Opendium's UTM provides all of the features offered by our Web Gateway product, and many more to protect and manage your network.
The internet is a hostile place, but you can't cut yourself off from its benefits. You can manage risk by choosing which services to expose and which to block with a few clicks. We supply a continually updated library of Rule Bundles to control traffic without needing an intimate knowledge of the protocols being used.
Using our unique library of Rule Bundles, you can achieve fine grained control of traffic between your networks. Whether you are segregating your wired network from your Bring Your Own Device wifi, or isolating your servers on a DMZ, Opendium's UTM allows you to control access between your VLANs through the same hierarchical group tree used to configure web filtering. You can control access for your whole network, or refine the policies based on location, user group, time period or even down to the individual user.
Users, networks and individual devices are organised into a hierarchical tree. You can set global web filtering and firewalling policies for the whole school and then refine them for more specific groups of users, devices or locations. Policies can be set right down to the individual user or device level if required. The unique Time Periods system allows filtering and firewalling policies to be easily tuned based on the time of day and day of the week.
Controlling applications through a traditional firewall often involves having technical knowledge of the protocols being utilised by those applications. We collect that knowledge together into a library of Rule Bundles so you don't need to know the technical details. Just select an application's Rule Bundle and decide whether to allow or block it.
While most firewalls only allow you to control traffic from devices based on their IP address, our UTM system also lets you set up firewalling policies to control applications by user group, IP address, location or time period. The unique Virtual Groups system allows almost infinite flexibility to set policies based on a combination of attributes, such as user group and location.
Multiple sites can be connected together into a single network through an encrypted IPSec site-to-site Virtual Private Network and remote users can be given secure access to your network through SSL and L2TP VPNs.
Many devices ignore your network's DNS and NTP servers and require your firewall to allow their traffic out to arbitrary servers on the internet. The ports that must be allowed can be used by VPNs to bypass your security and monitoring policies. To combat this threat, DNS and NTP requests are transparently intercepted and redirected to the local servers, rather than granting unrestricted access to the internet.
Traditional web filtering systems simply used large databases of web addresses to identify web sites. The modern dynamic web delivers content that is tailored to the individual users and it is no longer appropriate to rely solely on web address databases. A web page may be categorised as Social Networking all of the time, but content analysis can identify that sometimes it should also be Radicalisation or Self Harm.
Opendium was built on the reputation of always offering exceptional support. We recognise that each school is unique and offer several levels of support to meet your needs. You can always speak directly with an experienced engineer in our UK offices, who will endeavour to get to the root of the problem as quickly as possible.
Educational web sites often use YouTube and Vimeo to host their embedded videos, but it is often not appropriate for schools to allow unrestricted access to all videos hosted on these platforms. Using real-time content analysis techniques, videos which are embedded in designated educational web sites can be automatically whitelisted without needing to allow access to other videos.
Opendium is an education focussed company that has worked closely with schools since 2005 to develop solutions such as UTM exclusively for the education sector. Unlike other solutions that were developed as business products and have been shoehorned into schools, UTM has been designed with educators in mind from the start.
A traditional firewall controls non-web traffic by allowing or blocking all traffic on specific ports. Some applications such as Skype require thousands of ports to be allowed, which can be used by other software such as games and VPNs. Our UTM product uses deep packet inspection to positively identify the application that is being controlled without allowing free-for-all access for other apps.
If you are suspicious of a certain user's activities, you can get a good overview with the Images and Web Searches reports. The Images report will show a selection of images that the user has been viewing. The Images report can also be set to target certain categories, which provides a useful overview of concerning images across your entire network. For example, a weekly report of images that the system believes may be pornographic is a good source of information for safeguarding purposes.
Web searches made through search engines such as Google, YouTube and a wide variety of other websites are categorised and presented as either a list of search queries or a word cloud with concerning phrases highlighted. This provides an at-a-glance report which can be drilled down into to investigate any concerns.
With Trusted Man In The Middle decryption, full filtering and monitoring capabilities, including real-time content inspection, are available even for secure encrypted web sites.
Bring Your Own Device networks can be provided with full filtering and monitoring capabilities. Since our UTM does not require any apps to be installed on the device, almost any type of device can be supported, including ChromeOS, iOS, Android, Windows, OS X and Linux.
The latest safeguarding regulations make it clear that schools must monitor the students' internet activity in order to identify those who are at risk. A variety of reports are provided so that you can meet these requirements and UTM can automatically email the latest reports to appropriate staff on a regular basis.
In recent years, the British government has regularly updated and strengthened the guidance that schools are expected to follow to safeguard the children who are in their care. Schools that relied on Opendium solutions stood in good stead in the face of the new guidance, as it largely codified the good practice that we were already promoting.
UTM is compliant with the Department for Education's Keeping Children Safe in Education statutory guidance, the Home Office's Prevent Duty and is certified as meeting the requirements of the UK Safer Internet Centre's Appropriate Filtering for Education Settings.
We also work closely with the Internet Watch Foundation (IWF) and the Counter Terrorist Internet Referral Unit (CTIRU) to support their work and protect our customers, and the people under their care, from illegal child abuse images and unlawful terrorist content.
Issuing tablets to students on a one-to-one basis is an expensive proposition and many schools choose the cheaper option of temporarily issuing devices to students who return them after a few hours. Without knowing which student has which device, it is impossible for schools to provide age appropriate filtering or to produce safeguarding reports which identify individual. UTM provides a unique solution to this allowing the user to be identified though a captive portal and then automatically logged off once the tablet disconnects from the network.
Web pages are categorised through a combination of real-time content analysis and an extensive database of web site addresses. However, as any administrator knows, no filtering system is perfect and it is sometimes necessary to manually block or allow a web site. Filtering changes take effect immediately, so staff can get on with teaching rather than having to wait.
Search engines such as Google are in a far better position than a school's web filter to filter out inappropriate search results whilst still providing a useful response. Users' searches can be forced to use Safe Search mode on a wide variety of search engines to provide the best and safest user experience.
A school cannot fulfil its safeguarding obligations if users are using VPNs and anonymous proxies to bypass the filtering and monitoring. Out UTM system includes advanced anti-spoofing technology to block even the most troublesome VPN apps, such as HotSpot Shield.
Trusted members of staff can be given the ability to temporarily override the filters when a web site is blocked. This allows staff to continue with their work, rather than being held up by an over zealous filter.
A variety of reports are available which provide an overview of users' activity in an easy to understand format with options to drill down into the nitty-gritty detail.
YouTube is a great educational resource, but also contains a lot of inappropriate or distracting content which you may want to block. YouTube's Restricted Mode can be forced on, which prevents access to inappropriate videos. When combined with the controls offered by Google's G Suite, members of staff can be given the ability to approve videos that the students can watch.
When you have guests using your network, it is impractical to install certificates on their devices, or to configure complex proxy rules. UTM allows you to set up a guest network which requires none of this, whilst still being able to filter and monitor the traffic.
Although internet connections are getting faster, the number of bandwidth hungry services is ever increasing. Web access quotas can be configured on each user group to ensure that this limited resource is available to all of your users and not abused by the few.
We believe you should always be in control of your web filtering. The built in categorisation can easily be overridden for whole domains or individual parts of web sites. Recategorisation takes effect immediately, so there is no need to wait for access to a web site to be allowed or blocked.
Whilst much of the internet still uses the older IPv4 protocol, adoption of IPv6 is rapidly progressing. Networks which do not support IPv6 risk being left behind as new services emerge. You can use our UTM to provide partial IPv6 support without the need to deploy IPv6 across the whole network, or as part of a full network deployment.
Sometimes it is necessary to change the filtering policies in certain locations. For example, you may choose to relax the sensitivity of the filters in areas where students are under supervision. The unique Virtual Groups system allows almost infinite flexibility to set policies based on a combination of attributes, such as user group and location.
Each UTM system updates its web site categorisation criteria once an hour to ensure the very best accuracy. We also operate an intensive research and development programme, continually providing software updates with new features and improvements.
No matter how good a filter is, a persistent user will eventually find a way through it. The filtering policy can be configured such that users who repeatedly trigger the filters for certain categories of content have their web access disabled entirely until a member of staff intervenes.
By using content inspection, UTM identifies the type of data which is being downloaded, allowing potential security risks such as executable files to be blocked.
Set policies which allow users to access social networking websites whilst restricting access to certain features such as Facebook's instant messaging service.
Workstations which are attached to your Windows domain will use Kerberos to authenticate invisibly, whilst UTM will integrate with compatible Wifi controllers to identify users through RADIUS accounting for Bring Your Own Device networks. Devices which support the WISPr protocol will automatically log in on all Wifi networks.
As well as single sign-on services, networks can be configured to present a captive portal page that users must log into before they can access the web.
Applications frequently do not provide useful error messages, so web traffic logs are invaluable for administrators who need to diagnose and resolve a problem. The forensic detail of the logs recorded by UTM are also invaluable in the event that a serious incident occurs on the school network. Our highly experienced support team are always on hand to help interpret the technical detail.
The UTM dashboard provides an at-a-glance breakdown of your network's current activity, including most popular websites, most common search terms and currently locked out users.
Whilst full HTTPS decryption always offers the best protection, it is not always practical to install certificates on each device. UTM can filter and monitor HTTPS traffic even without full decryption, allowing you to operate a true zero-configuration network.
Across the world, the legal requirements, social norms and operating procedures within schools vary greatly. As a UK based company who primarily supplies British schools, we are intimately familiar with the British education sector. Not only is buying from a local company great for the economy, it also guarantees that you will get a solution that was built to meet the needs of local schools.