Filtering and Identifying Web Activity by User Name



Similar documents
Safeguard Your Remote Employees With CyBlock Hybrid

Web-Access Security Solution

Wavecrest Certificate

Svn.spamsvn110. QuickStart Guide to Authentication. WebTitan Version 5

Controlling Risk, Conserving Bandwidth, and Monitoring Productivity with Websense Web Security and Websense Content Gateway

BlackShield ID Agent for Terminal Services Web and Remote Desktop Web

When your users take devices outside the corporate environment, these web security policies and defenses within your network no longer work.

How to Configure Captive Portal

How To - Implement Clientless Single Sign On Authentication with Active Directory

Agent Configuration Guide

Deploying RSA ClearTrust with the FirePass controller

BlackShield ID Agent for Remote Web Workplace

Quick Start 5: Introducing and configuring Websense Cloud Web Security solution

Quick start 6: Administering the Websense Cloud Web Security solution

Evaluation Guide. iprism Web Security V7.000

Configuration Guide. SafeNet Authentication Service. SAS Agent for Microsoft Internet Information Services (IIS)

Strong Authentication for Microsoft TS Web / RD Web

Websense Support Webinar: Questions and Answers

User Guide. Cloud Gateway Software Device

Quickstart guide to Authentication

User-ID Best Practices

The SSL device also supports the 64-bit Internet Explorer with new ActiveX loaders for Assessment, Abolishment, and the Access Client.

User Identification (User-ID) Tips and Best Practices

Cyclope Internet Filtering Proxy

McAfee Web Gateway Administration Intel Security Education Services Administration Course Training

Cyclope Internet Filtering Proxy. - Installation Guide -

Request Manager Installation and Configuration Guide

ProxySG TechBrief Enabling Transparent Authentication

Mobile Device Management Version 8. Last updated:

DIGIPASS Authentication for Cisco ASA 5500 Series

GlobalViewer Enterprise

Barracuda Web Filter Demo Guide Version 3.3 GETTING STARTED

Secure WiFi Access in Schools and Educational Institutions. WPA2 / 802.1X and Captive Portal based Access Security

Websense Certified Engineer Web Security Professional Examination Specification

Active Directory 2008 Implementation Guide Version 6.3

USING THE DNS/DHCP ADMINISTRATIVE INTERFACE Last Updated:

Strong Authentication for Microsoft SharePoint

vrealize Air Compliance OVA Installation and Deployment Guide

Contents. Introduction. Prerequisites. Requirements. Components Used

Copyright 2013, 3CX Ltd.

Configuration Guide. SafeNet Authentication Service. SAS Agent for Microsoft Outlook Web Access 1.06

User Identification and Authentication

DESLock+ Basic Setup Guide Version 1.20, rev: June 9th 2014

DIGIPASS Authentication for Check Point Connectra

Quickstart guide to Configuring WebTitan

CTERA Agent for Mac OS-X

Palo Alto Networks User-ID Services. Unified Visitor Management

How To - Implement Clientless Single Sign On Authentication in Single Active Directory Domain Controller Environment

2X Cloud Portal v10.5

iboss Enterprise Deployment Guide iboss Web Filters

Blue Coat Security First Steps Solution for Integrating Authentication

Configuration Guide. SafeNet Authentication Service. SAS Agent for Microsoft Outlook Web App. Technical Manual Template

GlobalViewer Enterprise

WiNG5 CAPTIVE PORTAL DESIGN GUIDE

NetSpective Global Proxy Configuration Guide

Infor Xtreme Browser References

Employee Web-use Monitoring at BNSF Railway

SAS Agent for Outlook Web Access

Deploying NetScaler Gateway in ICA Proxy Mode

Windows XP Exchange Client Installation Instructions

M86 Web Filter USER GUIDE for M86 Mobile Security Client. Software Version: Document Version:

Direct or Transparent Proxy?

Secure Web Appliance. SSL Intercept

Active Directory 2008 Implementation. Version 6.410

Cisco AnyConnect Secure Mobility Solution Guide

MaaS360 Mobile Enterprise Gateway

A Guide to New Features in Propalms OneGate 4.0

VMware Identity Manager Administration

Virtual Code Authentication User Guide for Administrators

OneFabric Connect and iboss Internet Filtering Appliance

Product Manual. MDM On Premise Installation Version 8.1. Last Updated: 06/07/15

Creating a generic user-password application profile

Flexible Identity Federation

Introduction to Google Apps for Business Integration

qliqdirect Active Directory Guide

AVG Business SSO Partner Getting Started Guide

Biznet GIO Cloud Connecting VM via Windows Remote Desktop

Installation Guide. Squid Web Proxy Cache. Websense Enterprise Websense Web Security Suite. v for use with

Websense Web Security Gateway: What to do when a Web site does not load as expected

USG40HE Content Filter Customization

FIREWALL. Features SECURITY OF INFORMATION TECHNOLOGIES

SSL SSL VPN

CTERA Agent for Mac OS-X

Astaro Security Gateway V8. Remote Access via SSL Configuring ASG and Client

Manual to Access SAP Training Systems Technical Description for Customer On-Site Training

Configuring SonicWALL TSA on Citrix and Terminal Services Servers

v Installation Guide for Websense Enterprise v Embedded on Cisco Content Engine with ACNS v.5.4

HOW TO SILENTLY INSTALL CLOUD LINK REMOTELY WITHOUT SUPERVISION

Copyright 2012 Trend Micro Incorporated. All rights reserved.

F-SECURE MESSAGING SECURITY GATEWAY

WatchGuard SSL v3.2 Update 1 Release Notes. Introduction. Windows 8 and 64-bit Internet Explorer Support. Supported Devices SSL 100 and 560

DIGIPASS Authentication for Citrix Access Gateway VPN Connections

Web Request Routing. Technical Brief. What s the best option for your web security deployment?

V Series Rapid Deployment Version 7.5

SiteCount v2.0 Revised: 10/30/2009

Design and Implementation Guide. Apple iphone Compatibility

Transcription:

WavecrestTechBrief Filtering and Identifying Web Activity by User Name www.wavecrest.net

When a company implements Web filtering and monitoring software, it typically wants to filter and monitor the Web traffic flowing through its network by user name versus IP address for various reasons. Some of these reasons include curtailing casual surfing, protecting against security threats, and conserving bandwidth. Furthermore, a company s Acceptable Use Policy (AUP) is usually based on user names and/or groups of user names. Therefore, the application that enforces and monitors the company s AUP needs to identify Web activity by user name. IP addresses can be dynamic, and sometimes more than one employee can log on to a computer, and hence, more than one user name will be using the same IP address. Many an IT administrator is tasked with ensuring that the company s employees are going through the proxy that is in place, so that Web activity can be monitored by user name. To get user names and authenticate users, IT administrators can choose any of the proxy configuration options and authentication methods described below. Depending on the company s preference, one proxy configuration option may be more favorable than the other. Here, we will discuss applying browser settings manually, pushing out group policies using Active Directory (AD), using a captive portal, and installing client software. We will also touch on the different ways that you can authenticate your Internet users using our CyBlock products. Applying Browser Settings Manually Applying browser settings involves identifying a proxy server which is required if you need user names. User names are not available when a browser connects directly to a Web site. One of two settings is used in the browser automatic or manual proxy configuration. Automatic Configuration. This configuration relies on the use of a PAC file that specifies a proxy server (IP address or host name) and a port of the server. It also specifies that the user may go directly to the requested Web site as though using no proxy, if the proxy server cannot be found. Automatic Configuration (PAC File) Suitable for small companies with few users. Time-consuming setup for larger companies. Provides direct access for remote and roaming employees. Supported by all browsers. Simple setup. Direct access produces no monitoring, filtering, or reporting. Web site delay when browser first starts or when proxy server is down. Users can delete or change proxy settings. Manual Configuration. In this configuration, the IT administrator enters the IP address or host name and port of the proxy server on each user s computer. There is no Direct option to allow access to the Internet, if the proxy server is down or the user leaves the network. Wavecrest Computing Filtering and Identifying Web Activity by User Name page 2

Suitable for small companies with few users. Supported by all browsers. Simple setup. Manual Configuration (IP Address/Host Name & Port) Time-consuming setup for larger companies. No automatic direct access available. Pushing Out Group Policies Using Active Directory Requires manual disabling of proxy settings for direct access. Users can delete or change proxy settings. From the Active Directory server, a group policy is pushed out to set up users browsers with a proxy configuration, that is, a PAC file or proxy server IP address/host name and port. Active Directory also allows you to disable the browser s Connections tab. Two other options in Active Directory disable changing the manual proxy setting and the automatic configuration setting. Active Directory Group Policies AD updates are not automatically applied to all computers. May take time to apply change to all computers assigned to policy. Single setup on Active Directory server. Supported by Internet Explorer primarily. In Internet Explorer, users cannot delete or change proxy settings. Requires AD options set to disable. Using a Captive Portal Users can delete or change proxy settings in other browsers Firefox and Chrome. A captive portal operates so that when an employee attempts to visit a Web site, he will be required to log on and accept an organization s AUP, if this option was configured. By logging on, user names are captured from Web traffic that is filtered and monitored. Guests can access the company s network by accepting the AUP. A wider range of devices and operating systems in the organization can be supported. A captive portal is also used as a method of authentication which is discussed later in this document. Captive Portal Requires cookies to be enabled in the browser. Supports large range of devices including non- Windows devices. Presents customizable logon page to new devices. Can be used with CyBlock Appliance inline requiring no browser settings. Wavecrest Computing Filtering and Identifying Web Activity by User Name page 3

Installing CyBlock Client CyBlock Client is a thin client that makes requests to servers and can be installed manually on computers or remotely with a tool, such as PsExec. It does not require a browser for proxy configuration. It allows IT administrators to specify several proxy servers and has the ability to continuously poll these proxies in priority order. This list of IP addresses and ports override any proxy settings in the browser. CyBlock Client also has the ability to pass user names to the proxy which is discussed below. CyBlock Client Installation required on each user s computer. Easy deployment using PsExec. Available for Windows computers only, not Linux. No browser configuration necessary. Proxy servers sorted by user-defined priorities. Supports on-premises as well as remote employees. Users cannot delete or change proxy settings. Using Authentication Methods CyBlock s Authentication Manager. Authentication Manager allows you to use different types of proxy authentication to support your organization, which may include your main office, remote users, and branch offices. You can choose to use NTLM, a captive portal, or a combination of both. Disabling authentication is also an option. For various network definitions, such as a single IP address, a range of IP addresses, or a host name, you can create rules specifying the authentication method to use. NTLM. This method uses a challenge/response protocol for authentication in which the proxy makes an authentication request, and the browser responds with the user name and password. NTLM is supported in the Windows environment, but is not fully supported in other environments. Captive Portal. In this authentication method, logon credentials are used to authenticate employees, and guests are identified with a guest ID. The IT administrator controls the length of time before the browser must reauthenticate. As mentioned earlier with CyBlock Appliance inline, a captive portal supports authenticating users who are filtered in transparent proxy mode, but it will also work with CyBlock Software and CyBlock Cloud. For more information on authenticating with a captive portal, see Authenticating Your Internet Users. CyBlock Client. Using CyBlock Client, user names are passed to the proxy providing the credentials needed to identify who is accessing your network. It does not require NTLM authentication or a captive portal. Wavecrest Computing Filtering and Identifying Web Activity by User Name page 4

Conclusion If you are implementing Web filtering and monitoring software in your organization, many proxy configurations are available to allow you to manage your Web traffic by user name as well as authenticate your users. Whether it s applying browser settings manually or through Active Directory group policies, or using a captive portal or CyBlock Client, IT administrators need to weigh the advantages and disadvantages of each option. The solution that best serves the needs and resources of the company and its IT department may be one of these options. About Wavecrest Computing Wavecrest Computing has provided business and government clients with reliable, accurate Web use management products since 1996. IT specialists, HR professionals, and business managers trust Wavecrest s Cyfin and CyBlock products to manage employee Internet usage reducing liability risks, improving productivity, saving bandwidth, and controlling costs. Wavecrest has over 3,000 clients worldwide, including Edward Jones, General Electric, IBM, MillerCoors, New York City Dept. of Transportation, Rolex, Siemens, and a growing list of global enterprises and government agencies. For more information on our company, products, and partners, visit www.wavecrest.net. Wavecrest Computing 904 East New Haven Avenue Melbourne, FL 32901 toll-free: 877-442-9346 voice: 321-953-5351 fax: 321-953-5350 www.wavecrest.net All specifications subject to change without notice. Copyright 2014 Wavecrest Computing Incorporated. All rights reserved.

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information