Blue Coat SURF-50-99-1YR firewall software
Contents
1. Edit DK Cancel Apply Help The Subnets tab has two sections e Subnet Monitoring These settings help balance the load on your Web Filter service Ignore Subnets These settings shows the internal subnets that are detected during installation to help balance the load on the server These subnets are not monitored SUBNET MONITORING The Subnet Monitoring section is used to identify which parts of your network should be monitored or not by each Web Filter server How you decide on this depends on whether you have single or multiple Web Filter servers and how you want to divide the network volume load of traffic between those servers To configure your subnets on a single Web Filter server Identify the external traffic subnets you do not want to monitor Click the Subnets tab and click Add Enter the IP address of the subnet in the IP Address text box Enter the subnet mask in the Mask text box Click OK a A Go N gt 102 Administrator s Guide SurfControl Web Filter v5 5 WEB FILTER SETTINGS Subnets Tab 6 Repeat steps 1 to 5 for other subnets you do not want to monitor 7 Select Do not Monitor traffic to or from these subnets By configuring subnets on multiple Web Filter servers you ensure the subnets are only monitored on one server in your network environment You need to specifically identify subnets you do not want to monitor on one Web Filter server and define one or more subnets you do w2. SurfControl Web Filter v5 5 Administrator s Guide 57 7 RULES ADMINISTRATOR Introduction 12 Commit the changes to enable the rule New rules are always checked as enabled by default however the rule will not be active until changes are committed to the database 13 Test the rule 14 Make any changes if required 15 Commit the changes again 58 Administrator s Guide SurfControl Web Filter v5 5 RULES ADMINISTRATOR 7 Rule Objects RULE OBJECTS You can create the following Rule objects e Who page 60 Where page 64 e What page 70 e When page 75 e Allowance page 78 e Notify page 81 HTTP Deny Page page 84 Creating a New Rule Object 1 Selecta rule object tab D who G where E what when E Allowance E Notiy Http Deny Page 2 Highlight an individual object component from the left hand pane below the tabs D Who G where E what when EI Allowance El notity Http Deny Page 2 Monitored Workstations on Rm 7 E NT Domain Objects 1 e Active Directory Object Name EE User Defined Who Objects L Hosts and Domains S MAC Addresses Y Subnets e Mobile Who Objects if Mobile Users _ Mobile Hosts 3 Inthe right hand pane right click and select New Fill in the details on the dialog box that displays Click OK The object can now be applied to any rule you create SurfControl Web Filter v5 5 Administrator s Guide 59 7 RULES ADMINISTRATOR
3. arena cnn 61 Where EE 64 Creating User Defined Where Objects serranas 64 Category Ob Clemencia ile lb 67 Were EE 69 What ee 70 Protocols Ports ObjectS 0i ici lA eco e 70 Precise Bandwidth Controls Oblet nan n non rn anar cc crncc anna 73 What arado 74 When ele ET 75 Allowance ODje clica ia cli id 78 10 MB Volume Oblect AA 78 30 Minute Time Object cion ans 79 Notify ODJECTS vi cocci n labia 81 iv Administrator s Guide SurfControl Web Filter v5 5 HTTP Deny Page Objects ocooocccccnoccconoccccnoccnnnanncnnnnnnnono non nnn nc cnn aaia aa cnn nana na aaa aaia Kaneda nana 84 Detalle 84 Al Wai oia 85 Other HTTP Deny Page Objects AA 86 Constructing HTTP Deny Pages seria nn rra 86 Viewing Another Colle Ctr s tasuesasza assttrsss tte ciales 87 Real Time Mon io 89 INTO CON BEE 90 Display COlUmMN Siantan anaa E ta aria 92 Category Color eiii ia 93 Other SONO Sucia ca cda ist 93 Collector Details cuco oa ii 94 Stopping and Starting the Real Time Monitor 95 KOENEN d e DE 97 laige o Hiere Lu EE 98 How To Configure the Web Filter Settings rara 98 Available SetingS E 99 Start Stop Service Tal EE 100 Active Directory Tab as 2 2osanicsa mes cclites be stneten eeesede deca desdace cae NEE a LEE ENE ASEE 101 Subnets Tab EE 102 Subnet de Tute EE 102 Advanced Tab EE 104 Network Settings EE 104 TCP IP Name Resolution DN 105 Monitor to Database Settings orar nnn cnn crac nn 105 Categorization TDi ii eii
4. Remove Import To Database Database LOCALHOST SURFCONTROL_WEBFIL Open Database Import Cancel Files to process 4 NUM Ui 4 Click Open Database You will see the Select Database dialog box showing the default database Select Database xi Connect to SurfControl Collector Cancel 5 Click OK to update this database If you wish to update another database click Connect to SQL Database 134 Administrator s Guide SurfControl Web Filter v5 5 DATABASES Updating Your Database 6 Select the Server that contains the database from the drop down list box M Connect to SurfControl Collector Server Cancel Connect to Collector lt lt m Connect to SQL Server Database Server 127 1 1 0 y Je Use Trusted connection Login ID Password Database e SurfControl_WebPFilter D SurfControl W ebFilter2 7 7 If the server requres a Login ID and Password enter this information to log into the server If the server does not require this information select the Use Trusted connection check box then select the database you wish to update from the Databases list box Click OK This will close the Select Database dialog Click Import to update the database 10 Click Save This will save the Flat File location and Database information You need to specify a name and a location for the update criteria file 11 Restart the Web Filter service SurfCon
5. When a user browses in a stand alone occurrence Web Filter calculates the browse time to be equal to the Browse Time Sensitivity setting by default three minutes Example A user opens a connection to CNN com Technically they spend forty five minutes at the site because even though they stop browsing and are working on other tasks the browser is left open The browse time to CNN com is calculated to be three minutes because the Browse Time Sensitivity is set to three e Continuous Browsing Continuous browsing occurs when there is a Sequence of connections each one made within three minutes of the last SurfControl Web Filter automatically adds the browse time sensitivity value to the last connection in the sequence Table 7 6 Example of Continuous Browsing Recording Example A user opens their browser and makes a connection to ebay com for two minutes connects to ebay com ebaymotors for one minute then opens ebay com ebaymotors motorcycles for one minute Web Filter records the browse time as in the table below From To Browse Time Sensitivity Duration 10 00 10 02 2 minutes 10 02 10 03 1 minute 10 03 10 04 3 minutes 4 minutes Total Browse time 7 minutes 80 Administrator s Guide SurfControl Web Filter v5 5 RULES ADMINISTRATOR 7 Notify Objects NoTIFY OBJECTS Notify objects enable you to e mail specified people within the organization when a rule has been triggered These
6. Figure 9 11 E mail Notification tab SurfControl Web Filter Service Settings 3 Protocol Signatures User Name Resolution Ignored Ports Database Real Time Monitor Active Directory Start Stop Service Subnets Advanced Categorization E mail Notifications m E mail Server E mail server e g mailserver pourcompany com Recipient address From address WebFilter surfcontrobnotfications com Message Types IV Service running status changes IV Internet Threat Database license reminders IV Scheduled task failures IV Catch up mode notifications Cancel Help There are three other e mail alerts that the recipient address will receive e Unlicensed product reminders If you are still using an unlicensed product past its thirty day trial period you will be sent daily reminders internet Threat Database category changes Made by the SurfControl Global Threat Experts The Global Threat Experts may dynamically add new categories to the Internet Threat Database This e mail will inform you of any additions that have been made Seven day reminder If it is more than a week seven days since an Internet Threat Database update SurfControl Web Filter v5 5 Administrator s Guide 115 WEB FILTER SETTINGS E mail Notifications Tab 116 Administrator s Guide SurfControl Web Filter v5 5 Chapter 10 Custom Categorization rue TEE EE page 118 HOW I WORKS corra a AAA EE EELER
7. x Select item to configure Command Line Configure gt Occurs Daily IV Monday E z Hourly Y Tuesday sul 7 IV Wednesday 50 Ami Dail Minute z Y Thursday Weekly IV Friday I Saturday Monthy I Sunday Yearly The Scheduler objects are based on a 24 hour clock This means that AM times are from 0 to 11 and PM times are from 12 to 23 Description Cancel Help 3 Select the event you want to configure from the Select item to configure list Select when you want the event to occur e Hourly e Daily e Weekly e Monthly e Yearly Further options are available depending on the frequency chosen 140 Administrator s Guide SurfControl Web Filter v5 5 SCHEDULER Introduction Enter a name for the event in the Description field Click Configure Depending on the event chosen a dialog box will appear Once you have completed the details in the dialog box click OK Click OK in the Item Configuration dialog box Your event should now be listed in the Scheduler main dialog box o N o aq SurfControl Web Filter v5 5 Administrator s Guide 141 SCHEDULER Available Events AVAILABLE EVENTS You can set up the following events in the Scheduler e Command Line e Database Management e Database Update Internet Threat Database Update e Network Groups Update COMMAND LINE Command line items such as batch routines can be scheduled to run The following dialog
8. s Guide SurfControl Web Filter v5 5 RULES ADMINISTRATOR 7 When Objects Worktime Right click the object and select Properties The Worktime When object has the following default properties Days of the Week Monday to Friday Start Time 09 00 End Time 17 30 Figure 7 17 Worktime object properties frime Properties O Name forktime m Days Of Week GI leng ge Hour IV Tuesday IV Wednesday fo Minute IV Thursday End Time I Friday 17 Hour T Saturday E Minute I Sunday The When objects are based on a 24 hour clock This means that AM times are from O to 11 and PM times are from 12 to 23 Cancel When objects cannot cross a 24 hour period For example you cannot have a single object that starts at 19 00 7pm and finishes at 07 00 7am You need two objects one starting at 19 00 and finishing at 23 59 for one day and another starting at 00 00 and finishing at 07 00 for the following day SurfControl Web Filter v5 5 Administrator s Guide 77 7 RULES ADMINISTRATOR Allowance Objects ALLOWANCE OBJECTS Allowance objects are used to permit Internet access for a specified period of time or to allow a set amount of data to be downloaded Once these limits have been reached access is blocked Note Allowance objects can only be applied to the HTTP protocol A Web Filter is supplied with two pre defined Allowance objects which have a default value of None
9. This port number must be the same as in the Collector Details dialog box in the Real Time Monitor See page 94 for more details Timeout seconds If the connection to the server is lost this is the time that the Real Time Monitor will try re connecting to the server before timing out and reporting an error Heartbeat Interval seconds The Web Filter service will send an I m here message to the Real Time Monitor The Real Time Monitor will then send one back This setting is the interval between receiving a message and returning it If no message is received by the Real Time Monitor it assumes that the connection to the Web Filter service has stopped Maximum Clients The maximum allowed number of Real Time Monitor connections to the server at any one time SurfControl Web Filter v5 5 Administrator s Guide 111 WEB FILTER SETTINGS Database Tab DATABASE TAB The Database tab shows the current database being used for Monitoring and Rules and Clients in Web Filter The default database name is SurfControl WebFilter SurfControl recommends you do not have separate databases for Monitoring and Rules For more information about Mobile Filter remote users consult the Mobile Filter Administrator s Guide Figure 9 10 Database tab Protocol Signatures User Name Resolution Ignored Ports Start Stop Service Subnets Advanced Categorization E mail Notifications Database Real Time Monitor Active Directory p
10. select Start gt All Programs gt SurfControl Web Filter gt SurfControl Web Filter Manager 2 Inthe Navigation tree select Monitored Data for your Web Filter collector or database 3 Inthe Information panel click Monitor Settings from the Monitored Data Tasks panel Figure 2 3 Monitor Settings dialog box Monitor Settings E xj File Types Protocols Unmonitored Destinations Unmonitored Users M Monitor new users IV Automatically monitor new users As new users are detected their activity can be automatically monitored Page level information Y Do not record page level information for allowed activity The amount of data recorded by the Monitor can be reduced by not recording URL path information but just recording the fully qualified domain name for all allowed activity Blocked activity will be monitored in full Cancel THE DEFAULT MONITOR SETTINGS Web Filter s default settings enable you to start monitoring users and their Internet connections immediately You can see the Internet traffic generated by your users as it happens by opening the Real Time Monitor from the Web Filter Manager gt Content Protection menu or from the Start gt All Programs gt SurfControl Web Filter menu This traffic is then saved to your database where it can be viewed in the Monitored Data window and can also be used by SurfControl Report Central for generating reports The Monitor Settings allow you to c
11. 10 MB volume object 30 minutes time value object Figure 7 18 Allowance object tab La Who La Where fai What When Allowance Notify GN Http Deny Page Display objects which contain Object Name ves 410 MB KY 30 minutes Allowance Objects You can either create a new Allowance object or change the default properties of the supplied objects to suit your purposes 10 MB VOLUME OBJECT Right click the object and select Properties to see the Properties dialog Figure 7 19 10 MB object properties E Name HE Type of Allowance Chime Time and volume are tracked by day beginning at midnight on the clock of the a SurfControl Web Filter All allowance f Volume tracking is reset at 12 01AM daily Allowance fi 0240 KB Browse Time Sensitivity 78 Administrator s Guide SurfControl Web Filter v5 5 RULES ADMINISTRATOR 7 Allowance Objects The 10 MB Allowance object has the following default properties Type of Allowance Volume e Allowance Limit 10240 KB downloaded All subsequent download attempts will be blocked Web Filter can only judge the e Note If the first file a user attempts to download exceeds the volume limit this file will still be v i size of a file once it has been downloaded 30 MINUTE TIME OBJECT Right click the object and select Properties The 30 Minute Allowance object has the following default properties Figure 7 20 30 Minute
12. 106 Categori atiO MT 106 Company Domains and Intranet Destinations ea 106 Internet Threat Database Improvement Program 106 Protocol Signatures Tab sims vec in is 107 Ignored Ports Tab ssuuasacs sis stages ENE EAE EER SAA dh nada AEOS AE 108 Creating new ports iii a ii 109 Username Resolution cnn 109 Enterprise User Monitoring 110 Real Time Montor TaD dada 111 Database Taiana lie 112 E mail Notificati ns Tab ii 114 Custom Categorlzatlon cocinas 117 IMTROGUCTION EE 118 How E WOKS conocia dt ed 118 The VCA in Evaluation Mode ooocccccnnoccccnoccconoccccconccnnnonnnnnnc cnn 118 Using Custom Categorization ancora rrnn narran 119 List of Destinations Tab vic id 119 VGA Settings Tab WEE 121 VGA Results EL ia dla 122 The VCA Service Settings ooomoccconnnnninncccnncnnnnnccnccncnnnn na nc cnn 124 SurfControl Web Filter v5 5 Administrator s Guide v Data EE 127 Creating a New SQL Server Database nan nano cc narran 128 Managing databases imita a 129 tee EE 130 PUE tuno imitado ie 130 Rene le 131 A DEM E o re er sere reer 131 A edd eege A E A A eE E A E 132 le ET 133 Updating Your Database EE 134 Upgrading your database oomcccccnononcccccnnonnccccnnnnnnnncnnnnnnn cnn cnn rre rre 136 Importing exporting databases ah a ANNAA RN AAAA a 137 exporting manually categorized sites re n cnn rr nana nrnnn nn 137 Importing manually categorized s
13. ANERE a page 118 Using Custom Categorization 00 e eee page 119 Lise Gr DESUINAHONE Tibi A A A q pads page 119 VOA SOWNOS TAU ci AA A RA AAA AAA page 121 VOA a coria AAA A page 122 ThE VOR Service SHIT ARANA page 124 CUSTOM CATEGORIZATION Introduction INTRODUCTION Custom categorization uses SurfControl s Virtual Control Agent VCA technology The VCA evaluates unknown Web destinations reading and analyzing content page by page It then uses cutting edge artificial intelligence algorithms to study and classify each Web page into one of the SurfControl Web Filter categories This allows sites initially shown as Uncategorized in the Monitor to be categorized more meaningfully How IT WORKS 1 The VCA collects a representative number of pages and analyzes their content 2 The VCA s Neural Network compares the page and site with other sites in the SurfControl Web Filter categories 3 It then puts the site into the category that it most resembles For more details on SurfControl s categories see Category Object on page 67 THE VCA IN EVALUATION MODE If you are using Web Filter in evaluation mode none of the custom categorization changes made by the VCA will be stored to the database You can perform a categorization run and view the results but these will not be saved to the database 118 Administrator s Guide SurfControl Web Filter v5 5 CUSTOM CATEGORIZATION Using Custom Categorization USING
14. Gnutella Skype Yahoo Messenger Web e Google Web Accelerator SurfControl Web Filter v5 5 Administrator s Guide 107 WEB FILTER SETTINGS Ignored Ports Tab IGNORED PORTS TAB Web Filter detects network traffic through the driver and passes the information to the Web Filter service even though you may have chosen not to monitor certain protocols in the monitor settings To improve the performance of Web Filter you can use the Ignored Ports tab to specify ports that you want the driver to ignore This will result in network traffic using those ports not being passed to the Web Filter service Note If you have enabled Protocol Signature Scanning all network traffic will be scanned for GI protocol signatures and if a signature is found it will be used to determine whether the port is ignored Figure 9 7 Ignored Ports tab Database Real Time Monitor Active Directory Start Stop Service Subnets Advanced Categorization E mail Notifications Protocol Signatures User Name Resolution Ignored Ports Ignored Ports Gi t Ignore traffic EXCEPT to or from these ports Port Comment New Delete Edit Cancel Apply Help Select one of the following options Ignore traffic to or from these ports This option will ignore all network traffic that use the ports in the Ignored Ports list Ignore traffic EXCEPT to or from these ports Select this option if you w
15. Maintenance gt Web Filter Settings from the appropriate collector or database in the Navigation tree 98 Administrator s Guide SurfControl Web Filter v5 5 WEB FILTER SETTINGS Available Settings AVAILABLE SETTINGS To configure the Web Filter service settings open the Web Filter Settings dialog box as shown below Figure 9 1 Web Filter service Settings Database Real Time Monitor Active Directory es User Name Resolution Ignored Ports d Subnets Advanced Categorization E mail Notifications Status Running Start Restart oK Cancel Apply Help You can use this dialog box to Start stop and restart the Web Filter service e Configure any subnets and IP addresses e Configure how users and destinations can be viewed in the Web Filter Manager e Configure how monitored traffic is transferred to your database Configure how Web Filter connects to Active Directory e Edit the e mail notifications set up during installation e Configure the Real Time Monitor connection settings e Configure how Web Filter categorizes the destinations it sees in the Web Filter Manager SurfControl Web Filter v5 5 Administrator s Guide 99 WEB FILTER SETTINGS Start Stop Service Tab START STOP SERVICE TAB Before applying changes to the service and monitored data settings the service needs to be stopped For further details see Monitored Data on page 34 Figure 9 2 Start Stop Service ta
16. Manager gt Maintenance from the appropriate collector or database in the Navigation tree Select the Compact Database check box from the Database Management tab Click Run Tasks A progress dialog box will appear DELETE Use the Delete tab to permanently delete a database from your system To Delete a Database 1 Select Database Management from the Web Filter Manager gt Maintenance from the appropriate collector or database in the Navigation tree 2 Select the Delete tab Database Management Delete Restore Options Select Database local SurfControl WebFilter Delete Now Close Help 3 The current database will be shown in the database field If you want to delete another database click Select to choose another via the SQL Server Login dialog box 4 Click Delete Now SurfControl Web Filter v5 5 Administrator s Guide 131 DATABASES Managing databases RESTORE Restore enables you to view and report on an archived database using the SurfControl Web Filter Monitor Note You can only restore local SQL databases e To Restore an Archived Database 1 Stop the Web Filter service 2 Select Database Management from the Web Filter Manager gt Maintenance from the appropriate collector or database in the Navigation tree 3 Select the Restore tab Database Management Delete Restore Options Restore From Browse Named Instance Default a Restore s Database D
17. Monitor Database Specifies the name of the database to be used to record monitored information SURFCONTROL WEBFILTER TEST r Rules Database Specifies the name of the database containing the rules to be implemented by the Web Filter Service SURFCONTROL_WEBFILTER_TEST Browse Client Database Specifies the name of the database used to administer remote users llocalhost SurfControl_WebFilter_Test Browse Cancel Apply Help To change the Web Filter Database 1 Stop the service 2 Inthe Database tab click Browse alongside the type of Database you want to change A SQL Server Login dialog box is displayed The Use Trusted Connection option is selected by default If you want to use a SQL Server Login ID and Password clear this option and enter the details in the relevant fields xl Server Py JW Use Trusted Connection Cancel Login ID Jamin Help Password Option 3 Select the server you want to connect to from the Server list The Options button will become enabled 112 Administrator s Guide SurfControl Web Filter v5 5 WEB FILTER SETTINGS Database Tab 4 Click Options to expand the login dialog box x Server fiaNETESTPC y OK I Use Trusted Connection Cancel Login ID b nn Hep Password Options Database TT Language Default E Application Name SurfControlWeb Fiter WorkStation ID fiaNETESTPC o Select the database y
18. Software Foundation http www apache org Copyright c 2001 2004 The Apache Software Foundation All rights reserved Licensed under the Apache License Version 2 0 the License you may not use this file except in compliance with the License You may obtain a copy of the License at http www apache org licenses LICENSE 2 0 Other product names mentioned in this manual may be trademarks or registered trademarks of their respective companies and are the sole property of their respective manufacturers This product contains software licensed under the BSD open source license For more information visit www opensource org SurfControl Web Filter contains the MD5 H header file for MD5C C Copyright O 1991 2 ROSA Data Security Inc Created 1991 All rights reserved SurfControl Web Filter v5 5 Administrator s Guide i Notices ii Administrator s Guide SurfControl Web Filter v5 5 TABLE OF CONTENTS A EE i Introduction to Web Filter omo 1 About SurfControl Web Filter 2 Basic Configuration E 3 luet Maceina EAE RSA RD A ERRA 4 Basic Web Filter Service Settings eretas care rra 4 Initial Monitored Data Settings ira are arara nreea near nana 4 Basic Rules Configuration iria canaria 4 Scheduling TaskKS iii a 4 ee Lulu EE 4 Basic Service le EE 5 Accessing the Service Settings ooooooonnicccnnnnninnnconnncccnnncnnncn nc narran nora 5 Understanding the Settings A 5 More INTOTMAtI N RE 8 Ini
19. Use Proxy if you are using a Proxy server Select Use NT Authentication to enable you to access the Proxy server as part of an NT Domain This option is selected as default if the Proxy Server option is selected Select Authenticate Using if you do not want to use NT Authentication Type in a user name and password to access the Proxy server The Installed Languages section displays languages that the VCA can categorize in VCA RESULTS TAB To view the results of VCA runs perform the following 1 Inthe Custom Categorization dialog click the VCA Results tab Figure 10 3 VCA Results tab xl List of Destinations VCA Settings VCA Results r Criteria el Y To 15 0672 C Single Scan Date A Time MM Language All X Show Results Purge Results Category Number of Destinations Changed ale H Cancel Apply Help 2 Select one of the following options Date Range Choose a From and To date if you want to report on a range of days Single Scan Select this option and choose a single date and a time to run a scan on from the drop down list boxes 3 Choose a specific language to run reports on from the drop down list box This will return destinations in the language specified The default setting is All These are e Dutch English e French e German 122 Administrator s Guide SurfControl Web Filter v5 5 CUSTOM CATEGORIZATION Using Custom Categorization e Italian e Spanish 4
20. Web Filter has a database management tool that enables you to manage your data efficiently Figure 11 1 The Database Management Tool EE surfcontrol Database Management x Database Management Delete Restore Options Select Database local SufContiol WebFiter See JN Archive Archive to c archive dat IT Unique date based filename Browse dv Purge Purge Range Purge All C Purge Unused Items Only C Save Todays Data C Save data from Puge Range Fom E dey To JO SES E Advanced Settings Note This feature is applied after the Purge Range setting has completed and affects all remaining sites in the database that have not been accessed in the past 24 hours Remove Sites with 1 El hit s or fewe r Compact I Compact Database Bun Tasks With this tool you can perform the following tasks on your databases e Archive e Purge e Compact e Delete e Restore The tool is available from the Web Filter Manager gt Maintenance gt Database Management for the appropriate collector or database in the Navigation tree The Purge Archive and Compact options can also be set up as events in the Scheduler See Database Management on page 142 for more details on setting up these tasks in the Scheduler When you installed Web Filter you could choose to set up an automatic Archive followed by Purge scheduled event This event is configured to run once a month You ca
21. Wildcard entries can be used For example to add a whole domain enter YOURDOMAIN 3 Click Apply then OK to close the Monitor Settings dialog box Click Update Configuration to update servers connected to the database Note Unmonitored users do not have their data recorded to the database However they are per still checked by the Anti Virus Agent and filtered by any rules that you have in place Refresh Refresh updates the summary and detailed user information in the Monitored Data panes as it is added to the database MONITORED USERS TASKS As well as being available from the Information pane you can access the Monitored Users tasks by right clicking a selected user Print You can print the information shown for a selected user SurfControl Web Filter v5 5 Administrator s Guide 41 THE WEB FILTER MANAGER Users Rename User This option allows you to rename a user in the Web Filter database In the dialog box that displays enter a name in the New name text box The original information about the user is also listed V4 Note If a duplicate name is detected during a database update a modified name insertion will per be attempted in the following format Friendly Name domain some user If this fails a second time the name is not added Get Friendly Name Displays the network name of the user as entered by the System Administrator Get User Name Shows the domain name of the user For examp
22. category Category Object on page 67 SurfControl The site was categorized from the SurfControl Internet Threat Database VCA The destination was categorized by the Virtual Control Agent None The site was not assigned a category Last Access The date the destination was last visited The VCA Manual Categorizations panel shows any destinations that have been re categorized either by the VCA or by yourself from the Monitored Destinations tab in the Web Filter Manager See Monitored Destinations tasks on page 47 for more details on manually categorizing a destination originally set as Uncategorized Destination Shows the URL for a categorized destination Page Shows the page level information for the destination Category Shows the VCA category for the destination e Categorization Method The sources of categorization are as follows Manual The administrator has manually set the category of the destination The category could have been set to one of the SurfControl defined categories or a custom category See Category Object on page 67 for more details VCA The destination was categorized by the Virtual Control Agent e Language The language the destination was categorized in See VCA Settings Tab on page 121 for details on the languages the VCA can categorize in Right clicking any destination in the Monitored Destinations or VCA Manual Categorizations panels launches a men
23. changes 114 Site name resolution 105 SmartScan 68 106 Subnets Ignore Settings 103 SurfControl Categories 64 67 SurfControl icon 98 T TCP IP Name Resolution DNS 105 Threat Management Tools 52 U User Defined Where Objects 64 User defined Who Objects 61 Username Resolution 109 V Video Files 12 83 W Web Filter Dashboard 30 Web Filter Settings Active Directory 101 Advanced 104 Categorization 106 Database 112 E mail Notifications 114 Ignored Ports 108 Protocol Signatures 107 Real Time Monitor 111 Start Stop Service 100 Subnets 102 User Name Resolution 109 Web Pages 12 83 Weekends object 76 What Lists 74 What Objects 70 Where Lists 69 Where Objects 64 Who Lists 63 Who Objects 60 Workstation name resolution 105 Worktime object 77 SurfControl Web Filter v5 5 Administrator s Guide 150
24. destinations to SurfControl for inclusion in the Internet Threat Database The Destinations pane is split into Summary and Detail destination information SUMMARY DESTINATION INFORMATION This pane shows the destinations monitored by the Web Filter database The following information is displayed in the columns e Destination Identifies the domain level Web site address as detected by Web Filter e Destination IP Shows the IP address of the domain level entry e First Access Shows the date and time Web Filter first saw the Web site entry e Last Access Shows the date and time Web Filter last saw the Web site entry Connections Shows the total number of TCP Transmission Control Protocol transactions made to the Web site entry DETAIL DESTINATION INFORMATION When you select a destination in the summary pane the detailed destination information is shown in the bottom pane The following information is displayed in the columns User Identifies the user s name in the following order of precedence Novell user name EUM user name NetBIOS user name Workstation name IP address Destination The Internet address accessed This is the domain level address for example www mysite com e Detail Shows any page level detail of the Internet request for example www mysite com morestuff htm By default allowed Internet requests will not show any detailed information Requests that are blocked will show page
25. different ports and are therefore known to be port agile Web Filter monitors these protocols on specified static ports by default If you enable protocol signature scanning these protocols will also be monitored by signature Caution Enabling Protocol Signature Scanning may have an impact on the performance of amp your Web Filter server After selecting Enable Protocol Signature Scanning you can choose a type of scanning method to detect the Skype protocol e Detect Skype on all ports This option is selected by default and enables Web Filter to detect the Skype protocol by signature on all ports This option provides a higher level of protection but increases the risk of falsely identifying other traffic as Skype This option is recommended by SurfControl e Detect Skype on standard ports only HTTP HTTPS The Skype protocol will be detected by signature on ports 80 HTTP and 443 HTTPS only This scanning method provides a lower level of protection but decreases the risk of falsely identifying other traffic as Skype To identify all possible Skype connections you must ensure other ports are managed by your firewall A full list of protocols which can be monitored by signature are outlined in the table below Table 9 1 Signature scanning protocols Application Type Protocols Instant Messaging MSN Messenger e OSCAR AIM ICQ XMPP Jabber Peer to Peer P2P e BitTorrent e eDonkey e FastTrack Kazaa
26. e Select the file type All file extensions associated with this file type are monitored e Select a specific file extension The file type entry which this extension belongs to will be grayed out indicating a partial selection for this file type You can also create your own groups with customized lists of file extensions See Create New File Type Groups on page 39 for more details 10 Administrator s Guide SurfControl Web Filter v5 5 BASIC CONFIGURATION Initial Monitored Data Settings Table 2 1 Monitor Settings Tab Description Protocols Web Filter monitors the following protocols and associated ports by default e HTTP 3128 80 8000 8080 BitTorrent 6881 6999 EDonkey 4661 4662 EZPeer 8870 e FastTrack Kazaa 1214 e FTP 20 21 e Gnutella 6346 6347 Gopher 70 Hotline Connect 5500 5503 e HTTPS 443 8443 e IRC 6660 6669 Jabber SIMP 7467 Jabber XMPP 5222 5224 e Liquid Audio 18888 e MSN Messenger 1863 e NNTP 119 Oscar AIM ICQ 5190 e PNM PNA 7070 e RTSP 554 8554 Skype 33033 Windows Media 1755 e WinMX 6699 Yahoo Messenger 5050 You can add new protocols and add new ports to existing protocols as you require see Adding New Protocols And Ports on page 40 for more details Unmonitored Destinations You can exclude destinations including domains from being monitored See Unmonitoring Destinations or Users on page 41 for more d
27. level detail See Initial Monitored Data Settings on page 4 e Via Proxy Shows whether the connection to the destination was made via a proxy server Source Workstation The workstation from where the Internet request was made Protocol The communication protocol of the Internet request e Category Shows the SurfControl Internet Threat Database category for the Web site entry SurfControl Web Filter v5 5 Administrator s Guide 45 THE WEB FILTER MANAGER Destinations e Categorization Method The various sources of categorization are as follows Company amp Intranet The destination is specified within the Categorization tab of the Web Filter settings as a company domain or Intranet site See Categorization Tab on page 106 for more details Manual The administrator has manually set the category of the site The category could have been set to one of the SurfControl defined categories or a custom category See Category Object on page 67 for more details SurfControl The site was categorized from the SurfControl Internet Threat Database VCA The site was categorized by the Virtual Control Agent None The site was not assigned a category Connection Status The destination can have one of the following statuses Allowed Web Filter allowed the user to visit the destination Blocked Web Filter stopped the user visiting the destination Access Time The date and
28. o Times You can either create a new When object or change the default properties of the supplied objects to suit your purposes After Work Right click the object and select Properties The After work object has the following default properties Days of the Week Monday to Friday Start Time 17 30 End Time 23 59 SurfControl Web Filter v5 5 Administrator s Guide 75 7 RULES ADMINISTRATOR When Objects Figure 7 15 After Work object properties Time Properties ER O Name r Days Of Week Y Monday Saal ig 17 Sj Hour Y Tuesday Y Wednesday EES Minute Y Thursday End Time Je Friday Ei Hour T Saturday E Mine I Sunday The When objects are based on a 24 hour clock This means that AM times are from O to 11 and PM times are from 12 to 23 Cancel Weekends Right click the object and select Properties to view The Weekends When object has the following default properties Days of the Week Saturday amp Sunday e Start Time 0 00 End Time 23 59 Figure 7 16 Weekend object properties Time Properties 1 xj O Name Weekends m Days Of Week Were sa fo kel Hour I Tuesday FT Wednesday fo Minute J Thursday End Time Friday 23 E Hour JW Saturday E E rte Y Sunday The When objects are based on a 24 hour clock This means that AM times are from O to 11 and PM times are from 12 to 23 CC ST me 76 Administrator
29. object properties romance properties E Name Type of Allowance Tie Time and volume are tracked by day beginning at midnight on the clock of the DET SurfControl Web Filter All allowance tracking is reset at 12 01AM daily Allowance fro min Browse Time Sensitivity E min Cores Table 7 5 30 Minute object properties Type of Allowance Allowance Limit Time 30 min Browse Time Sensitivity 3 min About Browse Time Sensitivity Browse time sensitivity refers to the maximum amount of time Web Filter presumes a user to be actively engaged with a site Browse time sensitivity is also used to offset the uncertainty about how much actual time a user is engaged in browsing By default browse time sensitivity is set to three minutes Browse time sensitivity comes into play every time a user launches a browser However the way in which Web Filter attributes browse time sensitivity depends on whether the browsing takes place as a stand alone occurrence or in a sequence of connections SurfControl Web Filter v5 5 Administrator s Guide 79 RULES ADMINISTRATOR Allowance Objects e Stand Alone Browsing Stand alone browsing is a single connection to the Internet For example stand alone browsing occurs when a user opens their browser and makes a connection to a site does not go to any subdirectories of the site then either closes their browser or does not make any more connections
30. objects work in different ways depending on the type of rule Note A default Notify object is not provided Ys Allow rule One message will be sent once per hour per user e Disallow rule One message will be sent per user each time a rule is triggered Allowance rule After the Allowance limit is exceeded one message per user is sent each time the rule is triggered Figure 7 21 Notify Objects tab L Who ei Where El What When Allowance Notify Http Deny Page SMTP Email Objects Display objects which contain To create a new notify object 1 Click the Notify tab and right click in the display objects pane Figure 7 22 SMTP Email Notification object properties E E gen SMTP mail server mailserver yourcompany com Recipient admin yourcompany com From WebFiter surfcontrabnotfication com Subject Access Denied by SurfControl Message body Insert gt Site SITE Page PAGE Category CATEGORY Time TIME Rule number RULE NUMBER Notify on specific file types Carcel 2 Enter a name for your new Notify object SurfControl Web Filter v5 5 Administrator s Guide 81 7 RULES ADMINISTRATOR Notify Objects 3 Enter the address of your mail server in the SMTP mail server text box This information can be obtained from the E mail Notification tab in the Web Filter Service Settings dialog box Right click the SurfControl icon in the notification ar
31. the Navigation tree 3 Select the Options tab Database Management Delete Restore Options Database Query Timeout fa sl increase for large databases a 4 seconds e 4 Enter a value for your database query timeout 5 Click Apply e Note For larger databases SurfControl recommends setting this value to 3600 seconds K SurfControl Web Filter v5 5 Administrator s Guide 133 DATABASES Updating Your Database UPDATING YOUR DATABASE There are two methods for manually updating the database from the flat files that are created by the Monitor You can set up a scheduled event see Database Update on page 143 or you can perform a manual update with the Database Updater tool Caution The Database Updater Tool will not run if the Web Filter service is running and amp Monitor to Database is set to Automatic To perform a Manual Database Update 1 Stop the Web Filter service 2 From the Web Filter Manager select Maintenance gt Database Updater from the appropriate database in the Navigation tree or select Start gt All Programs gt SurfControl Web Filter gt Database Tools gt Database Updater The Database Updater dialog is displayed 3 Click Add to select a flat file The default location for flat files is C Program Files SurfControl Web Filter TMP S Database Update i x File View ol r Import From Directories C Program Files SurfControlWweb Filter tmp
32. three types of rules Allow Uses positive filtering to give access This is the default setting for any new rule you create e Disallow Uses negative filtering to deny access Allowance Uses a combination of positive and negative filtering to set up limits for internet access The allowance value can either be time based allowing access for a predefined time limit or value based allowing only a predefined amount of bandwidth to be consumed Once these limits have been reached access is blocked Rules are created and activated from the Rules Administrator which you can access via the Web Filter Manager gt Content Protection option for your collector or database or from the Start gt All Programs gt SurfControl Web Filter menu Web Filter rules consist of various objects which can be configured to suit your needs To help you the Rules Administrator comes supplied with some preconfigured rules If you wish to implement any of these rules all you have to do is activate them You can do this in the following way from the Rules Administrator interface 1 Select the check box to the left of the rule you wish to activate or right click the rule you want to activate and select Active from the right click menu 2 Click Commit to save the changes to your database RECOMMENDATIONS FOR CREATING AND APPLYING RULES Before building your own rules consider altering one of the preconfigured rules in the list To examine the rule s
33. time Web Filter last logged Internet activity from this user Connections Shows the total number of TCP Transmission Control Protocol transactions a user has received from the Internet Monitor Setting Shows the file type monitoring setting The installed Default setting monitors Web page traffic only DETAIL USER INFORMATION When you select a user in the summary pane details of their monitored activity are shown in the bottom pane The following information is displayed e User Identifies the user s name in the following order of precedence Novell user name EUM user name NetBIOS user name Workstation name IP address 36 Administrator s Guide SurfControl Web Filter v5 5 THE WEB FILTER MANAGER Users Destination The Internet address accessed This is the domain level address for example www mysite com e Detail Shows any page level detail of the Internet request for example www mysite com morestuff htm By default Internet requests with a connection status of Allowed will not show any detail information Requests with a status of Blocked will show page level detail See The Default Monitor Settings on page 9 for more details e Via Proxy Shows if the connection to the destination was made via a proxy server Source Workstation The workstation from where the Internet request was made e Protocol The protocol of the Internet request Category The category assigned to t
34. to show the most up to date monitored workstations by pressing F5 Depending on where Web Filter is installed you will see the objects as described in the table below Table 7 1 Active Directory NT and NetWare Domain objects Where Installed Objects seen Workgroup NT Domain objects Workgroup NT Domain NT Domain objects Workgroup Domain object Active Directory NT Domain objects Workgroup Domain object Active Directory objects Domain object Note Only the currently logged on Active Directory forest will be seen by the Who Object All trusted NT domains can be seen SurfControl recommends using the Active Directory objects if Web Filter has been installed in this environment NetWare Domain NT NT Domain objects Workgroup Workgroup NetWare objects Domain object 60 Administrator s Guide SurfControl Web Filter v5 5 RULES ADMINISTRATOR 7 Who Objects Table 7 1 Active Directory NT and NetWare Domain objects Where Installed Objects seen NetWare Domain NT NT Domain objects Workgroup Domain object Domain NetWare objects Domain object NetWare Domain Active NT Domain objects Workgroup Domain object Directory Active Directory objects Domain object NetWare objects Domain object User defined Who Objects These rule objects have to be created manually and can consist of the following Hosts and Domains e MAC Addresses e Subnets Mobile Who Objects If you have ins
35. versions are Submit item to Tech Support encouraged to upgrade to the 5 0 Web Filter Server Overview Web Filter Server Name P localhost Server Status 03 04 2006 11 24 17 SurfControl Web Filter v5 5 Administrator s Guide 27 THE WEB FILTER MANAGER Working With the Web Filter Manager THE INFORMATION PANE The information pane consists of two tabs e Tasks A list of tasks that can be performed depending on the item selected in the navigation pane e Help User assistance for the tasks available Figure 6 4 Information Pane Web Filter Tasks EB Add Server 3 Add Database Ro Refresh Server Status What Can Be Seen The data in the central pane will change depending on what you have following table shows what will be displayed and when Table 6 1 Web Filter Manager Navigation items Navigation tree item Data viewed e SurfControl Web Filter Dashboard E amp SurfControl Web Filter A Server Overview The default view of the Web Filter Manager selected in the navigation pane The Tasks Add Server e Add Database e Refresh Server Status For more details on the information displayed and tasks at this level SurfControl Web Filter on page 30 e Service Status E cogadell1 09 local rim This is the server that you set Database Status up in the Configuration Wizard during the installation of Web Filter Remove Server e Start or Stop Web Filte
36. wish to import the sites to then click OK The information relevant to that database will appear in the To database text field 7 Click Run task to import the sites to this database 138 Administrator s Guide SurfControl Web Filter v5 5 Chapter 12 Scheduler uge UHT AR RD A page 140 Available Evene sussa sas as AE a DS EEN A NEE RANNER page 142 Command LING 640346 a a A AAA A Ad Ee page 142 Database Monoge Menle a SA A AAA A A page 142 Database Hee 0 ica ir a e RR EE d EAR ARA e page 143 Internet Threat Database Update ooooooooronnornn eee eee eens page 144 Network Groups LP 138 scien BEIS EIERE NERT ceeds meee SR EENS page 144 SCHEDULER Introduction INTRODUCTION You can schedule certain events that consume high bandwidth or that need users to be logged off the network to take place at a convenient time To Schedule an event 1 From the Web Filter Manager select Maintenance gt Scheduler from the appropriate collector or database in the Navigation tree The Scheduler is also available from the Start gt All Programs gt SurfControl Web Filter menu SurfControl Scheduler SE 21 Description Next Trigger Time Additem E Automatically Generated Event Intenet Threat Database Update 20 07 2006 02 13 Database Maintenance Combined 4 Malware Live Update 01 08 2006 03 00 B e Item 20 07 2006 02 36 2 Click Add Item The Scheduler Item Configuration dialog box displays
37. without the need to perform a manual update SurfControl Web Filter v5 5 Administrator s Guide 105 WEB FILTER SETTINGS Categorization Tab CATEGORIZATION TAB Web destinations seen by Web Filter are assigned to a category in the SurfControl Web Filter Internet Threat Database The categorization tab enables you to configure how you want Web Filter to perform the categorization process The Categorization Tab is shown below Figure 9 6 Categorization tab SurfControl Web Filter Service Settings Protocol Signatures User Name Resolution Ignored Ports Database RealTime Monitor Active Directory Statt Stop Service Subnets Advanced Categorization E mail Notifications Categorization G Ruig categonzation C SmartScan Orly No Auto categorization Company Domains and Intranet Destinations E Categorize local IP addresses as Company and Intranet Categorize these domain names as Company and Intranet Fem Domain Name dd to list Intemet Threat Database Improvement Program IV Anonymously send YCA and uncategorized destination information to SurfControl TT Uncategorized destination information will be sent via the Proxy server Use NT authenticatio Authenticate using Reset to Default Cancel Apply Heb CATEGORIZATION Web Filter can categorize destinations in the following ways Auto categorization Default Setting Enables all Categorization e SmartScan Onl
38. 4p mid midi mp3 ogg rmi snd wav wax wma Compressed Files ace arc arj b64 bhx cab gz gzip hax iso jar Izh mim rar tar taz tgz tz uu uue xxe Z Zip Documents csv doc docx dot pdf ppt pptx ps rtf txt xls xlsx Executables bat cfc cmd com dll exe jse ocx xpi Feeds opmi rdf rss rss2 xml Images bmp gif jfif jpe jpeg jpg pcx png psd tif tiff wmf Scripting cgi js php pl py vb vbe vbs Video Files asf asx avi divx ivf mlv mov mp2 mp2v mpa mpe mpeg mpg mpv2 at ra ram rm swf wm wmd wmp WMV WMX WVX WXV Web Pages asp aspx css htm html jsp mspx shtml stm SurfControl Web Filter v5 5 Administrator s Guide 83 7 RULES ADMINISTRATOR HTTP Deny Page Objects HTTP DENY PAGE OBJECTS HTTP Deny Page objects are Web pages that a user will see when they have triggered a rule for example if they try to access a site that is blocked The default setting for HTTP Deny Page objects is Default Web Filter is supplied with two pre defined HTTP Deny Page objects e Default e Allowance Figure 7 23 HTTP Deny Page object tab L I who Go where E what when K Allowance E Notity Http Deny Page Http Denied Pages Display objects which contain Object Name o Allowance o Default Default Page Caution Deny Page objects will not function when blocking HTTPS destinations A
39. Administrator s Guide SurfControl Web Filter v5 5 WEB FILTER SETTINGS Advanced Tab TCP IP NAME RESOLUTION DNS These settings affect how SurfControl Web Filter resolves Domain names e Workstation name resolution Determines a workstation name based on IP address Site name resolution Provides DNS resolution for destination names SurfControl recommends you leave these settings cleared to increase performance If you need workstation and site name resolution enabled you must define the DNS settings on all Web Filter servers It is critical that DNS requests from those servers do not time out or take an excessive time to respond MONITOR TO DATABASE SETTINGS By default the Web Filter service writes data to flat files which are then imported to the database automatically The Monitor to Database settings enables you to configure this process The options are Automatic default setting Flat files are continuously imported into your database as they are created Manual Select this option to update the flat files to your database manually This can be done in the following two ways Use the Database Updater tool See Updating Your Database on page 134 for more details Schedule a database update event in the Scheduler See Database Update on page 143 for more details SurfControl recommends using a scheduled event for updating your database This ensures that your database is automatically kept up to date
40. CUSTOM CATEGORIZATION To open the VCA from the Web Filter Manager select Content Protection gt Custom Categorization from the appropriate collector or database in the Navigation tree or from the shortcut button within the other SurfControl Web Filter components Custom Categorization is also available from the Start gt All Programs gt SurfControl Web Filter menu LiST OF DESTINATIONS TAB The default view is the List of Destinations tab as shown below Figure 10 1 List of Destinations tab BM custom Categorization BR xj List of Destinations VCA Settings VCA Results EIB ei colector ZE Browse Display objects which contain Monitored Destinations Categorization Method Las Business SurfControl 107 SurfControl 107 w erworld co uk d None 107 EE vw myservenworld com Uncategorized None 107 VCA Manual Categorizations Destination Page Category Categorization Method Cancel j He 1 In the Select Collector text box enter the name of the database which is currently in use for VCA runs You can click Browse to connect to another SurfControl Web Filter server Collector 2 The Display objects which contain text box can show the database currently in use for VCA runs Enter part or all of a URL to search the VCA List of Destinations for a particular destination or group of destinations 3 Click one of the following buttons to perform a task e Categorize all Unc
41. Categories 6 Section Tasks Monitored Data Monitored Data tasks are available across all the Monitored Data tabs Monitor Settings page 39 Refresh page 41 Monitored Categories Print page 51 Monitored Connections Monitored Connections tasks are available across all the Monitored Data tabs See Table 6 5 on page 44 for the following tasks Print Go To Site Go To Page Set Category Copy URL CATEGORIES TASKS As well as being available from the Information pane you can access the Categories tasks by right clicking a selected category Print You can print the information for a selected category SurfControl Web Filter v5 5 Administrator s Guide 51 THE WEB FILTER MANAGER Content Protection CONTENT PROTECTION SurfControl Web Filter has a number of tools to help you manage Internet threats as illustrated below Figure 6 6 Content Protection tab Content Protection vs Content Protection Web Filter content protection tasks Rules Administrator Custom Categorization Manage Acceptable Use Policy Dynamically categorize web content Real Time Monitor Monitor the Web Filter activities in real time Table 6 8 Web Filter Content Protection Tools Tool Description Rules Administrator You can apply rules to implement your Acceptable Use Policy For more details about the Rules Administrator see Chapter 7 Real Time Monitor You can see the Internet traffic being gen
42. DEFAULT The Default HTTP Deny Page object has the following default properties Right click the object and select Properties Figure 7 24 Default HTTP Deny Page object properties E Name Delai Insert gt lt HTML gt lt HEAD gt lt TITLE gt SurfContral Access Denied lt TITLE gt lt HEAD gt lt BODY Import BGCOLOR HFFFFFF TEXT HFFFFFF LINK H0000FF Se VLINK FFOO00 gt lt center lt table border 4 bgcolor H000066 wd 410 Preview cellpadding 5 gt lt tr gt lt td align center nowrap bgcolor H000066 gt lt strong gt lt font size 5 face Verdana Arial Helvetica sans serif gt SurfControk font gt lt strong gt lt td gt lt tr gt lt tr gt lt td height 130 nowrap bgcolor FFFFFF gt amp nbsp lt h1 align center gt lt font color HFFOODO size 2 face Verdana Arial Helvetica sans serif gt 4ccess Blocked lt font gt lt hl gt lt p align center gt lt font color 000000 gt Access to the requested web page has been Cancel blocked by your organization s intemet usage protection policy lt br gt lt br gt lt p gt lt td gt lt tr gt lt table gt lt center gt lt BODY gt lt HTML gt IM Default Page 84 Administrator s Guide SurfControl Web Filter v5 5 RULES ADMINISTRATOR 7 HTTP Deny Page Objects You can edit the text from within the object See Constructing HTTP Deny Pages on page 86 for restrictions applying to editing or constructing deny p
43. Edition Privacy Edition User Menu Rename User Yes No Right Click User Menu Get Friendly Name Yes No Get User Name Yes No View User Detail No Yes Monitored Data Tasks Change Manager No Yes Password Change Union Password No Yes Table 5 2 Real Time Monitor Standard Edition Action Privacy Edition Options Menu User Yes Unavailable Client Name Yes Unavailable Unavailable Client IP Address 20 Administrator s Guide SurfControl Web Filter v5 5 PRIVACY EDITION What It Does Table 5 3 SRC Reports Standard Edition Privacy Edition Quick Reports Top N Workstations by Yes No Connections Summary Reports Top N Workstations by No Yes Connections For further information about available Reports see the SurfControl Report Central Administrator s Guide SurfControl Web Filter v5 5 Administrator s Guide 21 PRIVACY EDITION Privacy Edition Features PRIVACY EDITION FEATURES Viewing users details requires the permission of a manager and a union representative The Privacy Edition is supplied with a preconfigured password of admin for both the manager and union representative SurfControl recommends that the designated manager and union representative change their password as soon as possible after installation CHANGE THE MANAGER AND UNION PASSWORDS To change the passwords 1 From the Web Filter Manager gt Monitored Data select Change Manager or Chan
44. Files in the Spider Settings text box In a default installation the location will be C Program Files SurfControl Web Filter SpiderFiles This setting can also be changed via the VCA Control Panel application See The VCA Service Settings on page 124 for more details 3 You can select any of the following options Observe Robot Exclusion Policy Some destinations contain a text file that describes exactly what each spider or robot can access on the destination If you choose to ignore this policy then the spider will try to access unauthorized areas on the destination This may result in your IP address being banned by the destination e Cache retrieved web pages Adds any pages directly retrieved during the VCA run to the local web page cache if available impersonate Internet Explorer The VCA will identify itself as Internet Explorer when making requests to servers If you clear this item the VCA will identify itself as SurfControl Some destinations are inaccessible unless you impersonate Internet Explorer although destinations can also ignore requests that originate from Internet Explorer This option is selected by default SurfControl Web Filter v5 5 Administrator s Guide 121 CUSTOM CATEGORIZATION Using Custom Categorization e Retrieve pages from cache Enables the VCA to use locally cached versions of pages of a destination rather than having to retrieve current versions from the Internet 4 Select
45. Jun 06 Google Spoofed in New Blended Threat Knowledge Base SurfControl E mail Filter x _ _ Latest Articles Meeting the Compliance E SurfControl Web Filter Tech Challenge Support How to Block Access to myspace com a Access This Article Now Search the Knowlege Base Product Updates Welcome to the SurfControl Web Filter version 5 5 beta which includes many new features and enhancements If you have any technical questions during the beta and or any general feedback please send an email to swtbeta surfcontrol com Learn best practices to enforce regulatory compliance with SurfControl Email Fitter B Read More 1 SurfControl com SurfControl Report Central Mobile Filter E mail Filter Enterprise Threat Shield SurfControl Blog Subscribe to SurfControl s Newsletter Surfadvisory Web Filter T 2 E Add Server TH Add Database R Refresh Serv Web Filter Server Overview Web Filter Server Name P localhost 12 07 2006 10 03 41 26 Administrator s Guide SurfControl Web Filter v5 5 THE WEB FILTER MANAGER Working With the Web Filter Manager WORKING WITH THE WEB FILTER MANAGER The Web Filter Manager screen is divided into 3 columns e Navigation pane This displays the server and database connections you have made with Web Filter e Central pane Displays the item selected in the navigation pane e Information pane This displays tas
46. POP3 110 Lotus Notes 1352 NetMeeting 522 1503 1720 1731 SMTP 25 IMAP 143 Newsgroup NNTP 119 NNTPS NNTP over SSL 563 P2P BitTorrent 6881 6999 eDonkey 4661 4662 EZPeer 8870 FastTrack Kazaa 1214 Gnutella 6346 6347 Hotline Connect 5500 5503 range Skype 33033 WinMX 6699 Remote Access Citrix 1494 GoToMyPc 8200 PCAnywhere 5631 5632 65301 PCTelecommute 2299 Terminal Services 3389 SurfControl Web Filter v5 5 Administrator s Guide 71 7 RULES ADMINISTRATOR What Objects Table 7 3 Rules Administrator Configured Protocols Ports Protocol Group Protocol Port RAdmin remote administration 4899 tool SOCKS 5 1080 PPTP 1723 Streaming Media Liquid Audio 18888 PNM PNA 7070 RTSP Quicktime RealPlayer 554 8554 Windows Media MMS 1755 Web Google Web Accelerator 9100 HTTP 80 8000 8080 3128 HTTPS 443 8443 Other LDAP 389 NFS 2049 SSH 22 Telnet 23 Daytime 13 Domain 53 Echo 7 Ident 113 Nbsession 139 Whois 43 Time 37 Finger 79 rlogin 513 SQL net 1433 1434 1521 1525 Pptp 1723 72 Administrator s Guide SurfControl Web Filter v5 5 RULES ADMINISTRATOR 7 What Objects Filtering IM P2P and Web Protocols by signature The Instant Messsaging and Chat IM Peer 2 Peer P2P and Web Accelerator protocols in the table below are port a
47. Personals amp Dating Philanthropic amp Professional Orgs Phishing amp Fraud Photo Searches Politics Proxies amp Translators Real Estate Reference Religion Ringtones Mobile Phone Downloads Search Engines Sex Education Shopping Society amp Culture Spam URLs Sports Spyware Streaming Media Tasteless amp Offensive Travel Violence Weapons Web based E mail SurfControl Web Filter v5 5 Administrator s Guide 67 7 RULES ADMINISTRATOR Where Objects SurfControl Categories SurfControl s Adaptive Threat Intelligence team have the ability to dynamically add new categories via an Internet Threat Database update For this reason SurfControl categories are read only and appear in the Category Object list with the following icon Eh You cannot re name or delete them from within SurfControl Web Filter SurfControl categories do not support SmartScan You must create a custom category to use this functionality Custom Categories The Category object enables you to create custom categories which can contain any of the following One or more of the pre defined SurfControl categories Keywords that are matched against the domain level of a URL using SmartScan Custom categories you create will appear in the Category object list with the following icon EE Custom categories can be re named and deleted by right clicking a selected category If a SurfControl category is added or re named and it has an identi
48. Select Show Results to view the results in the window below or Purge Results to remove the results from the window below To perform a Categorization run 1 From the List of Destinations tab click Categorize all Uncategorized destinations g A Categorizing dialog box displays with the following information Categorizing o gt SurfControl Web Filter D Active Threads fi Destinations Checked fo Destinations Categorized fo gt 1 A Progress bar showing the number of Uncategorized destinations being categorized on the right and the percentage of those destinations processed e Active Threads are the number of pages being categorized at any one time You can limit the amount of active threads being used for this in the Virtual Control Agent Control Panel application e Destinations Checked counts the number of destinations checked during the VCA run e Destinations Categorized is the number of destinations that have been categorized by the VCA during this run 2 Click Cancelto stop the VCA run at any time On completion of the run a VCA Results dialog box shows the VCA categorized destinations and the category to which they have been assigned CA Results x Category Number of Destinations C 1 Uncategorized SurfControl Web Filter v5 5 Administrator s Guide 123 CUSTOM CATEGORIZATION Using Custom Categorization 3 Click OK An Action Complete dialog box disp
49. SurfControl Version 5 5 SurfControl Web Filter Administrator s Guide Notices NOTICES 1996 2008 Websense Inc All rights reserved 10240 Sorrento Valley Rd San Diego CA 92121 USA Published January 2008 This document may not in whole or in part be copied photocopied reproduced translated or reduced to any electronic medium or machine readable form without prior consent in writing from Websense Inc Every effort has been made to ensure the accuracy of this manual However Websense Inc makes no warranties with respect to this documentation and disclaims any implied warranties of merchantability and fitness for a particular purpose Websense Inc shall not be liable for any error or for incidental or consequential damages in connection with the furnishing performance or use of this manual or the examples herein The information in this documentation is subject to change without notice Trademarks SurfControl and Websense are registered trademarks of Websense Inc in the United States and certain international markets Websense has numerous other unregistered trademarks in the United States and internationally All other trademarks are the property of their respective owners Microsoft Windows Windows NT Windows Server and Active Directory are either registered trademarks or trademarks of Microsoft Corporation in the United States and or other countries This product includes software distributed by the Apache
50. Web Filter Manager gt Maintenance from the appropriate collector or database in the Navigation tree Select the Purge check box from the Database Management tab Choose from the following purge options e Purge All Removes all connection details e Purge Unused Items Only Removes connection details that are no longer necessary Save Today s data Removes all but that day s connection details Save data from the last N days Where N is the number of days to retain connection details e Save data from DD MM YY Removes all connections details before the date specified e Purge Range Removes all connections for the specified range Advanced Settings You can choose to remove sites which have not been accessed in the last 24hrs but are outside of the purge range Select the Remove Sites with checkbox and set the number of hits Sites will be removed that have less than or equal to the number of hits specified The Advanced Settings are not available if you have selected Purge All or Save Todays data e Note Manually categorized sites that meet the Advanced Settings criteria will not be deleted aioe 4 Click Run Tasks to start the Purge 130 Administrator s Guide SurfControl Web Filter v5 5 DATABASES Managing databases COMPACT Compacting your database eliminates the redundant space contained within it reducing its size To Compact a Database 1 Select Database Management from the Web Filter
51. Who Objects WHO OBJECTS Who objects are used to apply rules to certain individuals or groups The default for Who objects is Anybody The following objects are included in the Who tab Figure 7 1 Who objects tab Who where El what O when A Allowance Notify o Http Deny Page E Monitored Workstations NT Domain Objects E e Active Directory Object Name E D User Defined Who Objects L Hosts and Domains EB mac Addresses Y Subnets E e Mobile Who Objects 47 Mobile Users gh Mobile Hosts Display objects which contain Monitored Workstations This rule object shows a list of workstations that are monitored by Web Filter manager and stored in the database It is not possible to manually add workstations to this list because the information is obtained automatically from client machines that request internet access If workstations appear as IP addresses you need to select Enable Workstation name resolution on the Advanced Settings tab in the Web Filter Service Settings See Advanced Tab on page 104 for more details You can refresh the list to show the most up to date monitored workstations by pressing F5 Active Directory NT and NetWare Domain Objects These objects are obtained from the network domain and only apply to local Active Directory NT or Novell NetWare networks It is not possible to manually add Active Directory or NT Domain Objects to this list You can refresh the list
52. ages Figure 7 25 Default HTTP Deny Web page EXA la File Edit view Favorites Tools Help a Osx O da Al search Favorites Ar GE Address fa C Program Files SurfControlWeb Filteriss preview page html gt Go Links ba SurfControl Access Blocked Access to the requested web page has been blocked by your organization s internet usage protection policy H E E Done IT TT E M compter From the dialog box you have the following options Import You can import HTML code you have created in a file elsewhere or you can re import the default deny page text from the following location C Program Files SurfControl Web Filter Sample Denied Text Default_Denied html e Preview Use this option to see how your deny page will look in a browser Default Page This option is selected as this is the default page supplied by SurfControl ALLOWANCE The Allowance HTTP Deny Page object has the following default properties Right click the object and select Properties Figure 7 26 Allowance HTTP Deny Page object properties Configure Http Access Denied Page E x O Name Allowance lt IDOCTYPE html PUBLIC AW3C DTD HTML 4 01 Transitional EN gt lt HTML gt lt HEAD gt lt TITLE gt SurfControl Access Denied lt TITLE gt lt HEAD gt lt BODY BGCOLOR HFFFFFF TEXT HFFFFFF LINK 80000FF VLINK FFO000 gt lt center gt lt table border 4 bacolor 0000D0 width 50 cellpadd
53. ance the VCA service will use a trusted connection and the local system account to connect to the local collector If you want to save VCA categorizations to a remote collector you will need to set up a separate user account and manually configure the VCA service to run using this account The VCA service will not connect to a remote collector if it is configured to use a trusted connection and to log on with the local system account To configure the service to log on using a different account perform the following i Click Start point to Administrative Tools and click Services ii Double click SurfControl Virtual Control Agent in the services list iii Click the Log On tab and select This account iv Enter the user name and password the VCA service will use to connect to the remote collector and click OK v Restart the VCA service vi Open the VCA Control Panel application and click the VCA Settings tab vii Click Browse and type in the ip address or hostname of the server that will act as the remote collector and click OK Commit Change s Interval hours You can configure the time in hours before the VCA will commit changes to the selected database and flush its cache Temporary Internet files folder The VCA spiders will download up to 10 pages of a destination it is categorizing It downloads them to the folder specified in this field By default this location is C Program Files SurfControl Web Filter SpiderFiles Once th
54. ant to ignore all network traffic apart from the specified port numbers in the Ignored Ports list 108 Administrator s Guide SurfControl Web Filter v5 5 WEB FILTER SETTINGS Ignored Ports Tab CREATING NEW PORTS You can add either single ports or a range of ports to the Ignored Ports list To create a new port entry 1 Onthe Ignored Ports tab click New 2 Inte Ports dialog that follows select one of the following options Single Port Enter a single port number e Port Range Enter a range of port numbers For example to allow the Web Filter driver to ignore or acknowledge FTP network traffic enter a range of 20 21 3 Optionally enter a description into the Comment text box and click OK to save your changes or click Cancel to abort You can also perform the following actions Delete Removes a selected port number or port range from the list e Edit Launches the Ports dialog box to change details for a selected port or port range in the list USERNAME RESOLUTION The User Name Resolution tab allows you to configure how Web Filter detects user names Figure 9 8 User Name Resolution tab Database Real Time Monitor Active Directory Start Stop Service Subnets Advanced Categorization E mail Notifications Protocol Signatures User Name Resolution Ignored Ports User Name Resolution Enterprise User Monitoring C NetBIOS Lifetime of user name 600 Second Cancel Apply Hel
55. ant to monitor on each subsequent Web Filter server This allows you to divide the volume load of network traffic across your servers making them more efficient To configure your subnets on multiple Web Filter servers Identify the subnets you do not want to monitor On the first Web Filter server click the Subnet tab and click Add Enter the ip address of the subnet in the IP Address text box Enter the subnet mask in the Mask text box Click OK Repeat steps 1 to 5 for other subnets you do not want to monitor Select Do not Monitor traffic to or from these subnets DJ o Om A Go YP For each subsequent Web Filter server you should identify a specific subnet that you do want to monitor To do this identify subnets you do want to monitor and follow steps 2 to 5 9 Select Only Monitor traffic to or from these subnets Ignore Subnets During installation Web Filter detects the internal subnets on your monitoring and blocking network card The Web Filter server ignores inbound traffic to these internal subnets reducing the load on the Web Filter Service The subnets detected are listed in the Ignore Subnets section of the Subnets tab You also have the following options Add anew subnet Remove a subnet e Edit the IP address or subnet mask for an existing subnet SurfControl Web Filter v5 5 Administrator s Guide 103 WEB FILTER SETTINGS Advanced Tab ADVANCED TAB From the Advanced tab you can define the fol
56. atafile Location KE Logfile Location IT Set as Default Database 4 Click Browse A Restore from Archive dialog box will appear The default location for your archived databases is drive C If you archived your database to another location use Browse to locate it 5 Click Open on the relevant file The Restore tab fields will now be populated with information from the archived database 6 Enter a name in the Restore As Database field The Restore button becomes enabled You can also use this to specify an instance of SQL Server if you have multiple installs of SQL e Note The Named Instance field is required for restoring databases to SQL Server Express Ca Server 2000 or above on the same computer 132 Administrator s Guide SurfControl Web Filter v5 5 DATABASES Managing databases Select Set as Default Database for the Web Filter service to use the restored database for writing to Click Restore A message displays confirming the restore has been successful Click OK 10 Start the Web Filter service OPTIONS The Options tab enables you to set a timeout value in seconds for your database If a database maintenance task cannot establish a query to the database within the time set the task will be cancelled To change the Database Query Timeout 1 Stop the Web Filter service 2 Select Database Management from the Web Filter Manager gt Maintenance node in the appropriate collector or database of
57. ategorized Destinations Starts the VCA categorization process El Refresh List Used to refresh the destinations list in the VCA E Set all destinations back to unchecked In each run the VCA attempts to categorize all Uncategorized unchecked destinations However if the destinations have already been checked in a former run the VCA will not attempt to re categorize these Use Set all destinations back to unchecked to set destinations back to the unchecked state that they were in previously The VCA will then attempt to categorize the Uncategorized destinations again in the next run This action only applies to Uncategorized destinations SurfControl Web Filter v5 5 Administrator s Guide 119 CUSTOM CATEGORIZATION Using Custom Categorization The Monitored Destinations panel shows the current list of destinations in the Monitor database Click any of the column headings to sort by that data e Destination Shows the URL for a categorized destination Category Shows the VCA category for the URL e Categorization Method The sources of categorization are as follows Company amp Intranet The destination is specified within the Categorization tab of the Web Filter settings as a company domain or Intranet site Categorization Tab on page 106 Manual The administrator has manually set the category of the site The category could have been set to one of the SurfControl defined categories or a custom
58. ategory Object Order on the Tools menu WHERE LISTS A Where list object can comprise of several specific objects from the Where object list see figure below This provides a convenient way of grouping objects to share a set of rules To create a Where List drag individual Where objects Monitored Workstations NT Domain objects and User Defined Where Objects from the bottom right hand pane to the upper left hand pane in the Where List dialog box Figure 7 11 Where List object dialog box xl You can modify the filter objects that you have created by selecting the group from the tree so that it appears in the bottom right pane and then dragging and dropping items on to the member pane Members lz E Monitored Destinations G User Defined Where Objects EN Categories Object Name Catego E 207 46 134 126 Computing amp Internet Display objects which contain Computing amp Internet Computing amp Internet E 207 46 244 222 Computing amp Internet Cancel Help Name Enter a name here for your Where List object Members This panel will show the individual objects that make up your list SurfControl Web Filter v5 5 Administrator s Guide 69 7 RULES ADMINISTRATOR What Objects WHAT OBJECTS What objects are used to identify the content that a rule should apply to The default for What objects is Anything The following objects are included in the What tab Figure 7 12 What objects ta
59. ation category User Connection Status Ready Collector localhost 4 You can right click a destination in the Real Time Monitor to visit the selected destination in your Web browser This is a convenient way to inspect the web sites frequented by users as soon as they are visited The following columns are visible by default in the Real Time Monitor Table 8 1 Real Time Monitor Columns Column Description Destination Identifies the destination name Category Identifies the Category Web Filter has assigned to the destination User Identifies the user Connection Status Indicates whether the destination was Allowedor Blocked by Web Filter 90 Administrator s Guide SurfControl Web Filter v5 5 REAL TIME MONITOR Introduction Other columns can be configured via the Options menu Select General from the Options menu The Real Time Monitor Options dialog box displays as shown below Figure 8 2 Real Time Monitor Options dialog box Real Time Monitor Options E r Display Columns F Destination M User 1 Server IP Address IT Client Name I Client IP Address JW Connection Status FE Threat Detected FE Sub Threat Detected T Protocol IV Rule Comment rm Other Settings Connection buffer size 500 Low ca Monitor buffer e Note Changes made in the Real Time Monitor Options dialog box clear the existing Real Time wel or Sur
60. ault option or deselect this option and use a valid SQL Login ID and Password SurfControl Web Filter v5 5 Administrator s Guide 143 SCHEDULER Available Events INTERNET THREAT DATABASE UPDATE Your Internet Threat Database is important in helping you to identify the nature of Web destinations being accessed on your network Internet Threat Database updates are produced daily and can vary in size SurfControl recommends that you schedule this event to take place every day at a time when Internet traffic is low Caution Internet Threat Database Updates are only available to licensed product users or A products within the 30 day evaluation period NETWORK GROUPS UPDATE To update your Network Groups 1 Make sure you have set up the occurrence options first then click Configure 2 A Network Group Lookup Configuration dialog box will appear as shown in the figure below Network Groups Update J x Automatic Removal of Inactive Users Enable B Removal Time Period days 30 E Cancel 3 Ifyou enable the Automatic Removal of Inactive Users option users who do not belong to a network group and whose last monitored connection was more than N days ago will be removed from the database along with their connection information N is the figure set in the Removal Time Period days field The default setting is 90 days 4 Click OK to confirm the network Group Update 144 Administrator s Guide Su
61. b amp who G Where E what O when E Allowance El Notiy Http Deny Page User Defined What Objects 20 Protocols Ports a File Transfer Si Games Hacking Instant Messaging and CH 22 Mail amp Collaboration Newsgroup 4 Other P2P 2 Remote Access Can Streaming Media web 8 Precise Bandwidth Controls D I What Lists PROTOCOLS PORTS OBJECTS In the Rules Administrator the monitored protocols and associated ports are shown in the table below The protocols marked with an asterisk are monitored by default Table 7 3 Rules Administrator Configured Protocols Ports Protocol Group Protocol Port File Transfer FTP 20 21 Gopher 70 WAIS 210 FTTPS FTP over SSL 989 990 Gaming Half Life 27010 27015 Quake 3 27960 27969 World of Warcraft 3724 EVE Online 26000 Hacking Back Orifice 31337 Sub7 27374 Instant Messaging and Chat Gadu Gadu 8074 Jabber SIMP 7467 Jabber XMPP 5222 5224 70 Administrator s Guide SurfControl Web Filter v5 5 Table 7 3 Rules Administrator Configured Protocols Ports RULES ADMINISTRATOR What Objects Protocol Group Protocol Port Windows Live Messenger 1863 OSCAR AIM ICQ 5190 Yahoo Messenger 5050 IRC 6660 6669 IRCS IRC over SSL 994 Camfrog 2778 6005 Eyeball Chat 5500 5501 5515 X IM 5221 Mail amp Collaboration
62. b SurfControl Web Filter Service Settings Database Real Time Monitor Active Directory Protocol Signatures User Name Resolution Ignored Ports Star Siop Service subnets Advanced Categorization E mail Notifications Status Running Start Restart OK Cancel Apply Help When you stop the service the SurfControl icon in the notification area of the task bar is grayed out When you start or restart the service the icon will revert back to color V Note You can quickly start stop and restart the service from the SurfControl icon in the es notification area on the task bar 100 Administrator s Guide SurfControl Web Filter v5 5 WEB FILTER SETTINGS Active Directory Tab ACTIVE DIRECTORY TAB By default connection to your Active Directory server is via a non secured LDAP connection You can change this to a secure SSL connection using port 636 from this tab You can also provide user name credentials for each trusted domain and one default user name and password for all domains This allows rules which contain group objects from other domains to obtain relevant user information from those domains The Active Directory tab is shown below Figure 9 3 Active Directory tab Protocol Signatures User Name Resolution Ignored Ports Start Stop Service Subnets Advanced Categorization E mail Notifications Database Real Time Monitor Active Directory Secure Active Directory Connection Configura
63. b Filter Manager but they will still exist in the database until the next database purge 42 Administrator s Guide SurfControl Web Filter v5 5 THE WEB FILTER MANAGER Users Select one or multiple users in the Summary User Information pane mM Click Delete User s in the Monitored Users Tasks box or right click the selected user s and click Delete User s from the menu 3 Click Yes to confirm deletion or click No to cancel The user has now been removed from the Web Filter Manager For further instructions on purging the database see Chapter 11 Purge on page 130 Monitor Settings for Users You can select which file types a user can be monitored for from the Monitor settings Any custom file type groups you create will also be available Table 6 4 User Monitoring Options Option Description Unmonitor The user s Internet activity is not monitored Monitor default file types Only the default file types certain Web page types are monitored See Monitor Settings on page 39 for details on default file types Monitor custom file types You can choose which file types you want to monitor for selected users See The Default Monitor Settings on page 9 for details of the supplied file type groups Note Monitoring too many File Types can impact on the performance of Web Filter If you suspect a certain file type is being accessed significantly select the file type and monitor it for a set period
64. base 4 Ifyou want to change the category of the site select which category you want the site to be changed to from the Choose Category drop down list box 5 Click Submit Set Category You can change the category for a selected entry in the Destinations tab Any changes made to the destination s category will only affect future connections Data already saved to the database cannot be changed as this is a historical record of the category assigned at the time the destination was visited You need to click Update Configuration to apply any changes to servers connected to the database 48 Administrator s Guide SurfControl Web Filter v5 5 THE WEB FILTER MANAGER Categories CATEGORIES SurfControl Web Filter uses its Internet Threat Database to categorize the destinations saved in your database You can view the destinations grouped by category on this tab You can use the categories seen to construct rules for your organization For more details on the Internet Threat Database and categories visit www surfcontrol com The Categories pane is split into Summary and Detail category information SUMMARY CATEGORY INFORMATION This pane displays the categories monitored by the Web Filter database You can also see the following information displayed in the columns e Category Shows the SurfControl Internet Threat Database category for the destination First Access Shows the date and time Web Filter first logged the destinatio
65. being recorded in the Web Filter database Go To Site You can open up a selected entry at the domain level in a Web browser Submit Destination If you see a monitored destination that you feel should be included in the SurfControl Internet Threat Database or should be categorized differently you can submit the details to SurfControl To submit a destination 1 Select the destination in either the Destination Summary or Detail information pane 2 Select Submit Destination from the Monitored Destinations tasks section The Submit a Site Web page will be displayed in a browser window a SurfControl Submit a Site Microsoft Internet Explorer E ioj x Fie Edt view Favorites Tools Help E ebk gt O A A Asearch Favorites meda 4 Eh Sy EE Submit a Site Add a site Do You Want To C Delete a site C Change the category URL Internet Address http rtynan 8080 Choose Category None Rese RH E Done Pi Internet di The selected site will appear in the URL Internet Address field 3 Select what you want to do with the site You can either e Adda site Submit the site to be included in the Internet Threat Database e Delete a site Submit the site to be removed from the Internet Threat Database SurfControl Web Filter v5 5 Administrator s Guide 47 THE WEB FILTER MANAGER Destinations Change the category Select a new category for the site in the Internet Threat Data
66. bile users who connect to the corporate network with SurfControl Mobile Filter The same corporate security rules apply so mobile devices are shielded from unwanted intrusions minimizing unexpected shutdowns that lead to lapses in productivity SurfControl Web Filter bolsters your defenses by providing Bullet proof infrastructure security Automatic real time security updates through our comprehensive threat database which is constantly kept current with knowledge gathered by our global threat experts e Legal liability protection Prevents circulation of inappropriate content that violates copyright laws or infringes rights e Regulatory compliance Helps you meet HIPAA Sarbanes Oxley and other industry or government security requirements Enhanced employee productivity Limits Web surfing and downtime due to attacks and improves IT productivity because it s easy to implement and manage 2 Administrator s Guide SurfControl Web Filter v5 5 Chapter 2 Basic Configuration rue TT EE page 4 Basic Somice SONES nica page 5 Initial Monitored Data Settings ssa page 9 Basie Rule ME DT EE page 13 Scheduling TASKS 20 0 A A A A AA e ER page 14 BASIC CONFIGURATION Introduction INTRODUCTION This chapter introduces you to some basic features and configuration settings that will help you set up Web Filter effectively This chapter will cover the following Basic WEB FILTER SERVICE SETTINGS This section e
67. box displays when you click Configure from the Scheduler Item configuration dialog box Figure 12 1 Command Line Configuration dialog box xl Program To Schedule From Command Line Browse Command Line Parameters Click Browse to locate the required file Enter any required Parameters in the Command Line Parameter box and Click OK DATABASE MANAGEMENT Choosing this option enables you to set up a scheduled event that will Archive Purge or Compact your database For detailed information on setting up these events see Managing databases on page 129 You can set up a separate event for each routine or create a combined event for the routines you want to schedule scheduled event This event is configured to run once a month You can configure the settings e Note When you installed Web Filter you could choose to set up a combined Archive and Purge KE for this event by selecting it in the Scheduler and clicking Configure To schedule Database Management events 1 Select Database Management Tasks from the Select item to configure list 2 Setthe date and time for when the database management task will occur using the Occurs sections 3 Enter a name for your event in the Description field 142 Administrator s Guide SurfControl Web Filter v5 5 SCHEDULER Available Events Click Configure The Database Management dialog box will be displayed The default database is shown in the Database field If you wi
68. cal name to a custom category you created your custom category will be amended with brackets containing a number for example custom 1 Figure 7 10 Category List object properties Category List TI x Categories C Adult S exually Explicit C Advertisements amp Popups C Alcohol amp Tobacco C Arts L Blogs amp Forums Business C Chat Company amp Intranet Computing amp Internet C Criminal Activity Downloads Education C Entertainment gt SmartScan Cancel 1 Enter a name for your new category Select one or more of the SurfControl Categories you want to include in your new category If you want to refine the category match select a category you are including in the object and click SmartScan Enter the keywords that you wish to match for any domains that will be allocated to the category The keyword must form all or part of the domain level URL Example Entering football will match the following URLs 68 Administrator s Guide SurfControl Web Filter v5 5 RULES ADMINISTRATOR 7 Where Objects www football365 com www football guardian co uk It will not return www bbc co uk football as football is not part of the domain level URL Your new category will now be seen in the Where tab Categories pane It is important that you move this custom category to the top of the list so it is applied before the standard categories To do this click Set C
69. can then view the rules in place for a specific collector within your organization To change the collector from within the Rules Administrator 1 Click the Open icon CG in the Rules Administrator A Select Database dialog box is displayed E Connect to SurfControl Collector Server localhost y Cancel Enter the server name or select a previously selected server from the list Click OK SurfControl Web Filter v5 5 Administrator s Guide 87 7 RULES ADMINISTRATOR Viewing Another Collector 88 Administrator s Guide SurfControl Web Filter v5 5 Chapter 8 Real Time Monitor MIOS DIA page 90 Display Columns EE page 92 Category e EE page 93 NEE page 94 Stopping and Starting the Real Time Monitor oooooocooroocorn os page 95 REAL TIME MONITOR Introduction INTRODUCTION The Real Time Monitor shows Internet activity on your network as it is happening This is different from the Monitored Data in the Web Filter Manager which displays historic information that has been saved in your database To open the Real Time Monitor from the Web Filter Manager select Content Protection gt Real Time Monitor from the appropriate collector or database in the Navigation tree The Real Time Monitor is also available from the Start gt All Programs gt SurfControl Web Filter menu Figure 8 1 Real Time Monitor SurfControl Real Time Monitor E 5 x File Options Help Destin
70. cation exe config file Open the SurfControl Web Filter Manager application V4 Note Increasing the number of rows may have a significant impact on the performance of the er Web Filter server FILTERS Filters are available for all Monitored Data tabs You can filter by the following options e Show All default view e Access Date 34 Administrator s Guide SurfControl Web Filter v5 5 THE WEB FILTER MANAGER Monitored Data Access Time Categorization Method Category Connection Status Destination Destination IP Detail Group Protocol Name Source IP Source Workstation User Name Via Proxy Custom Filters Alternatively you can create your own custom filters from the two pre configured filters Last 24 Hours Last 7 Days Creating a Custom Filter To create your own custom filter ON DOO P Go YP A From the Filter drop down list box select Custom Filters gt Manage Custom Filters Select New from the Custom Filters dialog box Enter a name for your filter Select the option that you want to customize in the left hand pane Configure the criteria to suit your needs Repeat steps 1 to 5 for any additional filters Click OK to save your custom filter Click Close to close the Custom Filters dialog box You can now select your filter from the Custom Filters drop down list box You can also Edit or Delete your custom filters from the Custom Filters gt Manage Custom Filters menu or when selected wi
71. cononconononcncnonononononnnnonononcnnonononnnnnnnannnancnnnnnnnananoninnnnns 32 TASKS EE 33 Monitored Dala EE 34 Data EE 34 FUNGUS aa a Rad AS Ra suleeneusarsadves yas saenexiaddanseneeeasass 34 PPP a a S a a 36 Summary User Information coronan nono cnn 36 Detail User Informal coran cda DSR a Naa pa aa 36 ESPE TE TT TT TO PET TT OT PT 38 Monitored Data TaskKS banal lada 39 Monitored Users TASKS saias ciales 41 Monitored Connections Tasks cccccccccccececececeeseuesecscecesceeececeeceeececeeaeauaeaauauaueeaeeeeeeseeees 44 DSSTIMATONS nosine an a GsuvdeyeassaaasaaneGegasasbnassgeasaasdenateansseisibnesasasessnanidanday 45 Detail Destination Information ooccccccccononnnnnncnnoncnncncnonaronononononnnonnnononnrnnnnononnnnnannnnnonons 45 Task Sida ida da 46 Monitored Destinations tasks cccoconnnnnonccononnnonenenonononononononanonnononononnnnnnnnnannranononanonnnanons 47 Ee le 49 Summary Category Information 49 Detail Category Information 49 BEE 51 Categories E 51 Content Protectio aaa ia iii fr di a icastds 52 Maintenance ssucanass sedinsao ni a SEA OR ge dE ER d ene eege 53 Rules ACMinistrator cccccccecccsessseeecnsneccecnsseeescnsneeeaceanseeaceensesaesesaseeesooasseesenseeseaeoas 55 idee tee EE 56 Guidelines For Rule Creation oococcccnnncccnoconononnnnnnononnonononononnononnnnnnnnnnnnnnonanananocncnnnonononns 56 Rule ele e 59 dl feu 60 Creating User Defined Who Objects
72. do not want to monitor N OO FB OD Select Do not Monitor traffic to or from these subnets 6 Administrator s Guide SurfControl Web Filter v5 5 BASIC CONFIGURATION Basic Service Settings By configuring subnets on multiple Web Filter servers you ensure the subnets are only monitored on one server in your network environment You need to specifically identify subnets you do not want to monitor on one Web Filter server and define one or more subnets you do want to monitor on each subsequent Web Filter server This allows you to divide the volume load of network traffic across your servers making them more efficient To configure your subnets on multiple Web Filter servers Identify the subnets you do not want to monitor On the first Web Filter server click the Subnet tab and click Add Enter the IP address of the subnet in the IP Address text box Enter the subnet mask in the Mask text box Click OK Repeat steps 1 to 5 for other subnets you do not want to monitor Select Do not Monitor traffic to or from these subnets DJ O Oo P U N For each subsequent Web Filter server you should identify a specific subnet that you do want to monitor To do this identify subnets you do want to monitor and follow steps 2 to 5 9 Select Only Monitor traffic to or from these subnets Ignore Subnets The internal subnets detected during the initial running of the Configuration Wizard are listed in the Ignore Subnets section of the Sub
73. e Original Detected Name e Workstation Name e IP Address Ethernet Address 7 Click OK to close the dialog box SurfControl Web Filter v5 5 Administrator s Guide 23 PRIVACY EDITION Privacy Edition Features 24 Administrator s Guide SurfControl Web Filter v5 5 Chapter 6 The Web Filter Manager A EE page 26 Working With the Web Filter Manager page 27 SuriGontrel Web Eller ocio ci a ad a a i da page 30 WED PING SeIVEl AAA oo DS TS da E SAS page 32 Monitored Dala iii ir A RA ELA Ga wedge reaped aww aa page 34 A A A page 36 DESNUDA page 45 e a a a A AAA AA page 49 Coment Protelio ta a a e da ed A E AA A A aA page 52 MAMAR ia a Ds page 53 THE WEB FILTER MANAGER Introduction INTRODUCTION The SurfControl Web Filter Manager Shows the Servers and databases you are monitoring with Web Filter e Displays the historic Internet activity of users e Helps you configure how Web Filter manages Internet threats e Helps you maintain Web Filter to ensure H performs efficiently OPENING THE WEB FILTER MANAGER Select Web Filter Manager From the Start gt All Programs gt SurfControl Web Filter menu Figure 6 1 Web Filter Manager SurfControl Web Filter Manager Information 7 localhost local 4 Monitored D4 Content Prot e Maintenance Tasks Help Threat Alerts 27 Jun 06 SurfControl First to Detect Malicious File Attached to Brazilian World Cup Email 08
74. e Start gt All Programs gt SurfControl Web Filter menu The Scheduler enables you to run certain events at a time when you will have no users logged on to your network or if an event requires a lot of bandwidth You can configure the following events in the Scheduler Command Line Database Management Database Update Internet Threat Database Update e Network Groups Update MORE INFORMATION For more information on configuring the various events see Chapter 12 14 Administrator s Guide SurfControl Web Filter v5 5 Chapter 3 Remote Administration PiLFODUCHON AS EIA page 16 What the Remote Administration Client Does 00 20sec eee eee os page 16 PESTEQUISTMOS corri A EE A o E a AA cd d page 16 REMOTE ADMINISTRATION Introduction INTRODUCTION The Remote Administration Client allows you to remotely access the Web Filter server to create reports design or edit rules and view the database You can install the Remote Administration Client on computers in your network that comply to the minimum requirements specified in the Starter Guide For details on installing the Remote Administration Client refer to the Starter Guide WHAT THE REMOTE ADMINISTRATION CLIENT DOES You can use the Remote Administration Client to access the following Web Filter functions from a different computer The Web Filter Manager View Internet traffic via the Monitored Data Navigation tree option e The Rules Adm
75. e a single IP network address and split it up so that it can be used on several interconnected local networks A subnet mask determines the maximum number of hosts on a subnetwork To obtain the IP address and Subnet Mask for a particular computer on your network run the following command from a Command Prompt window ipconfig all Make a note of the IP Address and Subnet Mask entries Figure 7 4 Subnet object properties x IP Address Subnet Mask Cancel Name Enter a name for your Subnet object e IP Address Enter the IP address e Subnet Mask Enter the Subnet Mask Who List Objects A Who list object can consist of several specific objects from the Who Object list This gives you a convenient way of grouping objects to share a set of rules To create a Who List drag individual Who Objects from the bottom right hand pane to the Members pane Figure 7 5 Who List object properties m List Properties x You can modify the filter objects that you have created by selecting the group from the tree so that it appears in the bottom right pane and then dragging and dropping items on to the member pane Members tal X E Monitored Workstations Display abjects which contain 1 63 NT Domain Objects i H Active Directory Ze Name E User Defined Who Objects 172 22 6 89 Io vi Mobile Who Objects e cancel Help Name Enter a name for your Who List object Members This pan
76. e is only available for licensed copies of Web Filter You can still use the standalone version of the VCA via Custom Categorization during the 30 day trial period Database Management You can perform the following database management tasks from this tool e Archive e Purge Compact Delete e Restore For more details about the Database Management tool see Chapter 11 Database Updater You can configure how you update your database from the flat files created by Web Filter For more details about the Database Updater see Chapter 11 Scheduler You can configure various events to run at times you specify with this tool For more details about the Scheduler see Chapter 12 SurfControl Web Filter v5 5 Administrator s Guide 53 THE WEB FILTER MANAGER Maintenance 54 Administrator s Guide SurfControl Web Filter v5 5 Chapter 7 Rules Administrator MIrodUCHOR ss us pas SI AE es OR A AA page 56 Rule ODIA ses sas io oia gu A TE EE E eee ES AEN page 59 Who ODIOCIS oa cico Dada da Da AA a AAA A a A eae page 60 Where o sra T qa da a ia ssa page 64 Whal ODDS or A AAA AAA A AAA AAA page 70 WHR ODBC caridad AAA NAAA NAAA A a page 75 PUOWANCE UDRCIS nr RARA page 78 cti ODJOCIS lt 4 arar ir A a a a ds page 81 HTTP Deny Page CES curas rr AA a a EIERE EAR page 84 Viewing Another Collector o ooooooocooonncrr eee page 87 7 RULES ADMINISTRATOR Introduction INTRODUCTION This chapter explains ho
77. e menu select About The About SurfControl dialog box will appear 3 Click Serialize The Serialize dialog box will appear Enter the Serial Number obtained from SurfControl in the field Click OK A 8 6 x Enter a serial number to activate your SurfControl product Serial Number Evaluation copy Dk Cancel The next time you view the About dialog box you will see your serial number and user license details This dialog box also holds information on the latest Internet Threat Database installed as well as the number of days your subscription has left When you purchase a license for Web Filter a one year subscription to Internet Threat Database updates is included A reminder e mail will be sent to the Systems Administrator when this subscription is due for renewal 18 Administrator s Guide SurfControl Web Filter v5 5 Chapter 5 Privacy Edition V A A AAA AA page 20 Privacy Edition FOatures EEN EIERE rr a a a a page 22 PRIVACY EDITION What It Does WHAT IT DOES In certain European countries laws have been passed which prohibit the use of monitoring software to check user browsing details unless express permission has been given by a manager and a union representative COMPARING THE STANDARD AND PRIVACY EDITIONS The tables below outline the differences between Web Filter Standard and Privacy Editions of SurfControl Web Filter Table 5 1 Web Filter Manager Item Action Standard
78. e rules are processed from the top of the list downwards Use When and Allowance objects carefully Use reports such as Protocol Data Analysis or Protocol Time Analysis to narrow down who these rules should apply to before creating them See the SRC Administrators Guide for more details Keep the number of rules to a minimum to ensure the maximum efficiency of Web Filter e Create test and activate any global rules you create before creating user or group specific rules Ensure that only one person modifies rules at a time Ensure that the Monitor recognizes user names to enable user based filtering e Ensure auto categorization is turned on in the Web Filter Service Settings Advanced tab This is worth checking if a destination specific rule is not working 56 Administrator s Guide SurfControl Web Filter v5 5 RULES ADMINISTRATOR 7 Introduction Creating Rules To create a new rule 4 Select New from the Rule menu or click the New Rule button Note A new rule is always enabled by default It will not be active however until changes are nV committed to the database ona fF WwW PY N 10 Choose a Who object if required and drag and drop the object onto the Who section of the rule Choose a Where object if required and drag and drop the object onto the Where section of the rule Choose a What object if required and drag and drop the object onto the What section of the rule Choose a When objec
79. e spiders have finished categorizing the destination the pages are deleted from the folder This setting can also be changed from within the VCA See page 121 for more details SurfControl Web Filter v5 5 Administrator s Guide 125 CUSTOM CATEGORIZATION Using Custom Categorization Max Threads This controls the maximum number of spiders that can be categorizing destinations at any one time The default number is 8 The maximum is 32 Increasing the number of spiders can use up your available bandwidth For this reason SurfControl recommends you keep this setting at its default number 126 Administrator s Guide SurfControl Web Filter v5 5 Chapter 11 Databases Creating a New SQL Server Database 0 00 c cee eee eee eens page 128 Managing databases 226 sa au sec aa creda sas se asa e tee dee A Stee EAR NEEN NUES page 129 Updating Your Database 2 3 1 sec essed AIR ERR EENS EES a dd ANNER EA AEN SN page 134 Upgrading your DATA aa ARA Ud page 136 Importing exporting databases oooooocooonnn page 137 DATABASES Creating a New SQL Server Database CREATING A NEW SQL SERVER DATABASE If you wish to create a new SQL Server database for Web Filter use the SurfControl Database Creation Wizard Before you can use the Wizard check the following You must have installed a complete or client version of Web Filter You must have installed Microsoft SQL Server usually on its own server The SurfControl server must have netw
80. ea of the taskbar 4 Enter the e mail address of the person you want to receive the notification in the Recipient text box If you want to send the message to multiple recipients make sure there is a space between each e mail address 5 In the From text box you can either leave the default address in this field or enter a suitable address for your own organization Enter a relevant subject for your e mail object in the Subject text box The object comes with pre defined data that you can include in the construction of your notification object Click Insert in the Message Body text box and select any of the following User Workstation Site Category Protocol Time Rule Number Page V4 Note You can also use these variables in the Subject line to enable the recipient to discover per why a web page is being blocked without having to inspect the entire body of the message 8 By default the notification object is only triggered if the base Web page is blocked Click Notify on Specific File Types to specify which file types you want to send notifications on Click the button and select the file type from the dialog box 82 Administrator s Guide SurfControl Web Filter v5 5 RULES ADMINISTRATOR 7 Notify Objects The available file types are shown in the table below Table 7 7 Notification File Types File Type Group File Extensions Audio Files aac aif aifc aiff au cda m3u m
81. el will show the individual objects that make up your list SurfControl Web Filter v5 5 Administrator s Guide 63 7 RULES ADMINISTRATOR Where Objects WHERE OBJECTS Where objects are used to identify the destinations that a rule should apply to The default for Where objects is Anywhere The following objects are included in the Where tab Figure 7 6 Where Objects tab La Who 3 Where 13 what O when A Allowance El Notify LG Http Deny Page EJ Monitored Destinations Display objects which contain Do E User Defined Where Objects D I Hosts and Domains Object Name E MAC Addresses El Company amp Intranet 7 Subnets El adult Sexually Explicit E El Intolerance amp Hate B Criminal Activity Phishing amp Fraud Bl tasteless amp Offensive Bhviolence Where Lists Monitored Destinations This rule object shows a list of destinations that are monitored by Web Filter manager and stored in the database It is not possible to manually add destinations to this list because the information is obtained directly from the destinations visited by your users You can refresh the list to show the most up to date monitored workstations by pressing F5 See Monitored Data on page 34 for more information User Defined Where Objects These have to be created manually and can consist of the following Hosts and Domains e MAC Addresses e Subnets Categories This is a list of the SurfControl In
82. erated by your users as it happens For more details about the Real Time Monitor see Chapter 8 Custom Categorization You can classify destinations that have yet to be assigned to a category in the Internet Threat Database For more details about Custom Categorization see Chapter 10 52 Administrator s Guide SurfControl Web Filter v5 5 THE WEB FILTER MANAGER Maintenance MAINTENANCE To help continue Web Filter s effective performance the following tools are available on the Maintenance tab Figure 6 7 Maintenance tab P 7 Maintenance Maintenance Web Filter maintenance and configuration e Web Filter Settings 7 Database Updater Configure the Web Filter service Import monitored activity into the database J Scheduler 5 Manage scheduled tasks Database Management SurfControl database maintenance tasks Virtual Control Agent Settings Manage the Virtual Control Agent Settings Table 6 9 Web Filter Maintenance Tools Tool Description Web Filter Settings You can configure how SurfControl Web Filter monitors Internet traffic and actions that it performs when blocking access to sites For more details about the Web Filter settings see Chapter 9 Virtual Control Agent Settings You can configure the VCA Service settings with this tool For more details about the VCA Service Settings see Chapter 10 Note The VCA Servic
83. erver Name text box You can enter the name of a new server into the drop down list box This server is then stored in the drop down list You can store up to ten servers V4 Note The first time you connect to the Real Time Monitor the Collector Details dialog box will GE display with localhost as its default Server Name If you change the Server Name the Real Time Monitor will attempt to connect to this collector when subsequently accessed If it cannot connect to this collector a warning is displayed 2 Enter the Port number which the Real Time Monitor connects to the Web Filter service on in the Server Port text box the default is 5000 Before changing the port number check that it is not used by another program first 3 Enter the time that the Real Time Monitor will wait before reporting an error if the connection with the Server is lost into the Timeout seconds text box 4 Select Warn user if the service drops If selected an error message will display if the connection to the server is lost 94 Administrator s Guide SurfControl Web Filter v5 5 REAL TIME MONITOR Stopping and Starting the Real Time Monitor STOPPING AND STARTING THE REAL TIME MONITOR If there is a lot of traffic being detected by the Real Time Monitor you can temporarily stop the traffic This will enable you to browse the destinations being seen at that time The number of destinations you can see is limited by the value set in the Connection buf
84. erview Web Filter Dashboard The dashboard is a central place for obtaining further information and advice about Web Filter You can access documentation about the following Threat alerts Knowledge Base articles e Information on other SurfControl products e Product upgrades e White papers and tools e Access and raise tickets with Technical Support Web Filter Server Overview This shows which servers you have Web Filter installed on and their current status TASKS From the SurfControl Web Filter Dashboard view you can import and analyse the monitored data from multiple Web Filter servers and databases by adding them from the Tasks pane Add Server if you are running a multi collector environment If you wish to install Web Filter on more than one machine for instance to monitor specific areas of your network you need to add the server to your Web Filter Manager See the Network Considerations chapter of the Starter Guide for more details about installing Web Filter on your network To add a new server to the Web Filter Manager 1 Select the SurfControl Web Filter item in the Navigation pane tree 4 SurfControl Web Filter 2 From the Tasks pane select Add Server 3 Inthe Add Server dialog box enter either the name or IP address of the server you want to add 30 Administrator s Guide SurfControl Web Filter v5 5 THE WEB FILTER MANAGER SurfControl Web Filter 4 Click OK 5 The server should be visible i
85. etails Unmonitored Users You can exclude individual users or a whole domain from being monitored See Unmonitoring Destinations or Users on page 41 for more details SurfControl Web Filter v5 5 Administrator s Guide 11 BASIC CONFIGURATION Initial Monitored Data Settings Table 2 2 List of File Types File Type Group File Extensions Monitored Audio Files aac aif aifc aiff au cda m3u m4p mid midi mp3 ogg rmi snd wav wax wma Compressed Files ace arc arj b64 bhx cab gz gzip hax iso jar Izh mim rar tar taz tgz tz uu uue xxe Z Zip Documents csv doc docx dot pdf ppt pptx ps rtf txt xls xlsx Executables bat cfc cmd com dll exe jse ocx xpi Feeds opm rdf rss rss2 xml Images bmp gif jfif jpe joeg jog pcx png psd tif tiff wmf Scripting cgi js php pl py vb vbe vbs Video Files asf asx avi divx ivf mlv mov mp2 mp2v mpa mpe mpeg mpg mpv2 at ra ram rm swf wm wmd wmp wmv wmx WVX WXV Web Pages asp aspx css htm html jsp mspx shtml stm MORE INFORMATION For further details on the Monitored Data settings see Chapter 6 12 Administrator s Guide SurfControl Web Filter v5 5 BASIC CONFIGURATION Basic Rule Configuration BASIC RULE CONFIGURATION SurfControl Web Filter uses rules which you can use to apply your Acceptable Use Policy to your users There are
86. fControl Web Filter v5 5 Administrator s Guide 91 REAL TIME MONITOR Display Columns DISPLAY COLUMNS Under Display Columns you can define which columns are displayed in the Real Time Monitor window Table 8 2 Real Time Monitor columns Column Description Default Option Destination Shows the destination being visited Yes this option cannot be cleared Category Shows the SurfControl category assigned to the destination Ifa Yes destination has not been categorized it will be shown as None User Shows the user name of the person accessing the destination Yes Server IP Address Shows the IP Address for the server hosting the destination No Client Name The name of the client computer accessing the destination No Client IP Address The IP Address of the client computer accessing the destination No Connection Status Shows whether the destination was Allowed or Blocked by a Yes SurfControl Web Filter rule Protocol Displays the communication protocol used for the connection No Rule Comment Displays the description of the rule for easy identification No These columns are unavailable in the Privacy Edition of Web Filter 92 Administrator s Guide SurfControl Web Filter v5 5 REAL TIME MONITOR Category Color CATEGORY COLOR This option allows you to assign a color to a SurfControl Category This can aid you in spotting trends in surfing habits in the Real Time Monitor Assignin
87. fer size option Once you have finished browsing you can start the Real Time Monitor again V4 Note Data is not cached by the Real Time Monitor when it is stopped so destinations visited per while the Real Time Monitor is stopped will not be seen when you restart SurfControl Web Filter v5 5 Administrator s Guide 95 REAL TIME MONITOR Stopping and Starting the Real Time Monitor 96 Administrator s Guide SurfControl Web Filter v5 5 Chapter 9 Web Filter Settings uge DAS ADA AN AAA page 98 Available SGuINGS 00 A A EES R page 99 Mari Stop Service Tab aa sa a asa ada saia ad A A A AAA eins page 100 ACE DISCO TOO a se aq pedais nas da page 101 DUDS CT sir de AA DE RA AAA AAA AAA page 102 o A res Pare ga dia dd a SS DE page 104 Calegonization TAB sra page 106 ignored Ports Tab sciommiriondr rr Ar page 108 Real Time Monitor Tab ic comrsciriscirrar na rr iaa eden a a a E page 111 A E EES page 112 E mail Nolifications Tab 2 2 NEE AER ea EUA bed page 114 WEB FILTER SETTINGS Introduction INTRODUCTION You can configure how SurfControl Web Filter monitors and filters Internet traffic by configuring the Web Filter service settings How To CONFIGURE THE WEB FILTER SETTINGS There are three ways in which you can open the Web Filter settings e Right click the SurfControl icon in the notification area of the task bar Select SurfControl Web Filter from the Control Panel e From the Web Filter Manager select
88. following information e Web Filter Platform e Web Filter Version e Last Update Time for the Internet Threat Database e User License Shows the current product license information Internet Threat Database Displays the version number and the number of days remaining for the General List and Search Engine Database for your current subscription Database Status This section displays the following information about your Web Filter database Database Server The name of the server your database is installed on Database Name The name of the Web Filter database The default name is SurfControl_WebFilter Destination Count The number of Internet destinations stored in the database User Count The number of users monitored in your database Database size The current size of your Web Filter database If using a SQL Server Express database the Microsoft recommended maximum size is 4GB 32 Administrator s Guide SurfControl Web Filter v5 5 THE WEB FILTER MANAGER Web Filter Server TASKS From the SurfControl Web Filter Server view you can perform the following tasks Remove Server Stop or Start Web Filter Service Stop or Start Scheduler Service e Stop or Start VCA Service e Refresh Database SurfControl Web Filter v5 5 Administrator s Guide 33 THE WEB FILTER MANAGER Monitored Data MONITORED DATA Monitored data is where you see who has been using the internet t
89. g a Category Color To assign a color to a category 1 Select a Category from the Category Color list Real Time Monitor Options E r Display Columns rm Category Color I Server IP Address I Client Name T Client IP Address I Connection Status E Threat Detected E eue Theana Povriad Sse SetColor Defauk Color rm Other Settings Connection buffer size 500 toca 2 Click Set Color A color palette will appear Basic colors WI ee E E DI WPS ENE E EN Ee WI Custom colors UU UU Define Custom Colors gt gt Cancel 3 Select a basic color from the chart or click Define Custom Colors to select HSL or RGB color values 4 Click OK The Category definition will now be highlighted in the color chosen OTHER SETTINGS You can set the number of lines to be viewed in the Real Time Monitor by typing in a value in the Connection buffer size field The default setting is 500 lines SurfControl Web Filter v5 5 Administrator s Guide 93 REAL TIME MONITOR Collector Details COLLECTOR DETAILS You can view information about the Real Time Monitor connector by selecting Collector Details from the Options menu Figure 8 3 Collector Details Collector Details N x Server Name localhost Server Port 5000 Timeout seconds 10 IV Warn user if service stops Cancel 1 Enter the name of the server that the Real Time Monitor should connect to in the S
90. ge Union Password from the Tasks tab Enter the old password admin for the original password Enter a new password This can be up to 40 characters long and can be alpha numeric or a combination of both Verify the password by re entering it 5 Click OK to set the password VIEWING USER DETAILS The Monitored Data shows users in the format User X as shown in the figure below Figure 5 1 Privacy Edition Monitored Users Monitored Data Summary 1 rows 1 selected Users Destinations Categories Filter Show All Summary User Information User First Access Last Access Connections Monitor Useri 10 02 2006 10 44 38 10 02 2006 10 44 38 1 Default gt Detailed User Information User Destination Detail Protocol Category Categorize Useri www surfcontrolcom HTTP Uncategorized None 22 Administrator s Guide SurfControl Web Filter v5 5 PRIVACY EDITION Privacy Edition Features To view a user s details Select a user in the Summary User Information panel From the Monitored Users Tasks select View User Details Have the Manager enter their password Have the union representative enter their password Click OK The following details are then displayed in a dialog box User 7 Details EI oar OUN User Name QACOM1 tim Original Detected Name QACOM1 tim Workstation Name timpc sample com IP Address 0 0 0 0 Ethemet Address e User Name
91. gile If a connection fails for example due to a disallow rule on the default port these applications will attempt to use another available port Enabling Protocol Signature Scanning from the Protocol Signatures tab in the Web Filter Settings will ensure that these protocols are filtered when the protocols use non default ports See Protocol Signatures Tab on page 107 for further details When adding an Instant Messaging and Chat Peer to Peer P2P or Web Protocol and Port object to a rule the Rules Administrator will only filter the following protocols by signature Table 7 4 Signature scanning protocols Application type Protocols Instant Messaging MSN Messenger OSCAR AIM ICQ XMPP Jabber Peer to Peer P2P e BitTorrent e eDonkey e FastTrack Kazaa Gnutella Skype Yahoo Messenger Web Google Web Accelerator Note Protocol signature scanning will filter direct HTTP connections and HTTP proxy GE connections It will not filter when connecting via a SOCKS proxy PRECISE BANDWIDTH CONTROLS OBJECT With Precise Bandwidth Control you can accurately define what content you want to allow or block By creating rules with Precise Bandwidth Controls you can block pages or files that contain precise prefixes suffixes or word patterns These rules operate by identifying the contents within the URL rather than just the top level domain name Precise Bandwidth Control objects are if state
92. he request e Categorization Method The various sources of categorization are as follows Company amp Intranet The destination is specified within the Categorization tab of the Web Filter settings as a company domain or Intranet site See Categorization on page 106 for more details Manual The administrator has manually set the category of the site The category could have been set to one of the SurfControl defined categories or a custom category See Category Object on page 67 for more details SurfControl The site was categorized from the SurfControl Internet Threat Database VCA The site was categorized by the Virtual Control Agent None A category was not assigned to the site Connection Status The destination can have one of the following statuses Allowed Web Filter allowed the user to visit the destination Blocked Web Filter stopped the user visiting the destination Access Time The date and time the Internet request was made e Connection Duration The duration of the request in minutes Data Sent The number of kilobytes sent as part of the Internet request Any request larger than 2GB will be shown as gt 2GB Data Recvd The number of kilobytes received as part of the Internet request Any request larger than 2GB will be shown as gt 2GB SurfControl Web Filter v5 5 Administrator s Guide 37 THE WEB FILTER MANAGER Users TASKS The following user tasks ca
93. he sites they have visited and the categories those sites have been assigned to in the SurfControl Internet Threat Database DATA The central pane consists of 3 tabs for Monitored Data e Users Those employees detected by Web Filter Destinations Where those employees have been visiting on the Internet e Categories Destinations visited are categorized either by the standard categories as supplied by the SurfControl Internet Threat Database or any custom or manual categories you may create How Data is sorted in the Web Filter Manager In the three Monitored Data tabs the default view is restricted to the first 5000 entries in the summary panels If you have less than 5000 entries these will be automatically sorted on the first column in the row User Destination or Category showing the latest entry at the top If you have more than 5000 entries you will see a caution if you exceed this limit the first 5000 entries are shown based on the Last Access information To change the default number of rows 1 Close the SurfControl Web Filter Manager application 2 Locate the file SurfControl Application exe config In a default installation this is located in c Program Files SurfControl Web Filter Open SurfControl Application exe config with Notepad Locate the line lt add key SurfControl Plugins WF Monitor DataSetFillCount value 5000 gt Change the value 5000 setting to the required value Save the SurfControl Appli
94. ils You can change or add to the following settings Create new File Type groups to monitor See below for more details e Add new protocols and ports See page 40 for more details e Exclude destinations from being monitored See page 41 for more details e Exclude users from being monitored See page 41 for more details V4 Note Any changes made to the Monitored Data settings only affect data from that point onwards it does A A ae not affect historic data Create New File Type Groups You can create custom file type groups to complement the ones supplied with Web Filter To create your own file type groups Select Monitor Settings from the Monitored Data section Select the File Types tab from the Monitor Settings window Click New Group Add a name for your new group in the box that displays under All Custom File Types Press Enter Click New Extension N OO P W M Add the new file extension minus the preceding in the box that displays below your new group name 8 Press Enter 9 Repeat steps 6 to 8 for any additional file extensions 10 Select your new group to start monitoring the file types you have specified SurfControl Web Filter v5 5 Administrator s Guide 39 THE WEB FILTER MANAGER Users 11 Click Apply then OK to close the Monitor Settings dialog box 12 Click Update Configuration to update servers connected to the database V Note A file extension can only exist in one file ty
95. ing 5 gt lt tr gt lt td nowrap align center gt lt font size 8 gt lt b gt SurfControle b gt lt font gt lt td gt lt tr gt lt tr gt lt td bacolor HFFFFFF nowrap gt amp nbsp lt hi align center gt lt font color FFOO00 gt Access Denied lt font gt lt h1 gt lt p align center gt lt font color 000000 gt You have exceeded your daily worktime multimedia allowance of 10Mbytes lt font gt lt p align center gt lt font color 000000 gt You have unlimited access outside of normal working hours lt br gt lt br lt font gt lt p gt lt td gt lt tr lt table gt lt centen lt BODY gt lt HTML gt F Default Page You can edit the text from within the object See Constructing HTTP Deny Pages on page 86 for restrictions applying to editing or constructing deny pages SurfControl Web Filter v5 5 Administrator s Guide 85 7 RULES ADMINISTRATOR HTTP Deny Page Objects Figure 7 27 Allowance HTTP Deny Web page 3 SurfControl Access Denied Microsoft Internet Explorer ES ll xj deba gt Og A Asearch Ggravortes Smeda B S Address fe C Program FilesiSurfControlweb Perte preview page html y Go Links 7 SurfControl Access Blocked You have exceeded your daily worktime multimedia allowance of 10Mbytes You have unlimited access outside of normal working hours E Done E my Computer A From the dialog box you have the following
96. ings in one of three ways From the Control Panel gt SurfControl Web Filter menu item e By right clicking the SurfControl Web Filter icon F in the notification area of the taskbar and selecting Configure Web Filter Service from the menu From the Configuration menu item in the Web Filter Manager navigation tree UNDERSTANDING THE SETTINGS This section explains the features of some of the service settings and further options you may want to consider This section covers e Stopping and starting the service e Configuring subnets for balancing the load on your Web Filter server e E mail notifications Restart the Web Filter Service Web Filter can require you to restart the Web Filter service before changes you have made can be applied These changes can include changing the Web Filter service settings You can restart the service by right clicking the SurfControl Web Filter icon and selecting Restart Web Filter Service Ye Note This option is also available in the Start Stop Service tab of the SurfControl Web Filter per Service Settings dialog You can also stop or start the Web Filter service by right clicking the Web Filter icon and selecting Start Web Filter service or Stop Web Filter service SurfControl Web Filter v5 5 Administrator s Guide 5 BASIC CONFIGURATION Basic Service Settings Configure Subnets Configuring subnets helps to reduce or balance the load on your Web Filter server s enabling it to wor
97. inistrator Create and edit rules The Web Filter database Connect to your database without being at the actual machine The Real Time Monitor See your Internet traffic in real time Note You cannot use the Remote Administrator to configure the Web Filter service A PREREQUISITES For each Computer The Remote Administration Client version of Web Filter must be installed Refer to the Starter Guide for more details e From the Web Filter Manager select Add Server from the Tasks tab Enter the name of the Web Filter server you want to connect to e For reports you will need the client shortcut URL to be able to log in to Report Central See the SurfControl Report Central Starter Guide for more details 16 Administrator s Guide SurfControl Web Filter v5 5 Chapter 4 Licensing Licens mo WED HIM ANA page 18 LICENSING Licensing Web Filter LICENSING WEB FILTER You can use Web Filter on a trial basis for 30 days To continue to use the full functionality of the product past the trial period including updating the Internet Threat Database you must contact SurfControl to obtain an appropriate license for your user count For more details on obtaining a license visit www surfcontrol com ENTERING A WEB FILTER LICENSE KEY To license your Web Filter product 1 Obtain a Web Filter license serial number from SurfControl 2 Right click the SurfControl icon 2 in the notification area of the taskbar From th
98. ion or to place an order contact Websense To find your nearest Websense office please visit our web site www websense com 148 Administrator s Guide SurfControl Web Filter v5 5 INDEX A Active Directory LDAP connection 101 SSL connection 101 Active Directory Domain Object 60 After work object 75 Allowance Objects 10Mbyte Volume object 78 30 Minute Time object 79 Audio Files 12 83 Auto Categorization 106 B Browse Time Sensitivity 79 Cc Catch up mode notifications 114 Categorization Method 37 46 50 Category Object 67 Change Web Filter Groups 42 Company amp Intranet 37 Company Domains and Intranet Sites 106 Compressed Files 12 83 Connection Duration 37 Connections 36 Content Protection 52 Custom Categories 68 Custom Categorization VCA List Of Destinations Tab 119 Results tab 122 Settings tab 121 VCA Service 124 Custom Filters 35 Customer Feedback 106 D Database Create a New SQL Server Database 128 Database Management Archive 130 Delete 131 Purge 130 Restore 132 Database Tab 112 Status 32 Deny Pages 84 Destination 37 Set Category 48 Submit to SurfControl 47 Document Files 12 83 E E mail Notifications 7 114 Enterprise User Monitoring EUM 110 Executables 12 83 F Feeds 12 83 File Type Groups 39 First Access 36 H Heartbeat Interval 111 Hosts and Domains object 61 64 HTTP Deny Page Objects Allowance 85 Constructing Deny Pages 86 Default 84 Other Deny Page objects 86 l Ign
99. ites narco 138 o Agen 139 INTO OUCH OM E 140 Available CN 142 Command LING coccion ridad dde ididiidas laica dai oa 142 Database Management iicicioniacicnni a seaccdteeeeeccter tee EA 142 Database Update comia di 143 Internet Threat Database Update aterrar 144 Network Groups Update AAA 144 A Re on A 145 Contact Technical Support ege EES ia ta 146 Sales and Feedback 148 le gt A RR 149 vi Administrator s Guide SurfControl Web Filter v5 5 Chapter 1 Introduction to Web Filter About SurfControl Web EISE NEEN NEIE REN AA a aes page 2 INTRODUCTION TO WEB FILTER About SurfControl Web Filter ABOUT SURFCONTROL WEB FILTER Web based e mail file downloads Instant Messaging IM Peer to Peer P2P and unauthorized Web surfing can expose your enterprise network to serious debilitating attacks and undesirable code including spyware adware malware and pornography SurfControl Web Filter offers a proactive security solution that protects your enterprise against known emerging and customer specific threats before they reach your network Your IT staff will appreciate how easy it is to deploy and manage SurfControl s enterprise wide Web protection With fewer administrative headaches they can focus on other important assignments and projects SurfControl Web Filter allows you to actively monitor network use and abuse anywhere in your organization You can even extend real time protection to mo
100. jects SurfControl s Internet Threat Database contains over 24 million Web sites and over 3 5 billion Web pages These sites and pages are allocated to one of SurfControl s fifty five categories as in the table below categories this list is subject to change For the latest list and detailed explanation of each e Note As the SurfControl Adaptive Threat Intelligence team can dynamically add new w i category visit www surfcontrol com You will receive an e mail informing you of any changes made to the SurfControl Internet Threat Database Table 7 2 SurfControl Categories Company amp Intranet Adult Sexually Explicit Advertisements 8 Popups Alcohol amp Tobacco Arts Blogs amp Forums Business Chat Computing amp Internet oo Om FWD gt O o Criminal Activity Downloads 4 IW Education 4 wo Entertainment 4 A Fashion amp Beauty al Finance amp Investment Food amp Dining Gambling k Sch ed o Y O Games co Government ba o Hacking Health amp Medicine Hobbies amp Recreation YNN Ww N Hosting Sites IW D Illegal Drugs Nm a Infrastructure Nm o Intimate Apparel amp Swimwear Nm Y Intolerance amp Hate M o Job Search amp Career Development 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 Kids Sites Motor Vehicles News Peer to Peer
101. k more efficiently Use the Subnets tab to configure subnets Figure 2 1 Subnets tab Protocol Signatures User Name Resolution Ignored Ports Database Real Time Monitor Active Directory Start Stop Service Subnets Advanced Categorization E mail Notifications Subnet Monitoring Do not monitor traffic to or from these subnets Only monitor traffic to or from these subnets Ignore Subnets Traffic sent to these subnets will be ignored Address Mask OK Cancel Apply Help The Subnets tab has two sections Subnet Monitoring These settings help reduce or balance the load on your Web Filter server Ignore Subnets These settings show the internal subnets that were detected when you ran the Configuration Wizard These subnets are not monitored Subnet Monitoring The Subnet Monitoring section is used to identify which parts of your network should be monitored or not by each Web Filter server How you decide on this depends on whether you have single or multiple Web Filter servers and how you want to divide the network volume load of traffic between those servers To configure your subnets on a single Web Filter server Identify the external traffic subnets you do not want to monitor Click the Subnets tab and click Add Enter the IP address of the subnet in the IP Address text box Enter the subnet mask in the Mask text box Click OK Repeat steps 1 to 5 for other subnets you
102. ks and help for the item selected in the navigation pane THE NAVIGATION PANE The Navigation pane displays the servers and databases that Web Filter is connected to Figure 6 2 Navigation Pane Navigation SurfControl il localhost local Monitored Data 2 Content Protection a Maintenance THE CENTRAL PANE Depending on the option selected in the navigation pane information about your Web Filter installation will be displayed in the central pane Figure 6 3 Web Filter Manager Dashboard SurfControl Web Filter Dashboard Threat Alerts 13 Mar 06 SurfControl Global Threat Experts Tracking New Phishing Attack 24 Mar 06 SurfControl Tracking Internet Threat Targeting 2006 FIFA World Cup Enthusiasts Knowledge Base SurfControl com Latest Articles Mobile Filter E mail Filter Enterprise Threat Shield a SurfControl Report Central How to Block Access to myspace com a Access This Article Now Search the Knowlege Base SurfControl Blog Subscribe to SurfControl s Newsletter SurfAdvisory Product Updates The release of SurfControl Web White Paper Tools Filter version 5 0 includes new features and improvements and may resolve previous issues SurfControl customers currently Learn in our new whitepaper how SurfControl s layered approach protects against blended threats a Access Now SurfControl Web Filter Tech Support running earlier
103. l Press Send 146 Administrator s Guide SurfControl Web Filter v5 5 APPENDIX Contact Technical Support If your issue is urgent please call one of the offices listed below Location Contact information North America 1 858 458 2940 France Contact your Websense Reseller If you cannot locate your Reseller 33 1573 232 27 Germany Contact your Websense Reseller If you cannot locate your Reseller 49 6951 709 347 UK Contact your Websense Reseller If you cannot locate your Reseller 44 0 2030 244 401 Rest of Europe Contact your Websense Reseller If you cannot locate your Reseller 44 0 2030 244 401 Middle East Contact your Websense Reseller If you cannot locate your Reseller 44 0 2030 244 401 Africa Contact your Websense Reseller If you cannot locate your Reseller 44 0 2030 244 401 Australia NZ Contact your Websense Reseller If you cannot locate your Reseller 1 800 881 011 Access Code 800 542 8609 Asia Contact your Websense Reseller If you cannot locate your Reseller 86 10 5884 4200 Latin America Contact your Websense Reseller and Caribbean You will be routed to the first available technician who will gladly assist you For the latest support information on SurfControl products visit www websense com SupportPortal SurfControl Web Filter v5 5 Administrator s Guide 147 APPENDIX Sales and Feedback SALES AND FEEDBACK For product and pricing informat
104. lays confirming the number of destinations checked and Categorized Action Complete O SurfControl Web Filter 0 100 1 LL Active Threads fo Destinations Checked fi Destinations Categorized fr 4 Click Close THE VCA SERVICE SETTINGS The VCA Control Panel application enables you to stop and start the VCA service and configure VCA service settings as shown in the figures below Note The VCA service does not function if you are using a 30 day evaluation version of Web Gd Filter Figure 10 4 VCA Service Control tab SurfControl virtual Control Agent E x Virtual Control Agent CA Settings r Service Control Start VCA Service Stop VCA Service State Stopped OK Cancel 124 Administrator s Guide SurfControl Web Filter v5 5 CUSTOM CATEGORIZATION Using Custom Categorization Figure 10 5 VCA Settings tab SurfControl virtual Control Agent RH x Virtual Control Agent VCA Settings m VCA Settings Select Collector ess Browse Commit Change s Interval hours 24 Temporary Internet files folder C Program Files SurfControl W eb Filter SpiderFiles Browse Max Threads fe E Cancel You can perform the following tasks on the VCA Settings tab Select Collector Select the server collector you want the VCA to save its categorizations to By default the collector is set to localhost In this inst
105. le domain1 user1 Change Groups Web Filter creates a default group of Everybody when you install it All users detected by Web Filter are automatically assigned to this group You can create groups to more accurately reflect the departments in your organization sales accounts administration etc and assign users to them This can help when running reports in SurfControl Report Central and setting up rules To set up groups and assign users to them 1 Select one or more users in the Summary User Information pane Click Change Groups Check that the group has not been created in the Available Groups pane from the SurfControl Groups tab Click New Enter the name for your new group and click Enter Click Add Your new group will be shown in the Group Membership pane Your selected users are now added to this group 7 Click OK to close the Change Groups dialog box V4 Note Network Groups are updated during the update of the Web Filter database or by a GE scheduled event See Available Events on page 142 For more details on network group updates please see Knowledge Base article 1467 You cannot change the Network group for a user from the Network Groups tab Delete User s Perform this task if you want to remove specific users from the Users tab in Web Filter Manager This is advantageous if workstation names have been recorded rather than user names After completing this task the user s will not be shown in the We
106. lowing e Network Settings e TCP IP Name Resolution DNS Monitor to Database Settings Figure 9 5 Advanced tab SurfControl Web Filter Service Settings Protocol Signatures User Name Resolution Ignored Ports Database it r Active Directory Start Stop Service Subnets Categorization E mail Notifications Network Settings T Lookup new users friendly name IT Lookup new users group details T Block until categorized m TCP IP Name Resolution DNS p Monitor to Database Settings FF Workstation Name Resolution Automatic o E Manual requires manual or I Site Name Resolution Ze Geh Reset to Default NETWORK SETTINGS These settings affect how Web Filter reacts to new users and destinations that are not yet categorized Lookup new users friendly name If selected when new users are detected by the Web Filter Monitor their friendly name is retrieved from the domain controller Lookup new users group details If selected when new users are detected by the Web Filter Monitor details of the groups that they are a member of are retrieved from the domain controller e Block until categorized If selected any destinations including image searches that haven t been categorized by Web Filter will be blocked until a categorization is given Once a categorization is received the destination will be checked against the rules you have in place and viewed or blocked accordingly 104
107. ments which means that if you apply more than one Precise Bandwidth Control object to a rule the rule will be triggered when any combination of the objects are met For example a disallow rule which has precise bandwidth control objects of Audio files and Video Files assigned to it will block an attempt to access web pages that contain audio files or video files or both destination will only be blocked if it is within the category AND the URL triggers one or all of e Note If a Category object is assigned to a rule containing Precise Bandwidth Controls a K your Precise Bandwidth Controls SurfControl Web Filter v5 5 Administrator s Guide 73 7 RULES ADMINISTRATOR What Objects To create a precise bandwidth control From the What tab expand User Defined What Objects and click Precise Bandwidth Controls Right click in the display objects window and select New Enter a name for your Precise Bandwidth Control Rh oO h A Select one of the following options Starts with For instance the word jobs means any part of the URL that starts with the word jobs for example www jobserve co uk will match but www topjobs co uk will not Ende with If you specify the word gif for example www example com home gif will match but www example com my gifs will not Contains If you specify jobs in the field both www jobserve co uk and www topjobs co uk will match V4 Note You can enter mul
108. n e Last Access Shows the date and time Web Filter last logged the destination Connections Shows the total number of TCP Transmission Control Protocol transactions made to the destination DETAIL CATEGORY INFORMATION When you select a category in the summary pane the detailed category information is displayed in the bottom pane The following information is displayed in the columns e User Identifies the user s name in the following order of precedence Novell user name EUM user name NetBIOS user name Workstation name IP address Destination The Internet address accessed This is the domain level address for example www mysite com Detail Shows any page level detail of the Internet request for example www mysite com morestuff htm By default Internet requests with a connection status of allowed will not show any detail information Requests that are blocked will show page level detail See the Monitor Settings gt General tab description in Table 2 1 on page 10 for details e Via Proxy Shows if the connection to the destination was made via a proxy server Source Workstation The workstation from where the Internet request was made e Protocol The protocol of the Internet request e Category The category assigned to the request SurfControl Web Filter v5 5 Administrator s Guide 49 THE WEB FILTER MANAGER Categories e Categorization Method The various sources of categorizatio
109. n are as follows Company amp Intranet The destination is specified within the Categorization tab of the Web Filter settings as a company domain or Intranet site See Categorization Tab on page 106 for more details Manual The administrator has manually set the category of the site The category could have been set to one of the SurfControl defined categories or a custom category See Category Object on page 67 for more details SurfControl The site was categorized from the SurfControl Internet Threat Database VCA The site was categorized by the Virtual Control Agent None A category was not assigned to the site Connection Status The destination can have one of the following statuses Allowed Web Filter allowed the user to visit the destination Blocked Web Filter stopped the user visiting the destination Access Time The date and time the Internet request was made Connection Duration The duration of the request in minutes Data Sent The number of kilobytes sent as part of the Internet request Any request larger than 2GB will be shown as gt 2GB Data Recvd The number of kilobytes received as part of the Internet request Any request larger than 2GB will be shown as gt 2GB 50 Administrator s Guide SurfControl Web Filter v5 5 TASKS THE WEB FILTER MANAGER The following tasks can be performed from the Information pane Table 6 7 Destinations tab Tasks
110. n be performed from the Information pane Table 6 3 Users tab Tasks Section Tasks Monitored Data e Monitor Settings page 39 Note Monitored Data tasks are Refresh page 41 available across all the e Change Manager Password Privacy Edition only page 22 Monitored Data tabs Change Union Password Privacy Edition only page 22 Monitored Users Print page 41 e Rename User page 42 Get Friendly Name page 42 Get User Name page 42 e Change Groups page 42 e Monitor Settings for Users page 43 e Delete User s page 42 View User Details Privacy Edition only page 22 Monitored Connections See Table 6 5 on page 44 for the following tasks Note Monitored Connections tasks e Print are available across all the GoTo Site Monitored Data tabs Go To Page e Set Category e Copy URL 38 Administrator s Guide SurfControl Web Filter v5 5 THE WEB FILTER MANAGER Users MONITORED DATA TASKS Update Configuration After performing certain tasks the following message will appear at the top of the Monitored Data screen The servers connected to the database you are making changes to will require updating after the following tasks Monitor Settings Set Category Update all Web Filter servers connected to this database Monitor Settings The default Monitor Settings are described in the Basic Configuration chapter See Initial Monitored Data Settings on page 9 for more deta
111. n configure the settings for this event by selecting it in the Scheduler and clicking Configure V4 Note You can set up tasks to run individually or you can configure the Database Management E tool to perform an Archive Purge and Compact task at the same time SurfControl Web Filter v5 5 Administrator s Guide 129 DATABASES Managing databases ARCHIVE Archiving your database improves system performance by reducing its size and optimizing storage To perform an archive of your database 1 Select Database Management from the Web Filter Manager gt Maintenance from the appropriate collector or database in the Navigation tree Select the Archive check box from the Database Management tab Click Browse and specify a location to save the archived database to The default location is drive C but you may want to specify a different location to prevent the archive file being overwritten the next time you archive your database Choose Unique date based filename to save you overwriting an existing archive file Click Run Tasks to begin the Archive If you have left all the options at their default settings with all check boxes clear you will archive your whole database to c Archive dat PURGE Purging your database reduces its size by removing connection details for users sites and groups You can purge your database in various ways from the Purge tab To Purge the Database 1 Select Database Management from the
112. n the Navigation tree Add Database To add a new database to an existing server 1 Select the SurfControl Web Filter item in the Navigation pane tree 2 SurfControl Web Filter From the Tasks pane select Add database In the Add Database dialog box enter the name or IP address in the Server text box Use either the Trusted Connection selected by default or enter a valid SQL Server Login ID and Password Select an available Web Filter database from the Database drop down list box Click OK The database should be visible under the server Navigation tree item El 4 coqadell1 09 Refresh Server Status You can refresh the status of your server at any time SurfControl Web Filter v5 5 Administrator s Guide 31 THE WEB FILTER MANAGER Web Filter Server WEB FILTER SERVER When you installed SurfControl Web Filter you set up a server using the Configuration Wizard This server will appear in the navigation tree under the SurfControl Web Filter item as shown below Figure 6 5 Web Filter server E 4 SurfControl Web Filter ER Elocalhost local SERVER INFORMATION DASHBOARD With the server selected the Server Information Dashboard displays the following information Table 6 2 Server Information Dashboard Section Data Service Status This section displays the status of the following Web Filter services e Web Filter Service Scheduler Service e VCA Service Server Info This section displays the
113. nets tab You also have the following options Add a new subnet Remove a subnet Edit the IP address or subnet mask for an existing subnet E mail Notifications When running the Configuration Wizard during installation you were asked to give the following e mail setup information E mail Server e Recipient Address e From Address You were also asked to select the types of messages that the System Administrator should receive alerts about e Service running status changes If the Web Filter or Scheduler service is stopped or started Internet Threat Database license reminders A reminder will be sent when a subscription to the Internet Threat Database is due for renewal A reminder will be sent a month from expiry then a week from expiry and a day from expiry Once a subscription has expired a reminder will be sent every 24 hours Scheduled task failures If any scheduled task fails to run successfully SurfControl Web Filter v5 5 Administrator s Guide 7 BASIC CONFIGURATION Basic Service Settings Catch up mode notifications If the service becomes overloaded monitoring will be restricted to HTTP traffic H the overload becomes critical monitoring will be temporarily suspended An e mail will be sent when Web Filter enters and exits catch up mode You can edit these settings via the E mail Notification tab shown below Figure 2 2 E mail Notification tab Database Real Time Monitor Active Di
114. ng Web Filter See Chapter 2 of the Starter Guide for details e Preferred Schema You can monitor by both Windows and NetWare users You can select your preferred schema NetWare Monitoring If monitoring by NetWare user names you need to enter the following details NetWare Tree and Context You need to enter your NetWare Tree and Context information in this field For example OUname Orgname Treename Caution Ensure these details are entered correctly as this information can not be edited A afterwards NDS tree Username and Password Web Filter requires a valid NDS tree username and password to be able to monitor NetWare users For example User OUname Orgname 110 Administrator s Guide SurfControl Web Filter v5 5 WEB FILTER SETTINGS Real Time Monitor Tab REAL TIME MONITOR TAB This tab displays the connection details for the Real Time Monitor Figure 9 9 Real Time Monitor Settings SurfControl Web Filter Service Settings E Start Stop Service Subnets Advanced Categorization E mail Notifications Protocol Signatures User Name Resolution Ignored Ports Database Real Time Monitor Active Directory Server Settings Port Number Timeout seconds fo Heartbeat Interval seconds 20 Maximum Clients 10 Cancel Apply Help The settings are Port Number This is the port that the Real Time Monitor connects to the Web Filter service on The default number is 5000
115. objects select a rule and from the right click menu select properties You can check how the rule objects have been used and modify the settings for each one For an in depth description of the various rule objects see Chapter 7 When applying rules keep the following in mind Rules are read sequentially and will not be overwritten by a rule that follows The fewer rules you have the more efficiently Web Filter will perform Rules are processed from the top of the list in the Rule Panel downwards Rules which are applied to individuals or small groups should be placed near the top of the list NEVER set up a Disallow Anybody Anywhere Anytime rule because it will block all access throughout your network It is recommended that you test rules on a single machine before implementing a network wide policy It is strongly recommended that only one user modifies rules in the Rules Administrator at any one time This is to prevent any corruption of the database which will cause the Rules Administrator to crash rendering it inoperable SurfControl Web Filter v5 5 Administrator s Guide 13 BASIC CONFIGURATION Scheduling Tasks SCHEDULING TASKS When you ran the Configuration Wizard you were asked to set up two scheduled tasks 1 Internet Threat Database updates 2 Database Maintenance These tasks are controlled by the Scheduler accessed from the Web Filter Manager gt Maintenance option for your database or from th
116. of time SurfControl Web Filter v5 5 Administrator s Guide 43 THE WEB FILTER MANAGER Users MONITORED CONNECTIONS TASKS The following tasks are available from the Monitored Connections tasks section Monitored Connections tasks are also available by right clicking the detailed user Information entry for a selected user Table 6 5 Monitored Connections Tasks CDI Description Print Prints a selected Detailed User Information entry Go to Site Opens up a selected entry at the domain level in a Web browser Go to Page Opens up a selected entry at the individual page level in a Web browser Set Category You can change the category for a selected entry Note Any changes to a category assigned to a destination seen in the Monitored Data section will only affect future connections Data already saved to the database cannot be changed as this is a historical record of the category assigned at the time the destination was visited You need to click Update Configuration to apply any changes made to categories Copy URL Copies the URL to the Windows clipboard 44 Administrator s Guide SurfControl Web Filter v5 5 THE WEB FILTER MANAGER Destinations DESTINATIONS SurfControl Web Filter stores information about the destinations visited by your users You can view these destinations on the Destinations tab and perform some of the following tasks Categorize a destination Submit uncategorized
117. ommand from a Command Prompt window ipconfig all The MAC Address is the Physical Address entry To obtain the MAC Addresses for all network cards on your network run the following command from the Command Prompt window arp a Again the MAC Addresses are the Physical Address entries SurfControl Web Filter v5 5 Administrator s Guide 65 7 RULES ADMINISTRATOR Where Objects Figure 7 8 MAC Address object properties Object Properties x a9 Name MAC Address o9000000000 Name Enter a name for your MAC address object e MAC Address Enter the MAC address for the computer you want the rule to apply to Subnet Object A subnet enables you to take a single IP network address and split it up so that it can be used on several interconnected local networks A subnet mask determines the maximum number of hosts on a subnetwork To obtain the IP address and Subnet Mask for a particular computer on your network run the following command from a Command Prompt window ipconfig all Make a note of the IP Address and Subnet Mask entries Figure 7 9 Subnet object properties Object Properties n IP Address Subnet Mask Cancel Name Enter a name for your Subnet object e IP Address Enter the IP address for the computer e Subnet Mask Enter the Subnet Mask 66 Administrator s Guide SurfControl Web Filter v5 5 CATEGORY OBJECT RULES ADMINISTRATOR 7 Where Ob
118. ontrol what activity is saved to the database Note Any change made to the Monitored Data settings only affects data from that point K onwards lt does not affect historic data SE SurfControl Web Filter v5 5 Administrator s Guide 9 BASIC CONFIGURATION Initial Monitored Data Settings Table 2 1 Monitor Settings Tab Description General Monitor new users By default all new users who log on to your network are detected by Web Filter and their Internet activity is automatically monitored You can select not to automatically monitor new users Page level information This option is selected by default It will only store the domain name of an allowed site For example www allowedsite com someinfo will be stored as www allowedsite com This can help reduce the size of your monitor database With this option selected you will just see a 7 in the Detail column All blocked sites are stored with the full path For example www blockedsite com music mp3 File Types By default only certain web page file types asp aspx htm html jsp mspx shtml stm are monitored The complete list of file types is shown in Table 2 2 on page 12 Monitoring of too many file types can impact on the performance of Web Filter If you suspect a certain file type is being accessed significantly select the file type and monitor it for a set period of time You have the following options when selecting Monitored custom file types
119. options Import You can import HTML code you have created in a file elsewhere or you can re import the default deny page text from the following location C Program Files SurfControl Web Filter Sample Denied Text Default_Denied html e Preview Use this option to see how your deny page will look in a browser Default Page Select this checkbox if you want this page to be the default Deny page displayed OTHER HTTP DENY PAGE OBJECTS SurfControl has supplied the following html pages which you may find useful when creating custom deny pages Redirect Denied html Redirect a user to a deny page Refresh to AUP html This allows you to redirect a user to your Acceptable Use Policy In a default installation these pages can be found in the following location C Program Files SurfControl Web Filter Sample Denied Text CONSTRUCTING HTTP DENY PAGES When constructing your own HTTP Deny Pages you are restricted to using 1024 characters or less including the HTML tags when building your deny page In addition there are the following objects you can insert into your HTTP Deny Page objects e User e Client IP e Site Category e Page 86 Administrator s Guide SurfControl Web Filter v5 5 RULES ADMINISTRATOR 7 Viewing Another Collector VIEWING ANOTHER COLLECTOR If you have more than one collector on your network you can quickly change to a different one from within the Rules Administrator You
120. ored Ports tab 108 Creating new ports 109 Deleting Ports 109 Editing Ports 109 Image Files 12 83 Internet Threat Database license reminders 114 L Last Access 36 Last IP Address 36 Last Workstation 36 Licensing Web Filter 18 M MAC Address 62 65 Maintenance Tools 53 Maximum Clients for Real Time Monitor 111 Monitor new users 10 Monitor Setting 36 Monitor to Database 105 Automatic 105 Manual 105 Database Updater tool 105 Scheduled Event 105 Monitored Data Categories 49 149 Administrator s Guide SurfControl Web Filter v5 5 Data 34 Destinations 45 Filters 34 Users 36 Monitored Destinations object 64 N NetBIOS 110 NetWare Domain object 60 Network Settings 104 Notify Objects NT Domain object 60 O Other e mail alerts 115 P Page level information 10 Port Number for Real Time Monitor 111 Precise Bandwidth Controls 73 Privacy Edition Changes to Monitored Data 20 Changes to Real Time Monitor 20 Changes to Reports 21 Protocol Signatures Tab 107 Detecting Skype 107 Enable Protocol Signature Scanning 107 Protocols 11 40 R Real Time Monitor Collector Details 94 Real Time Monitor Timeout 111 Remote Administration Client 16 Rules Objects 59 Types 56 S Scheduled task failures 114 Scheduler Options 144 Scheduled Events Database Management 142 Database Update 143 Internet Threat Database Update 144 Scripting 12 83 Server Info 32 Server Information Dashboard 32 Service Status 32 Service status
121. ork access to the SQL Server There must be a user account on the SQL Server with a Database Creators role Note A SurfControl database should only have one database owner A To create a new SQL Database 1 6 7 From the All Programs gt SurfControl Web Filter gt Database Tools menu select Create SQL Server Database The Create SurfControl Web Filter Database Wizard will start Click Next Enter the name of the SQL Server and the proper authentication For Windows authentication select Use Trusted Connection e For SQL authentication leave Use Trusted Connection deselected Enter the SQL Administrator Username and Password Click Next Enter the name of the database If you deselect Use Default Locations specify the locations for the database and transaction log files e If you deselect Set as SurfControl Web Filter Default specify the new database for both the Rules and Monitor databases Click Next Click Finish The new database will appear in the Web Filter Manager Navigation tree To use the new database in a multiple installation environment you must select the new database from the Web Filter service See Database Tab on page 112 for more details 128 Administrator s Guide SurfControl Web Filter v5 5 DATABASES Managing databases MANAGING DATABASES As SurfControl Web Filter builds up its database of Internet traffic you need to consider how to manage the volume of data it contains
122. ose the Monitor Settings dialog box N Oo P Go M Click Update Configuration to update servers connected to the database 40 Administrator s Guide SurfControl Web Filter v5 5 THE WEB FILTER MANAGER Users Unmonitoring Destinations or Users Unmonitoring users or destinations is useful when you want Web Filter to ignore specific destinations or the browsing behaviour of particular users For example destinations that are categorized as Company A Intranet may be heavily browsed and as a result may not require monitoring To prevent a destination being monitored 1 Select Monitor Settings from the Monitored Data section 2 From the Unmonitored Destinations tab click New You can add the following data URLs The address of the Web Site being accessed IP addresses If a destination is being accessed by this method instead of its URL 3 Click Apply then OK to close the Monitor Settings dialog box Click Update Configuration to update servers connected to the database Note When entering IP addresses do not include the http prefix If this is added the Gd destination will still be monitored Wildcard entries for example yourcompany will ignore all your corporate Web sites When a destination is unmonitored it can still be filtered blocked or allowed by rules To prevent a user or a domain being monitored 1 From the Unmonitored Users tab click New 2 Enter the network name for the user
123. ou want to connect to Add an Application Name to identify the database and click OK Click Apply Start the service oN o a SurfControl Web Filter v5 5 Administrator s Guide 113 WEB FILTER SETTINGS E mail Notifications Tab E MAIL NOTIFICATIONS TAB During installation you were asked to give the following information about the Systems Administrator E mail Server e Recipient Address e From Address You were also asked to select from the following message types that the System Administrator should receive alerts about Service running status changes If the Web Filter or Scheduler service is stopped or started Internet Threat Database license reminders A reminder will be sent when a subscription to the Internet Threat Database is due for renewal A reminder will be sent a month from expiry then a week from expiry and a day from expiry Once a subscription has expired a reminder will be sent every 24 hours e Scheduled task failures If any scheduled task does not complete e Catch up mode notifications If the service becomes overloaded monitoring will be restricted to HTTP traffic If the overload becomes critical monitoring will be temporarily suspended An e mail will be sent when Web Filter enters and exits catch up mode 114 Administrator s Guide SurfControl Web Filter v5 5 WEB FILTER SETTINGS E mail Notifications Tab You can select these options on the E mail Notification tab as shown below
124. p The tab is split into two sections Username Resolution Enterprise User Monitoring SurfControl Web Filter v5 5 Administrator s Guide 109 WEB FILTER SETTINGS Ignored Ports Tab These settings affect how Web Filter monitors users e None If selected SurfControl monitors users based on workstation name or IP address Enterprise User Monitoring EUM If you have installed EUM this option will be selected by default SurfControl recommends the use of EUM for user name resolution See the Starter Guide for details on how to install EUM V4 Note If you install EUM in a NetWare environment Enterprise User Monitoring is not selected per by default You need to manually select it NetBIOS Based on the MAC address of the workstation Lifetime of user name This field is used by NetBIOS only This determines how often Web Filter should check each workstation for active users The default value is 600 seconds ENTERPRISE USER MONITORING If you choose to use EUM after installation the options in this section enable you to configure how to monitor user names in a NetWare environment If you chose to monitor by EUM during installation the NetWare Tree and Context details you entered in the Configuration Wizard will be shown but will not be editable Note These settings will only be available if the NetWare client has been installed SurfControl GE recommend installing the NetWare client before installi
125. pe group An error message is displayed if the er extension already exists in another group Your new group can also be applied to individual users or groups from the Monitor Settings in the Monitored Users section of the Information pane See Monitor Settings for Users on page 43 for more details Adding New Protocols And Ports You can add new protocols and their associated port numbers to Web Filter to allow more flexiblility when filtering network traffic You can also add or edit port numbers for existing protocols To add new protocols and ports Select Monitor Settings from the Monitored Data section From the Protocols tab click New Enter a name for the Protocol Set the Status for the Protocol The options are Monitored or Unmonitored In the Protocol Ports section click New Port Enter a number for the port associated with the protocol this must be between 1 and 65535 Press Enter Repeat as necessary for additional ports Click OK to close the New Protocol dialog box O ON OA FW DN 0 Click Apply then OK to close the Monitor Settings dialog box 4 Click Update Configuration to update servers connected to the database To edit ports for existing protocols Select Monitor Settings from the Monitored Data section Select the protocol and click Edit Click New Port Enter the new port number this must be between 1 and 65535 Click OK to close the New Protocol dialog box Click Apply then OK to cl
126. r Service e Start or Stop Scheduler Service Start or Stop VCA Service e Refresh Database For more details on the information displayed and tasks at this level Web Filter Server on page 32 e Users tab 1 Ce F ral Monitored Data e Destinations tab Categories tab e Monitored Data tasks e Monitored Users tasks Monitored Connections tasks Print Destinations Categories 28 Administrator s Guide SurfControl Web Filter v5 5 THE WEB FILTER MANAGER Working With the Web Filter Manager Table 6 1 Web Filter Manager Navigation items Navigation tree item Data viewed Tasks For more details on the information displayed and tasks at this level Monitored Data on page 34 i We tent Protect e Rules Administrator EE e Real Time Monitor Custom Categorization For more details on the Content Protection tools Content Protection on page 52 e Web Filter Settings e Database Management e Virtual Control Agent Settings e Database Updater e Scheduler Maintenance For more details on the Maintenance tools Maintenance on page 53 SurfControl Web Filter v5 5 Administrator s Guide 29 THE WEB FILTER MANAGER SurfControl Web Filter SURFCONTROL WEB FILTER This is the default view when you open the Web Filter Manager DATA DISPLAYED In the central pane you will see the following information The Web Filter Dashboard The Web Filter Server Ov
127. rectory Protocol Signatures User Name Resolution Ignored Ports Start Stop Service Subnets Advanced Categorization E mail Notifications m E mail Server E mail server e g mailserver pourcompany com Recipient address Erom address WebFilter surfcontrol notifications com Message Types IV Service running status changes IV Internet Threat Database license reminders IV Scheduled task failures IV Catch up mode notifications Cancel Apply Help There are three other e mail alerts that the recipient address will receive Unlicensed product reminders If you are using an unlicensed product past its thirty day trial period you will be sent daily reminders Internet Threat Database category changes As the Global Threat Experts add new categories to the Internet Threat Database this e mail informs you of any modifications that have been made e Internet Threat Database updates A reminder is sent if it is more than a week seven days since an Internet Threat Database update MORE INFORMATION For more details on the other Service Settings see Chapter 9 8 Administrator s Guide SurfControl Web Filter v5 5 BASIC CONFIGURATION Initial Monitored Data Settings INITIAL MONITORED DATA SETTINGS This section will explain what the default monitoring settings are for Web Filter and what other options are available Accessing the Monitor Settings 1 To access the Monitor Settings
128. rfControl Web Filter v5 5 Appendix Contact Technical SUBppor sio a e batted A A E EE A e wee page 146 Sales and POB Bak xico EE page 148 APPENDIX Contact Technical Support CONTACT TECHNICAL SUPPORT Websense provides technical information about SurfControl products online 24 hours a day including latest release information searchable Knowledge Base show me tutorials product documents tips in depth technical papers Access support on the Web site at www websense com SupportPortal If you need additional help please fill out the online support form at www websense com SupportPortal Contact aspx Note your case number If you need to send Support files to help us diagnose your problem do the following 1 Select Start gt SurfControl Web Filter gt Support Tools gt Create Web Filter Support Files This creates an e mail message containing a copy of your configuration files that will help Support to discover the reason for any problems you are having These include Event Logs System and Application s A list of file Versions e Registry Keys e System Information e Trace Logs Add your case number to the subject line of the email message Navigate to C Program Files SurfControl Web Filter Support In this directory you will find the following files e Application evt e System evt e FileVersion txt e registrytxt e systeminfo txt Zip or rar these files and attach them to the emai
129. se without having to manually categorize them again EXPORTING MANUALLY CATEGORIZED SITES To export your manual categorizations 1 Select Start gt SurfControl Web Filter gt Database Tools gt Import or Export Manual Categorizations You will see the Import or Export Manual Categorizations dialog 5 Import or Export Manual Categorizations x f Export Manual Categorizations From database l Seleti To file Browse C Import Manual Categorizations 2 Select the Export Manual Categorizations option 3 Click the Select button A SQL Server Login dialog will be displayed Server conapeLtno y JV Use Trusted Connection Cancel Login ID Help Password El Administrator m Options Database Default Language Default pe Application Name SurfControl Web Filter WorkStation ID COGADELLWORK23 4 Use this dialog to select the database containing the manually categorized sites that you want to export by choosing the server from the Server drop down list box then selecting the Use Trusted Connection check box Alternatively enter a user name and password if this server requires one 5 Use the Options section to select the database that you wish to use then click OK The information relevant to that database will appear in the From database text field Click Browse and navigate to the flat file that you wish to export the manually categorized sites to Click Run task to e
130. sh to run the event on a different database click Select to choose a different database A SQL Server Login dialog box displays Select an available Server from the Server list SQL Server Login a xj Server Ir d I Use Trusted Connection Cancel Login ID Help Administrator Password Jptio Click Options and select the database you want to use from the drop down list box The database selected will be retained by the Database management settings Click OK DATABASE UPDATE If you have selected to update the flat files into your database manually you can schedule this at a time that best suits your network See Advanced Tab on page 104 for more details on database update settings Caution Do not schedule flat file updates ffom multiple collectors to take place at the same amp time This can corrupt your database To schedule a flat file import to your database 1 Click Add to navigate to the folder where your flat files are located Click Remove if you want to delete a location Flat files are stored in the following folder by default C Program Files SurfControl Web Filter tmp Click Open Database You have two choices Choose a SurfControl Collector from the drop down list box then click Connect to SQL Server to select a SQL Server Database resident on the Collector e Click Connect to SQL Server if using a database on the local computer Select Use Trusted connection for Windows Authentication the def
131. single IP address Host name or Domain for each object you create er Wildcards are not allowed 1 Enter a name for your object in the Name text box 2 Select one of the following options IP address Enter the IP address of the workstation the rule will be applied to Host Name The default option Enter the Workstation name You must have Enable Workstation name resolution selected in the Advanced tab of the Web Filter Service settings to be able to see Host names in the Monitor See Advanced Tab on page 104 for more details Enter a name for a network Domain the rule will be applied to Click OK to confirm your settings or click Cancel to disregard changes MAC Address To obtain the MAC address for a particular computer on your network run the following command from a Command Prompt window ipconfig all The MAC Address is the Physical Address entry To obtain the MAC addresses for all network cards on your network run the following command from the Command Prompt window arp a Again the MAC Addresses are the Physical Address entries Figure 7 3 MAC Address object properties E Name a MAC Address 000000000000 Cl ze Name Enter a name for your MAC address object 62 Administrator s Guide SurfControl Web Filter v5 5 RULES ADMINISTRATOR 7 Who Objects e MAC Address Enter the MAC address for the computer you want the rule to apply to Subnet Object A subnet allows you to tak
132. t if required and drag and drop the object onto the When section of the rule Choose an Allowance object if required and drag and drop the object onto the Allowance section of the rule Choose a Notify object if required and drag and drop the object onto the Notify section of the rule Choose a HTTP Deny Page object if required and drag and drop the object onto the HTTP Deny Page section of the rule Right click the new rule and choose Properties from the drop down menu You will see the Rule Properties dialog AN Allowance E Notify 17 Http Deny Page Rue who whee S what O when r State JM Active Disallow access to Adult material See Enter a comment for this rule Adding a comment to a rule enables you to see a description of the rules action in the Rules Administrator and Real time Monitor which enables you to see why a rule is blocking a web page When adding a comment ensure that e The description gives a clear indication of what the rule will do The comment is 31 characters in length or less Comments exceeding 31 characters will be truncated in the Rules Administrator and Real time Monitor The word truncated will be placed at the end of the comment Note If you do not add a comment to the rule you will see N A in the Comment columns of A 11 Rules Administrator and Real time Monitor Move the rule to the appropriate level in the Rule List Panel
133. talled SurfControl Mobile Filter you can use the following objects in your rules e Mobile Users The user name as defined in the SurfControl Client Administrator e Mobile Hosts The host name as defined in the SurfControl Client Administrator Who Lists Who Lists are a combination of Monitored Workstations NT Domain and User Defined Who Objects Who lists are a convenient way of grouping Who objects together to share common rules The list of workstations available in the Rules Administrator is the same as you see in the Monitored Data in addition to the Novell NetWare and Windows NT users defined for the network As Web Filter detects new users it updates both the Monitored Data and the Rules Administrator To refresh the display with the most current contents of the database press F5 CREATING USER DEFINED WHO OBJECTS Hosts and Domains The Hosts and Domains object is used to apply a rule to a particular IP address Host name or Domain on your network A host is a computer that is connected to a TCP IP network which can include the Internet Each host has a unique IP address A domain is a group of computers on a network that are administered as a unit SurfControl Web Filter v5 5 Administrator s Guide 61 7 RULES ADMINISTRATOR Who Objects Figure 7 2 Hosts and Domain object properties Object Properties x Es Name IP address Host name C Domain Dk Cancel V4 Note You can only add a
134. ternet Threat Database categories and any manually created custom categories Where Lists Where Lists are a combination of Monitored Destinations User Defined Where Objects and Categories This is a convenient way of grouping Where objects together to share common rules CREATING USER DEFINED WHERE OBJECTS Hosts and Domains The Hosts and Domains object is used to apply a rule to a particular IP address Host name or Domain on your network 64 Administrator s Guide SurfControl Web Filter v5 5 RULES ADMINISTRATOR 7 Where Objects A host is a computer that is connected to a TCP IP network which can include the Internet Each host has a unique IP address A domain is a group of computers on a network that are administered as a unit L Note You can only add a single IP address Host name or Domain for each object you create er Wildcards are not allowed Figure 7 7 Hosts and Domain object properties Object Properties E x Es Name CIP address e Host name Domain o Caca Name Enter a name for your object IP address Select IP address and enter the IP address for the workstation the rule will be applied to Host name The default option Enter the Host name in the following format www yoursite com Domain Enter a name for a network Domain the rule will be applied to MAC Address To obtain the MAC Address for a particular computer on your network run the following c
135. th the Edit or Delete buttons next to the Filters drop down list box V4 Note You can only have one of each criteria type for each custom filter Once you have created aad a custom filter it is available on all the Monitored Data tabs SurfControl Web Filter v5 5 Administrator s Guide 35 THE WEB FILTER MANAGER Users USERS SurfControl Web Filter monitors all users who log on to your network The Users tab shows various information about users Internet activity You can perform tasks such as assigning users to groups for more meaningful reporting You can decide what activity you want to monitor and whether you want to exclude any users from having their activity recorded in the database The Users pane is split into Summary and Detail users information SUMMARY USER INFORMATION This pane shows the users monitored by the Web Filter database The following information is displayed in the columns e User Identifies the user s name in the following order of precedence Novell user name EUM user name NetBIOS user name Workstation name IP address Last Workstation Displays the name of the last workstation the user was monitored on If the name is not available the IP Address will be displayed Last IP Address Shows the last IP Address the user was monitored on e First Access Shows the date and time Web Filter first logged Internet activity from this user Last Access Displays the date and
136. tial Monitored Data Gettinges nn cananea 9 The Default Monitor Settings oooconicninnnnnnnnnnnnnccconnnccnnnnccncrnrnccn nr 9 More Information sico idad it cie 12 Basic Rule Configuration ir cnn rra 13 Recommendations for Creating and Applying Rules 13 Scheduling WEE 14 More Intormation EE 14 Remote Administration issascinenniiecaciaansananacieeentiannianenavadstiiienanieennenwntciadseanantianercinenianeaavaes 15 roduc 110 q EE 16 What the Remote Administration Client Does ra 16 NC EI 16 LOA A do is 17 Licensing Web Eltere EENS aio 18 Entering a Web Filter License key 18 Privacy Edi 19 VO gg Re 20 Comparing the Standard and Privacy Editions 20 Privacy Edition Fogtu oS iii iia 22 Change the Manager and Union passwords ooccccccnnocinnnccccnonnnnnnnncnnonccnn ano c rra 22 Viewing User Details non nn 22 The Web Filter Manager an 25 INTOdUCIO suicida telcel tes 26 Opening the Web Filter Manager conan nono nn rca 26 Working With the Web Filter Manager 27 The Navigation Pane cccccccesecceceeeeeeceeeeeeseeceeeeeeeeeeaeeeesaeeeeeeenaeeaeaesesaeeeeeesneeeaeeeeenes 27 The Central Pane iii tt dt Deeg 27 The Hiltler 28 SurfControl Web Filter v5 5 Administrator s Guide SurfControl Web Pilier 30 DEAD A ooo o padanas ho asda lguadas E S 30 TASKS EE 30 Web Filter Severina a EE aa a aaa 32 Server Information Dashboard cccc
137. time the Internet request was made Connection Duration The duration of the request in minutes Data Sent The number of kilobytes sent as part of the Internet request Any request larger than 2GB will be shown as gt 2GB Data Recvd The number of kilobytes received as part of the Internet request Any request larger than 2GB will be shown as gt 2GB TASKS The following tasks can be performed from the Information pane Table 6 6 Destinations Tab Tasks Section IES Monitored Data Monitored Data tasks are available across all the Monitored Data tabs Monitor Settings page 39 Refresh page 41 Monitored Destinations Print page 47 Unmonitor page 47 Go To Site page 47 Submit Destination page 47 Set Category page 48 Monitored Connections Monitored Connections tasks are available across all the Monitored Data tabs See Table 6 5 on page 44 for the following tasks Print GoTo Site Go To Page Set Category e Copy URL 46 Administrator s Guide SurfControl Web Filter v5 5 THE WEB FILTER MANAGER Destinations MONITORED DESTINATIONS TASKS As well as being available from the Information pane you can access the Monitored Destinations tasks by right clicking a selected destination Print You can print all the information shown in the Summary Destination Information pane Unmonitor You can stop future requests to visit a selected site
138. tion Please select the security level of the connection to your Active Directory Server The default level is Non Secure which uses a standard LDAP port By selecting Secure all communications with your Active Directory Server will take place using SSL Select th ity level of your Active Directory Connection C Secure p Active Directory Authentication If you have rules using groups from other domains in your enterprise you may need to provide a user name with sufficient access rights to obtain this information Type default user name and password for all domains Default User name Default Password Type user name and password for each selected domain Domain New Delete User name A Password ARA SurfControl Web Filter v5 5 Administrator s Guide 101 WEB FILTER SETTINGS Subnets Tab SUBNETS TAB You can help your Web Filter server work more efficiently by using the Subnets tab to help balance the load Figure 9 4 Subnets tab Protocol Signatures User Name Resolution Ignored Ports Database Real Time Monitor Active Directory Start Stop Service Subnets Advanced Categorization E mail Notifications r Subnet Monitoring Do not monitor traffic to or from these subnets Only monitor traffic to or from these subnets Address Mask Comment Add Es Ed r Ignore Subnets Traffic sent to these subnets wil be ignored Address Mach Comment
139. tiple selections by using a comma or a space to separate the pes selections WHAT LisTS A What list object can comprise of several specific objects from the What object list This gives you a convenient way to group objects that you need to share a set of rules To create a What List drag individual What objects Protocols Ports and Precise Bandwidth Controls from the bottom right hand pane to the upper left hand pane in the What List dialog box Figure 7 13 What List dialog box TIT x You can modify the filter objects that you have created by selecting the group from the tree so that it appears in the bottom right pane and then dragging and dropping items on to the member pane Name New List Members E EUser Defined What Objects gt Display objects which contain E Protocols Ports 8 Precise Bandwidth Controls Object Name Cancel Help 74 Administrator s Guide SurfControl Web Filter v5 5 RULES ADMINISTRATOR 7 When Objects WHEN OBJECTS When objects are used to define the time and date when a rule will be applied The default setting for When objects is Anytime Note When objects are defined in 24 hour clock notation A SurfControl Web Filter is supplied with three pre defined When objects e After Work e Weekends e Worktime Figure 7 14 When objects tab G who D I where E what O when IS Allowance Notify Http Deny Page Display objects which contain
140. trol Web Filter v5 5 Administrator s Guide 135 DATABASES Upgrading your database UPGRADING YOUR DATABASE 1 Download the latest database from the SurfControl web site 2 Select Start gt All Programs gt SurfControl Web Filter gt Database Tools gt Database Upgrade Tool You will now see the SurfControl Database Upgrade Tool SurfControl Database Upgrade Tool EN The box below displays the current database Click Browse to select a different database Settings Database 127 1 1 0 Sur Contol WebFilter2 Browse Backup Database C Program Files SurfControl Web Filter DbBackup SurfC Cancel Browse Backup to 3 You will see the current database in the Database field Click Browse to navigate to the database that you downloaded 4 SurfControl recommends that you back up your old database before replacing it with a newer version Select the Backup Database check box then Leave the default path in the Backup to text field OR e Click Browse to enter the path to a new directory 5 Click Update Database 136 Administrator s Guide SurfControl Web Filter v5 5 DATABASES Importing exporting databases IMPORTING EXPORTING DATABASES If you have categorized sites manually you can import these sites from an existing database then export to these sites to a new blank database This can useful for creating backups of manual categorizations or for adding these sites to a new databa
141. u with the following options e Categorize Selection Perform a VCA run on the selected destination e Set Category Manually set the category from the SurfControl Category list e Uncheck Selection Removes the Checked status from a destination which will then be checked again in a VCA run Remove Categorization This option is only available in the VCA Manual Categorizations panel This removes the manual categorization of a destination Go To HTTP Opens the selected site in a Web browser 120 Administrator s Guide SurfControl Web Filter v5 5 CUSTOM CATEGORIZATION Using Custom Categorization e Find Destination Allows you to search for a URL in the Monitored Destinations or VCA Manual Categorizations panels VCA SETTINGS TAB To configure settings for the VCA 1 Inthe Custom Categorization dialog click the VCA Settings tab Figure 10 2 VCA Settings tab List of Destinations VCA Settings VCA Results TF Observe Robot Exclusion Policy IV Impersonate Internet Explorer I Cache retrieved web pages TF Retrieve pages from cache Browse Proxy Settings F Use Proxy Use NT authenticatior EE User Name Password Installed Languages Language Date Dutch 14 10 2005 09 58 58 English 14 10 2005 09 58 58 French 14 10 2005 09 58 58 German 14 10 2005 09 58 58 Italian 22 05 2006 09 52 04 Spanish 14 10 2005 09 58 58 xl Cancel Apply 2 Select the location of the Spider
142. w you use individual objects to build up rules that help you enforce your Acceptable Use Policy This will enable you to configure rules more accurately and precisely to meet your organization s requirements The rule object tabs are only visible if you have selected the default Advanced view in the Rules Administrator If you cannot see the Object tabs below the Rules panel select Advanced from the View menu To open the Rules Administrator from the Web Filter Manager select Content Protection gt Rules Administrator from the appropriate collector or database in the Navigation tree The Rules Administrator is also available from the Start gt All Programs gt SurfControl Web Filter menu There are three types of rules Allow This is the default setting for any new rule you create which uses positive filtering to give access e Disallow This type of rule uses negative filtering to deny access Allowance This rule type uses a combination of positive and negative filtering to set up limits for internet access The allowance value can either be time based allowing access for a predefined time limit or value based allowing only a predefined amount of bandwidth to be consumed Once thisthese limits hasve been reached access is blocked GUIDELINES FOR RULE CREATION For best results Surfcontrol recommends following these guidelines e Place rules to be applied to individual or small groups near the top of the list This is becaus
143. xplains some of the service settings for Web Filter These settings control how Web Filter monitors Internet traffic and the actions it takes when blocking access to sites This section covers e Where to find the service settings What some of the basic service settings do e What effect changing the settings will have e Where to find more information INITIAL MONITORED DATA SETTINGS Web Filter allows you to monitor various Internet behaviors and apply settings to individual users or groups This section covers Where to find the monitor settings e What the default settings are The other settings that are available BASIC RULES CONFIGURATION You can either implement some of the default rules supplied with Web Filter or construct your own This section explains how you should approach rule creation SCHEDULING TASKS You can organize tasks that need to be performed when Internet traffic is low or when your users are not logged on to your network This section describes what events are available REPORTING For reporting with Web Filter you need to install SurfControl Report Central This section describes some of the features of our reporting tool 4 Administrator s Guide SurfControl Web Filter v5 5 BASIC CONFIGURATION Basic Service Settings BASIC SERVICE SETTINGS This section will explain some of the basic service settings for Web Filter ACCESSING THE SERVICE SETTINGS You can access the service sett
144. xport the sites to this file SurfControl Web Filter v5 5 Administrator s Guide 137 DATABASES Importing exporting databases IMPORTING MANUALLY CATEGORIZED SITES To import your manual categorizations 1 Select Start gt SurfControl Web Filter gt Database Tools gt Import or Export Manual Categorizations You will see the Import or Export Manual Categorizations dialog C Export Manual Categorizations From database O To filer From file Browse Select Run Task Help Select the Import Manual Categorizations option To database Click the Browse button and navigate to the flat file that contains your manually categorized sites This could be a file containing sites that you exported earlier The path will appear in the From file text field 4 Next click the Select button A SQL Server Login dialog will be displayed Server CODADELL110 q Lx I Use Trusted Connection Cancel Help Administrator Login ID m Options Database Default Language Default h Application Name SurfControl Web Filter WorkStation ID COGADELLWORKZ3 5 Use this dialog to select the database that you want to import the sites to by choosing the server from the Server drop down list box then selecting the Use Trusted Connection check box Alternatively enter a user name and password if this server requires one 6 Use the Options section to select the database that you
145. y Categorization of a URL will only take place against a list of keywords entered in the SmartScan dialog See Custom Categories on page 68 for more details No Auto categorization Disables all categorization COMPANY DOMAINS AND INTRANET DESTINATIONS When installing Web Filter the Configuration Wizard asked you to specify your company domains and intranet destinations This is then used by Web Filter to categorize these as Company amp Intranet You can add remove or change those destinations from here INTERNET THREAT DATABASE IMPROVEMENT PROGRAM Uncategorized and VCA categorized destinations are sent anonymously to SurfControl These are then analyzed assigned to a SurfControl category and added to the Internet Threat Database This helps SurfControl increase the filtering effectiveness for all customers You have the option to choose whether to install this during the installation process If you use a proxy server for internet requests you can configure your authentication details for sending your information to SurfControl via your proxy server 106 Administrator s Guide SurfControl Web Filter v5 5 WEB FILTER SETTINGS Protocol Signatures Tab PROTOCOL SIGNATURES TAB The Protocol Signatures tab gives you the ability to enable signature scanning for certain Instant Messenger P2P and Web accelerator protocols These protocols can establish connections with other devices outside your corporate network on a range of
Download Pdf Manuals
Related Search