DriveLock Websecurity



Similar documents
F-Secure Mobile Security. Android

Internet Content Filter Exemption Request Form

Web Filtering For Branch SRX Series and J Series

Internet Use Monitoring

Access Control Rules: URL Filtering

WEB FILTERING FOR BRANCH SRX SERIES AND J SERIES

DriveLock Quick Start Guide

State of the Web 2015: Vulnerability Report. March Menlo Security Alright Reserved

Parental Control Single Product Test

Burst Technology. bt-webfilter User Guide

SecurePoP Web Content Screening

Introduction to the AirWatch Browser Guide

Why Websense Enterprise Beats SurfControl Web Filter VS

The internet has opened up a virtual world to children that offers them amazing ways to learn, play and communicate.

LANCOM Techpaper Content Filter

Cascadia Labs URL Filtering and Web Security

EHLANZENI DISTRICT MUNICIPALITY PROXY FILTERING AND INTERNET ACCESS POLICY FOR 2012

Internet Filtering Appliance. User s Guide VERSION 1.2

Chapter 10 Encryption Service

Microsoft and Windows are either registered trademarks or trademarks of Microsoft Corporation in the United States and/or other countries.

Date: 2011/8/1. 1. N etwo r k Ne twork Config uration

Sophos for Microsoft SharePoint startup guide

User's voice CYBERSIEVE. Make the interface nicer. It is old fashioned. Comprehensibility: Look and Feel: Time to install and configure: 45 minutes

Getting Started with TRITON Mobile Security

Configuration Information

GFI Product Manual. Administrator Guide for ISA/TMG


GFI WebMonitor Administration and Configuration Manual

Installing and Configuring vcloud Connector

eprism Security Suite

eprism Security Suite

AVG AntiVirus. How does this benefit you?

CyberPatrol SiteSURV Web Filtering User Manual

DriveLock and Windows 7

Whitepaper. DriveLock. Endpoint Security for IGEL Thin-Clients

The AppNexus audit evaluates creatives against the standards below.

Technical Brief for Windows Home Server Remote Access

Sophos Computer Security Scan startup guide

Configuration Information

MTP. MTP AirWatch Integration Guide. Release 1.0

Get Started Guide - PC Tools Internet Security

Application Control and URL Filtering

CUSTOMER Android for Work Quick Start Guide

TRITON Unified Security Center Help

User Guide. Cloud Gateway Software Device

How to Use the Greymail Spam Filter

SECURALIVE WEB SECURITY GATEWAY

Singtel Business Fibre Broadband Security Suite. Customer User Guide

How To Configure A Kiwi Ip Address On A Gbk (Networking) To Be A Static Ip Address (Network) On A Ip Address From A Ipad (Netware) On An Ipad Or Ipad 2 (

F-Secure Anti-Virus for Windows Servers. Administrator's Guide

Web Security Configuration. Administrator Guide

The 2007 R2 Version of Microsoft Office Communicator Mobile for Windows Mobile: Frequently Asked Questions

DriveLock and Windows 8

Lab Testing Summary Report

WildFire Cloud File Analysis

FILTERING FAQ

This presentation covers virtual application shared services supplied with IBM Workload Deployer version 3.1.

Cisco EXAM Implementing Cisco Threat Control Solutions (SITCS) Buy Full Product.

McAfee Web Gateway Administration Intel Security Education Services Administration Course Training

Configure Web Conference Parameters Through The Web Conference Administration User Interface.

REGULATORY OPTIONS TO FACILITATE THE ADOPTION OF INTERNET PARENTAL CONTROLS PUBLIC CONSULTATION RESPONSE FROM NETSWEEPER INC.

Configuring SonicWALL TSA on Citrix and Terminal Services Servers

Security Analytics Engine 1.0. Help Desk User Guide

User's voice. Safe Eyes. User 1: I was surprised how the tool was easy to install and configure. Comprehensibility:

Zscaler Internet Security Frequently Asked Questions

ACSI Advertising Guidelines Advertising Philosophy

Internet Content Filter Standard Version 2.0

Check Point submitted the SWG Secure Web Gateway for

User's voice NET NANNY. Quite simple to install and configure. Improve messages and possible reactions when a page is blocked. Comprehensibility:

ProxySG TechBrief Enabling Transparent Authentication

Bucksgfl Internet Web Filtering Policy

Security 8.0 User Guide

Computer Security Literacy


F-Secure Internet Security 2012

User Guide. Hosted Web Security. Copyright CensorNet Limited,

4 Steps to Effective Mobile Application Security

Windows XP (32/64 bit) Windows 7 (32/64 bit) Vista (32/64 bit) Mac OS X (from 10.4 version on) 12 years old users: 15/21 (points 1,59 out of 4)

Home Network Manager User Guide version Crystal Run Road Middletown, NY

Single Sign-On Guide for Blackbaud NetCommunity and The Patron Edge Online

NETWRIX EVENT LOG MANAGER

Trend Micro OfficeScan Best Practice Guide for Malware

Mobile Device Management Version 8. Last updated:

How To Use Windows Live Family Safety On Windows 7 (32 Bit) And Windows Live Safety (64 Bit) On A Pc Or Mac Or Ipad (32)

Product Guide. McAfee SaaS Endpoint Protection (October, 2012 release)

Collax Web Security. Howto. This howto describes the setup of a Web proxy server as Web content filter.

Secure Web Appliance. Reverse Proxy

V1.4. Spambrella Continuity SaaS. August 2

DNS. Ofcom Report on Internet safety measures Internet Service Providers: Network level filtering measures

Cascadia Labs URL Filtering and Web Security

Quarantined Messages 5 What are quarantined messages? 5 What username and password do I use to access my quarantined messages? 5

LCC xdsl Usage Policy

Administrator's Guide

F-Secure Messaging Security Gateway. Deployment Guide

Secure Web Gateway 11.5 Release Notes

Shield Pro. Quick Start Guide

Cyberoam Virtual Security Appliance - Installation Guide for XenServer. Version 10

Puresight Technologies Ltd. Arabic, Dutch, English, German, Greece, Russian. 12 years old users: 1/21 (points 2,67 out of 4)

CYBERSITTER NAME. LLC/Solid Oak Software. Company. Version Client. Type of product. Computer. Devices supported

Step-by-Step Guide for Microsoft Advanced Group Policy Management 4.0

Transcription:

Whitepaper DriveLock Websecurity Cloud-based internet security CenterTools Software GmbH 2015

Contents 1 DRIVELOCK WEBSECURITY... 2 1.1 WEBSECURITY CLOUDBASIERTE INTERNETSICHERHEIT... 2 1.2 KONFIGURATION VON DRIVELOCK WEBSECURITY... 3 1.2.1 Globale Einstellungen... 3 1.2.2 URL Filterregeln... 5 1

1 DriveLock Websecurity 1.1 Websecurity cloud-based internet security Classic Web Security is stuck in a legacy approach defined for a 1990s computing model centralized and static. Today Network Security Appliances protect computers as long as they are within a company s network but struggle, if computers are connected via public or home networks. Contrary to the classic approach, DriveLock WebSecurity protects directly at the endpoint, independent of the type of the network connection. The foundation of DriveLock WebSecurity is the CYREN GlobalView Cloud infrastructure, the largest security network of its kind in the world. The GlobalView Cloud processes over 13 Billion transactions every day and protects 550 million users in 190 countries from Internet threats. With local, regional, and continental redundancy, GlobalView Cloud provides multiple global points-of-presence, ensuring near-zero latency. 2

DriveLock WebSecurity utilizes the CYREN GlobalView Cloud to check each internet connection before it allows or denies access based on categories derived from the GlobalView Cloud. It blocks connections to phishing and other malicious sites, preventing infection and loss of login/credential data. The CYREN GlobalView Cloud is continuously updated with the most up-to-date information on phishing, advanced persistent threat, and other unsafe sites. Additionally to assessing the categories from CYREN, Domain-URLs can be added to whitelists or blacklists. 1.2 Configure DriveLock Websecurity To configure DriveLock WebSecurity, open or create a policy using the DriveLock Management Console. In the navigation are select DriveLock Websecurity. DriveLock Websecurity requires a valid subscription licence (see Activating your Licence ) 1.2.1 Global Settings 3

URL filtering mode (blacklist or whitelist mode) Basically there are two different modes to operate DriveLock WebSecurity, the blacklist mode and the whitelist mode. Blacklist mode initially doesn't block anything, until a category or domain-url is configured in a blacklist. In opposite, the whitelist mode blocks any access but the categories or domain-urls configured in a whitelist. Simulation means, that only events and user notification are generated, but access isn't really blocked. The audit only mode just logs events according to the configuration, but does not generate user notifications. You may use these modes to evaluate your configuration, before you activate real blocking. To temporary deactivate DriveLock WebSecurity, switch URL filtering mode to Off, your configuration remains valid. Always audit accessed URLs When enabled, each accessed URL is audited, not only the ones filtered by a rule. Target IP addresses to ignore Create a list of IP addresses, which should be completely ignored by DriveLock WebSecurity, no filtering and no auditing will apply. Ports to filter By default, DriveLock WebSecurity listens on ports 80, 443 an 8080. If you want to filter different ports (e.g. because you use a proxy with non standard ports), you have to enter the complete list of ports you want to filter. In-Browser notification By default, DriveLock WebSecurity redirects a blocked request to a built-in blocking page. You may also: configure a redirection to another URL - enter a fully qualified URL scheme, e.g. http://www.my_site.com/ my_blocked_page create your own blocking page - the content may be a valid HTML page or pure text Custom user notification messages Enter your own user notification message for blocked pages. Use the place holder %URL% to display the blocked URL within your text. 4

Advanced settings These settings should not be changed without specific reason Event settings - when accessing webpages multiple requests are sent to a server. To avoid multiple events to be generated for each request, multiple access to the same server name is collected as one event for the given time. Default is one minute (60 seconds). To configure the WebSecurity events, in the policy open Global Configuration / Event message transfer settings / Events and scroll down to the section for DriveLock WebSecurity (almost at the end). Cache settings - the URL category of accessed websites is cached in memory for the given time to reduce the number of requests to the CYREN GlobalView Cloud. Default is one day (86400 seconds). If available and enabled, DriveLock Websecurity will first ask the DriveLock Enterprise Service (DES) about the category of a website. The DES will cache the category too (for all agents connected). If many users work on the same websites, this will further reduces request to the CYREN GlobalView Cloud. To enable the URL category caching of the DES, in the DriveLock Management Console open DriveLock Enterprise Services / Servers / double-click <Server Name> / Update synchronization and check Enable URL categorization. 1.2.2 URL Filterring Rules URL filtering can be configured based on URL categories and/or URL lists. A group of categories can be configured as a set of categories using the category group rule. URL category rules / New / Category group rule... or URL category rules / New / URL category rule... or URL list rules / New / URL list rule... Double-click an existing rule to edit its properties. Use tab General to name the rule (Description) and to select the Rule type. In blacklist mode, whitelists rules are of higher priority than blacklist rules, thus websites matching a whitelist rule are never blocked. In whitelist mode it is vice versa, websites matching a blacklist rule are always blocked. Use the corresponding tabs to select Time limits, Connections, Networks, Users and Permissions the rule should be valid for. 5

Use tab Messages to configure exceptions for user notifications and auditing. URL-category rules Available Categories and categories groups are shown in the table below. No Category Group => Category Security 3 Anonymizers X 5 Botnets X 9 Compromised X 35 Malware X 36 Network Errors X 40 Parked Domains X 43 Phishing & Fraud X 55 Spam Sites X Parental Control Productivity 1 Advertisements & Pop-Ups X X 8 Child Abuse Images X X 11 Criminal Activity X X 12 Cults X X 13 Dating & Personals X X 20 Gambling X X 25 Hacking X X 26 Hate & Intolerance X X 28 Illegal Drug X X 29 Illegal Software X X 32 Instant Messaging X X 39 Nudity X X 41 Peer-to-Peer X X 45 Pornography/Sexually Explicit X X 54 Social Networking X X 58 Tasteless X X 62 Violence X X 63 Weapons X X 2 Alcohol & Tobacco X 7 Chat X 50 School Cheating X 52 Sex Education X 14 Download Sites X 21 Games X 30 Image Sharing X 33 Job Search X 53 Shopping X 56 Sports X General Use 6

No Category Group => Category Security Parental Control Productivity 57 Streaming Media & Downloads X 4 Arts X 6 Business X 10 Computers & Technology X 15 Education X 16 Entertainment X 17 Fashion & Beauty X 18 Finance X 19 Forums & Newsgroups X 22 General X 23 Government X 24 Greeting cards X 27 Health & Medicine X 31 Information Security X 34 Leisure & Recreation X 37 News X 38 Non-profits & NGOs X 42 Personal Sites X 44 Politics X 46 Private IP Addresses X 47 Real Estate X 48 Religion X 49 Restaurants & Dining X 51 Search Engines & Portals X 59 Translators X 60 Transportation X 61 Travel X General Use 64 Web-based Email X 7

URL category rules Open tab URL categories and check one or more Category groups or URL categories the rules should filter. URL list rules Open tab URLs to Add, Remove or Edit URLs resp. domains the rule should filter. 8

You may use wildcard characters to define patterns for URLs to be filtered. Use the asterisk (*) as a substitute for zero or more characters or the use the question mark (?) as a substitute for a single character. Examples: Pattern Matches Does not match *.drivelock.com *drivelock.com drivelock.?? drivelock.* *.*.* www.drivelock.com support.drivelock.com www.drivelock.com www.bad_drivelock.com bad_drivelock.com drivelock.de drivelock.fr drivelock.es drivelock.de drivelock.com drivelock.co.uk Jede Subdomain. Second-Level Domain. Top-Level Domain Drivelock.com www.bad_drivelock.com drivelock.com drivelock.co.uk drivelock.phishing.com Second-Level Domain. Top- Level Domain To avoid unwanted connections, be carefully with wildcard characters, especially if you use them in whitelists and in second-level or top-level domains (see examples marked in red). DriveLock WebSecurity does not send any content to the CYREN GlobalView Cloud but the domain part of an URL to get the category back. DriveLock WebSecurity does not read the content of encrypted connections. An open HTTPS connection will not be blocked as soon as a rule changes, but when the connection will be open again. A refresh in the browser normally reuses the existing connection. 9

Best Practice for Beginners Use DriveLock WebSecurity in blacklist mode (nothing is blocked per default). Create a blacklist to block category group Security (unsecure content). Create a blacklist to block unwanted categories (e.g. Shopping). Create a whitelist (URL list) to allow blocked but needed resources (e.g. *.amazon.com, *.amazon.de). Start in Simulation mode (otherwise your users may complain about blocked resources). Switch on Always audit accessed URLs, to audit all requests. Monitor the blocked/allowed/visited requests and adapt your rules accordingly. Switch off Simulation mode if your monitoring doesn't report unwanted blocking. Switch off Always audit accessed URLs to minimize audited events. Copyright Information in this document, including URL and other Internet Web site references, is subject to change without notice. Unless otherwise noted, the example companies, organizations, products, domain names, e-mail addresses, logos, people, places, and events depicted herein are fictitious, and no association with any real company, organization, product, domain name, e-mail address, logo, person, place, or event is intended or should be inferred. Complying with all applicable copyright laws is the responsibility of the user. 2015 CenterTools Software GmbH. All rights reserved. CenterTools and DriveLock and others are either registered trademarks or trademarks of CenterTools Software GmbH or its subsidiaries in the United States and/or other countries. The names of actual companies and products mentioned herein may be the trademarks of their respective owners. 10

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information