vegas, Nevada next week January 7-10. If you’re there, swing by and say hi. We’ll also be debuting the new iBoss as well as some new features that will be rolled out in January!