Securing Corporate Instant Messaging Use
|
|
- Letitia Lawson
- 7 years ago
- Views:
Transcription
1 Securing Corporate Instant Messaging Use What is an Instant Messaging Policy? SGOS 5 Series Instant messaging (IM) in the workplace has become standard. The benefits of using IM as a business tool are well known. However, as with the introduction of every Internet tool, there comes the possibility of misuse and the concern that new security holes could be introduced. Blue Coat ProxySG provides controls for the use of selectable IM features for AOL, MSN, and Yahoo! clients. Flexible policies can be defined to block file transfers, keyword searches, and chat room access on a global, per-group, or per-user basis. You can permit or restrict employee IM use or only certain features of IM, while keeping your network more secure. Additionally, all IM conversations can be monitored and logged for compliance when required. Supported Instant Messaging Clients ProxySG Instant Messaging support includes: English language versions Japanese language versions Also, some versions of AOL and Windows Live Messenger (WLM) are not officially supported but work in most situations. English Language Versions Supported AOL: v5.1 to 5.9. MSN: v4.6, 5.x, 6.0, 6.1, 6.2, 7.0, 7.5. WLM 8.0 Yahoo: v5.5, 5.6, 6.0, 7.0, 8.1. Japanese Language Versions Supported AIM 5.1 Yahoo 7.0 WLM 8.0 For more information on Blue Coat ProxySG Instant Messaging support, see your ProxySG Release Notes.
2 Securing Corporate IM Use Three multi-task parts for creating secure corporate instant messaging (IM) on the Blue Coat ProxySG are described: 1 Get Ready a. Establish a Written Corporate Policy Regarding IM Usage b. Configure your Firewall to Block Prohibited IM Clients c. Maintain Software Updates for Approved IM Clients 2 Prepare the ProxySG a. Check for the Blue Coat Required IM License b. Verify HTTP Handoff c. Enable the SOCKS Proxy Service to Intercept d. Enable Proxy Access Logging e. Set the Default Proxy Policy to Allow Policy Actions 3 Create IM Policies and Warnings a. Configure a SOCKS Authentication Layer b. Configure a Web Access Layer to Block Certain IM Traffic c. Configure a Web Access Layer to Limit IM Logging d. Create an In-band Warning Message 4 Configure the IM Client 5 Test Your Configuration and Review IM Logs Also provided are: Additional IM Policy Examples Configure ProxySG for IM-DNS Redirects Note: This document assumes an authentication realm has been created; in the example procedure, an LDAP authentication realm is used. About the Default Proxy Policy On the Management Console Configuration > Policy > Policy Options page you can set the default policy option to Deny or Allow. The two options provide two different approaches: A default proxy transaction policy of Deny prohibits proxy-type access through the ProxySG appliance; instead, you must create policies to explicitly grant access on a case-by-case basis.
3 A default proxy transaction policy of Allow permits most proxy transactions. If your policy is set to Allow, you must create policies to explicitly deny access on a case-by-case basis. Please note: if protocol detection is enabled (the default), HTTP CONNECT transactions are only allowed if they are tunneling SSL; if protocol detection is disabled, HTTP CONNECT is only allowed on port 443. This document assumes the Allow default proxy policy so IM traffic can be intercepted by the SOCKS proxy. In part three you configure policies to deny certain words and actions in IM traffic. If your default proxy policy is Deny, you would, instead, define specific instances of allowed IM traffic. For more information on developing effective policies, see the Policy Best Practices tech brief. Part 1 Get Ready Before you begin configuring IM policies on your ProxySG, several tasks should be completed. Three tasks are described: Establish a Written Corporate IM Usage Policy Configure your Firewall to Block Prohibited IM Clients Maintain Software Updates for Approved IM Clients Establish a Written Corporate IM Usage Policy Recent security studies indicate that some of the greatest security threats come from within an organization. In many instances, employees are not careful with their file exchanges or conversations over IM and forget about the confidentiality of topics they discuss. However, employees knowing there is a written policy prohibiting or restricting IM use serves as a deterrent. Furthermore, if employees know that all IM conversations and actions are being logged, they tend to be very careful in their use of IM while on the corporate network. Here are some general guidelines for creating an IM usage policy: Standardize on a single IM client for use within the corporate network. Strictly prohibit the use of prohibited IM clients on the corporate network. Instructions on doing this follow. Publish the policy at time of user log in (using the ProxySG) or on the corporate intranet. Clearly and frequently state the IM usage policy in all security communications with employees. Configure your Firewall to Block Prohibited IM Clients You can block IM protocols at your firewall. This is most often accomplished by blocking the ports that use the various IM systems. Because some IM protocols, especially Yahoo and AOL, attempt access through other ports (such as 20, 21, and 118), you may want to block access to the IM systems themselves. Therefore, all ports (other than 5050 and 5190) can be blocked on your firewall from connecting to: AOL Instant Messenger: login.oscar.aol.com on all ports ICQ: login.icq.com on all ports MSN Messenger: *.msgr.hotmail.com on all ports Yahoo! Messenger: *.msg.*.yahoo.com on all ports Note: These hostnames are subject to change. Refer to recent IM client documentation for updated hostnames.
4 Note: When you are using the ProxySG, ports 5050 and 5190 should be blocked on the inbound firewall side unless they are destined for the Blue Coat appliance. Because IM protocols attempt access around blocked ports, Blue Coat recommends denying any outbound traffic not coming from the proxy for a secure corporate instant messaging solution. This document describes an explicit proxy configuration using SOCKS. An explicit proxy is one that requires some client configuration. SOCKS is an Internet protocol that allows client-server applications to transparently use the services of a network firewall. SOCKS is an abbreviation for "SOCKetS For more information, see the Wikipedia article on SOCKS. Maintain Software Updates for Approved IM Products Once you have determined a standard IM client for use on your network, ensure that you are running the latest version. This helps avoid IM security holes or vulnerabilities that can occur with older IM versions. IM vendors periodically have updates for their software that typically include security fixes. Part 2 Prepare the ProxySG This section describes the steps to take to ready your ProxySG for instant messaging policy controls. These steps include: Check for the Blue Coat-required IM license Verify HTTP Handoff Enable the SOCKS proxy service and the appropriate IM proxy services (optional) to intercept traffic Enable proxy access logging Set the default proxy policy to allow policy actions 1 Check for the Blue Coat-required IM license: For IM control and monitoring to be enabled on the ProxySG, a valid (and separately purchased) license must be present on the Blue Coat appliance.
5 Go to Maintenance > Licensing on the Blue Coat management console. Yes in the Valid column indicates a valid license is installed. 2 Verify HTTP Handoff: HTTP handoff allows the Blue Coat HTTP proxy to handle requests from supported IM protocols. If HTTP handoff is disabled, requests are passed through, and IM-specific policies are not applied. Go to Configuration > Proxy Settings > IM Proxies. Select the IM Protocol that you are configuring; options change. Make sure Enable HTTP Handoff is selected; if needed, select and click Apply to finish. 3 Set the ProxySG SOCKS service to intercept: a. Go to Services > Proxy Services, select the SOCKS service and select Intercept for the Action. b. Click Apply to finish and OK to dismiss the confirmation box.
6 4 Optionally, set the IM service that you re configuring to intercept. You might want to do this just to ensure an additional layer of protection on IM connections: a. On the Services > Proxy Services page, select the appropriate IM service and select Intercept for the Action (on all displayed ports). b. Click Apply to finish and OK to dismiss the confirmation box. 5 Enable access logging: Go to Access Logging > General, select Enable Access Logging. Click Apply to finish and OK to dismiss the confirmation box.
7 6 Finally, enable the default policy option to allow policy processing. Go to Policy > Policy Options and select Allow for the Default Proxy Policy. Click Apply to finish and OK to dismiss the confirmation box. For information on the default proxy policy, see About the Default Proxy Policy. Part 3 Create ProxySG IM Policies and Warnings This section describes defining a Blue Coat ProxySG policy to manage Yahoo IM traffic. The same steps would apply to MSN or AOL IM traffic. Four tasks are described: Configure a SOCKS authentication layer Configure a Web Access layer to block certain IM traffic Configure a Web Access layer to limit IM logging Create an in-band warning message Note: If you are using a transparent proxy configuration you can use the Yahoo IM native proxy service for interception; however, proxy-level authentication is not possible with the native IM protocol. Note: It is assumed that you have already installed the ProxySG and have familiarity with navigating the Management Console. This procedure also requires a configured authentication realm, such as LDAP. 1 Using the Visual Policy Manager (VPM) add a SOCKS Authentication Layer with a new SOCKS authenticate action:
8 a. Click Policy > Add SOCKS Authentication Layer. Name the layer; for example, SOCKS_Auth. Note: To help maintain scalability, Blue Coat recommends giving relevant names to layers and objects. b. Right-click the Action setting and select Set. The Set Action dialog displays. c. Click New and select SOCKS Authenticate. Name the action object; for example, SOCKS_Auth_ Action. Select a pre-configured authentication realm; this example uses LDAP. Click OK to add the object; click OK to set the object. 2 Next, create a Web Access Layer with two rules, one to block specified IM text and one to block IM text file transfers: a. Using the VPM, click Policy > Web Access Layer. Name the layer; for example, YahooIM_Access. b. Create the first rule: i. Right-click the Service setting and select Set. The Set Service Object dialog displays. ii. Click New and select IM Message Text. The Add IM Message Text Object dialog displays.
9 iii. Name the object; for example, YahooImTextBlock. For the Text option, enter any sensitive word; for example, secret, and select Regex from the drop down list. Click OK to add the object and dismiss the dialog; click OK to set the object. iv. Next, right-click the Action setting and select Set. The Set Action Object dialog displays. v. Click New and select Return Exception. The Add Return Exception Object dialog displays. vi. Name the object; for example, TextDeny. Select Built-in exception and select policy-denied from the drop down list. For the Details option, enter text like this Company policy denies this message. Note: You can add additional rules to block multiple unique keywords. Click OK to add the object; click OK to set the object. c. Create the second rule: i. Click Add Rule. A new rule line displays in the web access layer. ii. Right-click the Service setting and select Set. The Set Service Object dialog displays. iii. Click New and select IM File Transfer. The Add IM File Transfer Object dialog displays.
10 iv. Name the object; for example, YahooImFileDeny. Select File and enter \.txt$ and select Regex from the drop down list. Click OK to add the object; click OK to set the object. v. Right-click the Action setting and select Set. The Set Action Object dialog displays. vi. Click New and select Return Exception. The Add Return Exception Object dialog displays. vii. Name the object; for example, TextFileDeny. Select Built-in exception and select policy_denied from the drop down list. For the Details option, enter text like this IM text file transfer not allowed. Note: You can block other file types by entering the file extension such as.exe or.jpg, and so on. Multiple file extensions can be applied by adding additional rules for each extension. Click OK to add the object; click OK to set the object.
11 3 Because logging of IM traffic can be very verbose, use the VPM to add another Web Access Layer to disable IM logging of state messages: a. Click Policy and select Add Web Access Layer. Name the layer; for example, IM_Logging. b. Right-click the Service setting and select Set. The Set Service dialog displays. c. Click New and select Protocol Methods. The Add Methods Object dialog displays. d. Name the object; for example, ImStateLogging, select Instant Messaging for the Protocol, (new options display) and select State Management in the Select Methods area; accept the default selections. Click OK to add the object, click OK to set the object. e. Right-click the Action setting and select Set. The Set Action dialog displays. f. Click New and select Modify Access Logging. The Add Access Logging Object dialog displays.
12 g. Name the object; for example, DenyImStateLogging, select Disable access logging to, and select im from the drop down list. Click OK to add the object, click OK to set the object. Click Install Policy to finish, click OK to dismiss the confirmation box. Close the VPM. 4 Now, create an in-band exception message from the Blue Coat Management Console: Go to Proxy Settings > IM Proxies > IM Alert Settings and select Send exception messages in the existing window (in-band). Enter text like this Yahoo IM usage is monitored and logged in the Prefix these messages with the text below option. Be sure to leave a space after the message. Click Apply to finish; click OK to dismiss the confirmation box.
13 Part 4 Configure the Yahoo IM Client Configure the Yahoo IM client connection to communicate with the ProxySG: 1 Go to Messenger > Connection Preferences 2 Select Use Proxies, and Enable SOCKS proxy, and enter the IP address or hostname of your ProxySG as the Server Name. Enter the port number for your SOCKS service (1080) for the Server Port and select the appropriate version. To have the ProxySG authenticate IM users, select Authentication and enter valid account information for the Username and Password options. 3 Click OK and sign in again.
14 Part 5 Test Your Configuration and Review the IM Logs The last step is to test your policy to ensure that the defined policy is functioning properly. This can be done by establishing communications between two separate Yahoo clients (at least one client must be going through the ProxySG) and attempting to use the word secret (example) during an IM chat. The results are shown below. In the next example (shown below) an attempt to send a text file is blocked. An in-band message is displayed indicating that IM file transfers are not permitted.
15 Summary statistics are available from the Blue Coat Management Console Statistics > IM History page. For the supported protocols (AOL, MSN, and Yahoo) the following information is available: Total and current clients logged in, chat sessions opened, direct sessions opened, file transfer sessions Total allowed/denied logins, messages, file transfers, and voice chat requests Detailed statistics are also available from the Management Console Statistics > Advanced page by scrolling down to the IM category. You can drill down to each user and see IM activity for that user
16 Additional IM Policy Examples Many additional policy rules for IM control can be created using the VPM. Options available to manage corporate IM use include: IM Username: Block or control IM use based on the source IM username IM Buddy: Block or control IM use based on the destination IM buddy Authenticated access: Require users to be authenticated prior to launching IM Chat room access: Control or block chat room access for IM users File send/receive: Limit or restrict file transfers based on file name, partial name, or file size Keyword searching: Block IM conversations when pre-defined keywords are used in an IM conversation Modify IM messages: Insert or append text into the IM message stream The following configuration examples use the VPM Web Access Layer for controlling the most common IM scenarios: Creating a Source Object Based on IM Username Restricting Access to a Chat Room Restricting IM Services Within a Rule Restricting File Transfer by Size and/or File Name Blocking Key Words (text) Modifying IM Messages Example 1 Creating a Source Object Based on IM Username
17 The policy functionality of the ProxySG allows you to specify an IM buddy by their handle (username) as the source. IM traffic sent to this buddy is then subject to any rule(s) defined in the policy. You can enter a complete buddy ID, a string that is part of a buddy ID, or a string with a regular expression (RegEx) and select the match type from the drop down list to the right (Exact, Contains, or RegEx) as shown in the previous example. You use the Source setting > Streaming Client (New ) > IM User object to do this. Note: This may not be the most secure way to generate a rule, as each user may have multiple IM accounts that would not be subject to these rules. This approach would only be effective if a rule is being created to provide access to that user; an approach that may be needed if the default proxy policy is Deny. Example 2 Restricting Access to a Chat Room A company may allow IM conversations but want a rule to place restrictions on the chat feature. You use the Destination setting > New > IM Chat Room to do this. Give the object a relevant name and then select one or more of the following triggers: Room ID: Specifies an IM chat room by name. Enter a name. From the drop down list select one: Exact Match, Contains, or RegEx. Type: Specifies type of chat room. Select Private or Public. Invite Only: Specifies if buddy must be invited or not. Voice-Enabled: Specifies whether or not the room supports voice chat. Conference: Specifies whether the chat room is a conference or not.
18 Example 3 Restricting IM Services There are numerous options within an IM services tab that can be selected to permit or restrict methods to explicit or all IM Users. You use the Service setting > New > Protocol Methods to do this. When the Instant Messaging protocol is selected, as shown above, a set of IM methods is displayed that can be enabled for an action. For example, the Send and Receive components of a file transfer can be individually enabled or disabled. Another useful rule that can be created with an Instant Messaging Methods object is to link the Login/logout option to a Splash Page to provide the IM user with the company s rules for using IM within their network. For more information about creating splash pages, please refer to TechBriefs posted under Advanced Policy.
19 Example 4 Restricting File Transfer by Size and/or File Name IM file transfers can be blocked or limited based on a company s internal policies. You use the Service setting > New > IM File Transfer to do this. To trigger by file name, select File and specify a file name; from the drop-down list, select Exact Match to match the name exactly, Contains if the file contains the name, or RegEx to match by regular expression. To trigger by message size, select Size and enter a range; from the drop-down list, select the size attribute: bytes, kilobytes, megabytes, or gigabytes.
20 Example 5 Blocking Key Words A policy can be created to block the use of any keyword in an IM conversation. In the Name field, enter a name for the object or accept the default. You use the Service setting > New > IM Message Text to do this. To trigger by content keywords, select Text and specify a keyword or multiple keywords separated by the pipe symbol ( ); from the drop-down list, select Contains if the file contains the text or RegEx if the text is matched by regular expression. To trigger by message size, select Size. Enter a range; from the drop-down list, select the size attribute: Bytes, Kilobytes, Megabytes, or Gigabytes. To specify the message route, select Route. From the drop-down list, select Service, Direct, or Chat. To specify message type, select Text or Application. Text specifies messages entered by a user. Application specifies messages sent by the client application, such as typing notifications.
21 Example 6 Modifying IM Messages IM messages can be replaced or appended with custom text through the ProxySG. For example, a message can alert users that their IM messaging activity is being monitored such as IM usage is monitored and logged. You use the Action setting > New > Modify IM Message to do this. In the field shown to the left enter the custom text to be displayed to the IM user. Then select Set message text or Append to message text to replace the text displayed to the user or append it to their original message. VPM Rules Using the Above Examples The following screen shows an example of the VPM creating a Web Access Layer to accomplish the previously discussed IM controls: Rule 1 Block file transfers for a specific IM user and set the action to Deny Rule 2 Blocking all IM Messages that use the keyword nasty then setting a the action as a Deny Rule 3 Allowing Files between 5k and 50k then setting the action as a Deny. In this rule the negate command is used on the service object so that file sending is permitted only for the file sizes specified and the rest are blocked
22 VPM View CPL View The following CPL (Content Policy Language) shows the policy code as generated through the VPM. The policy can be created or edited using either the VPM or CPL. ; Default proxy policy is ALLOW ; Policy Rules <Proxy> DENY im.user_id=grahamemea condition=im-no_file_transfer DENY condition=nasty_word DENY condition=!filesize_transfer ; Definitions define condition FileSize_Transfer im.file.size=5k..50k end condition FileSize_Transfer define condition IM-No_File_Transfer im.method=(send, RECEIVE) im.message.type=(file, file_list) end condition IM-No_File_Transfer define condition Nasty_Word im.message.text=nasty end condition Nasty_Word Configure ProxySG for IM-DNS Redirects (Optional) Some customers have requested instructions on how to support a ProxySG configuration where the Domain Name Service (DNS) is configured to return the ProxySG's IP address when resolving IM service hostnames (Yahoo - scs.msg.yahoo.com, AOL - login.oscar.aol.com, MSN - *.msgr.hotmail.com) thus making the ProxySG appear as an IM server (Yahoo, AOL, or MSN) to the respective clients. Alternatively the ProxySG's DNS proxy service will return a virtual-ip for these IM related hostnames when the "Explicit Proxy Virtual-IP" is set (the virtual-ip must be configured separately before this step). This provides greater IM control because IM clients only know of the Virtual-IP for server connections. In this configuration, the ProxySG connects to the appropriate IM server on behalf of the client; the ProxySG then acts as if the client is proxied through it using normal L4 redirection techniques.
23 Three tasks are required to setup IM-DNS redirects: Configure a Virtual IP Address (VIP) and assign it to the IM proxy Enable DNS Interception in the ProxySG proxy services Configure a Virtual IP Address (VIP) Configure a virtual IP address (VIP) on the ProxySG, such as as shown in the following graphic. Once the VIP is configured and DNS interception enabled, the ProxySG's DNS proxy starts returning that IP for all hosts (for all IM protocols) configured. 1 Go to Configuration > Network > Advanced > VIPs. 2 Create a virtual IP address: a. Click New. The Add Virtual IP dialog appears. b. Enter a unique IP address (used only to represent IM connections). Click OK to add the VIP and dismiss the dialog. c. Click Apply to finish; click OK to dismiss the confirmation box.
24 3 Next, go to Configuration > Proxy Settings > IM Proxies. 4 In the General Settings area, select the VIP from the Explicit Proxy Virtual IP drop-down list. 5 Click Apply to finish, click OK to dismiss the confirmation box. Enable DNS Interception on the ProxySG
25 Enable DNS interception by going to Services > Proxy Services, selecting the DNS service, and setting the action to Intercept. Click OK to dismiss the dialog and Apply to finish, click OK to dismiss the confirmation box. Now your IM clients will start going through the ProxySG without requiring any configuration at the desktop. Conclusion The ProxySG provides powerful IM control functionality including the ability to limit or block IM use in the enterprise. Companies can permit the use of IM while limiting its features to provide a greater degree of IM security over a generally unsanctioned product. Companies can also log all IM communications when required by various government and regulatory agencies. The ProxySG also provides the ability to redirect AOL and Yahoo requests through the ProxySG, making client configuration unnecessary. Blue Coat Systems, Inc. Corporate Headquarters Sunnyvale, CA USA // EMEA Headquarters Hampshire, UK // APAC Headquarters Hong Kong // Copyright 2009 Blue Coat Systems, Inc. All rights reserved worldwide. No part of this document may be reproduced by any means nor translated to any electronic medium without the written consent of Blue Coat Systems, Inc. Specifications are subject to change without notice. Information contained in this document is believed to be accurate and reliable, however, Blue Coat Systems, Inc. assumes no responsibility for its use. Blue Coat, ProxySG, PacketShaper, ProxyClient and BlueSource are registered trademarks of Blue Coat Systems, Inc. in the U.S. and worldwide. All other trademarks mentioned in this document are the property of their respective owners. v.tb-securing_corp_im-v3-0309
Implementing Exception Pages
Technical Brief: Implementing Exception Pages Implementing Exception Pages SGOS 5 Series Developed using SGOS 5.3.1.4 What are Exception Pages? Exception pages are Web pages (messages sent to users under
More informationReverse Proxy with SSL - ProxySG Technical Brief
SGOS 5 Series Reverse Proxy with SSL - ProxySG Technical Brief What is Reverse Proxy with SSL? The Blue Coat ProxySG includes the functionality for a robust and flexible reverse proxy solution. In addition
More informationDownloading and Configuring WebFilter
Downloading and Configuring WebFilter What is URL Filtering? URL filtering is a type of transaction content filtering that limits a user s Web site access through a policy that is associated with a specific
More informationLDAP Authentication and Authorization
LDAP Authentication and Authorization What is LDAP Authentication? Today, the network can include elements such as LANs, WANs, an intranet, and the Internet. Many enterprises have turned to centralized
More informationProxySG ICAP Integration
ProxySG ICAP Integration Blue Coat s proxies can utilize the Internet Content Adaptation Protocol (ICAP) to hand off HTTP requests and/or responses to an external server for configured processing and transformation.
More informationHTTPS HTTP. ProxySG Web Server. Client. ProxySG TechBrief Reverse Proxy with SSL. 1 Technical Brief
ProxySG TechBrief Reverse Proxy with SSL What is Reverse Proxy with SSL? The Blue Coat ProxySG includes the basis for a robust and flexible reverse proxy solution. In addition to web policy management,
More informationProxySG TechBrief Enabling Transparent Authentication
ProxySG TechBrief Enabling Transparent Authentication What is Transparent Authentication? Authentication is a key factor when defining a web access policy. When the Blue Coat ProxyxSG is configured for
More informationProxySG TechBrief Implementing a Reverse Proxy
ProxySG TechBrief Implementing a Reverse Proxy What is a reverse proxy? The Blue Coat ProxySG provides the basis for a robust and flexible Web communications solution. In addition to Web policy management,
More informationBlue Coat Security First Steps Solution for Controlling Web Applications
Blue Coat Security First Steps Solution for Controlling Web Applications SGOS 6.5 Third Party Copyright Notices 2015 Blue Coat Systems, Inc. All rights reserved. BLUE COAT, PROXYSG, PACKETSHAPER, CACHEFLOW,
More informationProxySG TechBrief LDAP Authentication with the ProxySG
ProxySG TechBrief LDAP Authentication with the ProxySG What is LDAP Authentication? Today, the network can include elements such as LANs, WANs, an intranet, and the Internet. Many enterprises have turned
More informationBlue Coat Security First Steps Transparent Proxy Deployments
Transparent Proxy Deployments SGOS 6.5 Third Party Copyright Notices 2014 Blue Coat Systems, Inc. All rights reserved. BLUE COAT, PROXYSG, PACKETSHAPER, CACHEFLOW, INTELLIGENCECENTER, CACHEOS, CACHEPULSE,
More informationBlue Coat Security First Steps Solution for Controlling HTTPS
Solution for Controlling HTTPS SGOS 6.5 Third Party Copyright Notices 2014 Blue Coat Systems, Inc. All rights reserved. BLUE COAT, PROXYSG, PACKETSHAPER, CACHEFLOW, INTELLIGENCECENTER, CACHEOS, CACHEPULSE,
More informationBlue Coat Security First Steps Solution for Integrating Authentication
Solution for Integrating Authentication using IWA Direct SGOS 6.5 Third Party Copyright Notices 2014 Blue Coat Systems, Inc. All rights reserved. BLUE COAT, PROXYSG, PACKETSHAPER, CACHEFLOW, INTELLIGENCECENTER,
More informationBlue Coat Security First Steps Solution for Deploying an Explicit Proxy
Blue Coat Security First Steps Solution for Deploying an Explicit Proxy SGOS 6.5 Third Party Copyright Notices 2014 Blue Coat Systems, Inc. All rights reserved. BLUE COAT, PROXYSG, PACKETSHAPER, CACHEFLOW,
More informationBest Practices for Controlling Skype within the Enterprise. Whitepaper
Best Practices for Controlling Skype within the Enterprise Whitepaper INTRODUCTION Skype (rhymes with ripe ) is a proprietary peer-to-peer (P2P) voice over Internet protocol (VoIP) network, founded by
More informationProxySG TechBrief Downloading & Configuring Web Filter
ProxySG TechBrief Downloading & Configuring Web Filter What is Content Filtering? URL filtering is the process of limiting a user s Web site access through a policy that is associated with a specific URL
More informationBest Practices for Controlling Skype within the Enterprise > White Paper
> White Paper Introduction Skype is continuing to gain ground in enterprises as users deploy it on their PCs with or without management approval. As it comes to your organization, should you embrace it
More informationContact Information. Document Number: 231-02909 Document Revision: SSL Proxy Deployment Guide SGOS 5.1.4
Contact Information Blue Coat Systems Inc. 420 North Mary Ave Sunnyvale, CA 94085-4121 http://www.bluecoat.com/support/contact.html bcs.info@bluecoat.com http://www.bluecoat.com For concerns or feedback
More informationSecure Web Service - Hybrid. Policy Server Setup. Release 9.2.5 Manual Version 1.01
Secure Web Service - Hybrid Policy Server Setup Release 9.2.5 Manual Version 1.01 M86 SECURITY WEB SERVICE HYBRID QUICK START USER GUIDE 2010 M86 Security All rights reserved. 828 W. Taft Ave., Orange,
More informationF-SECURE MESSAGING SECURITY GATEWAY
F-SECURE MESSAGING SECURITY GATEWAY DEFAULT SETUP GUIDE This guide describes how to set up and configure the F-Secure Messaging Security Gateway appliance in a basic e-mail server environment. AN EXAMPLE
More informationIntegrating with IBM Tivoli TSOM
Integration Notes Integrating with IBM Tivoli TSOM The Cascade Profiler integrates with the IBM Tivoli Security Operations Manager (TSOM) through the use of SNMP traps. It has been tested with TSOM Version
More informationDell SupportAssist Version 2.0 for Dell OpenManage Essentials Quick Start Guide
Dell SupportAssist Version 2.0 for Dell OpenManage Essentials Quick Start Guide Notes, Cautions, and Warnings NOTE: A NOTE indicates important information that helps you make better use of your computer.
More informationDecryption. Palo Alto Networks. PAN-OS Administrator s Guide Version 6.0. Copyright 2007-2015 Palo Alto Networks
Decryption Palo Alto Networks PAN-OS Administrator s Guide Version 6.0 Contact Information Corporate Headquarters: Palo Alto Networks 4401 Great America Parkway Santa Clara, CA 95054 www.paloaltonetworks.com/company/contact-us
More informationEnterprise Toolbar User s Guide. Revised March 2015
Revised March 2015 Copyright Notice Trademarks Copyright 2007 DSCI, LLC All rights reserved. Any technical documentation that is made available by DSCI, LLC is proprietary and confidential and is considered
More informationContent Filtering Client Policy & Reporting Administrator s Guide
Content Filtering Client Policy & Reporting Administrator s Guide Notes, Cautions, and Warnings NOTE: A NOTE indicates important information that helps you make better use of your system. CAUTION: A CAUTION
More informationISA Server Plugins Setup Guide
ISA Server Plugins Setup Guide Secure Web (Webwasher) Version 1.3 Copyright 2008 Secure Computing Corporation. All rights reserved. No part of this publication may be reproduced, transmitted, transcribed,
More informationLogLogic Blue Coat ProxySG Syslog Log Configuration Guide
LogLogic Blue Coat ProxySG Syslog Log Configuration Guide Document Release: September 2011 Part Number: LL600070-00ELS100000 This manual supports LogLogic Blue Coat ProxySG Release 1.0 and later, and LogLogic
More informationBarracuda IM Firewall Administrator s Guide
Barracuda IM Firewall Administrator s Guide Version 3.0 Barracuda Networks Inc. 3175 S. Winchester Blvd Campbell, CA 95008 http://www.barracuda.com Copyright Notice Copyright 2007, Barracuda Networks www.barracuda.com
More informationConfiguring SonicWALL TSA on Citrix and Terminal Services Servers
Configuring on Citrix and Terminal Services Servers Document Scope This solutions document describes how to install, configure, and use the SonicWALL Terminal Services Agent (TSA) on a multi-user server,
More informationCopyright 2012 Trend Micro Incorporated. All rights reserved.
Trend Micro Incorporated reserves the right to make changes to this document and to the products described herein without notice. Before installing and using the software, please review the readme files,
More informationBlue Coat Security First Steps Solution for Streaming Media
Blue Coat Security First Steps Solution for Streaming Media SGOS 6.5 Third Party Copyright Notices 2014 Blue Coat Systems, Inc. All rights reserved. BLUE COAT, PROXYSG, PACKETSHAPER, CACHEFLOW, INTELLIGENCECENTER,
More informationDeployment Guide: Transparent Mode
Deployment Guide: Transparent Mode March 15, 2007 Deployment and Task Overview Description Follow the tasks in this guide to deploy the appliance as a transparent-firewall device on your network. This
More informationDeploying NetScaler Gateway in ICA Proxy Mode
Deploying NetScaler Gateway in ICA Proxy Mode Deployment Guide This deployment guide defines the configuration required for using the NetScaler Gateway in ICA Proxy Mode. Table of Contents Introduction
More informationHosted Email Security 2.0 Quick Start Guide
Hosted Email Security 2.0 Quick Start Guide 1 Notes, Cautions, and Warnings NOTE: A NOTE indicates important information that helps you make better use of your system. CAUTION: A CAUTION indicates potential
More informationUser Identification and Authentication
User Identification and Authentication Vital Security 9.2 Copyright Copyright 1996-2008. Finjan Software Inc.and its affiliates and subsidiaries ( Finjan ). All rights reserved. All text and figures included
More informationNETASQ ACTIVE DIRECTORY INTEGRATION
NETASQ ACTIVE DIRECTORY INTEGRATION NETASQ ACTIVE DIRECTORY INTEGRATION RUNNING THE DIRECTORY CONFIGURATION WIZARD 2 VALIDATING LDAP CONNECTION 5 AUTHENTICATION SETTINGS 6 User authentication 6 Kerberos
More informationMadCap Software. Upgrading Guide. Pulse
MadCap Software Upgrading Guide Pulse Copyright 2014 MadCap Software. All rights reserved. Information in this document is subject to change without notice. The software described in this document is furnished
More informationhttp://docs.trendmicro.com
Trend Micro Incorporated reserves the right to make changes to this document and to the products described herein without notice. Before installing and using the product, please review the readme files,
More informationSuperLumin Nemesis. Administration Guide. February 2011
SuperLumin Nemesis Administration Guide February 2011 SuperLumin Nemesis Legal Notices Information contained in this document is believed to be accurate and reliable. However, SuperLumin assumes no responsibility
More informationDeployment Guide. AX Series for Microsoft Lync Server 2010
Deployment Guide AX Series for Microsoft Lync Server 2010 TABLE OF CONTENTS Introduction... 3 Deployment Guide Overview... 5 Deployment Prerequisites and Assumptions... 7 AX Deployment for Lync Server
More informationBlue Coat Security First Steps Solution for Integrating Authentication Using LDAP
Solution for Integrating Authentication Using LDAP SGOS 6.5 Third Party Copyright Notices 2014 Blue Coat Systems, Inc. All rights reserved. BLUE COAT, PROXYSG, PACKETSHAPER, CACHEFLOW, INTELLIGENCECENTER,
More informationBlue Coat Security First Steps Solution for Recording and Reporting Employee Web Activity
Solution for Recording and Reporting Employee Web Activity SGOS 6.5 Third Party Copyright Notices 2014 Blue Coat Systems, Inc. All rights reserved. BLUE COAT, PROXYSG, PACKETSHAPER, CACHEFLOW, INTELLIGENCECENTER,
More informationConfiguring User Identification via Active Directory
Configuring User Identification via Active Directory Version 1.0 PAN-OS 5.0.1 Johan Loos johan@accessdenied.be User Identification Overview User Identification allows you to create security policies based
More informationConfiguration Guide. BES12 Cloud
Configuration Guide BES12 Cloud Published: 2016-04-08 SWD-20160408113328879 Contents About this guide... 6 Getting started... 7 Configuring BES12 for the first time...7 Administrator permissions you need
More informationIdentity-Based Traffic Logging and Reporting
Application Note Identity-Based Traffic Logging and Reporting Using UAC in Conjunction with NSM and Infranet Enforcers to Give Additional, User-Identified Visibility into Network Traffic Juniper Networks,
More informationInstallation Guide for Pulse on Windows Server 2012
MadCap Software Installation Guide for Pulse on Windows Server 2012 Pulse Copyright 2014 MadCap Software. All rights reserved. Information in this document is subject to change without notice. The software
More informationPreparing for GO!Enterprise MDM On-Demand Service
Preparing for GO!Enterprise MDM On-Demand Service This guide provides information on...... An overview of GO!Enterprise MDM... Preparing your environment for GO!Enterprise MDM On-Demand... Firewall rules
More informationInstalling and Configuring a SQL Server 2014 Multi-Subnet Cluster on Windows Server 2012 R2
Installing and Configuring a SQL Server 2014 Multi-Subnet Cluster on Windows Server 2012 R2 Edwin Sarmiento, Microsoft SQL Server MVP, Microsoft Certified Master Contents Introduction... 3 Assumptions...
More informationPortal Administration. Administrator Guide
Portal Administration Administrator Guide Portal Administration Guide Documentation version: 1.0 Legal Notice Legal Notice Copyright 2013 Symantec Corporation. All rights reserved. Symantec, the Symantec
More informationCreating Notification Policies: Coaching, Splash, and Compliance
SGOS 5 Series Creating Notification Policies: Coaching, Splash, and Compliance What is a Notification Policy? Many organizations implement content filtering in order to control employee Web access; however,
More informationInstalling Management Applications on VNX for File
EMC VNX Series Release 8.1 Installing Management Applications on VNX for File P/N 300-015-111 Rev 01 EMC Corporation Corporate Headquarters: Hopkinton, MA 01748-9103 1-508-435-1000 www.emc.com Copyright
More informationSSL Proxy Deployment Guide
SSL Proxy Deployment Guide SGOS 6.5 and later Version: 02-07.14.15 - 2 - Copyrights 2015 Blue Coat Systems, Inc. All rights reserved. BLUE COAT, PROXYSG, PACKETSHAPER, CACHEFLOW, INTELLIGENCECENTER, CACHEOS,
More informationhttp://docs.trendmicro.com
Trend Micro Incorporated reserves the right to make changes to this document and to the products described herein without notice. Before installing and using the product, please review the readme files,
More informationBarracuda Link Balancer Administrator s Guide
Barracuda Link Balancer Administrator s Guide Version 1.0 Barracuda Networks Inc. 3175 S. Winchester Blvd. Campbell, CA 95008 http://www.barracuda.com Copyright Notice Copyright 2008, Barracuda Networks
More informationThreat Containment for Facebook
Threat Containment for Facebook Based on statistics for more than 62M users in 2009, the Blue Coat WebPulse cloud service ranked social networking as the number one most requested web category, surpassing
More informationUBS KeyLink Quick reference WEB Installation Guide
ab UBS KeyLink Quick reference WEB Installation Guide Table of contents 1. Introduction 3 1.1. Why is an Installation needed? 3 1.2. Is UBS KeyLink secure? 3 1.3. Information about Secure Sockets Layer
More informationHP Device Manager 4.6
Technical white paper HP Device Manager 4.6 FTP Server Configuration Table of contents Overview... 2 IIS FTP server configuration... 2 Installing FTP v7.5 for IIS... 2 Creating an FTP site with basic authentication...
More informationLifeSize Transit Deployment Guide June 2011
LifeSize Transit Deployment Guide June 2011 LifeSize Tranist Server LifeSize Transit Client LifeSize Transit Deployment Guide 2 Firewall and NAT Traversal with LifeSize Transit Firewalls and Network Address
More informationTELNET CLIENT 5.11 SSH SUPPORT
TELNET CLIENT 5.11 SSH SUPPORT This document provides information on the SSH support available in Telnet Client 5.11 This document describes how to install and configure SSH support in Wavelink Telnet
More informationSophos Mobile Control Installation guide. Product version: 3
Sophos Mobile Control Installation guide Product version: 3 Document date: January 2013 Contents 1 Introduction...3 2 The Sophos Mobile Control server...4 3 Set up Sophos Mobile Control...16 4 External
More informationVoIPon www.voipon.co.uk sales@voipon.co.uk Tel: +44 (0)1245 808195 Fax: +44 (0)1245 808299
VoiceGear/3CX Integration Guide Ver.0.1 Page 2 1. OVERVIEW... 3 1.1 SETTING UP 3CX PBX...4 1.2 SETTING UP VOICEGEAR GATEWAY...5 2. VOICEGEAR-3CX SIP INTEGRATION... 6 2.1 3CX CONFIGURATION...7 2.2 VOICEGEAR
More informationWeb DLP Quick Start. To get started with your Web DLP policy
1 Web DLP Quick Start Websense Data Security enables you to control how and where users upload or post sensitive data over HTTP or HTTPS connections. TRITON - Web Security is automatically configured to
More informationDeploying the SSL Proxy
Blue Coat Systems Deployment Guide Deploying the SSL Proxy For SGOS 5.1.4 Contact Information Blue Coat Systems Inc. 420 North Mary Ave Sunnyvale, CA 94085-4121 http://www.bluecoat.com/support/contact.html
More informationConfiguring PA Firewalls for a Layer 3 Deployment
Configuring PA Firewalls for a Layer 3 Deployment Configuring PAN Firewalls for a Layer 3 Deployment Configuration Guide January 2009 Introduction The following document provides detailed step-by-step
More informationHosted Email Security Quick Start Guide
Hosted Email Security Quick Start Guide 1 Notes, Cautions, and Warnings NOTE: A NOTE indicates important information that helps you make better use of your system. CAUTION: A CAUTION indicates potential
More information1 You will need the following items to get started:
QUICKSTART GUIDE 1 Getting Started You will need the following items to get started: A desktop or laptop computer Two ethernet cables (one ethernet cable is shipped with the _ Blocker, and you must provide
More informationBlue Coat Security First Steps. Solution for HTTP Object Caching
Solution for HTTP Object Caching Third Party Copyright Notices 2014 Blue Coat Systems, Inc. All rights reserved. BLUE COAT, PROXYSG, PACKETSHAPER, CACHEFLOW, INTELLIGENCECENTER, CACHEOS, CACHEPULSE, CROSSBEAM,
More informationDeltek Touch Time & Expense for Vision 1.3. Release Notes
Deltek Touch Time & Expense for Vision 1.3 Release Notes June 25, 2014 While Deltek has attempted to verify that the information in this document is accurate and complete, some typographical or technical
More informationCA Unified Infrastructure Management Server
CA Unified Infrastructure Management Server CA UIM Server Configuration Guide 8.0 Document Revision History Version Date Changes 8.0 September 2014 Rebranded for UIM 8.0. 7.6 June 2014 No revisions for
More informationConfiguring H.323 over Port Network Address Translation (PNAT) for Avaya IP Endpoints using the Avaya SG200 Security Gateway - Issue 1.
Configuring H.323 over Port Network Address Translation (PNAT) for Avaya IP Endpoints using the Avaya SG200 Security Gateway - Issue 1.0 Abstract These Application Notes describe how to configure the Avaya
More informationWeb DLP Quick Start. To get started with your Web DLP policy
1 Web DLP Quick Start Websense Data Security enables you to control how and where users upload or post sensitive data over HTTP or HTTPS connections. The Web Security manager is automatically configured
More informationFTP Server Configuration
FTP Server Configuration For HP customers who need to configure an IIS or FileZilla FTP server before using HP Device Manager Technical white paper 2 Copyright 2012 Hewlett-Packard Development Company,
More informationAssistant Enterprise. User Guide. www.lumosnetworks.com 3-27-08
Assistant Enterprise User Guide www.lumosnetworks.com 3-27-08 Assistant Enterprise (Toolbar) Guide Copyright Notice Trademarks Copyright 2007 BroadSoft, Inc. All rights reserved. Any technical documentation
More informationSophos Mobile Control as a Service Startup guide. Product version: 3.5
Sophos Mobile Control as a Service Startup guide Product version: 3.5 Document date: August 2013 Contents 1 About this guide...3 2 What are the key steps?...4 3 First login...5 4 Change your administrator
More informationInstallation Guide for Pulse on Windows Server 2008R2
MadCap Software Installation Guide for Pulse on Windows Server 2008R2 Pulse Copyright 2014 MadCap Software. All rights reserved. Information in this document is subject to change without notice. The software
More informationConfiguring Global Protect SSL VPN with a user-defined port
Configuring Global Protect SSL VPN with a user-defined port Version 1.0 PAN-OS 5.0.1 Johan Loos johan@accessdenied.be Global Protect SSL VPN Overview This document gives you an overview on how to configure
More informationBlue Coat Systems. Reference Guide. SSL Proxy. For SGOS 5.3.1
Blue Coat Systems Reference Guide SSL Proxy For SGOS 5.3.1 Contact Information Blue Coat Systems Inc. 420 North Mary Ave Sunnyvale, CA 94085-4121 http://www.bluecoat.com/support/contactsupport http://www.bluecoat.com
More informationQUICK START GUIDE. Cisco S170 Web Security Appliance. Web Security Appliance
1 0 0 0 1 1 QUICK START GUIDE Web Security Appliance Web Security Appliance Cisco S170 303417 Cisco S170 Web Security Appliance 1 Welcome 2 Before You Begin 3 Document Network Settings 4 Plan the Installation
More informationStarWind iscsi SAN Software: Installing StarWind on Windows Server 2008 R2 Server Core
StarWind iscsi SAN Software: Installing StarWind on Windows Server 2008 R2 Server Core www.starwindsoftware.com Copyright 2008-2011. All rights reserved. COPYRIGHT Copyright 2008-2011. All rights reserved.
More informationKaseya Server Instal ation User Guide June 6, 2008
Kaseya Server Installation User Guide June 6, 2008 About Kaseya Kaseya is a global provider of IT automation software for IT Solution Providers and Public and Private Sector IT organizations. Kaseya's
More informationActive Directory Integration with Blue Coat
The Web Security Authority. TM Active Directory Integration with Blue Coat NOTE: This techbrief is applicable when using NTLM under Windows 2000 Server. Introduction Windows 2000 server utilizes Active
More informationH3C SSL VPN RADIUS Authentication Configuration Example
H3C SSL VPN RADIUS Authentication Configuration Example Copyright 2012 Hangzhou H3C Technologies Co., Ltd. All rights reserved. No part of this manual may be reproduced or transmitted in any form or by
More informationFireware How To Authentication
Fireware How To Authentication How do I configure my Firebox to authenticate users against my existing RADIUS authentication server? Introduction When you use Fireware s user authentication feature, you
More informationTable of Contents. Chapter 1: Installing Endpoint Application Control. Chapter 2: Getting Support. Index
Table of Contents Chapter 1: Installing Endpoint Application Control System Requirements... 1-2 Installation Flow... 1-2 Required Components... 1-3 Welcome... 1-4 License Agreement... 1-5 Proxy Server...
More informationBlue Coat Systems. Reference Guide. SSL Proxy. For SGOS 5.5.x and later
Blue Coat Systems Reference Guide SSL Proxy For SGOS 5.5.x and later Contact Information Americas: Blue Coat Systems Inc. 410 North Mary Ave Sunnyvale, CA 94085-4121 Rest of the World: Blue Coat Systems
More informationMultiSite Manager. Setup Guide
MultiSite Manager Setup Guide Contents 1. Introduction... 2 How MultiSite Manager works... 2 How MultiSite Manager is implemented... 2 2. MultiSite Manager requirements... 3 Operating System requirements...
More informationGlobalSCAPE DMZ Gateway, v1. User Guide
GlobalSCAPE DMZ Gateway, v1 User Guide GlobalSCAPE, Inc. (GSB) Address: 4500 Lockhill-Selma Road, Suite 150 San Antonio, TX (USA) 78249 Sales: (210) 308-8267 Sales (Toll Free): (800) 290-5054 Technical
More informationActivIdentity 4TRESS AAA Web Tokens and SSL VPN Fortinet Secure Access. Integration Handbook
ActivIdentity 4TRESS AAA Web Tokens and SSL VPN Fortinet Secure Access Integration Handbook Document Version 1.1 Released July 16, 2012 ActivIdentity 4TRESS AAA Web Tokens and SSL VPN Fortinet Secure Access
More informationF-Secure Messaging Security Gateway. Deployment Guide
F-Secure Messaging Security Gateway Deployment Guide TOC F-Secure Messaging Security Gateway Contents Chapter 1: Deploying F-Secure Messaging Security Gateway...3 1.1 The typical product deployment model...4
More informationDNS and Network Configuration Version 8.0
Version 8.0 Symantec, Incorporated. Page 1 of 37 1 Legal Notices Copyrights Symantec IM Manager and related modules. Copyright 2002-2006 by Symantec, Incorporated. All rights reserved. This manual and
More informationInstalling and Configuring vcenter Support Assistant
Installing and Configuring vcenter Support Assistant vcenter Support Assistant 5.5 This document supports the version of each product listed and supports all subsequent versions until the document is replaced
More informationRSA Security Analytics
RSA Security Analytics Event Source Log Configuration Guide Microsoft Windows using Eventing Collection Last Modified: Thursday, July 30, 2015 Event Source Product Information: Vendor: Microsoft Event
More informationSSL VPN. Virtual Appliance Installation Guide. Virtual Private Networks
SSL VPN Virtual Appliance Installation Guide Virtual Private Networks C ONTENTS Introduction... 2 Installing the Virtual Appliance... 2 Configuring Appliance Operating System Settings... 3 Setting up the
More informationVirtual Appliance Setup Guide
The Barracuda SSL VPN Vx Virtual Appliance includes the same powerful technology and simple Web based user interface found on the Barracuda SSL VPN hardware appliance. It is designed for easy deployment
More informationTOSHIBA GA-1310. Printing from Windows
TOSHIBA GA-1310 Printing from Windows 2009 Electronics for Imaging, Inc. The information in this publication is covered under Legal Notices for this product. 45081979 04 February 2009 CONTENTS 3 CONTENTS
More informationSonicWALL Global Management System Configuration Guide Standard Edition
SonicWALL Global Management System Configuration Guide Standard Edition Version 2.3 Copyright Information 2002 SonicWALL, Inc. All rights reserved. Under copyright laws, this manual or the software described
More informationINSTANT MESSAGING SECURITY
INSTANT MESSAGING SECURITY February 2008 The Government of the Hong Kong Special Administrative Region The contents of this document remain the property of, and may not be reproduced in whole or in part
More informationVMware vcloud Air Networking Guide
vcloud Air This document supports the version of each product listed and supports all subsequent versions until the document is replaced by a new edition. To check for more recent editions of this document,
More informationUsing LifeSize systems with Microsoft Office Communications Server 2007. Server Setup
Using LifeSize systems with Microsoft Office Communications Server 2007 This technical note describes the steps to integrate a LifeSize video communications device with Microsoft Office Communication Server
More information2X SecureRemoteDesktop. Version 1.1
2X SecureRemoteDesktop Version 1.1 Website: www.2x.com Email: info@2x.com Information in this document is subject to change without notice. Companies, names, and data used in examples herein are fictitious
More information