iBoss User Manual
Contents
1. ED O noi CRO Block Apps CRY E uc E o V wy 4 rl I Biock Groups SSL Decryption for facebook com needed These features allow you to block specific features and sections for facebook com The following options are available to choose to block Block Posting Version 7 June 24 2014 Block Photo Upload Block Commenting Block Friending Block Email Block Events Block Chat Block Apps Block Question Posts Block Video Upload Block Games Block Groups Page 107 of 159 iooss NETWORE SECURITY 8 1 3 5 Twitter Controls Twitter Controls Block Tweeting U no Block Direct URA Block Following ey 0 Messaging Figure 76 Twitter Controls SSL Decryption for twitter com needed These features allow you to block specific features and sections for twitter com The following options are available to choose to block Block Tweeting Block Direct Messaging Block Following 8 1 3 6 Linked in Controls v nked t s I 4 Posting Protile Edit Block Mail Block Connections Block Job Seach 6 Figure 77 Linked in Controls SSL I nspection Agent needed These features allow you to block specific features and sections for linkedin com The following options are available to choose to block Block Posting Profile Edit Block Mail Block Connections Block Job Search Version 7 June 24 2014 Page 108 of 159 8 1 3 7 Encrypted Search Controls r Encrypted Search Controls Block Google Encr2. Block using an Advanced Schedule Advanced Scheduling Figure 91 Port Blocking Port blocking allows Internet traffic on specified ports or ranges of ports to be blocked from accessing the Internet Traffic using the specified ports will be blocked completely This allows you to enter the name port Start port end protocol and direction Once you enter in the information click Enable and save Port Blocking Schedule You may choose to block these ports all the time or Block on an Advanced Schedule Version 7 June 24 2014 Page 122 of 159 iooss NETWORE SECURITY 8 1 9 Content MI ME Type Restrictions Content MIME Type Restrictions Group lt sroup 1 M gt Ena ent MIME Type Blocking G Enable Content MIME Type Scanning YES m Block or Only Allow Content MIME Types 9 z ent Mih E 2 e N Wildcard Match amp Delete Selected Content MIME type Wildcard Actions application json No test test No lj test1 test No Figure 92 Block Content MI ME Types This page allows you to block web content based on Content Type or MIME type You can enter a content type like audio mp3 to block this type of content There are MIME type lists online that can be used for reference You can enter wildcard matches for different file types instead of using the file extensions For example you can type in audio and check the box for Wildcard Match to block all audio type files You also have the choice to Block the entries in
3. ibass NETWORK SECURITY iboss Secure Web Gateway User Manual SWOCA Delegated Administration iOOSS Note Please refer to the User Manual online for the latest updates at www iboss com Copyright by iboss Inc All rights reserved No part of this publication may be reproduced transmitted transcribed stored in a retrieval system or translated into any language or computer language in chemical manual or otherwise without the prior written permission of iboss Inc iboss Network Security makes no representations or warranties either expressed or implied with respect to the contents hereof and specifically disclaims any warranties merchantability or fitness for any particular purpose Any software described in this manual is sold or licensed as is Should the programs prove defective following their purchase the buyer and not this company its distributor or its dealer assumes the entire cost of all necessary servicing repair and any incidental or consequential damages resulting from any defects Further this company reserves the right to revise this publication and make changes from time to time in the contents hereof without obligation to notify any person of such revision of changes All brand and product names mentioned in this manual are trademarks and or registered trademarks of their respective holders www iboss com Open Source Code This product may include software code subject to the GNU General Public L
4. 8 1 3 10 Gmail Controls Gmail Controls Restrict Gmail to the YES ll following Domains Global Gmail Domains comma seperated Figure 81 Gmail Controls Restrict Gmail to the following Domains Global This features allows you to restrict Gmail access to only the domains you specify Version 7 June 24 2014 Page 111 of 159 io ss NETWORE SECURITY 8 1 4 Allowlist Allowlist Group lt aroup 1 z gt rorere _ 12 F ONLY ALLOW access to sites on the Allowlist below Custom eg Assignme Custom Categories Chosen Categories 2 E A Add Global SafeSearch F Uri Timeout Global Safe Search Actions F ibk cam N A No No WwW booyah com N A No No Ww F rockle com N A No No fy k com N A No No Wy pnil com N A No No D hola com N A No No p beware com N A No No D dang com N A No No p F bing com N A No No 0 Figure 82 Allowlist This page allows you to add specific websites to your Allow list The Allow list is a list of specific Internet URLs that you want to allow on your network Website URLs added to this list will be allowed even if they are currently blocked in the Web Categories section 8 1 4 1 Preferences Allow ONLY access to sites on the Allow list Checking this option will only allow sites on the list Alert If the Allow ONLY access to sites on the Allow list option is selected only the websites in the Allow list below will be allowed All other websites will be blocked
5. A in A SSL Domain iy mo Reverse DNS Biock Newsgroups A O Enforcement Lookup Support Block Internal isablec hed Logging vs Servers Figure 70 Application Additional Settings Block SSH Secure Shell Access You may choose block incoming and outgoing SSH Shell Access Block RDP Remote Desktop Access You may choose to block incoming and outgoing Remote Desktop Access Block I ncoming FTP Traffic You may choose to block incoming FTP Traffic Block Outgoing FTP Traffic You may choose to block outgoing FTP Traffic Block Ping ICMP You may choose to block outgoing Ping ICMP Traffic Dynamic Proxy Blocking Glype You may choose to block dynamic Glype themed proxy sites These are proxy sites setup using the Glype Proxy script which the iboss can detect and block dynamically regardless of the domain Block Hotspot Shield You may choose to block Hot Spot Shield Hot Spot Shield is a program used to proxy to Hot Spot Shields servers Enabling this feature will block the program from being used as a proxy Block SSL on Non Standard Ports You may choose to enable blocking SSL on Non Standard Ports This feature is useful for blocking File Sharing programs which use encryption over non standard ports Block Rogue Encrypted Connections You may choose to enable blocking for Rogue Encrypted Connections This option blocks invalid SSL certificates and blocks programs that use Rogue Encryptions such as UltraSurf SSL Domain
6. Address Apply Filtering Computer Overrides User ws Is Local Proxy Server O vo Note Video Recording O o identify Me Add Computer gt Figure 123 Add Computer To identify the computer you are using now click the Add this computer button Advanced users may click the Add Computer button to manually identify a computer For the Add Computer you will need to know the IP address or MAC address of the computer you wish to identify Computer Name Enter a Computer Nickname for your reference I P Address MAC Address Type If you have your local subnets setup to identify your subnet as IP address choose IP address MAC Addresses may not be visible to the iboss on a layer 3 routed network with internal gateways and multiple subnets IP Address Enter the IP address Apply Filtering You may either set the Apply Filtering to Yes Use Default Rules with one of the filtering groups No Bypass Filtering Rules or Require user login for this computer for the computer you are identifying The Yes Use Default Rules will show the assigned name of the filtering group Version 7 June 24 2014 Page 150 of 159 io ss NETWORE SECURITY Computer Overrides User This option allows you to enforce the specified filtering policy on that computer regardless of the rights of the person logged in Is Local Proxy Server This option is to identify if the computer you are identifying as a proxy ser
7. Enforcement This option validates domains with the SSL certificate Reverse DNS Lookup Support This option allows for Reverse DNS lookup support tracing an IP back to the domain it belongs to Version 7 June 24 2014 Page 104 of 159 Block Newsgroups You may choose to block newsgroup traffic Block I nternal Servers You may choose to enable blocking for internal Servers This option helps block programs like BitTorrent which upload as well as download Logging Allows you to enable or disable logging of attempted program access violations This log is found on the Reports page The logging includes date time and category Logging can be enabled while in stealth mode This is useful for monitoring your Internet usage while remaining unnoticed on the network Without logging the iboss program blocking will still work however violations will not be logged 8 1 3 Advanced Social Media amp Web 2 0 Controls Advanced Social Media amp Web 2 0 Controls Group lt j B gt Figure 71 Advanced Social Media amp Web 2 0 Controls 8 1 3 1 Social Chat App Controls Social Chat A pp Controls p s Block Snapchat io Figure 72 Social Chat App Controls This feature allows you to block the Snapchat application on mobile devices Version 7 June 24 2014 Page 105 of 159 iooss NETWORE SECURITY 8 1 3 2 Social Streaming Radio Controls Social Streaming Radio Controls Block Spotify Oo Figure
8. the list or Only Allow the entries in the list After you enter a content MIME type click Add to add it to the list To remove it select it with the checkbox next to the entry and click the Remove button at the bottom Version 7 June 24 2014 Page 123 of 159 io ss NETWORE SECURITY 1 10File Extension Blocking File Extension Blocking Group lt aroup 1 z gt E Acs Delete Selected File Extension Actions werw ESTO gt amp dfsgdgdfg test b 4 oll n b E E ft i i Figure 93 File Extension Blocking This page allows you to block specific file extensions from being downloaded on your network Enter the file extension of files you would like to block in the text box below and click the Add button You may enter a maximum of 2000 file extensions across all profiles Each extension may be a maximum of 15 characters in length To remove an extension from the Block list select the extension to remove and click the Remove button located at the bottom of the page Click the Done button when you are finished 8 1 11 Domain Extension Restrictions Domain Extension Restrictions lid 2 B Delete Sclected A Domain Extension Actions F test D F Wwe E Figure 94 Domain Extensions Restrictions Version 7 June 24 2014 Page 124 of 159 io ss NETWORE SECURITY This page allows you to block or allow specific domain extensions fro
9. them access to filtering settings Version 7 June 24 2014 Page 148 of 159 Settings Administrator Option to enable delegated administration Administrator Type Full allows full access to the iboss SWG Filter Delegated allows you to specify which permission settings and which groups the user can manage Permissions Select which filter control settings the user is allowed to manage You can select multiple settings Filtering Settings Group Access Select which filtering groups the user is allowed to manage Default Management Group This is the default management group that the user Is administering 10 1 1 3 Time Limits Add User Time Limits Remaining Time Today Tuesday Jnlimited o Wednesday J ted x a Thursday JInlimitec a Friday Jnlimited o Saturday Inlimitec B n Sunday 7 ES re Figure 122 Users Time Limits This will allow you to set daily time limits for each day of the week for a user You can set a time between 15 minutes to 23 hours that a user can be logged in from throughout the day This means that when a user has the allocated time throughout the day to use the time limit When finished click the Add User button If you want to cancel your changes click the Close button Version 7 June 24 2014 Page 149 of 159 iooss NETWORE SECURITY 10 1 2 Add Computer Add Computer Computer Name identification Method P Address OMAC Address IP
10. to log to the iboss Reports database Domains in the list will be ignored from logging however all filtering policies will still apply This is useful for preventing the logging of sites like antivirus updates operating system updates etc Enter the domain or sub domain of the website you would like to exclude from being logged to the iboss Reports database Enter the domain in the text box below and click the Add button To remove a website domain from the Ignore List select the domain and click the Remove button located at the bottom of the page When you are finished click the Done button 7 3 Reporter This section brings you to the web interface of the Threat amp Event Console Please refer to the Threat Console Manual for more information Version 7 June 24 2014 Page 93 of 159 iOOSS 8 Configure Controls The Configure Controls menu lets you choose options for configuring the current iboss Internet controls Controls Y Web Categories Applications Social Media Allow List sock List Keywords 3andwidth Shaping Ports Content MIME File Extensions Domain Extensions Sleep Schedule Monitoring Exceptions URL Lookup Figure 61 Configure I nternet Controls Menu Web SSL Categories This section allows you to block or allow website content based on categories Applications Management This section allows you to configure access to web applications that the iboss can manage You may choos
11. 73 Social Streaming Radio Controls This feature allows you to block Spotify 8 1 3 3 Pinterest Controls Pinterest Controls Block Board Creation O 10 Block Board Updates O 10 Block Pin Creation O Block Pin Updates O v0 Block Friend Invites E ua tt i ET Block Comment M10 Block Profile Uodates Ce OCK Apena linw Bw BIOCK LIKING A N BIOCK C Commenutung a N d BIOCK PrOMe Upaates ee Restrict Searching Health amp Fitness O 10 History 10 Events O o KIOS oD illustrations CH Photo O o Science v0 Sports o Tech CH Travel O 10 Gifts O 10 Animals O o Figure 74 Pinterest Controls These features allow you configure particular sections of Pinterest websites The following options are available to choose to block Block Board Creation Block Board Updates Block Pin Creation Block Pin Updates Block Friend Invites Block Liking Block Commenting Block Profile Updates Version 7 June 24 2014 Page 106 of 159 Restrict Searching to selected categories Architecture Art Education Geek Health amp Fitness History Events Kids lllustrations Photo Science Sports Tech Travel Gifts Animals 8 1 3 4 Facebook Controls Facebook Controls Block Posting Block Emai Block Question Posts Block Photo Upload ED CRS Block Events a E wr Block Video Upioad Figure 75 Facebook Controls aD ap Block Commenting Block Chat Block Games iooss NETWORE SECURITY Block Friending
12. Activate button to proceed with your iboss activation Current Date amp Time Indicates the current date and time The date and time are synchronized when the iboss establishes a connection to the gateway and are important for performing Internet scheduling and report logging The local time zone settings may be set from the Edit My Time Zone page under My Preferences Version 7 June 24 2014 Page 22 of 159 NOTE Not all features are available to District Level Admins IDOSS NETWORE SECURITY Note The date amp time will only be displayed when the iboss status is Enabled Enable Disable Filtering Button The Enable Disable button is located above to the Filtering Status field It is useful for quickly enabling and disabling your iboss filtering If your status reads Not Enabled clicking the Enable button will enable filtering You may also choose to Disable for time periods such as 15 Min 30 Min 1 Hour 2 Hours 12 Hours 24 Hours or Until Re enabled 4 2 2 Quick Links This section provides links to common sections within the SWG interface 4 2 3 Bandwidth Shaping Pools This section provides a quick view of the current bandwidth pools 4 2 4 Firmware This section displays model and Firmware Version allowing for quick update actions 4 2 5 URL Lookup This section allows you to quickly lookup a URL on which categories it falls under 4 3 Main Menu The Home menu allows you to ch
13. Logging Allows you to enable and disable logging of violation attempts for the current set of blocked website categories Log reports may be viewed on the iboss Reports page The report information includes date time user website address and category of the violation Enable Stealth Mode Allows you to stealthily monitor Internet activity without blocking access to forbidden sites With both Logging and Stealth Mode enabled you can monitor Internet web surfing activity by viewing the log reports on the iboss Reports page while remaining unnoticed to Internet users on the network Enable HTTP Scanning on Non Standard Ports If this feature is enabled the iboss will scan for HTTP web requests on non standard ports Allow Legacy HTTP 1 0 Requests If this feature is enabled the iboss will allow HTTP 1 0 requests that are missing the HOST header Disabling this feature provides a higher level of filtering security and makes Version 7 June 24 2014 Page 97 of 159 iOOSs bypassing the filter more difficult If this feature is enabled it may provide more compatibility with older non HTTP 1 1 compliant software Enable D Theft IP Address URL Blocking Protects against potential identity theft attempts by notifying you when someone is trying to steal your personal information through Internet Phishing Enabling this feature will also block users from navigating to websites using IP address URL s 8 1 1 3 Categories Strea
14. Version 7 June 24 2014 Page 112 of 159 io ss NETWORE SECURITY Enable Allow list Navigation webpage This will give you a page that has a list of the allowed sites to be able to give to your users You may select the Enable Allow list Navigation webpage if you wish to allow access to a built in iboss website that will display links to all sites on the Allow list To apply changes click the Apply button Note The Allow list Navigation webpage will only display when the Allow ONLY feature is enabled Default Timed URL Timeout This is the default setting for when adding sites on this list By default sites added to this list will remain until removed There are options to choose a time limit as a default for removing it after the specified time Once you have changed any of these settings click the Save button 8 1 4 2 Allowlist Enter the URL of the website you would like to allow in the text box below and click the Add URL button You may enter a maximum of 1000 website URLs across all profiles Each URL may be a maximum of 255 characters in length To remove a website URL from the Allow list select the URL and click the Remove button located at the bottom of the page When you are finished click the Done button Enter URL ex domain com field to enter the domain or URL to allow URL Timeout select how long you would like the URL to remain on the list Global Option to apply rule across all filte
15. Web SSL Categories page allows you to configure the current iboss Internet website category blocking settings log settings Stealth Mode and Identity Theft Detection options 8 1 1 1 Category Scheduling Advanced Scheduling for Filtering Categories Gruup lt Group 1 A tor the Advanced Lategory Scheduling to function the category to be scheduled must be currently blocked Apply Schedule To All Categories Apply Schedule To Spccitic Vay below Monday luesday Figure 63 Category Scheduling Version 7 June 24 2014 Page 96 of 159 iOOSS You may use advanced scheduling to create custom allow and block times for Filtering Categories You may use different schedules for the different days of the week by selecting the day and setting the schedule For Filtering Categories you will have to select a Category to Schedule Green or checked indicates access is allowed during the time block specified Red or unchecked indicates access is blocked during the time block specified Note For the Advanced Category Scheduling to function the category to be scheduled must be currently blocked on the Internet Category Blocking setup page 8 1 1 2 Additional Settings Additonal Settings Enable Logeing YES m Enable Stealth Mode Enable Strict Safesearch Enforcement Enable HTTP Scanning YES m Allow Legacy HTTP 1 0 TES w Enable ID Theft iP 10 on non standard ports requests Addres URL Blocking Enable
16. able logging of all file types By default this is disabled for images and resources on the page may not be logged in the URL Log Log Auditing Events This allows you to enable or disable logging of auditing events These are changes that are made in the controls of the iboss by delegated administrators You can go to the Logs section of the reporter and change the Audit Only field to Yes allowing you to see all changes made to the configuration of the iboss and by whom Log Domain Bandwidth This allows you to enable or disable the logging of bandwidth per domain for Statistics This is disabled by default for faster performance Log All SSL Connections This allows you to enable or disable logging for SSL connections Log Current Activity Monitory This allows you to enable or disable the current activity monitor Version 7 June 24 2014 Page 92 of 159 7 2 URL Pattern I gnore List URL Pattern Ignore List URL Patterns beroen URL Pattern facebook com plugins connect facebook net commons wikimedia ongwiapipnp api flickr com services F en wikipedia org w api php api twitter com platform twitter com widgets apps apis google com F api linkedin com services digg com api bing com F facebook com extern login_status php Figure 60 Report Settings URL Pattern I gnore List Eb Eb Eh Gp E Bh i Ep Eb Ep E E 1 This page allows you to add domains which you do not wish
17. ackup Alerts O m Figure 127 Automated Scheduled Backup You can setup a schedule to create a restore point of the settings on a daily weekly or monthly schedule This saves a restore point onto the iboss device Backup Folder Settings You can save these scheduled restore point backups to a SMB Share folder You will want to enable this feature and setup the folder path and authentication settings Email Status Alerts These options will allow you to use an SMTP server to email you when a backup was successfully run Version 7 June 24 2014 Page 153 of 159
18. ample A site belonging to both Education and gaming would be blocked if the policy is to block all gaming If Education priority is bumped to 1 or anything higher than that of gaming then the site is allowed Locked A Delegated Administrator will not be able to alter the category settings of those flagged as Locked No Override A Delegated Administrator will not be able to add URLs to the Allow list if they belong to a banned category marked as No Override 8 1 1 4 Identify Theft Phishing IP Address Blocking Page When a page Is blocked from of the iboss due to detection of Identity Theft Phishing IP Address URL Blocking this page will show up in the web browser to the user You may manually login and add the blocked Identity theft page IP address to the allow list if you feel that you have received the Identity Theft Detection in error by typing in the password and pressing Login Version 7 June 24 2014 Page 99 of 159 jooss NETWORK SECURITY 8 1 2 Application Management Application Management Group lt Group z gt gt Chat Applications 3 gt Gaming Applications 2 gt File Sharing Applications 2 gt Ultrasurf Tor High Risk Activities Device Lock 2 Additional Settings 2 Figure 65 Application Management The Application Management section allows you to configure the current iboss program blocking settings 8 1 2 1 Chat Applications Chat Application
19. as an Override Group which can be used as a method of temporarily changing to a different filtering group This filter group should be given a priority higher than any non Override filter groups a user may belong to The Override Group will never be assigned via transparent login A user presented with a block page may revalidate his her credentials and be bumped up to the override group until logging out or Override Timeout is reached Override Timeout This timeout field will move the user back to their original filtering group when this time Is reached Once done configuring the settings click the Update Group button 10 1 2 Copy Group Settings Copy Group A Note When you copy settings from one group to another ail filtering settings from the destination group will be erased and replaced with the source group This process is not reversible and the original settings Tor the destination group will be lost Can Manage Filter Settings Group 1 Destination My Group 4 Group 5 Update Group Figure 117 Groups Copy Group Settings Group 5 2 Figure 118 Copy Group I con To copy group settings from one group to another click the double document icon to pull up the Copy Group Settings Version 7 June 24 2014 Page 145 of 159 iooss NETWORE SECURITY The Copy Group window allows you to quickly copy filtering settings from one group to another or several Select the group to copy se
20. e allows you to adjust the settings for real time user activity monitoring feature The iboss can monitor user activity in real time and send email alerts or perform desktop video recordings when a predefined level of activity is reached This allows you to have 24 7 awareness of network activity User activity monitoring must be enabled for the group in order for the settings to take effect If real time user activity monitoring is disabled monitoring by trigger thresholds is disabled for all computers in the group Version 7 June 24 2014 Page 127 of 159 io ss NETWORE SECURITY Real time User Activity Monitoring This setting enables trigger based real time monitoring for the group If this setting is disabled for the group any additional options for this page have no effect Trigger Level And Interval Trigger when specified number of events occur within a chosen time period Real time Email Alerts This setting will cause the iboss to send an email alert when the above threshold criteria is reached The alert will occur when the trigger Is reached to allow you to respond when certain activity IS occurring Note The email address that these alerts are going to be sent to can be configured below for this group or in the Settings section of the Reports interface Group Email Contact This is the email where real time alerts will be sent for activity related to the currently selected group If left blank the email address spec
21. e per line in the area below x Cancel Figure 87 Block list I mport You may import a list of domains to import To import click the I mport button Please paste URLs one per line with a maximum of 255 characters per domain IP URL Once you are done click the Import Now button Version 7 June 24 2014 Page 118 of 159 io ss NETWORE SECURITY 8 1 6 Keyword Blocklist Allowlist Keyword Blocklist Allowlist Group lt gt e defined Key 2 Adult F ves High F uJ gt Risk e D Allow High Add Keyword Wildcard Risk Globa Match Keyword Allow Keywo Wildcard High Risk Giobal Actions tit No Yes No No D Sexy Nu Nu Nu Nu Ey naughty No No No No by Figure 88 Keyword Blocklist Allowlist This feature allows you to create keyword Block lists The iboss will block Internet sites that contain these specific keywords in the URL In addition web searches using the keywords in the list s will also be blocked 8 1 6 1 Pre Defined Keyword Lists You may select from pre defined keyword category lists Each category contains its own keyword list To enable a keyword list select the checkbox next to the category You may view and edit the list by clicking on the pencil icon to edit the list When you are finished click the Save button High Risk The words on this list will send the administrator of the group an email notification when searched 8 1 6 2 Keywords Enter the custom keyword that you would like to bl
22. e to block Chat Instant messenger programs File Sharing programs FTP amp other protocols for Data Leakage Protection DLP Advanced Social Media amp Web 2 0 Controls This section allows you to configure some of the social media sites and other web 2 0 sites like advanced Google and YouTube features Another feature includes Version 7 June 24 2014 Page 94 of 159 iOOSS Pinterest Controls In addition using the Local SSL Inspection Agent or Gateway SSL Decryption other controls appear that can be used for social media sites such as Facebook Twitter and LinkedIn as well as more advanced Google controls Allow List This section allows you to permit access to specific websites by adding them to the Allow List Block List This section allows you to block access to specific websites by adding them to the Block List Keyword Blocklist Allowlist This section allows you to block specific keywords from searches or full URL s by adding them to the Keyword list Bandwidth Shaping This section allows you to set bandwidth restrictions limits amp reservations on users groups domains or web categories Additional modules allow you to setup bandwidth pools for parent and child rules Port Blocking This section allows you to block specific ports or port ranges with Protocol and Direction Content MI ME Type Restrictions This section allows you to block specific content types and MIME types from being downloaded through th
23. e web File Extension Blocking This section allows you to block specific file extensions from being downloaded on your network Domain Extension Restrictions This section allows you to block or allow specific domain extensions from being accessed Sleep Schedule This section allows you to schedule access to the Internet on a schedule Real time Monitoring Recording This section allows you to set notification alerts for real time monitoring and recording when thresholds are met Exception Requests f enabled a link on the block page will allow users to request the page be allowed The requests are managed from this page URL Lookup URLs can be searched here to determine how they are categorized You can also submit a site for re categorization Version 7 June 24 2014 Page 95 of 159 8 1 1 Web SSL Categories Categories Streaming Radio TV gggag Prinrity Ads gogog Pom Nudity 1 O jef Priority Audio amp Video O be ES Dictionary Ole ia tS Priority Dating amp Personals Oa ie PS praes BOE Mony Enataiment ENEJ C pranc le le mony rone o fe Gambling O x Games GJEJ cust Eon vey el Mobile Phones EIJEJ i EJ S News EJ JEJ SS Private Websites CIES fats ae Wah Droxige arc le 2 r a sero SAHAM v s EAE O E Travel AJEJ g Violence amp Hate EIJE Cc ve lolx E rory wera Ox ie Known Category gt o O Ea Guns amp Weapons SiO spay Figure 62 Web SSL Categories The
24. en Ultrasurf high risk activity is detected allows you to specify an amount of time in minutes that the user would be locked for This will lock the computer from going to the Internet from the time it has detected this event for the amount of minutes that you specify The suggested setting for this value is 5 minutes but you can set a lower or higher value You can unlock a computer manually by finding the computer under the Groups gt Computers tab and click Unlock WARNI NG These features should NOT be enabled if the iboss SWG is OUTSIDE of a NAT firewall If they are enabled and the iboss is on the WAN side of a NAT firewall any user on the network that triggers the lock due to high risk programs activities will lock Internet activity for all other users on the same network If you are not sure of your network topology please contact your network administrator or iboss support Version 7 June 24 2014 Page 103 of 159 io ss NETWORE SECURITY 8 1 2 5 Additional Settings Acaiiona zi Pa Lepe pg fn mi j rer ep i 5 fun tla 4 mi mrn KITE SSH F Serre mi Rinck RDO Ramote wy Kiew E Iinromng HIP Shell Access Desktop Access Traffic ni a ve rrn YES mi Iom mrem i a W a EA m eer f gt aa Block Outgoing FIP Block Ping ICMP U i LUynamic Proxy i in Traffic Blocking Glyphe Block Hotspot E Block SSL on a Bom Block Rogue u Bey Shield Non standard Ports Encrypted Connections Pri eA K i EA fal n RAE Oe 4 ws et as
25. ess Delegation Settings are enabled Version 7 June 24 2014 Page 147 of 159 io ss NETWORE SECURITY 10 1 1 1 General Type You can select User or Admin Login AD LDAP Group Selecting Admin Login AD LDAP group allows administrator logins to the iboss from an AD or LDAP group User Enter the username or group name in this User field Authenticate via LDAP You can enable this option to authenticate the user via LDAP to use the user s password within LDAP Password Set the password for the user if you do not have Authenticate via LDAP option selected First Name Enter the user s first name Last Name Enter the user s last name Session Timeout Enter the amount of minutes until the user is logged out of the Internet Access Window The default is 0 which will not log the user out automatically with this option Note This allows you to enter a note for the user Apply Filtering Group This option allows you to specify which group the user will fall under when they authenticate You can also select No Filtering which is the last option to bypass filtering for this user 10 1 1 2 Delegation Add User Genera Delegation Settings Administrator YES m Administrator Type elegated 7 Permissions one selected v Filter Settings Group Access None selected Default Management Group BYOL Gg Close Figure 121 Users Delegation When adding a user to the iboss you will also have options to give
26. f cr pi g a t Block Ali Googie Encrypted Access i Bag Extended Google Appspot Analysis Bae ma Rlock Google Farth O no Figure 80 Google Controls Features in the red box above need SSL Decryption These features from Google in allow you to control specific sections of Google by decrypting and enabling these features Google features that are available when enabling the SSL inspection Agent Enabling Gateway Decryption are Block Google Drive Block Google Offers Mi Block Google Groups Block Google Wallet Block Google Latitude Block Shopping Block Google SketchUp Block Googe Sites Version 7 June 24 2014 Page 110 of 159 Block Google Orkut Block Google Trends Block Google Maps iooss NETWORE SECURITY Block Google Picasa Block Google Videos Block Google Panoramio Block Google Cloudprint Block Google Plus Google Translation Filtering This feature blocks violation sites from being translated using Google Translation Google I mage Search Scrubbing This feature strips out images on Google Image Searches that come from violation sites that are block by the categories Block All Google Encrypted Access This feature blocks all encrypted Google services Extended Google Appspot Analysis This feature lets you allow access to appspot com but block Subdomains of appspot com based on DNS Block Google Earth This feature blocks Google Earth
27. icense GPL GNU Lesser General Public License LGPL or other open source software licenses Copies of the GPL and LGPL licenses are available upon request You may also visit www gnu org to view more information regarding open source licensing The GPL LGPL and other open source code used in iboss Inc products are distributed without any warranty and are subject to the copyrights of their authors Upon request open source software source code Is available from iboss Inc via electronic download or shipment on a physical storage medium at cost For further details and information please visit www iboss com Version 7 June 24 2014 Page 1 of 159 4 INTERFACE 4 1 Dashboard ib ss tiltering Enabled Y brea oa A4 m O Niina wkuj EIR Q Luukup URL A A Figure 2 Home Page 4 2 Widgets 4 2 1 Filtering Status This indicates the filtering status of your iboss The following values may be displayed Enabled Indicates that your iboss is Enabled and Active Disabled Indicates that your iboss is not enabled Connecting When the iboss is enabled it must first establish a connection to the gateway This indicates that the iboss is attempting to establish a connection Must Activate or Subscription Expired If you have a new iboss and need to activate your subscription or your iboss subscription has expired the Activate button will appear next to the filtering status field Click the
28. ified in the reporter under settings will be used for alerts related to this group Use a semicolon between email addresses to specify more than one email address Send Alert When User Enters Group This setting will cause the iboss to send an email alert whenever a user enters into this filtering group Alerts will only be sent when a user logs in manually with override and will not be sent when a user is authenticated transparently Send Alert When User Leaves Group This setting will cause the iboss to send an email alert whenever a user exits from this filtering group Video Desktop Recording This setting enables a desktop recording to occur when the above threshold criteria is reached In addition you can specify the duration of the desktop recording The computer must be registered with the iboss and have VNC enabled for this setting to take effect In addition the computer must have a compatible VNC application installed and running This is where you will specify how long to record the video Include The Following Categories This is where you choose the categories to include in the trigger thresholds Version 7 June 24 2014 Page 128 of 159 io ss NETWORE SECURITY 8 1 14Exception Requests Exception Requests Group lt aroup 7 gt Enable URL Exceptions Requests Q Allow users in this group to request res URL Exceptions elt Service L URL 2 Allow users in this group to use CZ self service website lookup Include
29. ile Sharing Friend up Guns amp Weapons Mobile Phones Porri Child Real Estate Shopping Tedhnulugy Violence amp Figure 58 Report Settings Log Web Statistics BA BB 5 A E 5 E A B AAR 4 E Adult Content Audiu amp Video Drugs Finance Gerrtblis g Health News Purr Nudity Religion Sports Toolbars Warez id Jo gt w O K 5 A 3 E V Alcohol amp YES Q Tobacco Business Education tood Gano QA Image YES m Video Search c Organizations 2 9 Privale Websites T 9 Search Engines Streaming Racio IV Trapu laliurn A Web Hosting IOOSS m SO Datit g amp Personals Entertainment Forums Jobs Political Services Sex Ed cD Travel m Qoverrmnerd Professiuricl Swarttsuit Web Proxies This allows you to enable or disable logging for web statistics You may choose from the different categories to log Version 7 June 24 2014 Page 91 of 159 7 1 3 Additional Settings Additional Settings Log Bandwidth Statistics Log All File Types Log Audit Events Log Domain Bandwidth Log All SSL Connections Log Current Activity Monitor Figure 59 Report Settings Additional Settings Log Bandwidth Statistics This allows you to enable or disable logging bandwidth statistics Log All File Types This allows you to enable or dis
30. le groups Use the custom category feature to avoid adding the same URL to multiple groups This feature allows you to create custom Allow list categories Enter the URL of the website you would like to add in the currently selected category then click the Add URL button Any group that has this category checked will have the URLs in this category applied YouTube Video Category This option allows you to allow specific YouTube videos while the Audio Video category still blocks the YouTube site Apply Keyword Safe Search Allows the domain or URL but apply Keyword comparison and Safe Search 8 1 4 4 Allowlist Import Import List Paste Uris one per line in the area below F Global Apply Keyword Safe Search x Cancel Figure 84 Allowlist I mport You may import a list of domains to import To import on the Allowlist or custom Allowlist click the Import button Please paste URLs one per line with a maximum of 255 characters per domain IP URL Once you are done click the Save button Version 7 June 24 2014 Page 115 of 159 iooss NETWORE SECURITY 8 1 5 Block Specific Websites Block List Group lt sroup a gt tom Category Assignments D Custom Categories Chosen Categories Block List 2 Globa Url Global Actions supyall com No t F yippee com No D Figure 85 Block Specific Websites This page allows you to block specific website URLs from being accessed on your network Enter the URL of the website
31. m being accessed by a particular group You may choose to Block the domain extensions in the list or to Only Allow the extensions in the list If you choose to only allow the domain extensions in the list then any domain whose extension is not in the list will be blocked Alternatively if you choose the block the extensions in the list then all access to all other domain extensions will be allowed For example you may choose to allow only domains that end in com and net Any domain that does not end with those extensions will be blocked Enter the domain extensions in the text box below and click the Add button You may enter a maximum of 2000 domain extensions across all profiles Each extension may be a maximum of 15 characters in length To remove an extension from the list select the extension to remove and click the Remove button located at the bottom of the page Click the Done button when you are finished Note These settings do not apply to web access to direct IP addresses You can block direct IP address access by going to Internet Controls gt Block Specific Web Categories gt IP Address blocking 8 1 12 Sleep Schedule Sleep Schedule Group lt roug j gt Temporary Bypass 2 Bypass Internet Sleep Schedule For Force Internet To Sleep z if For lt F a ageri I gt Select scnecuie Figure 95 Sleep Schedule Internet Sleep Mode allows you to put your Internet connection to sleep disabling all Inter
32. ming Radio TV Figure 64 Category Example a J Locked No Overrides These are categories in which Internet websites are grouped You may choose categories from this list that you wish to block on your network In addition to blocking access to these website categories the iboss will also log attempted access violations if logging is enabled Examples of website categories are Ads Forums Private Websites Adult Content Friendship Real Estate Alcohol Tobacco Gambling Religion Art Games Restaurants Food Auctions Government Search Engines Audio amp Video Guns amp Weapons Services Bikini Swimsuit Health Sex Ed Business I mage Video Search Shopping Dating amp Personals Jobs Sports Dictionary Mobile Phones Streaming Radio TV Drugs News Technology Education Organizations Toolbars Entertainment Political Transportation File Sharing Porn Nudity Travel Finance amp Investment Porn Child Violence amp Hate Version 7 June 24 2014 Page 98 of 159 iDOSsS Virus amp Malware Web Hosting Web Based E mail Web Proxies Allow Block Stealth Specifies whether the category is blocked or allowed for this filtering group Designating Stealth will flag as a violation but will not actually block Priority By default Block has priority over Allow A site belonging to multiple categories will be blocked if ANY of those categories are blocked unless a category with a higher priority is allowed For ex
33. net traffic to and from a particular group This is beneficial for when the Internet doesn t need to be on or accessed You may manually force the Internet to sleep by selecting a time period under the Force I nternet To Sleep For section and pressing the Sleep Now button You may also bypass the sleep schedule by selecting a time period under the Bypass I nternet Sleep Schedule For section and pressing the Bypass Now button When manually forcing the Internet to sleep or bypassing the sleep schedule a countdown timer will show that will allow you to cancel the forced sleep or cancel the bypass Version 7 June 24 2014 Page 125 of 159 io ss NETWORE SECURITY You may setup a daily schedule or an Advanced Schedule by which to put the Internet to sleep under the Sleep Schedule section When the Internet is in Sleep Mode the Internet Sleep Mode page will be displayed in the web browser if Internet access Is attempted To customize the message that appears on the Internet Sleep Mode page go the custom block page messages under preferences You may override Internet Sleep Mode and wake up your Internet connection by entering the iboss login password into the Internet Sleep Mode page when it is displayed 8 1 12 1 Sleep Mode Page When a page Is blocked from violation of the iboss sleep mode schedule this page will show up in the web browser to the user You may manually login and turn off Internet Slee
34. ock in the text box below and click the Add button You may enter a maximum of 2000 URL keywords across all profiles Each keyword may be a maximum of 19 characters in length letters and digits only To remove a keyword from the list select the keyword and click the Delete Selected button located at the bottom of the page Allow Keyword Checking this option will allow the word if it is in the URL within a keyword parameter Wildcard Match Checking this option will use wild card matching on the keyword When wild card matching is used the entire URL is searched for the keyword pattern If wild card matching is not used the iboss will analyze the URL for queries containing the keyword s entered Version 7 June 24 2014 Page 119 of 159 High Risk This option will send a notification to the group administrator when searched for Global This option will span across all filtering groups when selected When removing a Global entry it will remove the entry from all filtering groups Keyword Searching You can use the search filter input box to the right to filter the keyword list view You can import a list of keywords to block by clicking Import You may remove keywords by checking the keyword and clicking the Delete Selected button 8 1 6 3 Keyword I mport mport List Paste Keywords one per line in the area below a F High Allow Keyword a Wildcard Risk Figure 89 Keyword I mport You may impo
35. oose options for configuring the current iboss settings These are options to choose from Dashboard Threat Console Controls Preferences Groups Tools Network Firmware Subscription and Support Dashboard This option allows you to view status of the filtering and firmware version as well as quick links and tools that are most useful Threat Console This option allows you to view your iboss report logs and configure settings for the Threat Console Controls This section allows you to configure filtering policies for existing groups Preferences This section allows you to edit preferences including E mail options Web GUI password time zone and custom block messages Groups This section allows you to identify computers and users on the network as well as create filtering groups This is also where you would create delegated administrators with the ability login to the iboss and access some or all portions of the User Interface Tools This section is where to clear internal DNS caches for the iboss and access the Backup amp Restore menu This is also where to trigger Filter to MDM synchronization if necessary Network This section allows you to configure your iboss network settings Version 7 June 24 2014 Page 23 of 159 iOOSS Firmware This section includes all firmware information for the iboss and allows you to update the firmware when updates are available Subscription This page allows you to view your
36. p Mode by typing in the password and pressing Login The Sleep Mode will continue at the next scheduled time Version 7 June 24 2014 Page 126 of 159 8 1 13 Real Time Monitoring Recording Real time Monitoring Recording naring Real time llser Artivity Enable Real time Activity Monitoring Activity Gwent Count Enable Wideo Desktop Recording Enable Group VNC Password Monitor the Following Categories Ads ArT Farciness ve CE Lika StU Adult Content Aucdons Dating amp Parannals 1 Actraty Interval Period 1 mites Alcohol amp Tobacco Audio amp videa Nirctinnary Drugs i Education Entertainment File Sharing i Finance Food Forums Friendship Gambling Games Government Guns amp Weapons Health Image Video Search Mobile Phones Politica Private Websites Religion TELETELE Mews Pom Child Professional Services Search Fngine lt Organizations Pon Mudity Rea Estate Ser Fe Shopping Sports Streaming Radio TV Swimsuit Technology Toolbars Transportation Trave Violence amp Hare Werez Web Hosting SUUUHUR EERE e ee Web Proxies EE iooss NETWORE SECURITY ALLELE Viebmai Save ea eE Aiert uv Enable Email Alerts O x Save Figure 96 Real time Monitoring Recording Note The VNC recording feature Is not included by default and may not be available on all models It is a feature add on upgrade This featur
37. ps are used to apply Internet filtering rules to computers and or users on your network You may customize the group names to easily identify its purpose Group names may be up to 50 characters in length You can move filtering groups in the tree for easier viewing by clicking and dragging the filtering group Version 7 June 24 2014 Page 143 of 159 iooss NETWORE SECURITY 10 1 1Edit Filtering Group Edit Group 3 Name BYOD Group Name org Alias Group Names Logging veS Priority 3 Reporting Group 0 Override Group O vo Override Timeout 0 Note Update Group gt Figure 116 Edit Group To edit the filtering group click the pencil icon next to the filtering group name Group Name You can configure the Group Name to match Security Group names or OU group names This is determined based on your directory integration options for sending group names Alias Group Names You can enter multiple group names in this field one per line that will match directory group names These groups that match will be grouped together to fall under the same filtering group policy Logging This option enables logging for this filtering group Priority If a user matches multiple filtering groups within the iboss the one with the highest priority number will take precedence Version 7 June 24 2014 Page 144 of 159 io ss NETWORE SECURITY Override Group An iboss filter group may be designated
38. ring groups Keyword Safe Search if you would still like to have keyword and safe search enforcement applied to the domain being bypassed Once you have entered in a URL or domain click the Add button URL Filter This feature allows you to search through the list You can enter part of the domain like Google to see any URLs that are in this list with that word in it You can click Apply to view entries in this list To clear the filter delete the entry in this field and click Apply Sorting You can click on the URL word to sort the list alphabetically Removing Remove a URL by selecting the checkbox next to the URL and click the Remove button at the bottom Version 7 June 24 2014 Page 113 of 159 NETWORE SECURITY 8 1 4 3 Custom Allow list Categories Allowlist Custom Categories Choose Category Students Allow Category Name Students Allow YouTube Video Category Category Schedule Always Enabled Advanced Schedule M EEEa Category Urls 2 SafeSearch F Url Safe Search Actions F test com No ln oa F blah info No ny F kdjiejifejj jax No T F iidudu inof No D F hippy net No Di irl mn rnm Alm Tent x Figure 83 Custom Allow list Categories Version 7 June 24 2014 Page 114 of 159 iooss NETWORE SECURITY Select the custom allow list categories to apply to this group These categories allow you to create custom lists of URLs that can be applied to multip
39. rt a list of keywords to import Please paste keywords one per line with a maximum of 19 characters per keyword You may select Allow Keyword Wildcard and High Risk when importing Once you are done click the Save button Version 7 June 24 2014 Page 120 of 159 8 1 7 Bandwidth Shaping Bandwidth Shaping Global Settings CED Cnable A andw dth AlO rat sla u A 54735 j LAL Downstream Upstream Add gt ti rPUOU I Critical Services AARON POOL Unshaped Figure 90 Bandwidth Throttling i s R i a Maw Min 1 00 Gb s 733 21 Mb s amp 1 00 Gb s 171 91 Mb s 585 81 Mb s 151 51 Mb s iooss NETWORE SECURITY UINSHAPFN NOWNSTRFAM 676 58 Mb s LINSRAPFN LIPSTRFAM 266 79 Mb s 2 Rules Realtime Usage Actions s toa 0 7 m 0 00 Kb s 0 00 Kb s 1 m qua uUa 0 00 Kb s 0 00 Kb s There is a separate more comprehensive manual for the Bandwidth Throttling QoS feature Please request this from iboss Support for the iboss Enhanced QoS amp Bandwidth Shaping Datasheet Version 7 June 24 2014 Page 121 of 159 iooss NETWORE SECURITY 8 1 8 Port Blocking Port Blocking Group lt M Port Blocking Settings 2 Name Port Port Protocol Direction tnabled Start End 1 SSH 22 22 Boh Tep Udp Both In Out r fa ob me DS Woa e 4 gt B o amp B oe up h oa CD 5 0 amp B o up n o DY Port Blocking Schedule e Always Block
40. s AE eee danced Sci f9 Advanced Scheduli Select Schedule for Advances Schi 2a RN SS ES Edili E Chat Apps selec al CHD aoe r r 5 E un yel as Oi n a gmi _ ee E n AUL INStTant a 4 Yanood Messenger a a ra F100 HHS lFansrer a 4 Messenger es i EA et ae Eh a eee E E A Ca E ico W no MSN Messenger W o IRC internet Relay W o Chat bber CHP Figure 66 Applications Chat Applications This category contains applications used for online messaging and chat The iboss can block the selected program s and log attempted violations Examples of applications in this category are Al M AOL Instant Messenger MSN Messenger Yahoo Messenger Yahoo File Transfer IRC Internet Relay Chat ICQ J abber Version 7 June 24 2014 Page 100 of 159 io ss NETWORE SECURITY Advanced Scheduling Allows you to schedule daily access for selected chat programs This option will bypass blocking for chat and instant messenger programs during the specified time 8 1 2 2 Gaming Applications Gaming Applications ed Sc m MAdvanced Scheduling Select Schedule for Gaming Apps ae ai 4 Fuse fi f ai a eb i us E et N E i fu a YYOWNG OT WWorcrait iad station sony com ay Dalvie Net fe Select All NO h Gh V XBOX Figure 67 Applications Gaming Applications This category contains online gaming applications The iboss can block the selected program s and log attempted access violations Examples of applications in this categor
41. s SWAG is OUTSIDE of a NAT firewall if they are enabled and the iboss Is on the WAN side of a NAT firewall any user on the network that triggers the lock due to nigh risk programs activities will lock Internet activity Tor all other users on the same network if you are not sure of your network topology please contact your network administrator or iboss support Enable om Send email alert iC Ultrasurt High Risk activity lock Lock computer 2 Minutes jm Figure 69 Ultrasurf Tor High Risk Activity Device Lock Enable Ultrasurf High Risk activity lock This feature blocks the use of Hotspot Shield OpenVPN Spotflux and Expat Shield It also allows you to lock the Internet for a user if the use of Ultrasurf Tor Proxies is detected This blocks all Internet access so that when the user opens a web browser they will be informed that the detection has occurred and that they must disable the program The Internet will be blocked for the specified time Send email alert This option will inform the iboss administrator that the detection has occurred when the event is detected By default it will email the address setup for the User Alerts Reporter gt Registered Devices The individual filtering group can have a group email contact under Controls gt Monitoring The email address listed in the Monitoring section for any given group will override the master alerts email address listed in the Reporter Lock computer Wh
42. search com Cleanvideosearch com Is a site that provides searching for videos from YouTube com while enforcing Strict Safety Mode and stripping out all comments and related videos You can set this option on a per group basis Enable I ntegration with goLive Media Library www golivecampus com This feature allows you to block YouTube com but allow videos to be played from golivecampus com Golivecampus com Is a site that allows you to granularly choose which videos are allowed to be viewed with channels that can have videos linked on them Block iPad YouTube App This option allows you to block the YouTube App on mobile devices Enable YouTube EDU integration This feature integrates with YouTube for Schools This allows you to enter your YouTube School ID and this will be appended to each request to YouTube allowing only educational videos from YouTube to be allowed to play 8 1 3 9 Google Controls Block Google Drive Block Google Offers Block Google Wallet Block Shopping mi l f i l i Block Google Picasa U ock Google Videos Biock Google Block Googie Cioudprint Panoramio rai j a rl i a ml e el g I ROCE Lone LOUS E ROCE nee I ATi d RIE Lone SKATE MEU of ee i mrs amp col F i a a ri Pag 1 qp BIOCK l200gle Sites i Biock Go Ope UTKUT z BIOTEK LOOO Irenos Block Google Play Block Gmail I p ae ete e YES la x Le ae i T a a Googie Translation Filtering Google image Search Scrubning U no ri ate a
43. subscription status and add or update a Subscription Key Support This page allows you to access information for support for the iboss SWG 4 4 Top Shortcut Bar Use the top right shortcut menu to Disable Filtering as well as changing the admin password and logging out Version 7 June 24 2014 Page 24 of 159 iOOSS 7 Threat Console This section allows you to configure how the SWG will log and report traffic flowing through it You can configure the device to have onboard reporter to report to an external reporter 7 1 Report Settings 7 1 1 General Settings General Settings Configure iboss for External Report Manager G Go To External Report Manager 012816118 IP Address 10 128 16 118 Database Password eeseess 19F734250253619D381F4DFDED3SA Security Key Figure 57 Report Settings General Settings Configure iboss for You may choose between Onboard Reporting and External Report Manager If you have an External Report Manager please choose External Report manager and refer to the following fields IP Address Enter the IP address of the External Report Manager Database Password Enter the database password setup for the reporter Default is ibossdb Security Key Enter the security key from your reporter after adding it as a registered gateway Version 7 June 24 2014 Page 90 of 159 7 1 2 Log Web Statistics Log Web Statistics a Ads Turn Logging on Auctivre Dictonary F
44. this group In self service Cr website lookup 27 Requested URL Exceptions Appiy Allow Biock to Request Group Oniy Appiy Aiiow Biock to Aii Groups Uri Date Group Email Message User Actions Figure 97 Exception Requests If enabled this feature adds a section to the block page allowing the user to submit a request to allow the page Notes and the user s email may be included The request will be delivered to the email address es specified at Controls gt Monitoring in the section Group Email Contact if one is specified for the group otherwise it will be delivered to the email specified in the settings of the reporter SS yy YS4YIYIxqXI__I_IIIIIIIIINNNS Login as Different User Request An Exception Email Reason Request Exception 2014 iboss Inc All rights reserved Privacy Policy Terms of Use Acceptable Use Policy Figure 98 URL Exception Request Block Page Version 7 June 24 2014 Page 129 of 159 8 1 15URL Lookup URL Lookup URL Lookup URL Categories Ads 10 Adult Content Auctions uo No Audio amp Video Dictionary wa o Drugs File Sharing O 0 Finance Friendship O 10 Garnbling cunse CH Health weapons Moubile News Phones Purn Chuld O 10 Purrn Nudily Real Eslale O 10 Religion Shopping Qu Spurls Technoulugy o Tovlbars Violence amp Q vo Warez Hate Webmail Figure 99 URL Lookup 9o00 0600 UG Ub Alcohol amp Tobacco Business Educa
45. tion Food Garnes Image video Search OUrgarmzalurs Privale Websites Search Engines Streaming Radio TV Transportation Web Hosting YES 90 086e BENE O E Dating amp Personals Entertemment Forums Government Jobs Pulilical Professiural Services Sex Ed Swimsuit Travel Web Proxies 90 006e 0000 O E NETWORE SECURITY This page provides a utility to query a URL to see how it has been categorized Once a URL has been entered and the Lookup button clicked there will be a message at the top of the screen indicating the database status of the URL The section below will indicate which categories it is assigned Version 7 June 24 2014 Page 130 of 159 iooss NETWORE SECURITY 10 1 Filtering Groups am All Groups Managers f BYOD f m My Group 4 f amp Group 5 f Group 12 f amp Group 1 f Group 6 f amp Group 7 f amp saab f amp Group 9 f amp h ty Tims Experiment C D y Figure 115 Filtering Groups This section shows the Filtering groups that are setup in the SWG filter The Filtering groups can be created in a hierarchal format to easily group different filtering groups together A user or computer would still only fall under one filtering group and does not inherit filtering policies from parent groups The allowed number of filtering groups has been created for you Filtering grou
46. ton to copy the restore point off of the device When a restore point Is created you have the option to delete it off the device download the restore point which contains all of the settings and firmware and the option to restore the iboss device back to a specific Restore Point Restoring the iboss from a restore point must be from the same model of the iboss It does revert back to the firmware version number that the iboss was on when the restore point was created If you have multiple iboss devices and would like to copy settings from one device to another one thing to note is that the subscription key also gets copied and restored This may overwrite your current subscription key for the second unit If this is the case you will want to save the restore point of the second iboss device and after restoring an imported restore point overwrite the subscription key with the original subscription key that was there prior Version 7 June 24 2014 Page 152 of 159 iooss NETWORE SECURITY Backup Manager CYF Backup Status Stalus Restore point creation successfully finished at Tue Jun 24 09 31 23 PDT 2014 Last Run Date Tuesday June 24 2014 Next Run Date Wednesday June 5 2014 Automated Backup Schedule Disabled Roll Logs Dally at 9 30AM Rull Lugs Weekly ur dl 9 30 AN v Roll Logs on day v ofeverymonthat 9 30AM Backup Folder Settings Backup to SMB Share no Email Status Alerts Send B
47. ttings from and a group to copy settings to and then click the Update Group button This will completely overwrite the destination and provides a configuration starting point but there is no connection between the groups from this point 10 1 3 Group Computers amp Users Tabs Group Static Computers Dynamic Computers Jsers Figure 119 Group Computers amp Users Tabs The Groups section has tabs at the top to switch from Static Computers Dynamic Computers and Users for each select group or All Groups Static Computers The computers listed under the Static Computers are Manually Identified Computers and fall under the filtering group that Is selected Dynamic Computers The computers listed under the Dynamic Computers are computers that have been detected going through the iboss and fall in the filtering group that is selected Users The users listed under the Users tab are Users that have been manually added to the SWG and assigned to the filtering group that is selected Version 7 June 24 2014 Page 146 of 159 NETWORE SECURITY 10 1 1Add User Add User General Delegation Time Limits Type User Authenticate via LDAP Password First Name Last Name Session Timeout Note Apply Filtering Group BYOD Figure 120 Add User To add a new user click the Add User button at the top These users will not have access to the iboss settings and cannot log onto the iboss to change settings unl
48. ver on your local network Video Recording There are more options if you have the DMCR feature added This will allow you to put the Port Password and IP address of the client VNC computer Please refer to the Controls gt Monitoring section for more information When finished click the Add Computer button If you want to cancel your changes click the Cancel button 11Tools Tools Backup amp Restore Manager e Clear Internal Caches Clear DNS Caches Trigger MDM Sync Figure 124 Tools This section has quick links for the Backup amp Restore Manager Clear Internal Caches Clear DNS Caches and Trigger MDM Sync 11 1 Backup amp Restore Manager Backup Manager Login Password Figure 125 Backup amp Restore Manager Login The login for this interface requires the full admin password to login Version 7 June 24 2014 Page 151 of 159 io ss NETWORE SECURITY Restore Points New Restore Point Name Automated Restore Point Description Actions TEST No TEST p Base Settings No ju Restore No ji Auto_iBoss_Restore_TEST4_06 Yes Automated Restore Point ial Figure 126 Backup amp Restore Restore Points amp Creating Restore Point Once you login you can see all the restore points that have been created There are no restore points created by default It is recommended to create a restore point after you have configured your controls settings and then click the Download but
49. y are World of Warcraft Battle net StarCraft XBox Station sony com Advanced Schedule Allows you to schedule daily access for selected online gaming programs This option will bypass blocking for online gaming programs during the specified time Version 7 June 24 2014 Page 101 of 159 8 1 2 3 File Sharing Applications v ie Sharing Anp ications HC DNG HNIS ApPppPpHCce JTS File Sharing Select All ID Limewire BearShare YES m Xolox Acquisition YES m ZP2P YES m BitTorrent Edonkey o Manolito i wo Ares Direct Connect O wo Figure 68 Applications File Sharing Applications iooss NETWORE SECURITY 9 0 This category contains online file sharing applications The iboss can block the selected program s and log attempted access violations Examples of applications in this category are LimeWire XoloX ZP2P BearShare Acquisition Ares BitTorrent Direct Connect Edonkey Manolito Advanced Scheduling Allows you to schedule daily access for selected file sharing programs This option will bypass blocking for file sharing programs during the specified time Version 7 June 24 2014 Page 102 of 159 io ss NETWORE SECURITY 8 1 2 4 Ultrasurf Tor High Risk Activity Device Lock Ultrasurf Tor H gh Risk Activities Device Lock 2 357s PRR tte tee Pi F_if e r p i Sees i J F al i sm gpp rr r rI r COEN UAlg B i WARNING The following features should NOT be enabled if the thos
50. you would like to block in the text box below and click the Add URL button You may enter a maximum of 1000 website URLs across all profiles Each URL may be a maximum of 255 characters in length To remove a website URL from the Block list select the URL to remove and click the Remove button located at the bottom of the page Click the Done button when you are finished Version 7 June 24 2014 Page 116 of 159 iDOss 8 1 5 1 Custom Block list Categories Blocklist Custom Categories Choose Category Custom 1 o Category Name Custom 1 YouTube Video Category O vo Category Schedule Always Enabled Advanced Schedule ates aaa E Category Urls In Add uri SafeSearch mport Sate Search Actions No pj Figure 86 Custom Block list Categories Select the custom block list categories to apply to this group These categories allow you to create custom lists of URLs that can be applied to multiple groups Use the custom category feature to avoid adding the same URL to multiple groups This feature allows you to create custom Block list categories Version 7 June 24 2014 Page 117 of 159 iooss NETWORE SECURITY Enter the URL of the website you would like to add the currently selected category in the text box below and click the Add URL button Any group that has this category checked will have the URLs in this category applied 8 1 5 2 Block list Import Import List Paste Urls on
51. ypted E gt Search Global C9 Block Yahoo Encrypted Search Figure 78 Encrypted Search Controls Block Google Encrypted Search Global Allows for automatic redirections to unencrypted search pages Block Yahoo Encrypted Search Allows for blocking of Encrypted Yahoo Searches HTTP requests for yahoo com get directed to an non encrypted search page 8 1 3 8 YouTube amp Video Controls Youtube amp Video Controls Block Encrypted YouTube Access Redirect accesses to www youtube com to www cleanvideosearch com www golivecampus com Block iPad YouTube App Ao Enable integration with goLive Media Library Be sO Enable YouTube EDU Integration YouTube School Id Figure 79 YouTube amp Video Controls These features allow you to controls certain features of YouTube as well as handle requests to YouTube differently for specific filtering groups Block Encrypted YouTube Access This option will block encrypted https access to YouTube now on a per group basis If your DNS server has direct access to the Internet without going to through the iboss or you have Version 7 June 24 2014 Page 109 of 159 iooss NETWORE SECURITY the iboss in tap mode you would want to setup a DNS Conditional Forwarder for youtube com to point to the iboss You can get these instructions from iboss support Redirect accesses to www youtube com to www cleanvideosearch com This redirects any request to youtube com to cleanvideo
Download Pdf Manuals
Related Search