Watchdog Tunneling Technology

Offering Web Filtering to Customers Outside of your Network Using the Watchdog Tunnel Service

Introduction

Many internet services providers provide access to a number of their customers by reselling other provider's connections, especially the wholesale services provided by telecommunications companies such as British Telecom, Telstra and Telecom New Zealand. This creates a problem if the ISP wants to offer internet filtering services to customers using these connections as their traffic does not enter their ISP's network so cannot be inspected.

A common solution for this is for the ISP to route the customer's traffic through a proxy server but this has the limitation that all of the customer's downloaded web traffic now has to travel through the ISPs network with the resultant cost and provisioning challenges. Proxy servers need to be scaled to handle the traffic and they change the source address of the web request which can cause problems.

Watchdog's tunnel service was created to provide a solution to this problem. This service can enable:

1. ISPs to offer filtering to their customers despite the ISP connection being provided outside of their network, and:

2. ISPs to offer filtering to customers of other ISPs

This not only increases the average customer revenue but also increases customer retention and attracts new customers.

Tunnel Service Description

The Watchdog Tunnel service uses devices installed within the target customer's and also in the filtering ISP's network. These devices communicate via a special tunnel allowing the customer's traffic to be filtered without the downloaded traffic having to to pass through the filtering ISP's network.

A tunnel router is required to be installed on the target customer's network, usually as a replacement for their existing DSL, cable or ethernet-connected device. This router tunnels the traffic from their network to a tunnel concentrator within the filtering ISP's network using a special one-way tunnel. If the website requested by the customer is not blocked by their filtering policy then the responses from the requested website route directly back from the site to the ISP, meaning that the ISP does not have to provide the downloaded web traffic through its network at additional cost.

Referring to the diagram below, the process of web filtering for an ISP’s customer is as follows:

1 - The remote user requests a web page from the target Internet site using their computer’s web browser.

2 - The web site request gets sent by the tunnel router through an internet tunnel connection to the ISP's tunnel concentrator, still with the customer’s original source IP address.

3 - The ISP’s filter examines the web request as configured in the customer’s individual filtering profile, determined by the customer’s IP address.

4 - If a match is not made to their blocking profile then the web request is allowed to go to the destination web site and the response gets routed directly to the customer via the Internet and their ISP so the site is displayed normally.

5 - If a match is made, then the ISP's filter immediately sends a block page back to the customer, completing the browser session.


Required Equipment

Tunnel Router

This is installed at the customer's site. We use both the Cisco 800 series and Allied Telesis AR440S. Both units perform well, and have all the features required including policy-based routing, IP tunnelling and firewall. They are available for ADSL or Ethernet connections and Cisco also has a model that includes a Wi-Fi access point. We have found that pre-configuring these routers and shipping them to the customer site so that non-technical people can install them saving installation costs and set up time.

Tunnel Concentrator

The required device here depends on the number of remote customers required to be supported. A small number (20 or so) could be handled by a Cisco 1800. A 2800 would be suitable for 100 or so and we have found that a Cisco 6500 will support at least 500.

Benefits of Watchdog Tunnel Technology

The Watchdog tunnel technology is a system that can allow ISPs to extend their filtering service beyond their own network to enable them both to offer a complete service to existing customers and also to attract new customers to this service. This technology has been proven by Watchdog Corporation which has built an ISP business modeled on the provision of filtering. This business now provides filtering to the majority of New Zealand schools. In today's commercial environment where internet provision is a commodity, value-added services such as internet filtering are becoming more important as ISPs seek to receive additional revenue from their customers. Not only increasing customer value the introduction of filtering services also makes customers more “sticky” as they are more likely to stay with a provider that adds value to their internet connection. Churn rates of 4% or less within the Watchdog business are evidence of this. As more businesses, schools and parents seek a managed internet experience the demand for web content filtering grows providing ISPs with the opportunity to build a stronger and more resilient businesses.
 

CampusNet Managed Internet Services in New Zealand

 

Watchdog New Zealand has been providing managed Internet Services to New Zealand Schools for over 10 years. In August 2004, Trevor Mallard, the Minister of Education, announced that Watchdog had been approved as a supplier of a managed internet service for state and state-integrated schools. It is the only ISP in New Zealand to provide extensive filtering options for educational institutions to create a safe learning environment for children.

Watchdog's Managed services include:

Web Filtering – the same service that Watchdog has previously provided to schools under its Campus Watchdog brand, this allows schools to control the sites that are accessed through their Internet connection. This can be fully customised.

Email Filtering – the same service that Watchdog has previously provided to schools under its MailWatch brand, this allows schools to control their incoming emails in regard to spam, viruses, attachments and content.

Firewall – a new service from Watchdog whereby a pre-configured firewall unit is provided to the school to be managed by Watchdog to protect the school network from external attacks.

This service is free to all state and state-integrated schools and works with almost any Internet Service Provider/connection type.

Watchdog filtering technology is both flexible and effective!

  • We do not block Google Images — we filter them so that you can still access 1000’s of wonderful images.
  • We filter http://www.youtube.com/ so you can access the general content on the site but cannot log in to view the adult material (please note - we rely on the self monitoring system of this site).
  • We filter Yahoo Groups for safe use.
  • We filter https:(secure) sites - we have been doing this for years and many sites that we block are of this type.
  • We block anonymous proxies - We also block proxies via pattern recognition. This feature is continually being improved as new proxy signatures are added.This is the best form of defense against these 'cgi' proxies embedded' in web sites.
  • We filter both http: and https: sites so proxies on https: are no problem.
  • Emails All email addresses are accepted and labelled appropriately (unless the customer requests blocking of SPAM). Attachments are easy to open.
For further information contact This e-mail address is being protected from spambots. You need JavaScript enabled to view it
 

Google Apps Education Edition Free For NZ Schools

 

Watchdog Corproation from New Zealand is pleased to provide migration, implementation and ongoing supoort services for "Google Apps - Ecuation Edition". The best thing about this is that its FREE!

 

The Google Apps Education Edition consists of:

 

Gmail:  6.5 GB / account, IMPAP, POP, Spam and virus protection

Google Calendar: Multiple calendars, Resource scheduling, Mobile access

Google Talk: Instant messaging, Free calling (VOIP), File transfer

Google Docs: Word processing, Spreadsheets, Presentations

Google Sites: Team website creation, Embed videos, images, gadgets

Start Page: Customizable start page, Access to school info, Gadgets (weather, Gmail, games and more)

API for Integration: Single sign-on, User provisioning and management, Email migration, Support of email gateway.

 

In addition, Google has video, email security and compliance software that can be purchased at substantial educational discounts! 

 

New Google Video: Securely share videos with your school, Anyone can add comments, tags and ratings, 3GB ofVideo storage per user (chargeable)

Message Filtering, Security and Discovery: comprehensive suite of email security and comliance services (chargeable)

Support: from Google (free) and Watchdog (chargeable)

 

For further information contact This e-mail address is being protected from spambots. You need JavaScript enabled to view it