Home

Aker Web Content Analyzer Users Manual

1. C 4rquivos de programas WebContent InstallShield Press Install to have the program installed according to your previous choices t Web Content Analyzer InstallShield Wizar Ready to Install the Program The wizard is ready to begin installation Click Install to begin the installation IF you want to review or change any of your installation settings click Back Click Cancel to exit the wizard InstallShield 1 2 2 Removing from Windows Servers To remove the Aker Web Content Analyzer from your computer please choose the option Add or Remove Programs in the Windows Control Panel Look in the list for the Aker Web Content Analyzer entry and click Remove 1 2 3 Installing in Linux Servers The Aker Web Content Analyzer for Linux comes as a standard RPM package To install it the user may use a graphical package manager or use the standard text based RPM tool rpm ivh package_name rpm Adicional packages may have to be installed as a dependency such as the QT libraries They can be downloaded from the Aker website www aker com br or installed directly from the product installation CD 1 2 4 Removing from Linux Servers The Aker Web Content Analyzer for Linux comes as a standard RPM package To remove it the user may use a graphical package manager or use the standard text based RPM tool rpm e package_name 1 2 5 Installing in FreeBSD Servers The Aker Web Content Analyzer for FreeB
2. Close An access profile is made of an ordered rule set and a default action The profiles have a hierarchic organization i e a profile created in an inferior level will possess the rules of the profile of superior level to which it is subordinated It is important to emphasize that the rules can only be modified on the profile they were created The rules are split into two distinct components 1 Search component A small text and a search operation which defines how to search the text in the client given URL 2 Action component There are four possible actions when a the rule search components matches the URL o Allows Lets the URL access proceed o Rejects Does not allow the URL access to proceed Instead redirects the user s browser to the given redirection URL o Blocks selected categories Classifies the URL access and if it points to a site of any of the selected categories rejects it using the redirection URL Otherwise lets it proceed o Allows selected categories Classifies the URL access and if it points to a site of any of the selected categories lets it proceed Otherwise rejects it using the redirection URL In the profile a redirection URL and a default action if none of the rules match are also specified Therefore the redirection URL used is determined in the following order 1 The rule given if it is not blank 2 The profile given if it is not blank 3 The default one if both the rule and the profi
3. or protected by digital authentication and crptography use auth The plugin will wait for Firewall 1 connections on the address Local IP and port Local port If you wish to user the authenticated mode you must also configure Auth Port port for authentication and Sic Name The shared secret must be entered in the dialog invoked by the Set key button All parameters must be set to same values both on the plugin windows above and in the Firewall 1 configuration Connecting to the Aker Web Content Analyzer There are two options for this connection local only on Linux O S which uses a fast method called local sockets to connect to the Aker Web Context Analyzer running on the same computer as the plugin and remote which uses a TCP IP connection to connect to a plugin which can be installed on a separated machine The second option uses a strong encrypted and authenticated channel to protected all data 3 3 Logs gt Aker UFP Server Web Analyser plugin for FireWall 1 2 3 J4 Configurations Log A About ie m Options Erase Save O Caption BB Information E Ero Date Hour Message 30 01 2004 S gt 18 46 02 Error when connecting to URLs Analyser 30 01 2004 S gt 18 45 47 Eror when connecting to URLs Analyser 30 01 2004 S gt 18 45 32 Error when connecting to URLs Analyser 30 01 2004 S gt 18 45 17 Error when connecting to URLs Analyser 30 01 2004 S gt 18 45 02 Error when connectin
4. Wizard Destination Folder Click Next to install to this folder or click Change to install to a different Folder cal Install Aker Web Control for ISA Server to E 4rquivos de programas Aker ISAFilter InstallShield i Aker Web Control for ISA Server InstallShield Wizard Ready to Install the Program The wizard is ready to begin installation Click Install to begin the installation TF you want to review or change any of your installation settings click Back Click Cancel to exit the wizard InstallShield 5 3 ISA Server Configurations After installing the plugin you can activate deactivate the filter by accessing the option Servers and Arrays gt server name gt Extensions gt Web Filters on the ISA Management program 5 4 Plugin configurations Aker Web Control for ISA Server ie Configuration Coe Profiles Soff Users g Groups ap Networks a Log we 4 Log file This fields specifies where the program will store its log events such as the connection progress with a remote URL analyser c Program FilesAker ISAFiltersisa lod Default profile The selected profile will be used when a request cannot be matched to a IP address or username rule E3 default Default URL This is the URL users will be sent to if no other is specified in the profile and rule when access isn t allowed i e http server com blocked html http www aker com br Aker Web Analyser location Prima
5. Wizard a Welcome to the InstallShield Wizard for Aker Web Content Analyzer he InstallShield R Wizard will install Aker Web Content nalyzer on your computer To continue click Next WARMING This program is protected by copyright law and nternational treaties 9 ker The next screen shows the licensing agreenment In order to have the installation proceed select the option I accept the terms in the license agreenment after carefully reading it If you don t accept the installation will abort fe Aker Web Content Analyzer InstallShield Wizard License Agreement Please read the following license agreement carefully Software License Agreement This is the License Agreement between you and Aker Aker Security Solutions By breaking the seal of the software box and or asking for a key to use the product you will have to agree with all the requirernents and restrictions of this license You must read the requirements and conditions before breaking the seal and opening the software box If you do not agree with them you must return the packet without opening it iv I accept the terms in the license agreement I do not accept the terms in the license agreement InstallShield Choose the installation folder t Web Content Analyzer InstallShie Destination Folder Click Next to install to this folder or click Change to install to a different Folder A Install Aker Web Content Analyzer to
6. it to a value never less than 5 and to increment it slowly in order to avoid severe O S resource overuse e auth_param basic program Tells Squid which program it should use to authenticate users This should point to the file usr local squid urld squid_auth etc passwd e auth_param basic children Defines how many squid_auth process instances Squid will run This number is the maximum number of simultaneous requests being analyzed at any given time It is recommended to set it to a value never less than 5 and to increment it slowly in order to avoid severe O S resource overuse 4 3 Plugin configurations Log file This fields specifies where the program will store its log events such as the connection progress with a remote URL analyser var log squid urld log Default profile The selected profile will be used when a request cannot be matched to a IP address ou username rule E3 default Default URL This is the URL users will be sent to ifno other is specified in the profile and rule when access isn t allowed i e http server com blocked html httpvwww aker com br squid urld block html Squid effective group and user User nobody Group nogroup Fj Aker Web Analyser location Gy local remote Primary IP First backup Second backup Password Verification e Log file This fields points to a file to which the plugin will write relevant facts logs such as errors c
7. Aker Web Content Analyzer Configuration Manual e ntroduction e 1 0 Installing Aker Aker Web Content Analyzer o 1 1 Hardware and software requirements o 1 2 Installing the URL Analyzer e 2 0 Configuring Aker URLs Analyzer o 2 1 Basic configurations o 2 2 Additional configurations o 2 3 Other options e 3 0 Using the Firewall 1 Plugin o 3 1 Introduction o 3 2 Configuration o 3 3 Logs e 4 0 Using the Squid plugin o 4 1 Introduction 4 2 Squid Configurations 4 3 Plugin configurations 4 4 Access Profiles and Rules 4 5 Profile selection Oo O 0 0 e 5 0 Using the ISA Server plugin o 5 1 Introduction 5 2 Installing the plugin 5 3 ISA Server Configurations 5 4 Plugin configurations 5 5 Access Profiles and Rules 5 6 Profile selection oO 0 0 0 e Appendix A Log Messages e Appendix B Copyrights and Disclaimers Introduction This is the Aker Web Content Analyzer user s manual In the next chapters you will learn how to configure this powerful tool for access control This introduction intends to describe this manual organization and try to make its reading as simple and confortable as possible QwWhat is Aker URL Analyzer Aker URL Analyzer is a powerful tool to control access to Internet sites when operating along with a firewall or proxy server The product consists in a huge database with Internet URLs classified in one or more categories with automatic and daily update from Aker Security Solutions This way i
8. Analyser This document presents how to install and remove Aker URL Analyser 1 1 Hardware and Software requirements Aker URL Analyser runs on Windows NT 4 0 2000 Server e 2003 Server Linux Red Hat 7 3 8 9 and Conectiva 8 9 operating systems on Intel 32 or compatible platforms It is compatible with Aker Firewall from version 4 0 on MS Proxy Server MS ISA Server Checkpoint Firewall 1 and Squid Internet Object Cache Except for the Aker Firewall plugins are necessary to connect to the other software For a satisfactory performance Aker URL Analyser requires the following hardware e Processor Pentium 233Mhz or higher If there is a large number of clients accessing the URL analyser a machine with faster processing capacity can be required e 64 Mbytes of RAM The use of 128Mbytes is recommended for all installations e 50 Mbytes of disk space e Monitor e Network adapter s It is important to emphasize that all the hardware devices must be supported by the installation O S 1 2 Installing the URL Analyser 1 2 1 Instaling in Windows Servers The installation procedure is quite straightforward Just follow the steps bellow 1 Click the Start menu button 2 Select the Run option 3 When asked about which program to run type webcontentanalyzer_win_en_version exe The window bellow will be displayed being necessary to click on the Next button to proceed with the installation ay Aker Web Content Analyzer InstallShield
9. SD comes as a standard FreeBSD package To install it the user may use a graphical package manager or use the standard text based pkg_add tool pkg_add package_name tgz Adicional packages may have to be installed as a dependency such as the QT libraries They can be downloaded from the Aker website www aker com br or installed directly from the product installation CD 1 2 6 Removing from FreeBSD Servers The Aker Web Content Analyzer for FreeBSD comes as a standard FreeBSD package To remove it the user may use a graphical package manager or use the standard text based pkg_delete tool pkg_delete package_name 2 0 Configuring Aker URL Analyser This document presents how to configure Aker URLs Analyser 2 1 Basic configurations Aker URL Analyser runs as a operating system service To configure it is necessary to start the its graphic user interface In order to start the graphic user interface just perform the following steps e In Windows o Click on the Start menu button select Aker Firewall group inside it select the sub group Web Content Analyser and finally click on the program name e In Linux or FreeBSD inside an X environment console type usr local akerurl akerurl_conf amp The following window will appear 2 Aker Web Content Analyser Ze EE yaaa gt Context Log Update sites About O Undefined O Explicit Sex CO Hate Speech O Drugs or alcohol O Gambling O Violenc
10. They are e Schedule By clicking on the Schedule option located in the toolbar it is possible to define the days and the time when the automatic updates will take place By clicking on this option the following window will be displayed E Scheduling update Activate scheduling Weekly update Monthly update O Sunday Monday Tuesday OO Wednesday oO Thursday LI Saturday R5 tire B BE WO 0O N D A a U N lm gt The Activate scheduling option if checked will make the URL Analyser to automatically download the database updates If it is not checked the updates will only be performed manually The Weekly update and Monthly update options allow the definition of the week days or month days when updates will happen e Options This option allows the definition of additional parameters of Aker URL Analyser functioning By clicking on it the following window will be presented Options Ze C Always download complete update file Serial number AABBCCD Use proxy server Proxy proxy company com Port 80 C Use authentication for proxy Username Password Confirmation Allow upload of URLs to Aker The Always download complete update file option if checked will make the URL Analyser to always download the entire base instead of only the differences Wi IThis option must only be used in case of problems as downloading the entire base will cause a useless increasing i
11. e CI Misticism or astrology FIE nhatainmant u e me Schedule Options License v URLs database has not been updated yet Firewalls D bed yf Description IP New Delete Edit Apply The first action to be performed by the Administrator is the URLs base update This is necessary since the database that comes along with the product will certainly not be updated and many new URLs will not be listed To proceed with the update click on the Update button located in the toolbar After a confirmation dialog please observe that the Update option has changed to Cancel allowing the user to stop the updating process at any moment The updating process is displayed in a progress bar as showed in the picture below 24 Aker Web Content Analyser Jey CRSP r Context Log Update sites About O Undefined a O Explicit Sex T O Hate Speech O Drugs or alcohol O Gambling O Violence pi Mistinism nr t astininny B e Cancel Schedule Options License mij Downloading Complete Base Receiving file Firewalls D bed E Description New Delete Edit Apply Wy S The first base update can take a while depending on the Internet connection speed The following updates will be much faster as only the base differences will be transferred The next step to configure the analyser will be the registration of the firewalls that will access it In order to do it click on th
12. e Include icon in the toolbar of the Firewalls group The following window will be displayed 2 Firewall JEJ IP 1 2 3 4 Description 1234 Firewall Communication Password Confirmation IP Is the IP address of the firewall that will access the URL analyser Description Is a free text field used only for documentation purposes Password Is the password used to create the authentication and encryption keys used in the communication with the firewall This password must be the same as the one configured in the firewall Confirmation This field is only used to verify if the password has been typed correctly It is required to type it exactly as the one in the Password field Observe that it is possible to Edit or Exclude the registered firewalls at anytime by clicking in the correspondent button in the toolbar Mi J After the desired changes have been done it is necessary to click on the Apply button 2 Aker Web Content Analyser E E n Context Log Update sites About O Investment O Job search O Travel O Vehicles O News O Dating O Shopping O Sports O Chat Erotic f py TEE Update Schedule Options License Last URLs database update 01 30 2004 Firewalls D x Description IP 1234 Firewall 1 2 3 4 New Delete Edit Apply 2 2 Additional configurations In this section will be presented the advanced configuration options of Aker URL Analyser
13. e presented in the field at the right of the window If it does not have a classification all the category fields will be presented in blank 24 Aker Web Content Analyser Ze Context Log Update sites About O Investment O Job search O Travel O Vehicles O News O Dating O Shopping O Sports O Chat Erotic iw TER Update Schedule Options License a ww playboy com br Last URLs database update 01 30 2004 Firewalls D x E Description IP New Delete Edit 2 3 Other options In addition to the main tab where all the functioning aspects of Aker URL Analyser are configured there are three other tabs where it is possible to obtain additional information about the product and its functioning They are Log E Aker Web Content Analyser Context Log Update sites About J Sj C Use Event Viewer RES oO Debug oO Information go Notice g gt Communication O Warning Sites analyses E Error Erase Save Caption Date Time Message http www ietf org 04 8 2004 16 35 15 Site with no category http www ietf org 04 8 2004 16 34 52 URIs database replacement successfull 04 8 2004 16 32 21 Updating complete URLs database 04 8 2004 14 33 49 Activation key not found 04 8 2004 3 12 33 49 Activation key not found This folder is useful to verify Aker URL Analyser functioning It consists of a list with several messages each one pre
14. et Try a new connection later e Activation key not found The activation key is not in the specified directory Execute the load procedures again e Activation key expired The activation key has achieved the end of its usable time Contact Aker Security Solutions to renew it e Activation key will expire in a few days The activation key is close to its expiration time The number of usable days is shown in the log Contact Aker Security Solutions to renew it e Proxy authentication failed The network proxy could be offline Check the problem and try a new connection e Firewall is already connected An already connected firewall is trying a new connection with the content analyser It can occur if the firewall has been restarted During usual conditions the URL analyser detects the new connection and closes the old one If any problem occurs just restart the service Appendix B Copyrights and Disclaimers In this appendix are listed the disclaimers of thirds source codes used in Aker URL Analyzer These disclaimers are only applicable for the explicitly mentioned parts of the program and not for Aker URL Analyzer as a whole They are mentioned here as determined by their developers MD4 Algorithm Copyright C 1991 2 RSA Data Security Inc Created 1991 All rights reserved License to copy and use this software is granted provided that it is identified as the RSA Data Security Inc MD4 Message Digest Algorithm in al
15. g to URLs Analyser This windows shows the system relevant events You can then choose to Save them in a text file and to have the plugin use directly the system log facilities Event Viewer in Windows OSes and Syslog in Linux ones 4 0 Using the Squid plugin In this chapter the Aker Web Control for Squid usage and configuration will be discussed 4 1 Introduction The Aker Web Control for Squid is a product which enables a powerful profile based filtering scheme to run alongside the Squid caching abilities According to its configuration file Squid will run several plugin instances and have the URLs analyzed by it 4 2 Squid Configurations There are four Squid configuration directives which are relevant to the Aker Web Control for Squid e cache_effective_user Defines the O S user Squid uses to run its processes This user should be a non privileged one and must be also set in the plugin GUI e cache_effective_group Defines the O S user Squid uses to run its processes This user should be a non privileged one and must be also set in the plugin GUI e redirect_program Tells Squid which program it should use to filter the user accesses requests This should point to the file usr local squid urld squid urld e redirect_children Defines how many plugin process instances Squid will run This number is the maximum number of simultaneous requests being analyzed at any given time It is recommended to set
16. ich can then be installed on a different machine ffective_user and cache_effective_group 4 4 Access Profiles and Rules Aka Hee Ankaa oein for Stile ig Configuration C Profiles X Users Groups SP Networks About O X E New Delete Edit Profiles Rules Operation Action Categories Te admin gt accepts pe An access profile is made of an ordered rule set and a default action The profiles have a hierarchic organization i e a profile created in an inferior level will possess the rules of the profile of superior level to which it is subordinated It is important to emphasize that the rules can only be modified on the profile they were created The rules are split into two distinct components 1 Search component A small text and a search operation which defines how to search the text in the client given URL 2 Action component There are four possible actions when a the rule search components matches the URL o Allows Lets the URL access proceed o Rejects Does not allow the URL access to proceed Instead redirects the user s browser to the give redirection URL E3 defaut blocks selected categories Sex Gambling Violence Mystic o Blocks selected categories Classifies the URL access and if it points to a site of any of the selected categories rejects it using the redirection URL Otherwise lets it proceed o Allows selected categories Classifies the URL access and if it points to a site of an
17. idos v The window bellow will be displayed being necessary to click on the Next button to proceed with the installation ie Aker Web Control for ISA Server InstallShield Wizard Welcome to the InstallShield Wizard for Aker Web Control for ISA Server The InstallShield R Wizard will install ker Web Control for ISA Server on your computer To continue click Next WARNING This program is protected by copyright law and international treaties i Cancel The next screen shows the license agreement In order to have the installation proceed select the option I accept the terms in the license agreenment after carefully reading it If you don t accept the installation will abort ie Aker Web Control for ISA Server InstallShield Wizard License Agreement Please read the following license agreement carefully Software License Agreement This is the License Agreement between you and Aker Aker Security By breaking the seal of the software box and or asking for a key to use the product you will have to agree with all the requirements and restrictions of this license You must read the requirements and conditions before breaking the seal and opening the software box If you do not agree with them you must return the packet without opening it OI do not accept the terms in the license agreement InstallShield Choose the installation folder i Aker Web Control for ISA Server InstallShield
18. ies of any part of this documentation and or software
19. ile reading URL update file The update file could be compromised Try to download the update again e Error while writing URL update file The content analyser cannot save the database file Check if there is enough free disc space e URL updated successfully The URL database was successfully updated The additional message indicates the number of inserted modified or deleted URLs since the last update e Error while creating URLs update file The URL analyser could not save the database file Check if there is enough free disc space and if the directory s writing permissions are correct e Invalid URL The URL is incorrectly written The correct format is http www sitename domain suffix e Error while downloading URLs update file There has been a communication error with Aker Security Solutions server during the database transfer Check if the update sites are correct e URLs base file replacement failed The database replacement failed Try to download the update or the entire database e URLs base file replacement successful The database replacement was successfully achieved e URLs base file corrupted The local database is compromised Download the entire database and if the problem persist contact Aker Security Solutions technical support e Updating daily URLs base file The URLs database updating is in progress e File not available for download The URLs database for this date is not available for distribution y
20. ites Aker Web Content Analyser Version 1 6 1 Release 1 Copyrights Utiliza o algoritmo MD4 retirado da RFC 1320 Copyright c 1991 2 RSA Data Security Inc Utiliza o algoritmo MDS retirado da RFC 1321 Copyright c 1991 2 RSA Data Security Inc Copyright c 1997 2001 Aker Security Solutions This is a merely informative tab useful to acquire some information about the URL Analyser Some of the useful pieces of information are the product version and release 3 0 Using the Firewall 1 Plugin In this section the Aker Web Analyzer Firewall 1 Plugin usage will be explained 3 1 Introduction The Firewall 1 plugin works as a gateway between Checkpoint Firewall 1 and Aker Web Context Analyzer To perform its tasks it must be configured so that it can connect to both parties 3 2 Configuration gt Aker UFP Server Web Analyser plugin for FireWall 1 EJ 3 Configurations y Log gt About Plugin connection settings no auth use auth Local IP 127 0 0 1 Local Port 18182 Auth Port 18183 a Sic Name Set ke Aker Web Content Analyser connection settings O local remote IP 127 0 0 1 Password Verification The window above allows for configurating both the Plugin Firewall 1 and the Plugin Web Analyzer connections e Conecting to the Firewall 1 The network traffic between the plugin and the Checkpoint Firewall 1 can be unprotected no auth
21. l material mentioning or referencing this software or this function License is also granted to make and use derivative works provided that such works are identified as derived from the RSA Data Security Inc MD4 Message Digest Algorithm in all material mentioning or referencing the derived work RSA Data Security Inc makes no representations concerning either the merchantability of this software or the suitability of this software for any particular purpose It is provided as is without express or implied warranty of any kind These notices must be retained in any copies of any part of this documentation and or software MDS Algorithm Copyright C 1991 2 RSA Data Security Inc Created 1991 All rights reserved License to copy and use this software is granted provided that it is identified as the RSA Data Security Inc MD5 Message Digest Algorithm in all material mentioning or referencing this software or this function License is also granted to make and use derivative works provided that such works are identified as derived from the RSA Data Security Inc MDS Message Digest Algorithm in all material mentioning or referencing the derived work RSA Data Security Inc makes no representations concerning either the merchantability of this software or the suitability of this software for any particular purpose It is provided as is without express or implied warranty of any kind These notices must be retained in any cop
22. le ones are blank In the URL field can be specified a redirection to a local file using an URL of the form file complete_path_to_file In case of a HTML file all images must be stored in the directory lt install_dir gt images and loaded on code like the example below IMG SRC http 10 10 10 10 example gif in case of a server accessible by IP 10 10 10 10 5 6 Profile selection Once the access profiles are defined the plugin must be configured to know which one of them to use for each request analyzing the request s characteristics The following request data can be used for this task in this order 1 User name 2 O S group s to which the username belongs 3 User s browser IP address The following screens are used to set up the profile selection rules Aker Web Control for ISA Server ggf Configuration E Profiles bi 4 Users g Groups Gp Networks Log 6 4 D x R New Delete Edit Location CP ve Administrador Export Import When editing or including a user profile association in this list it is possible either to choose an O S user from the combo box from an authentication agent or to write directly an arbitrary one User names are determined by the server and depend on the authentication scheme used Aker Web Control for ISA Server ie Configuration Ce Profiles Saft Users Ge Groups Gp Networks e Log 4 OD xX R New Delete Edit Location t The order is the
23. ll connection established successfully This message indicates the entire connection process has successfully been established e Shutting down connections with Firewalls This message indicates that the firewalls using the URL analyser have been disconnected e HTTP proxy authentication error The URL analyser could not update the user database due to a problem when connecting to the network proxy Click on the Options button and check if the password and name are correctly written e Site with no category The site is not registered in Aker URL Analyser database e Site with undefined category The database is compromised Please contact Aker Security Solutions technical support and notify the problem e Sex site The URL is classified as containing sex content e Hate speech site The URL is classified as containing offensive words and content e Drugs or alcohol site The URL is classified as containing drugs or alcohol content e Gambling site The URL is classified as containing gambling content e Violence site The URL is classified as containing violence content e Mysticism or astrology site The URL is classified as containing mysticism or astrology content e Entertainment site The URL is classified as containing entertainment content e Games site The URL is classified as containing electronic games content e Hobbies site The URL is classified as containing hobbies content e Investment site The URL is classified as contai
24. n traffic and download time The Serial number field allows the verification and modification of the product s serial number Wy 3The serial number must only be changed if solicited by Aker Security Solutions technical support under the penalty of stopping the product operation Web Proxy If it is necessary to use a web proxy to download the database and its updates it is possible to specify the access name and password that Aker URL Analyser will supply to the proxy Mi 3The URL analyser uses the same proxy configurations as defined in the operating system control panel e License This option allows the visualization of the present license data and the loading of a new one By clicking on it the following window will be displayed 2 License Activation License Name TESTE Serial KSEQ3713 License remaining days 0 Maximum number of allowed systems 1 Number of licensed users Unlimited Allowed systems Aker Firewall Allowed IPs 127 0 0 1 To load a new license just click on the Load button located on the top of the window After it a new window will be shown where it is possible to specify the name of the file with the license e URLs test The administrator will be able to check the classification of a URL at anytime just by entering the desired address in the test field located in the right top of the window and clicking on the Test button If the site is classified the classification will b
25. ning financial or investment content e Job search site The URL is classified as containing job searching content e Travel site The URL is classified as containing traveling or tourism content e Vehicles site The URL is classified as containing automobiles or motors content e News site The URL is classified as containing news content e Dating site The URL is classified as containing dating content e Shopping site The URL is classified as containing shopping content e Sports site The URL is classified as containing sports content e Chat site The URL is classified as containing chat content e Erotic site The URL is classified as containing erotic or nudism content e Internet portal site The URL is classified as an Internet Portal e Hackers site The URL is classified as containing hackers content e Crimes or terrorism site The URL is classified as containing crimes or terrorism content e MP3 or music site The URL is classified as containing music or MP3 content e WebMail site The URL is classified as a WebMail e Error while opening URL update file This message indicates that the database has been transferred however the file could be compromised Try to download the database again e Invalid URL update file The analyser successfully transferred the database however its format is incompatible Try to download the database update again If the problem persist contact Aker Security Solutions technical support e Error wh
26. onnecting to the Web Context Analyzer itself Please remember this file will be written by a process running with the Squid effective user and group ids e Default profile If the plugin cannot find a specific profile for a request looking in its users groups and IP addresses tables it will use this one e Default URL When the plugin decides a given user request for a specific URL should be blocked it will redirect the user s browser to some other URL This redirection URL can be defined either in the rule the profile or if none of these is filled the default URL Moreover some special character sequences can be inserted in the URL in order to produce a more sofisticated web page Special sequence replaced by m character u Blocked URL Jos User who tried to access a forbidden page i IP address where the forbidden page request came from HTTP method used GET PUT Web server FQDN to which the desired request was directed e Squid effective group and User Should contain the same values entered in the Squid configuration file cach lines e Aker Web Analyzer location Tells the plugin how to communicate with the Aker Web Context Analyzer program o Using local sockets This method only works when running the plugin on the same machine as the Web Content Analyzer itself o Using TCP IP remote sockets This option will make the plugin open a authenticated and encrypted TCP IP connection to the Web Content Analyzer wh
27. re than one group the first match will be used Can cose Likewise the groups can be chosen from the O S ones or directly entered by the administrator On the other hand the Squid program will not inform the plugin about the user s groups These will be determined by the O S in the computer where the plugin is running Aver Hee Anelyser oltiein for ejiis ga Configuration C Profiles SytUsers a Groups gp Networks on e New Delete Edit IP Address Netmask Profile Ca cose If a profile cannot be determined from the user name or the user groups the plugin will try to choose one based on the user s IP address 5 0 Using the ISA Server plugin In this chapter the Aker Web Control for ISA Server usage and configuration will be discussed 5 1 Introduction The Aker Web Control for ISA Server is a product which enables a powerful profile based filtering scheme to run alongside the ISA Server caching abilities 5 2 Installing the plugin The installation procedure is quite straightforward Just follow the steps bellow 1 Click the Start menu button 2 Select the Run option 3 When asked about which program to run type aker_web_control_isa exe The following window will be displayed choose the desired language for the installation and click on the OK button Escolha o idioma para a Instala o abaixo ay Selecione o idioma para esta instala o entre as escolhas 3 Ingl s Estados Un
28. ry IP lt a aae First backup w aa Nn Password m Verification ee coe e Log file This fields points to a file to which the plugin will write relevant facts logs such as errors connecting to the Web Context Analyzer itself e Default profile If the plugin cannot find a specific profile for a request looking in its users groups and IP addresses tables it will use this one e Default URL When the plugin decides a given user request for a specific URL should be blocked it will redirect the user s browser to some other URL This redirection URL can be defined either in the rule the profile or if none of these is filled the default URL Moreover some special character sequences can be inserted in the URL in order to produce a more sofisticated web page Special sequence replaced by character Jou Blocked URL Jos User who tried to access a forbidden page i IP address where the forbidden page request came from Web server FQDN to which the desired request was directed 5 5 Access Profiles and Rules Aker Web Control for ISA Server g Configuration Ce Profiles Soft Users he Groups S Networks e Log awe 0 X New Delete Edit Profies Rules TEAS default contains aker gt accepts blocks selected categories Sex Games contains aker Gp accepts contains sex Jrejects 2 allows selected categories Portals contains aker gt accepts ry contains sex rejects Export Import
29. sented in alternated colored lines in a way to facilitate their identification On the right of each message there is a colored square that represents its importance The Erase button located in the toolbar allows the exclusion of all entries inside the log The Save button located in the toolbar allows the saving of the log in a text format file By clicking on it a window asking for the filename to save the log will be displayed The option Use event viewer if checked will send the log messages to the Windows event viewer The description of all Aker URL Analyser log messages can be found in the Appendix A Update Sites oaee 23 Aker Web Content Analyser g leg Context I Log About List of the sites that can be used to update the database Site http www aker com br 2 Update list of sites Selected site http 4 www aker com br Apply In order to minimize the traffic to Aker Security Solutions servers the URLs database can be distributed to other Aker s partners As soon as these sites start to function the List of Sites for Database Update will automatically become available for the user that will be able to choose the one with smallest delay just by selecting the desired site and clicking on the Select Site button A forced update of the list can be done at anytime by clicking on the Update Sites List button About 24 Aker Web Content Analyser l Context Update s
30. t is possible for an administrator to configure what sites categories specific users will be allowed to access without the concern of manually registering them It allows the staff productivity to increase as they will stop accessing information that is useless for their work at the same time it decreases the traffic over the Internet link reducing the necessity of upgrades and thus saving money How this manual is disposed This manual is organized in several chapters Each chapter will present one aspect of the product s configuration and all relevant information about the aspect in focus It is recommended to entirely read this manual at least once in the presented order Subsequently if necessary it can be used as a reference source to facilitate its use as reference the chapters are divided into topics with direct access by the main index This way it is possible to easily find the desired information iy In several places of the manual the symbol followed by a red colored sentence will appear It means that the refereed sentence is a very important observation that must be entirely understood before continuing to read the chapter System s Copyrights e Copyright c 2001 Aker Security Solutions e This product uses the MD4 algorithm from RFC 1320 Copyright c 1991 2 RSA Data Security Inc e This product uses the MD5 algorithm from RFC 1321 Copyright c 1991 2 RSA Data Security Inc 1 0 Installmg Aker URL
31. table above is important If an user is member of more than one group the first match will be used Export Import Close Ly Likewise the groups can be chosen from the O S ones from an agent or directly entered by the administrator On the other hand the ISA Server program will not inform the plugin about the user s groups These will be determined by the O S in the computer where the plugin is running or the authentication agent used Aker Web Control for ISA Server GP Configuration Ce Profiles Soff Users Ge Groups g Networks e Log 6 4 D x New Delete Edit IP Address _ Neimesk Profle _ 10 0 0 174 255 255 255 255 Cogdefault Export Import Close L If a profile cannot be determined from the user name or the user groups the plugin will try to choose one based on the user s IP address Appendix A Log Messages Bellow are displayed all the messages that can appear in Aker URL Analyser Whenever presented they will be complemented by a register containing additional information about the event e Socket creation error This message indicates that the analyser was not able to create the socket that was required for its functioning in the TCP IP stack Check if the TCP IP protocol is installed and functioning e Bind error This message indicates that the URL analyser was not able to associate its socket with the required port for its communication with the firewalls Check if there is an
32. y of the selected categories lets it proceed Otherwise rejects it using the redirection URL In the profile a redirection URL and a default action if none of the rules match are also specified Therefore the redirection URL used is determined in the following order 1 The rule given if it is not blank 2 The profile given if it is not blank 3 The default one if both the rule and the profile ones are blank 4 5 Profile selection Once the access profiles are defined the plugin must be configured to know which one of them to use for each request analyzing the request s characteristics The following request data can be used for this task in this order 1 User name 2 O S group s to which the username belongs 3 User s browser IP address The following screens are used to set up the profile selection rules gt Aker Web Analyser plugin for Squid i Configuration Ce Profiles i l ap Networks About 0 X New Delete Edit Ga operator default When editing or including a user profile association in this list it is possible either to choose a O S user from the combo box or to write directly a arbitrary one User names are determined by the Squid program itself using another class of plugins Aver Hee Ankaa ulisi for Seje g Configuration Profiles SyUsers Ga Groups g Networks Lb X E New Delete Edit Group Profile The order is the table above is important If an user is member of mo
33. y other program using the same port e Accept error Internal error in Winsocks protocol Check if the TCP IP protocol is correctly installed and functioning e Data receive error This message indicates that problems occurred when receiving data from the firewall Check the physical connection cables network adapters hubs etc between the two machines e Firewall closed the connection The connection with the firewall was unexpectedly closed It can occur when the administrator restarts the firewall e Communication authentication with Firewall The analyser could correctly authenticate a firewall that established a connection The IP address of the firewall will be shown in the log message e Attempt of connection from undefined Firewall The analyser received an attempt of a connection from an unregistered firewall and because of that refused it To accept connections from a firewall it is necessary to register it in the Context gt Firewalls window e Select error Internal error in Winsocks protocol Check if the TCP IP stack is correctly installed and functioning e Data send error This message indicates that problems occurred when sending data to the firewall Check the physical connection cables network adapters hubs etc between the two machines e Reestablishing Firewall connection This message indicates that one of the registered firewalls is reestablishing a connection with the URL analyser e Firewa

Aker Web Content Analyzer Users Manual

Contents

Download Pdf Manuals

Related Search

Related Contents