Table of Contents
Advertisement
Quick Links
Advertisement
Table of Contents
Related Manuals for Secure Computing SSL Scanner
Summary of Contents for Secure Computing SSL Scanner
- Page 1 SER’S UIDE Webwasher SSL Scanner Version 6.5 www.securecomputing.com...
- Page 2 Secure Computing Corporation. Every effort has been made to ensure the accuracy of this manual. However, Secure Computing Corporation makes no warranties with respect to this documentation and disclaims any implied warranties of merchantability and fitness for a particular purpose.
-
Page 3: Table Of Contents
Contents Chapter 1 Introduction 1.1 About This Guide 1.2 What Else Will You Find in This Introduction? 1.3 Using Webwasher 1.3.1 First Level Tabs 1.3.2 Configuring a Sample Setting 1.3.3 General Features of the Web Interface 1.4 Other Documents 1.4.1 Documentation on Main Products 1.4.2 Documentation on Special Products 1.5 The Webwasher Web Gateway Security Products Chapter 2 Home... - Page 4 3.14 White List 3.14.1 White List 3.15 User Defined Categories 3.15.1 User Defined Categories 3.16 Media Type Catalog 3.16.1 Media Type Catalog Chapter 4 SSL Scanner 4.1 Overview 4.2 Quick Snapshot 4.2.1 Quick Snapshot 4.3 Certificate Verification 4.3.1 Certificate Verification 4.4 Scan Encrypted Traffic...
-
Page 5: Chapter 1 Introduction
Anti-Virus scanner and content filter. The SSL Scanner allows you to manage this encrypted content in the same way as HTTP content and thus to prevent policy evasion, while it is also scan- ning Web traffic for all kinds of threats to your network. -
Page 6: About This Guide
1–2 Provides introductory information. Describes basic features that are common to the SSL Scanner and other Webwasher Web Gateway Security products. Describes filtering features that are common to the SSL Scanner and other Webwasher Web Gateway Security products. -
Page 7: Using Webwasher
Using Webwasher A user-friendly, task-oriented Web interface has been designed for handling the Webwasher features. It looks like this: The following sections provide some information to make you familiar with this interface. These sections: • List the first level tabs of this interface and explain their meanings, see 1.3.1. -
Page 8: First Level Tabs
Management, Reporting, Proxies, and Configuration Their meaning is as follows: Home, Common that are used not only by the SSL Scanner, but also by other Webwasher Web Gateway Security products. Among these features are system alerts, licensing features, media type filters, etc. -
Page 9: Configuring A Sample Setting
1.3.2 Configuring a Sample Setting This section explains how to configure a sample setting of a Webwasher fea- ture. The feature chosen here for explanation is the In order to avoid the download of bandwidth-consuming animated images, this filter detects and modifies or removes them. For this sample setting, just suppose you want to enable the filter and let it remove any such images from the filtered objects. - Page 10 Introduction default is selected in the line below Policy, which means that the settings you are going to configure now will be valid under your default filtering policy. So, leave this selection as it is. Otherwise, you could select a different filtering policy, using the drop-down list provided here.
-
Page 11: System Information
Make settings effective Click on the This completes the sample configuration. 1.3.3 General Features of the Web Interface This section explains more about the features that are provided in the Web interface for solving general tasks, e. g. applying changes to the Webwasher settings or searching for a term on the tabs of the interface. - Page 12 Introduction Clicking on this arrow will display a button, which you can use to apply changes to all policies. After clicking on this button, your modifications will be valid for settings of all policies. When you are attempting to leave a tab after modifying its settings, but without Apply clicking on changes:...
- Page 13 Introduction The click history is only recorded for the current session, i. e. until you log out. After logging in for a new session, the recording of tabs and paths will start all over again. Information Update Some parts of the information that is provided on the tabs of the Web interface will change from time to time.
- Page 14 Introduction Search Search input field and button are located in the top right corner of the Web interface area. Using these, you can start keyword queries of the entire Web interface by en- tering a search term in the input field and clicking on the The search output will be presented in a separate window, which displays a list of the tabs the search term was found on and the paths leading to them: Clicking on any of the entries displayed in the list will take you to the corre-...
-
Page 15: Other Documents
The Webwasher user documentation can be viewed after navigating to the Manuals tab of the Web interface. It can also be viewed on the Webwasher Extranet and in the Secure Computing Resource Center. Apply Changes Admin Super Administrator... -
Page 16: Documentation On Main Products
User’s Guide Anti-Malware Features for configuring anti-malware filtering policies. User’s Guide Anti-Spam Features for configuring anti-spam filtering policies. User’s Guide SSL Scanner Features for configuring – this document SSL-encrypted traffic filtering policies. Reference Guide Items concerning more than product, e. -
Page 17: Documentation On Special Products
1.4.2 Documentation on Special Products This section introduces the user documentation on the Webwasher Web Gate- way Security products for special tasks and environments. Document Group Content Reporter Documents Instant Message Filter Documents Special Environment Documents Appliances Documents Document Name What about? Content Reporter Installation Installing and configuring the... -
Page 18: The Webwasher Web Gateway Security Products
Webwasher® Anti-Virus Webwasher® Anti-Malware Webwasher® Anti-Spam Webwasher® SSL Scanner – this product 1–14 Helps you boost productivity by reducing non-business related surfing to a minimum, thus curbing your IT costs. Suppresses offensive sites and prevents downloads of inappropriate files, thus minimizing risks of legal liabilities. - Page 19 These two products have their own user interfaces, which are described in the corresponding documents: Webwasher® Features a library of rich, customizable reports based on built-in Content cache, streaming media, e-mail activity, Internet access and Reporter content filtering queries, all supported by unmatched convenience and performance features.
-
Page 21: Chapter 2 Home
The features that are described in this chapter are accessible over the tab of the Web interface: These are basic features that are common to the SSL Scanner and other Web- washer products, e. g. system alerts, contacting the support, licensing fea- tures, etc. -
Page 22: Overview
Overview The following overview shows the sections that are in this chapter: User’s Guide – Webwasher SSL Scanner Introduction Home Common SSL Scanner Dashboard The dashboard is invoked by clicking on the corresponding button under Home: After invoking the dashboard, the number and quality of system alerts is dis-... - Page 23 The dashboard provides the following tabs: They are described in the upcoming sections: Executive Summary, • Traffic Volume, • 2.2.2 System, • 2.2.3 Before this is done, however, the following subsection provides some general information on the dashboard. Handling the Dashboard The dashboard allows you to view summary information on a number of Web- washer and system parameters at a glance.
- Page 24 On the right side of a section, parameter values are shown as they developed in time, using either a line or a stacked mode, see also further below: More information about the values that are measured and displayed is provided in the upcoming sections.
- Page 25 Home Note that the color of a category in the selection list is also used when the category is displayed in proportion to other categories by means of a pie chart. Furthermore, this color is used to represent the category in stacked or line mode: There is a limit to the display of some parameters.
- Page 26 Home Since only the categories are shown that yielded the top six values or the categories you selected on your own, values that may have occurred in other categories are ignored here. To get a representation of the total amount of values, you need to select Others as a category: The values for five selected categories will then be shown, together with...
- Page 27 Selecting stacked or line mode • You can have parameter values displayed in stacked or line mode: — In line mode, lines are displayed to represent the development of values within a given time interval: — In stacked mode, filled-out areas are displayed to represent the de- velopment of values within a given time interval, but with value areas “stacked”...
-
Page 28: Executive Summary
Home 2.2.1 Executive Summary Executive Summary There are three sections on this tab: URL Executive Summary • Mail Executive Summary • Number of Feedbacks Sent • They are described in the following. 2–8 tab looks like this:... - Page 29 URL Executive Summary URL Executive Summary were processed by the Webwasher filters within a given time interval and either passed without restrictions or were blocked by one of these filters. Values are shown for the following action categories: Good • This category is for URLs that passed the Webwasher filters without any restrictions.
- Page 30 Home Spam level low • This category is for e-mails that were classified as low-level spam. Number of Feedbacks Sent Number of Feedbacks Sent that were sent to Webwasher by customers within a given time interval. Customers can send these feedbacks using the link provided in the Database Feedback edSource.
-
Page 31: Traffic Volume
2.2.2 Traffic Volume Traffic Volume There are two sections on this tab: Traffic Volume per Policy • Traffic Volume per Protocol • They are described in the following. Traffic Volume per Policy Traffic Volume per Policy see also the Prefix List at the end of this subsection) for the various policies that have been configured under Webwasher. - Page 32 Emergency • Prefix List The list below shows the prefixes that are used for multiples of bytes, with byte values calculated in binary mode, to measure and display, e. g. traffic volumes. It also shows the use of these prefixes with regard to multiples of 10 to measure and display other values, e.
-
Page 33: System
2.2.3 System System tab is shown here in two parts because of its size. The upper part of the tab looks like this: Home 2–13... - Page 34 The lower part looks like this: There are seven sections on this tab: Update Status • Open Ports • CPU Utilization • Memory Usage • Swap Utilization • Filesystem Utilization • Network Utilization • They are described in the following. 2–14...
- Page 35 Update Status Update Status section displays the status of several Webwasher filtering features, e. g. SmartFilter, Secure Anti Malware, etc., which can be updated to ensure that the latest filtering rules, methods, signatures, etc. are used by Webwasher. The following information is displayed for each feature: Feature •...
- Page 36 Home CPU Utilization CPU Utilization (All CPUs) the system Webwasher is running on have been used. within a given time interval. Values are shown for the following categories of CPU utilization: System • The percentage of the CPU utilization caused by the system Idle •...
- Page 37 Used • Amount of swap memory that was used Filesystem Utilization (Used Capacity) Filesystem (Used Capacity) memory on the file systems where the various Webwasher folders reside. Memory values are shown as they occurred within a given time interval. They are shown for the following folders: Webwasher temp Folder •...
-
Page 38: Overview (Feature)
Overview (Feature) Overview options are invoked by clicking on the corresponding button Home: under The options are arranged under the following tab: They are described in the upcoming section: •... -
Page 39: Overview (Feature)
2.3.1 Overview (Feature) Overview tab looks like this: There are four sections on this tab: System Alerts • System Summary • One-Click Lockdown • Version Information • They are described in the following. Home 2–19... - Page 40 Home System Alerts System Alerts This section displays alerts to make you aware of any problems concerning the system status. The function underlying these alerts is also known as “Security Configurator”. To the left of each alert text, a field in red, orange, or yellow color indicates the relative importance of the alert.
- Page 41 System Summary System Summary section looks like this: This section displays information on the system status. Information is provided on the user who is currently logged in and on the anti virus engines that are installed showing also their current versions. Furthermore, the last updates of the databases containing the rules for filtering URLs, viruses and spam are displayed, as well as the version of the certificate revocation list.
- Page 42 To enable the emergency mode: Activate emergency mode • Click on the This button is a toggle switch. After enabling the emergency mode, the inscrip- tion on it will read To disable the emergency mode: Back to normal mode • Click on the When the emergency mode is enabled, there is also an alert in the Alerts section of this tab to remind you it is enabled:...
-
Page 43: Support
Support Support options are invoked by clicking on the corresponding button un- Home: The options are arranged under the following tab: They are described in the upcoming section: Support, • 2.4.1 Support Support tab looks like this: There is one section on this tab: Assistance •... -
Page 44: Trustedsource
The options are arranged under the following tabs: They are described in the upcoming section: TrustedSource, • Malware Feedback Black List, • Feedback, • 2–24 section provides a link to contact the Secure Computing tech- options are invoked by clicking on the corresponding but- 2.5.1 2.5.2 2.5.3... - Page 45 2.5.1 TrustedSource TrustedSource There are four sections on this tab: Spam False Positives Feedback Queue • Spam False Negatives Feedback Queue • Malware Feedback Queue • URL Feedback • They are described in the following. Spam False Positives Feedback Queue Spam False Positives Feedback Queue Using this section, you can configure the sending of feedback in order to im- prove the spam filter.
- Page 46 E-mails that were released from a queue after receiving a digest e-mail will be copied to the false positives queue and sent from there to Secure Computing. This feature is not enabled by default. If you would like to help improve the spam filter, please mark the checkbox next to the section heading.
- Page 47 Spam False Negatives Feedback Queue Spam False Negatives Feedback Queue Using this section, you can configure the sending of feedback in order to im- prove the spam filter. You can send e-mails that have erroneously not been classified as spam to an address that is configured in this section.
- Page 48 • From this drop-down list, select an e-mail queue. E-mails and small down- loads matching the criteria explained above will be moved to this queue as malware and later be sent to Secure Computing. 2–28 Queue Management See Content of Queue...
- Page 49 The queue should be used for no other purpose than that of collecting malware since it will be cleared after e-mails and downloads have been sent off. To see the e-mails that are in this queue, click on the Queue link next to the drop-down list.
-
Page 50: Malware Feedback Black List
Home Use the following item to configure the URL feedback: Send interval in . . . minutes • In the input field provided here, enter a time interval (in minutes) to specify the time that is to elapse between sending e-mails. The default interval is 240 minutes. - Page 51 Malware Feedback Media Type Black List Malware Feedback Media Type Black List Using this section, you can add a media type to the Media Type Black List for malware feedback. Objects belonging to the media types on this list will not be entered in the malware feedback queue.
- Page 52 Home To sort the list in ascending or descending order, click on the symbol next to Media Type To edit an entry, type the appropriate text in the input field of the column and enable or disable the following options: Ignore in media type filter •...
-
Page 53: Feedback
Feedback E-Mail Address Feedback E-Mail Address Using this section, you can send feedback concerning the Webwasher prod- ucts to Secure Computing. To send your feedback, click on the provided in this section. This will open an e-mail message sheet, which you can fill in and send off. -
Page 54: Manuals
URL Filter Database Feedback URL Filter Database Feedback Using this section, you can submit uncategorized or incorrectly categorized URLs to Secure Computing. To do this, click on the section. This will launch the login page for accessing the Webwasher Extranet. After successfully logging in there, a Welcome Page is displayed. -
Page 55: Documentation On Main Products
2.6.1 Documentation on Main Products Documentation on Main Products There are three sections on this tab: General Documents • Product Documents • Reference Document • They are described in the following. General Documents General Documents This section allows you to view user documentation on planning, installing and configuring Webwasher in general. - Page 56 Home To view any of the documents listed here, click on the line. This will open a Product Documents Product Documents This section allows you to view user documentation on individual Webwasher products. To view any of the documents listed here, click on the line.
-
Page 57: Documentation On Special Products
2.6.2 Documentation on Special Products Documentation on Special Products There are four sections on this tab: Content Reporter Documents • Instant Message Filter Documents • Special Environment Documents • Appliance Documents • They are described in the following. Content Reporter Documents Content Reporter Documents This section allows you to view user documentation on the Webwasher report- ing tool. - Page 58 Home Instant Message Filter Documents Instant Message Filter Documents This section allows you to view user documentation on the Webwasher instant message filtering tool. To view any of the documents listed here, click on the line. This will open a Special Environment Documents Special Environment Documents This section allows you to view user documentation on setting up Webwasher...
-
Page 59: Additional Documentation
To view any of the documents listed here, click on the line. This will open a 2.6.3 Additional Documentation Additional Documentation There is one section on this tab: Release Notes • It is described in the following. Release Notes Release Notes This section allows you to view release notes and other documents containing the latest information on the Webwasher products. -
Page 60: Preferences
Home Preferences Preferences Home: under The options are arranged under the following tab: They are described in the upcoming section: Preferences, • 2.7.1 Preferences Preferences There are three sections on this tab: Change Password • View Options • Access Permissions •... - Page 61 They are described in the following. Change Password Change Password section looks like this: Using this section, you can change the password you are using for access to Webwasher. After specifying the appropriate input here, click on the new password effective. Use the following input fields to change your password: Current Password •...
- Page 62 If you are only interested in viewing and configuring settings for Web traffic, you can hide the e-mail related settings and vice versa. Furthermore, you can configure the change warner dialog and the configura- tion hash to be displayed or not. After specifying the appropriate settings, click on them effective.
- Page 63 To what extent you are allowed to configure access permissions for other ad- ministrators, depends on your seniority level. This is measured by a value between 0 and 100. You can only configure permissions for administrators with seniority levels lower than your own. On the other hand, you may find your right to access Webwasher restricted or denied when trying to log in because an administrator with an equal or higher seniority level is currently logged in and has configured the corresponding set-...
-
Page 64: License
Allow read only access — Check this radio button to allow read only access. Deny simultaneous access • Check this radio button to deny simultaneous access. License License options are invoked by clicking on the corresponding button un- Home: The options are arranged under the following tabs: They are described in the upcoming sections: Information, •... -
Page 65: Information
2.8.1 Information Information There are four sections on this tab: License Information • Webwasher End User License Agreement • Import License • Licensed Products • They are described in the following. tab looks like this: Home 2–45... - Page 66 Home License Information License Information This section displays information regarding the license of the Webwasher soft- ware. Information is provided on the company that purchased the license, the time interval during which the license is valid and other licensing issues. Webwasher End User License Agreement Webwasher End User License Agreement This section allows you to view the most recent version of the Webwasher end...
- Page 67 To import a license, proceed as follows: Browse 1. Click on the button provided here and browse for the license file you want to import. Before you can import it, you will have to accept the end user license agreement. To read it, click on the provided here.
-
Page 68: Notification
Home 2.8.2 Notification Notification There are two sections on this tab: System Notifications • Too Many Clients • They are described in the following. System Notifications System Notifications Using this section, you can configure e-mail notifications on license issues. These will be sent to the e-mail address of the recipient you specify here. 2–48 tab looks like this: section looks like this:... - Page 69 After specifying the appropriate information, click on your settings effective. Use the following items to configure the system notifications: Send notification upon license expiry • Make sure the checkbox provided here is marked if you want to use this option, and enter the recipient of the notification in the Send notification if number of licensed clients will soon be ex- •...
- Page 70 Home Using this section, you can configure messages to be written to the system log if connections were refused due to heavy work load or license exhaustion. After specifying the appropriate settings, click on them effective. Use the following items to configure log messages: Enable message to be written to system log •...
-
Page 71: Chapter 3 Common
The features that are described in this chapter are accessible over the tab of the Web interface: These are filtering features that are common to the SSL Scanner and other Webwasher products, e. g. media type filters, the document inspector, the white list, etc. -
Page 72: Overview
Common Overview The following overview shows the sections that are in this chapter: User’s Guide – Webwasher SSL Scanner Introduction Home Common SSL Scanner 3–2 – this section Overview Quick Snapshot, see Policy Settings Media Type Filters, see Document Inspector, see... -
Page 73: Quick Snapshot
Quick Snapshot Quick Snapshot on the corresponding button under Common: The following tab is then provided: It is described in the upcoming section: Quick Snapshot, • for the common filtering functions is invoked by clicking 3.2.1 Common 3–3... - Page 74 Common 3.2.1 Quick Snapshot Quick Snapshot There are four sections on this tab: Frequent Media Types by Hits • Frequent Media Types by Volume • Media Types by Hits • Media Types by Volume • 3–4 tab looks like this:...
- Page 75 They are described in the following. Before this is done, however, the following subsection provides some general information on the quick snapshot features. Handling the Quick Snapshot The quick snapshot features on this tab allow you to view summary information about several media type filtering parameters at a glance.
- Page 76 Common There is, however, a property of the quick snapshot features that is not present on the dashboard tabs. It is described in the following: Resetting top value lists • Media Types by Hits For the top value lists are displayed, using the length of bars to indicate the number of hits or the amount of bytes for various media types: You can choose to view the top 10, 25, etc., using a drop-down list: The top value lists can be reset with a reset button:...
- Page 77 Media Types by Hits Media Types by Hits e. the media types that were most often processsed by the Media Type Filter, showing the number of hits for each of them. Hit numbers are accumulated until the section is reset. The following information is displayed for each media type: Media type •...
-
Page 78: Media Type Filters
Common Media Type Filters Media Type Filters Common: button under If you want to enable any of these options, make sure the checkbox on this button is also marked. The checkbox is marked by default. After modifying the setting of this checkbox, click on the modification effective. -
Page 79: Actions
3.3.1 Actions Actions tab looks like this: There are two sections on this tab: Media Type Filter • Web Upload Filter • They are described in the following. Common 3–9... - Page 80 Common Media Type Filter Media Type Filter Using this section, you can configure actions, e. g. Block, notify, Allow, etc., for the Media Type Filter. This filter manages the flow of incoming media types for HTTP and FTP down- loads, as well as for SMTP. A media (content) type is a general category of data content, such as an ap- plication, audio content, a text message, an image, a video stream, etc.
- Page 81 Non-rectifiable media types with magic bytes mismatch • The actions configured here will be executed when content types do not match their magic byte sequence. JPEG So, e. g., a image named as a action, even though each of these media types are acceptable. Response without Content-Type header •...
- Page 82 Common Furthermore, you need to enable an option on the use this filter. To do this, click on the bottom of this section. The option in question is labeled filters on uploaded and posted Use the drop-down lists provided here to configure actions for the Web Upload Filter: Maximal size of uploaded parameter .
-
Page 83: Media Type Black List
3.3.2 Media Type Black List Media Type Black List There is one section on this tab: Media Type Black List • It is described in the following. tab looks like this: Common 3–13... - Page 84 Common Media Type Black List Media Type Black List Using this section, you can add a media type to the Media Type Black List. Objects belonging to the media types on this list will be blocked. To add a media type to the black list, use the area labeled: Service Name •...
- Page 85 Add to Media Type Black List — After selecting a media type, click on this button to add it to the list. This addition will be valid only under the policy you are currently con- figuring. To add a media type to the black list for all policies, mark the checkbox Add to all policies labeled The Media Type Black List is displayed at the bottom of this section.
-
Page 86: Media Type White List
Common 3.3.3 Media Type White List Media Type White List There is one section on this tab: Media Type White List • It is described in the following. 3–16 tab looks like this:... - Page 87 Media Type White List Media Type White List Using this section, you can add a media type to the Media Type White List. Objects belonging to the media types on this list will be allowed. To add a media type to the white list, use the area labeled: Select media type from catalog •...
- Page 88 Common Add to Media Type White List — After selecting a media type, click on this button to add it to the list. This addition will be valid only under the policy you are currently con- figuring. To add a media type to the white list for all policies, mark the checkbox Add to all policies labeled The Media Type White List is displayed at the bottom of this section.
-
Page 89: Document Inspector
Document Inspector Document Inspector ing button under If you want to enable any of these options, make sure the checkbox on this button is also marked. The checkbox is marked by default. After modifying the setting of this checkbox, click on the modification effective. - Page 90 Common 3.4.1 Document Inspector Document Inspector There are five sections on this tab: Document Download Filter • Document Upload Filter • Document Mail Filter • Document Types • General Options • They are described in the following. 3–20 tab looks like this:...
- Page 91 Document Download Filter Document Download Filter Using this section, you can configure actions for inbound office documents that may enter your corporate network from the Web and are potentially malicious. The document formats that can be filtered include Microsoft Word 97-2003, Mi- crosoft Excel 95-2003, Microsoft PowerPoint 95-2003 and all known versions of Adobe Portable Document Format (PDF).
- Page 92 Common To view or modify the actions that are currently configured for these actions, Text Categorization click on the This will take you to the to the corresponding settings. Document Upload Filter Document Upload Filter Using this section, you can configure actions for outbound user-originating of- fice documents that are potentially malicious.
- Page 93 Document Mail Filter Document Mail Filter Using this section, you can configure actions for office documents that are .pdf attached to e-mails, e. g. a The document formats that can be filtered include Microsoft Word 97-2003, Mi- crosoft Excel 95-2003, Microsoft PowerPoint 95-2003 and all known versions of Adobe Portable Document Format (PDF).
- Page 94 Common Document Types Document Types Using this section, you can configure which of the filters that are accessible over the other sections of this tab should be applied to which document for- mats. The document formats that can be filtered include Microsoft Word 97-2003, Mi- crosoft Excel 95-2003, Microsoft PowerPoint 95-2003 and all known versions of Adobe Portable Document Format (PDF).
- Page 95 Use the following checkboxes to modify the assignment of filters to document formats: Download Filter • Mark or clear the checkboxes in this line to have the download filter apply to the corresponding document formats. Upload Filter • Mark or clear the checkboxes in this line to have the upload filter apply to the corresponding document formats.
-
Page 96: Archive Handler
Common Structured Storage document, like Visio or MSI, not readable • From the drop-down lists provided here, select actions for documents in Web and e-mail traffic, e. g. These actions will be executed if a structured storage document is unread- able. - Page 97 The options are arranged under the following tab: They are described in the upcoming section: Archive Handler, • 3.5.1 Archive Handler Archive Handler There are two sections on this tab: Archive Handling • Archive Handling Options • They are described in the following. 3.5.1 tab looks like this: Common...
- Page 98 The Archive Handler decompresses the members of an archive one-by-one, and passes them on to the virus scanner. When the archive member containing the virus is decompressed, virus scanner detects the virus, so the archive can be blocked.
-
Page 99: Generic Header Filter
After specifying the appropriate settings click on them effective. Use the following input fields to configure limits for archives: Maximum size of unpacked archive • Enter the maximum size (in MB) here that should be allowed for an archive. Maximum recursion level •... - Page 100 Common 3.6.1 Generic Header Filter Generic Header Filter There is one section on this tab: Header Filter List • It is described in the following. 3–30 tab looks like this:...
- Page 101 Common Header Filter List Header Filter List section looks like this: Using this section, you can configure the Generic Header Filter to delete head- ers and header content, add customized headers, modify existing header con- tent, and execute any pre-defined or customized action on appropriate filtering conditions.
-
Page 102: Generic Body Filter
Common Generic Body Filter Generic Body Filter Common: button under If you want to enable any of these options, mark the checkbox that is on this button. Apply Changes Then click on These are policy-dependent options, i. e. they are configured for a particular policy. - Page 103 3.7.1 Generic Body Filter Generic Body Filter There is this section on this tab: Body Filter List • It is described in the following. tab looks like this: Common 3–33...
- Page 104 Common Body Filter List Body Filter List Using this section, you can configure the Generic Body Filter blocking and other actions for Web and e-mail content according to keywords, regardless of the URL it originates from. So, you could use the Generic Body Filter, e. g. to block Win32 executables. When configuring the filter, rules are set up of the following format: If the 2nd byte of a file has the value of n, and the 3rd byte does not have the value of n, and within the bytes 100 to 200 a string of...
-
Page 105: Advertising Filters
So, to block, e. g. all HTML pages encoded as rule like the following: 0-128 Contains I"<\00h\00t\00m\00l\00" Or 0-128 Contains I"\00<\00h\00t\00m\00l" With this rule, the first expression blocks UTF-16LE, and the second blocks UTF-16BE. The rules for filtering body content in this way and the actions that are exe- cuted when a rule matches, are entered in the fields of this section. -
Page 106: Settings
Common 3.8.1 Settings Settings tab looks like this: There are six sections on this tab: Link Filter • Dimension Filter • Popup Filter • Script Filter • Animation Filter • 3–36... - Page 107 Advertising Filter Settings • They are described in the following. Link Filter Link Filter section looks like this: Using this section, you can configure the filtering of content based on informa- tion from the URL of an object and specify different types of content that you want to have filtered.
- Page 108 Common...
- Page 109 Text links — Enables or disables the filtering of text links. A text link is the grouping of linked text that, when clicked on, takes you to another page either within the same Web site, or to an entirely different Web server. It will often open up another browser window when clicked on.
- Page 110 Common Their meaning is as follows: Images — Enables or disables the filtering of images. Applets — Enables or disables the filtering of Java applets. These are small programs accompanying a Web page that is sent to a user. Java applets are able to perform interactive animations, instant calculations and conversions etc., without having to send a user re- quest back to the server.
- Page 111 Use the following checkbox to configure the additional setting: Also disable manually opened windows • If this option is enabled, pop-ups will not be opened even if the user clicks on the corresponding link. Script Filter Script Filter section looks like this: Using this section, you can configure a filter to manage the code that manipu- lates browsers and systems.
- Page 112 Common Prevent modification of the browser’s status bar • If this option is enabled, the filter will prevent the status bar of the browser from being modified by a Web page, i. e. scrolling text. Animation Filter Animation Filter Using this section, you can configure a filter to detect animated images. Ani- mations will either be filtered completely or restricted in their execution.
- Page 113 Advertising Filter Settings Advertising Filter Settings Using this section, you can configure settings that will apply to all the filters on this tab. After specifying the appropriate settings, click on them effective. Use the following checkboxes and radio buttons to configure these settings: Replace filtered objects with •...
-
Page 114: Link Filter List
Common Then check the radio buttons below to further specify the exclusion: the same path — Enable this option to exclude objects within the same place from filter- ing. the same domain — Enable this option to exclude objects within the same domain from fil- tering. - Page 115 Link Filter List Link Filter List section looks like this: Using this section, you can add URLs to the Link Filter List and edit them. To do this, use the area labeled: Add new URL • String International Domain Name Select down lists provided here.
- Page 116 Common do not filter — Enable this option to exclude the URL you entered above from filtering. Add to Link Filter List — After specifying the information for a URL, click on this button to add it to the list. This addition will be valid only under the policy you are currently con- figuring.
-
Page 117: Dimension Filter List
3.8.3 Dimension Filter List Dimension Filter List There is this one section on this tab: Dimension Filter List • It is described in the following. tab looks like this: Common 3–47... - Page 118 Common Dimension Filter List Dimension Filter List Using this section, you can add dimension settings to the Dimension Filter List and edit them. These an be used for filtering images, applets and plug-ins. To do this, use the area labeled: Add new dimension •...
- Page 119 Add to Dimension Filter List — After specifying the dimensions settings in the way described above, click on this button to add them to the list. This addition will be valid only under the policy you are currently con- figuring. To add dimensions to the list for all policies, mark the checkbox labeled Add to all policies before clicking on the button.
-
Page 120: Privacy Filters
Common Privacy Filters Privacy Filters Common: ton under If you want to enable any of these options, mark the checkbox that is on this button. Apply Changes Then click on These are policy-dependent options, i. e. they are configured for a particular policy. -
Page 121: Settings
3.9.1 Settings Settings tab looks like this: There are four sections on this tab: Web Bug Filter • Referer Filter • Prefix Filter • Cookie Filter • They are described in the following. Web Bug Filter Web Bug Filter section looks like this: Common 3–51... - Page 122 Common Using this section, you can configure a filter to eliminate Web bugs. These are also known as clear GIFs or Web beacons. They are are usually 1 pixel x 1 pixel mini-images in size and are used to track user navigation behavior on Web sites and in e-mail to see if an e-mail was opened by the recipient.
- Page 123 It leaves the referer unaffected if you the user moves through the same or subsequent path. This option may be enabled if user movement should be hidden, but there are services that rely on a referer to work properly. if the domain is different —...
- Page 124 Common Cookie Filter Cookie Filter Using this section, you can configure a filter to block bad cookies. You can set the life span for neutral cookies or let them expire after finishing the browser session. The Cookie Filter controls the data stream between users and the Web in both directions, a requirement for efficient filtering.
- Page 125 Neutral cookies expire after • Use the radio buttons and input fields provided here in the following way: a time period of . . . h . . . min — Make sure this radio button is checked if you want to configure a life span for neutral cookies.
-
Page 126: Cookie Filter List
Common 3.9.2 Cookie Filter List Cookie Filter List There is one section on the tab: Cookie Filter List • It is described in the following. 3–56 tab looks like this:... - Page 127 Cookie Filter List Cookie Filter List section looks like this: Using this section, you can add entries to the Cookie Filter List and edit them. Shell expressions in this list will be compared to the domain where the cookie was sent from or will be sent to, in order to determine whether the cookie is good, neutral or bad.
-
Page 128: Text Categorization
Common The Cookie Filter List is displayed at the bottom of this section. To display only a particular number of list entries at a time, type this number in the input field labeled Enter key of your keyboard. If the number of entries is higher than this number, the remaining entries are shown on successive pages. -
Page 129: Settings
To do this, select a policy from the drop-down list labeled Policy, which is lo- Media Type Filters cated above the The options are arranged under the following tabs: They are described in the upcoming sections: Settings, • Categorization List, •... - Page 130 Common Text Categorization Text Categorization Using the text categorization filter you can specify single keywords and combi- nations of words and filter office documents and e-mail attachments containing these words. In this section, you configure the actions that should be taken whenever the text categorization filter matches.
-
Page 131: Categorization List
3.10.2 Categorization List Categorization List There is one section on this tab: Text Categorization List • It is described in the following. tab looks like this: Common 3–61... - Page 132 Common Text Categorization List Text Categorization List Using the text categorization filter you can specify single keywords and combi- nations of words and filter office documents and e-mail attachments containing these words. In this section, you can configure rules for the keywords and combinations of keywords that should be filtered and add them to the Text Categorization List.
- Page 133 In the input fields, enter the words or word combinations you want to filter, e. g. Bahamas, Maledives, lowing: Bahamas AND Maledives AND NOT work [term 1] more than [term 2] times per [term 3] words — Check the radio button in this line to configure a rule according to the second method provided here.
-
Page 134: Http Method Filter List
Common Use the following items to perform other activities relating to the list: Filter • Type a filter expression in this input field and enter it using the of your keyboard. The list will then display only entries matching the filter. Delete Selected •... - Page 135 3.11.1 HTTP Method Filter List HTTP Method Filter List There is one section on this tab: HTTP Method Filter List • It is described in the following. tab looks like this: Common 3–65...
- Page 136 Common HTTP Method Filter List HTTP Method Filter List Using this section, you can configure rules for assigning actions to particular HTTP methods that occur in user requests and add these rules to a list. The rules may also include a categorization of the method and specify the URL it is applied to.
- Page 137 Category — From this drop-down list, select a URL filtering category you want to assign to the HTTP method. Setting this category is also optional. Action — From this drop-down list, select the action you want to have executed if the rule matches. Continue —...
-
Page 138: Ftp Command Filter List
Common Use the following items to perform other activities relating to the list: Filter • Type a filtering term in the input field of the or in both or select a method, category or action or any combination of them from the drop-down lists and enter this using the keyboard. - Page 139 These are policy-dependent options, i. e. they are configured for a particular policy. When you are configuring these options, you need to specify this policy. To do this, select a policy from the drop-down list labeled Policy, which is lo- Media Type Filters cated above the The options are arranged under the following tab:...
- Page 140 Common FTP Command Filter List FTP Command Filter List Using this section, you can configure rules for assigning actions to particular FTP commands that occur in user requests and add these rules to a list. The rules may also include a categorization of the command and specify the URL it is applied to.
- Page 141 Common To add a rule to the list, use the area labeled: Add rule • Use the following items to configure the rule: Command category —...
- Page 142 Common The FTP Command Filter List is displayed at the bottom of the section. You can edit list entries, change their order or delete them. To display only a particular number of list entries at a time, type this number in the input field labeled key of your keyboard.
-
Page 143: Welcome Page
3.13 Welcome Page Welcome Page Common: button under If you want to enable any of these options, mark the checkbox that is on this button. Apply Changes Then click on These are policy-dependent options, i. e. they are configured for a particular policy. -
Page 144: Welcome Page
Common 3.13.1 Welcome Page Welcome Page There are three sections on this tab: Welcome Page Options • Manipulate User History • Upload • They are described in the following. Welcome Page Options Welcome Page Options Using this section, you can configure options for the Welcome Page. You can configure the time and frequency of its appearance and also if it should appear at all. - Page 145 Use the following items to configure the Welcome Page options: Show once a day at . . . • To let the Welcome Page appear only once a day, make sure the radio button provided here is checked and enter the time of appearance in the input field.
- Page 146 Common Show again • Click on this button to let the Welcome Page appear again for this user. This means that the page is displayed not only once, but also for the following requests of this user. Show never again •...
- Page 147 Use the following items to handle the upload of a Welcome Page: Filename • In this input field, enter the name of the file you want to upload. Type the Browse file name or use the file. Upload Then click on the Store as •...
-
Page 148: White List
Common 3.14 White List White List options are invoked by clicking on the corresponding button Common: under These are policy-dependent options, i. e. they are configured for a particular policy. When you are configuring these options, you need to specify this policy. To do this, select a policy from the drop-down list labeled Policy, which is lo- Media Type Filters cated above the... - Page 149 3.14.1 White List White List tab looks like this: There is one section on this tab: White List • It is described in the following. Common 3–79...
- Page 150 Common White List White List section looks like this: Using this section, you can add an object to the White List and exclude it from the application of particular Webwasher filters. The objects can be specified using shell expressions. Furthermore, you can . specify the type of object you would like to exclude from filtering, e.
- Page 151 To add an object to the white list, use the area labeled: Add new entry • String International Domain Name Select down lists provided here. In the input field next to it, enter a string to specify the object using shell expressions.
- Page 152 Common To sort the list in ascending or descending order, click on the symbol next to Media Type To edit an entry, type the appropriate text in the input field for the object name or its description and enable or disable the filters as needed. Apply Changes Then click on more than one entry and make the changes effective in one go.
-
Page 153: User Defined Categories
3.15 User Defined Categories User Defined Categories sponding button under The options are arranged under the following tab: They are described in the upcoming section: User Defined Categories, • 3.15.1 User Defined Categories User Defined Categories There is one section on this tab: User Defined Categories •... - Page 154 Common User Defined Categories User Defined Categories Using this section, you can configure your own categories for URL classifica- tion with names and abbreviated name formats. You can configure up to 15 categories this way. The abbreviated format is needed for two purposes: the log files and the X-Attribute header.
-
Page 155: Media Type Catalog
Category 1 to Category n • In the input fields provided here, enter the category names you want to use and the abbreviated formats of these names. 3.16 Media Type Catalog Media Type Catalog ing button under The options are arranged under the following tab: They are described in the upcoming section: Media Type Catalog, •... - Page 156 Common 3.16.1 Media Type Catalog Media Type Catalog There is one section on this tab: Media Type Catalog • It is described in the following. 3–86 tab looks like this:...
- Page 157 Common Media Type Catalog Media Type Catalog section looks like this: Using this section, you can add a media type to the Media Type Catalog. A media (content) type is a general category of data content, such as an ap- plication, audio content, a text message, an image, a video stream, etc.
- Page 158 Common The media type tells the application that receives the data what kind of appli- cation is needed to process the content, e. g. Real Audio is to play the audio content for a user. Each of these media types also have subtypes, e. g. the text media type has four subtypes: plain, rich text, enriched, and tab-separated values.
- Page 159 Magic Bytes — In the input fields provided here, enter up to five magic byte sequences and their offsets to identify a media type: Offset In the input fields of this column enter the offset values for the magic byte sequences. Magic Bytes In the input fields of this column enter the values for the magic byte sequences themselves.
-
Page 161: Chapter 4 Ssl Scanner
Chapter 4 SSL Scanner The features that are described in this chapter are accessible over the Scanner tab of the Web interface: These features allow you to configure the filtering of SSL-encrypted traffic, thus protecting your network against viruses and other malicious content that may be hidden behind the SSL encryption. -
Page 162: Overview
Certificate Verification, see Scan Encrypted Traffic, see Certificate List, see Trusted Certificate Authorities, see Policy-Independent Global Certificate List, see Settings Global Trusted Certificate Authorities, see Incident Manager, see for the SSL Scanner functions is invoked by clicking on Scanner: 4.2.1... - Page 163 • Select a time interval for display, using the • Select stacked or line mode for display by checking the corresponding radio button: For a more detailed description of these activities, see the subsection labeled Handling the Dashboard SSL Scanner Show last drop-down list: 4–3...
- Page 164 4.2.1 Quick Snapshot Quick Snapshot There is one section on this tab: Certificate Verification Overview • It is described in the following. Certificate Verification Overview Certificate Verification Overview Webwasher has completed a verification process for a certificate. The result of the process may be a blocking or an another action that has previously been configured.
-
Page 165: Certificate Verification
These are policy-dependent options, i. e. they are configured for a particular policy. When you are configuring these options, you need to specify this policy. options are invoked by clicking on the corre- SSL Scanner: Apply Changes SSL Scanner to make... - Page 166 SSL Scanner To do this, select a policy from the drop-down list labeled Policy, which is lo- Certificate Verification cated above the The options are arranged under the following tab: They are described in the upcoming section: Certificate Verification, •...
- Page 167 Furthermore, there is this section on the tab: Certificate Verification • It is described in the following. Certificate Verification Certificate Verification Using this section, you can configure actions for particular verification tests. After specifying the appropriate settings, click on them effective. Verification tests can be configured and performed according to the following criteria: •...
-
Page 168: Scan Encrypted Traffic
SSL Scanner If the Common Name in a certificate is, e. g. abcde.com, but the Web server’s URL is in fact www.abcde.com, no match is achieved. Wildcard matches host name • Compares the wildcard used in a certificate to represent a Common Name to the host name. - Page 169 Scan Encrypted Traffic Scan Encrypted Traffic There are three sections on this tab: Tunneling by Category • Client Certificate Handling • Decryption Warning • They are described in the upcoming sections. button: 4.4.1 tab looks like this: SSL Scanner 4–9...
- Page 170 SSL Scanner Tunneling by Category Tunneling by Category Using this section, you can configure tunneling for particular URL filtering cat- egories. You can configure up to three categories for tunneling. These may pre-defined or user-defined categories. If you want to use additional categories, you need to enter them in the icy>.ini...
- Page 171 Bypass SSL Scanner — The SSL Scanner is bypassed completely, i. e. no activities whatso- ever are performed. Client Certificate Handling Client Certificate Handling Using this section, you can configure what should happen if the server that is requested by a client asks for a client certificate.
- Page 172 Verify server certificate, but do not decrypt session • Enable this option, to have the server certificate checked by the verification process. If this is passed successfully, the corresponding session is tunneled and allowed. Block Session • Enable this option to forbid access to the server. Decryption Warning Decryption Warning Using this section, you can configure a decryption warning for HTTPS traffic.
-
Page 173: Certificate List
Certificate List Certificate List SSL Scanner: ton under If you want to enable any of these options, mark the checkbox that is on this button. Apply Changes Then click on These are policy-dependent options, i. e. they are configured for a particular policy. - Page 174 4.5.1 Certificate List Certificate List There is one section on this tab: Certificate List • It is described in the following. Certificate List Certificate List Using this section, you can add new exceptions to the list of certificates. You can also configure actions for an exception relating to the certificate or host in question.
- Page 175 Only Cert not available Checking Only not available Decryption SSL Scanner method means that the certificate issued by host not available The exception is blocked. The activities of the SSL Scanner are bypassed and no verification process is executed.
- Page 176 SSL Scanner by host — Enabling the certificate being included in the verification process. If the latter method is chosen, shell expressions, e. g. *.webwasher.com, may be used to specify an exception. After enabling this method, select an action from the drop-down list provided here.
-
Page 177: Trusted Certificate Authorities
They are described in the upcoming section: Trusted Certificate Authorities, • Apply Changes Select all checkbox and click on this button. options are invoked by clicking on the SSL Scanner: Certificate Verification button: 4.6.1 to make these settings effective. Enter Select checkbox next 4–17... - Page 178 SSL Scanner 4.6.1 Trusted Certificate Authorities Trusted Certificate Authorities At the top of this tab, there is the A click on this link will take you to the tab with the same name, where you can add Certificate Authorities to the list or delete them.
- Page 179 Select an action here that should be taken if the first known CA is untrusted. Only unknow CAs found • Select an action here that should be taken if only unknown CAs have been found. SSL Scanner Trusted Certificate Authorities Known Certificate Authorities Block & Log Incident, if you part, e.
- Page 180 SSL Scanner Trusted Certificate Authorities Trusted Certificate Authorities This section provides the list of Trusted Certificate Authorities (CAs). Also pro- vided is a list of known CAs, from which you can select CAs to include them in the list of trusted CAs. When including a CA in this list, you can configure it as trusted or not trusted.
- Page 181 To make the addition valid for all policies, mark the checkbox labeled to all policies before proceeding any further. Then click on either of these two buttons, according to whether you want to add the CA as trusted or not trusted: Trust —...
-
Page 182: Global Certificate List
The options are arranged under the following tab: They are described in the upcoming section: Global Certificate List, • 4.7.1 Global Certificate List Global Certificate List 4–22 options are invoked by clicking on the corre- SSL Scanner: 4.7.1 tab looks like this: Apply Changes to make... - Page 183 After enabling this method, select an action from the drop-down list provided here. section looks like this: method means that the certificate issued SSL Scanner 4–23...
- Page 184 4–24 by certificate The exception is allowed. The exception is blocked. The activities of the SSL Scanner are bypassed and no verification process is executed. The exception is allowed, but a warning is displayed. not available not available...
- Page 185 To delete all entries, mark the depth 0 certificate and so on. and enter it using the to make these settings effective. Select Select all checkbox and click on this button. SSL Scanner by cer- depth = Enter checkbox next 4–25...
-
Page 186: Global Trusted Certificate Authorities
SSL Scanner Global Trusted Certificate Authorities Global Trusted Certificate Authorities on the corresponding button under The options are arranged under the following tab: They are described in the upcoming section: Global Trusted Certificate Authorities, • 4.8.1 Global Trusted Certificate Authorities... - Page 187 Trusted Certificate Authorities Trusted Certificate Authorities This section provides the global list of Trusted Certificate Authorities (CAs), i. e. the list that is valid for all policies configured under Webwasher. If a CA is also in a policy-dependent list, the settings configured for this list will prevail.
-
Page 188: Incident Manager
SSL Scanner If the number of entries is higher than this number, the remaining entries are shown on successive pages. A page indicator is then displayed, where you can select a particular page by clicking on the appropriate arrow symbols. - Page 189 Incident Manager, • 4.9.1 Incident Manager Incident Manager There is one section on this tab: Incident Manager • It is described in the following. Incident Manager Incident Manager 4.9.1 tab looks like this: section looks like this: SSL Scanner 4–29...
- Page 190 SSL Scanner Using this section, you can inspect and manage incidents relating to SSL-en- crypted communication. The Incident Manager enables you to retrieve washer instances. It synchronizes and displays them, adding hosts or certifi- cates to the policy-dependent or independent (global) certificate list.e incident.dat...
- Page 191 - If an incident was caused by a self-signed - If an incident was caused C(ommon Name), E(xpired), failure attributes. by certificate host. Delete button. If you wish to process an entry Delete buttons in the same line. SSL Scanner by certifi- S(elf- method cannot be 4–31...
Need help?
Do you have a question about the SSL Scanner and is the answer not in the manual?
Questions and answers