1. Manuals
  2. Brands
  3. M86 Security Manuals
  4. Security System
  5. Threat Analysis Reporter
  6. User manual

M86 Security Threat Analysis Reporter User Manual

Hide thumbs
Table of Contents

Advertisement

Quick Links

Download this manual
M86 Threat Analysis Reporter

USER GUIDE

Software Version: 2.1.10
Document Version: 06.01.10

Advertisement

Table of Contents
loading

Related Manuals for M86 Security Threat Analysis Reporter

Summary of Contents for M86 Security Threat Analysis Reporter

  • Page 1: User Guide

    M86 Threat Analysis Reporter USER GUIDE Software Version: 2.1.10 Document Version: 06.01.10...
  • Page 2 M86 Security shall not be liable for any error or for incidental or consequential damages in connection with the furnishing, performance, or use of this manual or the examples herein.

  • Page 3: Table Of Contents

    ONTENTS ..........1 NTRODUCTORY ECTION Threat Analysis Reporter ............1 About this User Guide ..............2 How to Use this User Guide ............3 Conventions ..................3 Terminology ..................4 Environment Requirements ............8 Workstation Requirements ..............8 Network Requirements ..............9 Installation Prerequisite ..............
  • Page 4 ONTENTS IP Ranges frame ............... 25 Specify an IP range ............26 Remove an IP address range ..........27 Single Users frame ..............28 Add one or more individual users ........29 Use the filter to narrow Available Users results .... 29 Select users to add to the Assigned Users list .....
  • Page 5 ONTENTS Assign user groups ..............58 Save gauge settings ..............59 Modify a Gauge ................60 Edit gauge settings ..............60 Hide, Disable, Delete, Rearrange Gauges ........62 Hide a gauge ................64 Disable a gauge ................ 64 Show a gauge ................64 Rearrange the gauge display in the dashboard ......
  • Page 6 Web Filter Device Maintenance ............ 118 View, edit Web Filter device criteria ........118 Add a Web Filter to the device registry ........119 Delete a Web Filter from the device registry ......119 Threat Analysis Reporter Maintenance ......... 120 M86 S ECURITY UIDE...
  • Page 7 ONTENTS View TAR device criteria ............120 Add, remove a bandwidth range ..........121 ER Device Maintenance ..............122 Add an ER to the device registry ..........122 View, edit ER device criteria ........... 123 Delete the ER device from the registry ........123 View Other Device Criteria ............
  • Page 8 ONTENTS Appendix A ................141 Disable Pop-up Blocking Software ..........141 Yahoo! Toolbar Pop-up Blocker ............ 141 Add the Client to the White List ..........141 Google Toolbar Pop-up Blocker ............ 143 Add the Client to the White List ..........143 AdwareSafe Pop-up Blocker ............
  • Page 9 ONTENTS Step 3: Replace the failed hard drive......169 Step 4: Rebuild the hard drive ........170 Step 5: Contact Technical Support ......171 Power supply failure............171 Step 1: Identify the failed power supply ...... 171 Step 2: Unplug the power cord ........171 Step 3: Replace the failed power supply ....
  • Page 10 ONTENTS M86 S ECURITY UIDE...

  • Page 11: Ntroductory Ection

    Network administrators need tools to monitor these threats so management can enforce corpo- rate Internet usage policies. M86's Threat Analysis Reporter (TAR) is designed to offer administrators or management dynamic, real time graphical snapshots of their network’s Internet traffic, supported by remediation tools to manage and control user-generated Web threats.

  • Page 12: About This User Guide

    BOUT THIS UIDE About this User Guide The Threat Analysis Reporter User Guide addresses the network administrator designated to configure and manage the TAR appliance on the network (referred to as the “global administrator” throughout this user guide, since he/she has...

  • Page 13: How To Use This User Guide

    NTRODUCTORY ECTION OW TO SE THIS UIDE • Index - This section includes an index of subjects and the first page numbers where they appear in this user guide. How to Use this User Guide Conventions The following icons are used throughout this user guide: NOTE: The “note”...

  • Page 14: Terminology

    NTRODUCTORY ECTION OW TO SE THIS UIDE Terminology The following terms are used throughout this portion of the user guide. Sample images (not to scale) are included for each item. • accordion - one of at least two or more like objects, stacked on top of each other in a frame or panel, that expands to fill a frame or collapses closed when clicked.
  • Page 15 NTRODUCTORY ECTION OW TO SE THIS UIDE • field - an area in a dialog box, window, or panel that either accommodates your data entry, or displays pertinent information. A text box is a type of field. • frame - a boxed-in area in a dialog box, window, or panel that includes a group of objects such as fields, text...
  • Page 16 NTRODUCTORY ECTION OW TO SE THIS UIDE • pop-up box or pop-up window - a box or window that opens after you click a button in a dialog box, window, or panel. This box or window may display information, or may require you to make one or more entries.
  • Page 17 NTRODUCTORY ECTION OW TO SE THIS UIDE • slider - a small, triangular-shaped object—posi- tioned on a line—that when clicked and dragged to the left or right decreases or increases the number of records displayed in the grid to which it pertains. •...

  • Page 18: Environment Requirements

    NTRODUCTORY ECTION NVIRONMENT EQUIREMENTS Environment Requirements Workstation Requirements System requirements for the administrator include the following: • Windows XP, Vista, or 7 operating system running: • Internet Explorer (IE) 7.0 or 8.0 • Firefox 3.5 • Macintosh OS X Version 10.5 or 10.6 running: •...

  • Page 19: Network Requirements

    NTRODUCTORY ECTION NVIRONMENT EQUIREMENTS Network Requirements • High speed connection from the TAR server to client workstations • HTTPS connection to M86’s software update server • Internet connectivity for downloading Java virtual machine/Flash, if not already installed Installation Prerequisite • M86 Web Filter running software version 4.0.00 or later M86 S ECURITY UIDE...

  • Page 20: Getting Started

    IP address on your network. NOTE: If you do not have the Threat Analysis Reporter Installation Guide, contact M86 Security immediately to have a copy sent to you.

  • Page 21: Procedures For Logging On, Off

    NTRODUCTORY ECTION ETTING TARTED Procedures for Logging On, Off Access the TAR Administrator Login window 1. Launch an Internet browser window supported by TAR. NOTE: If pop-up blocking software is installed on the workstation, it must be disabled. Information about disabling pop-up blocking software can be found in Appendix A: Disable Pop-up Blocking Software.

  • Page 22: Log In

    NTRODUCTORY ECTION ETTING TARTED Log in NOTE: In this window, TAR’s software version number displays beneath the frame. To log in the application: 1. In the Username field, type in your username (the default username is admin). If you are logging in as the global administrator for the first time, enter the username registered during the wizard hardware installation proce- dures.

  • Page 23: Navigation Toolbar Menu Links And Topics

    TAR unit. • Help - click this link to open a separate browser window or tab displaying the Threat Analysis Reporter Documen- M86 S ECURITY...

  • Page 24: Exit The User Interface

    NTRODUCTORY ECTION ETTING TARTED tation page containing links to the latest user guides (in the .pdf format) for this product. • Logout - click this link to log out of this application. When your session has been terminated, the login window re- displays.

  • Page 25: Navigation Tips And Conventions

    NTRODUCTORY ECTION AVIGATION IPS AND ONVENTIONS Navigation Tips and Conventions The following tips and list of conventions will help you navi- gate the Administrator console: • Move a pop-up window - Click the toolbar of a pop-up window and simultaneously move your mouse to relo- cate the pop-up window to another area in the current browser window.
  • Page 26 NTRODUCTORY ECTION AVIGATION IPS AND ONVENTIONS • Shift Key - To select a block of consecutive items from a list box, click the first item, and then press the Shift key on your keyboard while clicking the last item. Once the group of items is selected, click the appropriate button to perform the action on the items.

  • Page 27: Preliminary Setup Section

    RELIMINARY ETUP ECTION NTRODUCTION RELIMINARY ETUP ECTION Introduction The Preliminary Setup Section of the user guide is comprised of three chapters with information on the first steps to take in order to use the TAR application. These steps include setting up user groups, administrator permis- sion groups, and group administrator profiles: •...

  • Page 28: Chapter 1: User Groups Setup

    1: U RELIMINARY ETUP ECTION HAPTER ROUPS ETUP Chapter 1: User Groups Setup On a new TAR appliance, the global administrator should first set up user groups—whose Internet activity will be monitored by group administrators. A group administrator should set up user groups once he/ she is given an account by the global administrator with permissions to access User Groups, as detailed in the next chapters in this section.
  • Page 29 1: U RELIMINARY ETUP ECTION HAPTER ROUPS ETUP NOTE: A global administrator will see all user groups, and a group administrator will only see user groups assigned to him/ her. From this panel you can view information about an existing user group, or click a button to add a user group, modify or delete an existing user group, rebuild a user group on demand, or refresh the display of the current list.

  • Page 30: View User Group Information

    1: U RELIMINARY ETUP ECTION HAPTER ROUPS ETUP View User Group Information For each group in the User Groups frame, the following information displays: Status icon, Group Name, and the date the user group was Last Rebuilt on demand (YYYY- MM-DD HH:SS)—if the latter is applicable.
  • Page 31 1: U RELIMINARY ETUP ECTION HAPTER ROUPS ETUP • If the selected user group was imported and cannot be rebuilt on demand, this action activates the New and Refresh buttons only. 2. Click an accordion in the Group Members frame to open it and view pertinent information: •...

  • Page 32: Add A User Group

    1: U RELIMINARY ETUP ECTION HAPTER ROUPS ETUP Add a User Group To add a new user group: 1. From the User Groups list, select an existing user group to be used as the base group for creating the new user group.

  • Page 33: Patterns Frame

    1: U RELIMINARY ETUP ECTION HAPTER ROUPS ETUP TIP: At any time before saving the new user group, if you need to cancel the entry of the new user group, click the Cancel button to return to the main User Groups panel. 5.

  • Page 34: View Users Resolved By The Pattern

    1: U RELIMINARY ETUP ECTION HAPTER ROUPS ETUP View users resolved by the pattern To view a list of users resolved by the pattern you added: 1. Select the pattern from the Assigned Patterns list box. 2. Click Preview Users to open the Preview Pattern Users pop-up window that shows the Patterns frame to the left and the Resolved Users frame to the right: Fig.

  • Page 35: Ip Ranges Frame

    1: U RELIMINARY ETUP ECTION HAPTER ROUPS ETUP 2. Click Remove Pattern to remove that pattern from the list box. IP Ranges frame When creating a user group, the IP Ranges frame is used for specifying IP ranges to be used by the new group. The top portion of this frame includes a box with Parent Ranges.

  • Page 36: Specify An Ip Range

    1: U RELIMINARY ETUP ECTION HAPTER ROUPS ETUP Specify an IP range To add an IP address range: 1. Do one of the following: • To make a selection from Parent Ranges, click the row in the Parent Ranges box to highlight and select that row, and also to add that Starting IP and Ending IP range in the Starting IP and Ending IP fields below.

  • Page 37: Remove An Ip Address Range

    1: U RELIMINARY ETUP ECTION HAPTER ROUPS ETUP Fig. 2:1-6 Add user group, IP range added Remove an IP address range To remove an IP address range from the Assigned Ranges list box: 1. Click the row to highlight and select it; this action acti- vates the Remove IP Range button below.

  • Page 38: Single Users Frame

    1: U RELIMINARY ETUP ECTION HAPTER ROUPS ETUP Single Users frame When creating a user group, the Single Users frame is used for adding one or more users to the group. This frame includes the Available Users Filter to be used with the Avail- able Users box that is populated with individual users from the base user group.

  • Page 39: Add One Or More Individual Users

    1: U RELIMINARY ETUP ECTION HAPTER ROUPS ETUP Add one or more individual users To add users to the Assigned Users list, make your selec- tions from the Available Users list. If the Available Users list is long, you can reduce the number of results that display in this list by using the Available Users Filter.

  • Page 40: Remove Users From The Add Tab

    1: U RELIMINARY ETUP ECTION HAPTER ROUPS ETUP Remove users from the Add tab To remove users from this user group: 1. Select the user(s) from the Add tab; this action activates the [-] Remove button: Fig. 2:1-8 Add user group, remove user from Single Users tab 2.

  • Page 41: Edit A User Group

    1: U RELIMINARY ETUP ECTION HAPTER ROUPS ETUP Edit a User Group NOTE: Global and group administrators can only edit user groups they have created, and cannot edit their base groups or imported user groups. To edit a user group: 1.

  • Page 42: Rebuild The User Group

    1: U RELIMINARY ETUP ECTION HAPTER ROUPS ETUP Rebuild the User Group After editing the user group, the user group profile should be rebuilt. 1. In the User Groups panel, select the user group to be rebuilt. 2. Click Rebuild to initiate the rebuild process for that user group.

  • Page 43: Chapter 2: Admin Groups Setup

    2: A RELIMINARY ETUP ECTION HAPTER DMIN ROUPS ETUP Chapter 2: Admin Groups Setup Once you have set up user groups, you are ready to create a set of management permissions, so that a group adminis- trator you set up will only be able to access areas of the TAR console that you specify.

  • Page 44: Add A Group

    2: A RELIMINARY ETUP ECTION HAPTER DMIN ROUPS ETUP Add a Group 1. At the bottom of the Admin Groups frame, Click Add Group. 2. At the top of the Group Privileges frame, type in up to 32 characters for the Group Name. TIP: You may want to name the group for the type of permissions to be assigned.
  • Page 45 2: A RELIMINARY ETUP ECTION HAPTER DMIN ROUPS ETUP • Backup/Restore - Perform a backup and/or restora- tion on the TAR server. • Bandwidth Gauges - Monitor and manage bandwidth gauges for inbound and outbound traffic. • Device Registry - Edit settings for a Web Filter, ER, or TAR (a bandwidth IP address range for TAR can also be added or removed);...

  • Page 46: View, Edit An Admin Group's Permissions

    2: A RELIMINARY ETUP ECTION HAPTER DMIN ROUPS ETUP View, Edit an Admin Group’s Permissions View Admin Group settings In the Admin Groups frame, click the name of the adminis- trator group to highlight the group name, activate all buttons, and to populate the Group Privileges frame with previously- saved settings: Fig.

  • Page 47: Edit Admin Group Settings

    2: A RELIMINARY ETUP ECTION HAPTER DMIN ROUPS ETUP Edit Admin Group settings 1. In the Group Privileges frame, perform any of the following actions: • Modify the Group Name • Add functions to be monitored by the administrator group •...

  • Page 48: Chapter 3: Admins Setup

    2: A RELIMINARY ETUP ECTION HAPTER DMIN ROUPS ETUP Chapter 3: Admins Setup After permission sets have been created, profiles of group administrators can be set up to monitor user groups. This function is available to a group administrator only if permissions were granted by the administrator who set up his/her account, as detailed in Chapter 2 and in this chapter.

  • Page 49: Add An Administrator Profile

    2: A RELIMINARY ETUP ECTION HAPTER DMIN ROUPS ETUP At the right side of this panel is the Admin Detail panel, used for adding a group administrator profile, viewing an existing administrator’s account information, and modifying or deleting a group administrator profile, as necessary. Add an Administrator Profile 1.
  • Page 50 2: A RELIMINARY ETUP ECTION HAPTER DMIN ROUPS ETUP • Optional: Type in the group administrator’s Home Phone number without entering any special charac- ters. • Type in the group administrator’s Email address. • Optional: Type in identifying information about the group administrator’s physical office Location.
  • Page 51 2: A RELIMINARY ETUP ECTION HAPTER DMIN ROUPS ETUP 3. In the User Groups section, select the user group(s) to be monitored by the group administrator: • In the Available User Groups list box, click the user group(s) to highlight your selection(s), and to activate the Add Group button.

  • Page 52: View, Edit Admin Detail

    2: A RELIMINARY ETUP ECTION HAPTER DMIN ROUPS ETUP View, Edit Admin Detail View Admin Details In the Admin Names list box, select the administrator’s TAR Login ID to populate that user’s account information in the Admin Detail frame: Fig. 2:3-3 Add/Edit Admins, Admin Names selection NOTE: The global administrator profile that was created during the wizard hardware installation process displays at minimum the TAR Login ID, Email address, and, greyed-out in the Assigned...

  • Page 53: Edit Account Info

    2: A RELIMINARY ETUP ECTION HAPTER DMIN ROUPS ETUP Edit Account Info 1. In the populated Admin Detail frame: • The following information can be updated: Employee Name, Administrator Group selection, Email address, TAR Login ID, Password and Confirm Password entries, and User Groups selections.

  • Page 54: Delete Admin

    2: A RELIMINARY ETUP ECTION HAPTER DMIN ROUPS ETUP Delete Admin NOTE: The global administrator account established during the wizard hardware installation process can be modified but cannot be deleted. 1. In the Admin Names list box, select the group adminis- trator’s TAR Login ID.

  • Page 55: Configuration Section

    ONFIGURATION ECTION NTRODUCTION ONFIGURATION ECTION Introduction The Configuration Section of this user guide is comprised of five chapters with information on configuring and using TAR to immediately alert you to any end user Internet activity not within your organization’s Internet usage policies: •...

  • Page 56: Chapter 1: Gauge Components

    1: G ONFIGURATION ECTION HAPTER AUGE OMPONENTS Chapter 1: Gauge Components Types of Gauges There are two types of gauges that are used for monitoring user activity on the network: URL gauges and bandwidth gauges. A URL gauge is comprised of library categories and moni- tors a targeted user group’s access of URLs in a specified library category.

  • Page 57: Anatomy Of A Gauge

    1: G ONFIGURATION ECTION HAPTER AUGE OMPONENTS Anatomy of a Gauge Understanding the anatomy of a gauge will help you better configure and maintain gauges to monitor network threats. The illustration below depicts a URL gauge and a bandwidth gauge and some of their components: Fig.

  • Page 58: How To Read A Gauge

    1: G ONFIGURATION ECTION HAPTER AUGE OMPONENTS How to Read a Gauge Gauges become active when end users access URLs/ports included in that gauge. Activity is depicted by the position of the dial within one of three sections in the gauge—green, yellow, or red—and by the gauge’s score.

  • Page 59: Bandwidth Gauge Components

    1: G ONFIGURATION ECTION HAPTER AUGE OMPONENTS Bandwidth Gauge Components Incoming/outgoing bandwidth gauges include the following gauges and ports (TCP and/or UDP) to monitor: • HTTP - Hyper Text Transfer Protocol gauge monitors the protocol used for transferring files via the World Wide Web or an intranet.
  • Page 60 1: G ONFIGURATION ECTION HAPTER AUGE OMPONENTS • 25 - SMTP TCP/UDP port used for email routing between mail server email messages • 110 - POP3 (Post Office Protocol version 3) TCP port used for sending/retrieving email messages • P2P - Peer-to-Peer gauge monitors the protocol used for communication between computing devices—desktops, servers, and other smart devices—that are linked directly to each other.

  • Page 61: Gauge Usage Shortcuts

    1: G ONFIGURATION ECTION HAPTER AUGE OMPONENTS Gauge Usage Shortcuts The following shortcut actions can be performed in the gauges dashboard: • View Gauge Ranking - Clicking a gauge or right-clicking a gauge and selecting this topic from the menu displays the Gauge Ranking panel.
  • Page 62 1: G ONFIGURATION ECTION HAPTER AUGE OMPONENTS analyze the gauge’s activity. (See View Trend Charts in Chapter 4 of the Configuration Section.) • Disable Gauge - Right-clicking a gauge and then selecting this menu topic lets you disable a gauge. This is a shortcut to use instead of going to Dashboard Settings, selecting the gauge from the list, and then clicking the Disable Gauge icon.

  • Page 63: Chapter 2: Custom Gauge Setup, Usage

    2: C ONFIGURATION ECTION HAPTER USTOM AUGE ETUP SAGE Chapter 2: Custom Gauge Setup, Usage Once an account for the group administrator is set up, he/ she can begin setting up gauges for monitoring end users’ Internet activity. Any of the functions described in this chapter are only avail- able to a group administrator if permissions were granted by the administrator who set up his/her account, as detailed in the Preliminary Setup Section.
  • Page 64 2: C ONFIGURATION ECTION HAPTER USTOM AUGE ETUP SAGE • Click URL Gauges if this tab currently does not display. By default, this tab includes the following list of Gauge Names: Shopping, Security, Illegal, Bandwidth, Adult Content. For each Gauge Name in this list, the following infor- mation displays: Group Threshold (200), Timespan (minutes)—15 by default.

  • Page 65: Add A Gauge

    2: C ONFIGURATION ECTION HAPTER USTOM AUGE ETUP SAGE Add a Gauge In the Add/Edit Gauge panel, click New Gauge to display Gauge panel: Fig. 3:2-3 Add a new gauge This panel includes the Gauge Information frame to the left and accordions for Gauge Components and User Member- ship to the right.

  • Page 66: Specify Gauge Information

    2: C ONFIGURATION ECTION HAPTER USTOM AUGE ETUP SAGE Specify Gauge Information In the Gauge Information frame: 1. Type in at least two characters for the Gauge Name using upper and/or lowercase alphanumeric characters, and spaces, if desired. 2. Specify the Group Threshold ceiling of gauge activity. The default and recommended value is 200 for a URL gauge and 20 MB for a bandwidth gauge.

  • Page 67: Define Gauge Components

    2: C ONFIGURATION ECTION HAPTER USTOM AUGE ETUP SAGE NOTE: If the selected gauge method is “Search Engine Keyword” or “URL Keyword”, Filter Options for end user profiles on the source Web Filter used with TAR must have "Search Engine Keyword Filter Control"...

  • Page 68: Assign User Groups

    2: C ONFIGURATION ECTION HAPTER USTOM AUGE ETUP SAGE 2. Click add > (for URL gauges) or add port > (for band- width gauges) to move the selection(s) to the Assigned Threats/Groups list box. TIP: To remove one or more library categories from the Assigned Threats/Groups list box, make your selection(s), and then click <remove to move the selection(s) back to the Available Threats/ Groups list.

  • Page 69: Save Gauge Settings

    2: C ONFIGURATION ECTION HAPTER USTOM AUGE ETUP SAGE 2. From the Available User Groups list, select the user group to highlight it. 3. Click add > to move the user group to the Assigned User Groups list box. TIP: To remove a user group from the Assigned User Groups list box, click the user group to highlight it, and then click <...

  • Page 70: Modify A Gauge

    2: C ONFIGURATION ECTION HAPTER USTOM AUGE ETUP SAGE Modify a Gauge Edit gauge settings 1. In the Add/Edit Gauge panel, click the URL Gauges or Bandwidth Gauges tab. 2. Select the gauge from the list to activate all buttons below and populate the Gauge Components frame to the right: Fig.
  • Page 71 2: C ONFIGURATION ECTION HAPTER USTOM AUGE ETUP SAGE Fig. 3:2-7 Edit gauge settings TIP: This panel is also accessible from the gauges dashboard by clicking the Edit Gauge icon at the bottom left of the gauge. 4. Edit any of the following criteria, as necessary: •...

  • Page 72: Hide, Disable, Delete, Rearrange Gauges

    2: C ONFIGURATION ECTION HAPTER USTOM AUGE ETUP SAGE Hide, Disable, Delete, Rearrange Gauges If you want to view certain gauges in the dashboard, options are available to hide, disable, or delete a specified gauge. You can also manipulate the order in which gauges display in the dashboard.
  • Page 73 2: C ONFIGURATION ECTION HAPTER USTOM AUGE ETUP SAGE This panel shows the URL Gauges tab to the left and the Bandwidth Gauges tab to the right. In each of these tabs, a list of gauges displays with the following information: •...

  • Page 74: Hide A Gauge

    2: C ONFIGURATION ECTION HAPTER USTOM AUGE ETUP SAGE Hide a gauge To hide a gauge from displaying in the dashboard: 1. Select the gauge in the URL Gauges or Bandwidth Gauges tab. 2. In the State column, click the icon in the second column (Hide Gauge) to change the gauge’s status to “hidden.”...

  • Page 75: Delete A Gauge

    2: C ONFIGURATION ECTION HAPTER USTOM AUGE ETUP SAGE • Click the “up” arrow icon in the first column to move the Gauge Name up one row in this tab, and one position forward in the dashboard. • Click the “down” arrow icon in the second column to move the Gauge Name down one row in this tab, and one position backward in the dashboard.

  • Page 76: View End User Gauge Activity

    2: C ONFIGURATION ECTION HAPTER USTOM AUGE ETUP SAGE View End User Gauge Activity There are two types of gauge activity you will want to view and monitor: • Overall Ranking - Use this option for a snapshot of end user activity for all gauges, ranked in order by the highest to lowest end user score.

  • Page 77: View A Gauge Ranking Table

    2: C ONFIGURATION ECTION HAPTER USTOM AUGE ETUP SAGE The URL frame displays to the left and the Bandwidth frame displays to the right, containing the User Name (or IP address) and Score for each user currently affecting one or more gauges. In the URL tab, this Score includes the number of hits the user made in library categories.
  • Page 78 2: C ONFIGURATION ECTION HAPTER USTOM AUGE ETUP SAGE NOTE: The Gauge Ranking panel is also accessible by right- clicking a dashboard gauge and then selecting View Gauge Ranking from the pop-up menu. This panel includes rows of records for each end user who is affecting the gauge.

  • Page 79: Monitor, Restrict End User Activity

    2: C ONFIGURATION ECTION HAPTER USTOM AUGE ETUP SAGE Monitor, Restrict End User Activity View User Summary data The User Summary panel contains the following frames: • User Detail Information frame to the left that includes the Group Membership and Lockout accordions. The Group Membership accordion is expanded by default and displays a list of groups in which the end user belongs.

  • Page 80: Access The Threat View User Panel

    2: C ONFIGURATION ECTION HAPTER USTOM AUGE ETUP SAGE • Access the Lockout option to lock out the end user from specified Internet/network privileges (see Manually lock out an end user). Access the Threat View User panel 1. In the User Summary panel, make sure the appropriate tab (URL Gauges or Bandwidth Gauges) is selected, then click a Gauge Name with a score to activate the Threat View button.
  • Page 81 2: C ONFIGURATION ECTION HAPTER USTOM AUGE ETUP SAGE Fig. 3:2-12 Threat View User panel for URL Gauges tab selection For each URL included in the list, the Timestamp displays using military time in the YYYY-MM-DD HH:MM:SS format. 2. Click a URL from the list to open a separate browser window or tab displaying the contents of that URL.

  • Page 82: Bandwidth Gauges Tab Selection

    2: C ONFIGURATION ECTION HAPTER USTOM AUGE ETUP SAGE Bandwidth Gauges tab selection For Bandwidth gauges, the Threat View User panel contains the Threats frame showing the Ports column and corre- sponding Inbound/Outbound bandwidth usage by the end user for that port, and the combined Total inbound and outbound bandwidth usage by the end user for that port: Fig.

  • Page 83: Manually Lock Out An End User

    2: C ONFIGURATION ECTION HAPTER USTOM AUGE ETUP SAGE Manually lock out an end user 1. In the User Summary panel, in the User Detail Summary frame, click the Lockout accordion to open it: Fig. 3:2-14 User Summary panel, Lockout accordion expanded 2.

  • Page 84: Low Severity Lockout

    2: C ONFIGURATION ECTION HAPTER USTOM AUGE ETUP SAGE • High - This selection locks out the end user from all network access (see Medium and High severity lockout). 4. After performing the additional steps based on the chosen lockout Severity level, click Lockout at the bottom of the frame to open the Info alert box with the message: “This user has been locked out.”...

  • Page 85: Medium And High Severity Lockout

    2: C ONFIGURATION ECTION HAPTER USTOM AUGE ETUP SAGE Medium and High severity lockout If a “Medium” or “High” Severity lockout was selected, the Type field displays. Click either “Medium” or “High” to select that lockout level. End user workstation lockout There are two different scenarios that can occur for end users when they are locked out, based on the severity of the lockout (low, medium, or high), and the gauge type (URL or...

  • Page 86: High Severity Url, Low/High Bandwidth Lockout

    By default, the following standard links are included in the block page: HELP; M86 Security; For further options, click here; To submit this blocked site for review, click here. NOTE: Please refer to the Global Administrator Section of the...

  • Page 87: Chapter 3: Alerts, Lockout Management

    3: A ONFIGURATION ECTION HAPTER LERTS OCKOUT ANAGEMENT Chapter 3: Alerts, Lockout Management After setting up gauges for monitoring end user Internet activity, notifications for Internet abuse should be set up in the form of policy alerts. These messages inform the admin- istrator when an end user has triggered an alert for having reached the threshold limit established for a gauge.
  • Page 88 3: A ONFIGURATION ECTION HAPTER LERTS OCKOUT ANAGEMENT 2. Do the following to view the contents in the tab to be used: • Click URL Gauges if this tab currently does not display. By default, this tab includes the following list of Gauge Names: Adult Content, Bandwidth, Illegal, Security, Shopping.

  • Page 89: Add An Alert

    3: A ONFIGURATION ECTION HAPTER LERTS OCKOUT ANAGEMENT Add an Alert 1. From the left frame, select the gauge for which an alert will be created; this action activates the New Alert button. 2. Click New Alert to open the panel for that gauge: Fig.

  • Page 90: Email Alert Function

    3: A ONFIGURATION ECTION HAPTER LERTS OCKOUT ANAGEMENT 5. In the Alert Action section, specify the mode(s) to use when an alert is triggered: • Email - An email alert notifies a group administrator via email if an end user has reached the threshold limit set up in a gauge alert.

  • Page 91: Receive Email Alerts

    3: A ONFIGURATION ECTION HAPTER LERTS OCKOUT ANAGEMENT TIP: To remove an email address from the list box, select the email address and then click Remove Email. Click Submit to save your settings. Receive email alerts If an alert is triggered, an email message is sent to the mailbox address(es) specified.

  • Page 92: Lockout Function

    3: A ONFIGURATION ECTION HAPTER LERTS OCKOUT ANAGEMENT Lockout function To set up the lockout function: 1. Click the checkbox corresponding to Lockout to activate the Severity and Duration (minutes) fields. 2. Specify the Severity of the end users’ lockout: •...

  • Page 93: View, Modify, Delete An Alert

    3: A ONFIGURATION ECTION HAPTER LERTS OCKOUT ANAGEMENT TIP: After making your selections, click Save to save your settings. View, Modify, Delete an Alert 1. In the Alerts panel, select the URL Gauges or Bandwidth Gauges tab. 2. Select the gauge for which an alert will be viewed and/or modified.

  • Page 94: View Alert Settings

    3: A ONFIGURATION ECTION HAPTER LERTS OCKOUT ANAGEMENT View alert settings 1. Beneath the Alerts frame, click View Alert to open the alert viewer pop-up window: Fig. 3:3-4 View an alert The following information displays to the left of this window: •...

  • Page 95: Modify An Alert

    3: A ONFIGURATION ECTION HAPTER LERTS OCKOUT ANAGEMENT Modify an alert 1. In the Alerts panel, click the URL Gauges or Bandwidth Gauges tab. 2. Select the gauge from the list to populate the Alerts frame with alerts for that gauge, and to activate all buttons beneath the frame.

  • Page 96: Delete An Alert

    3: A ONFIGURATION ECTION HAPTER LERTS OCKOUT ANAGEMENT • Low Lockout Components 5. Click Save to save your edits, and to return to the main Alerts panel. Delete an alert 1. In the Alerts panel, click the URL Gauges or Bandwidth Gauges tab.

  • Page 97: View The Alert Log

    3: A ONFIGURATION ECTION HAPTER LERTS OCKOUT ANAGEMENT View the Alert Log After alerts are sent to an administrator, a list of alert activity is available for viewing in the Alert Logs panel. 1. In the navigation toolbar, mouse over the Policy menu link and select Alert Logs to open the Alert Logs panel.
  • Page 98 3: A ONFIGURATION ECTION HAPTER LERTS OCKOUT ANAGEMENT 4. Click View Alert to open the alert viewer pop-up window: Fig. 3:3-7 View an alert The following information displays to the left of this window: • User Threshold amount • Alert Action criteria (yes/no): Email, System Tray •...

  • Page 99: Manage The Lockout List

    3: A ONFIGURATION ECTION HAPTER LERTS OCKOUT ANAGEMENT Manage the Lockout List An end user who is manually or automatically locked out for an “Unlimited” period of time—from accessing designated content on the Internet or using the network—can only have his/her workstation unlocked by an administrator.

  • Page 100: View A Specified Time Period Of Lockouts

    3: A ONFIGURATION ECTION HAPTER LERTS OCKOUT ANAGEMENT Manual lockout, or name of the alert in an Automatic lockout); Start Time for the alert (using the YYYY-MM-DD HH:MM:SS format). View a specified time period of lockouts If the lockout list is populated with many records, using the Date Range feature will only show you records within the range of dates you specify.

  • Page 101: Unlock Workstations

    3: A ONFIGURATION ECTION HAPTER LERTS OCKOUT ANAGEMENT 5. Click Search By Dates to display records for only the selected dates. TIP: Click Refresh to clear all records returned by the search query, and to display the default records (all lockout records) in the panel.

  • Page 102: Chapter 4: Analyze Usage Trends

    4: A ONFIGURATION ECTION HAPTER NALYZE SAGE RENDS Chapter 4: Analyze Usage Trends When analyzing end user Internet usage trends, trend charts help you configure gauges and alerts so you can focus on current traffic areas most affecting the network. If more information is required in your analysis, the Web Filter application or the Enterprise Reporter’s Web Client and Administrator console can be accessed via the TAR...

  • Page 103: View Trend Charts

    4: A ONFIGURATION ECTION HAPTER NALYZE SAGE RENDS View Trend Charts There are three basic types of trend charts that can be generated on demand to show total gauge score averages for a specified, limited time period: • Pie trend chart for an individual URL or bandwidth gauge •...
  • Page 104 4: A ONFIGURATION ECTION HAPTER NALYZE SAGE RENDS This action of clicking the Trend Charts icon displays the Gauge Trend Chart panel: Fig. 3:4-1 Pie trend chart for an individual URL gauge The pie trend chart that displays in the middle of this panel includes the following information: •...

  • Page 105: View Overall Gauge Activity

    4: A ONFIGURATION ECTION HAPTER NALYZE SAGE RENDS View overall gauge activity 1. In the navigation toolbar, mouse over the Report/Anal- ysis menu link and select the Trend Charts option. 2. Choose either URL or Bandwidth to display the Overall Trend Chart panel for the specified gauge type (URL or Bandwidth): Fig.

  • Page 106: Navigate A Trend Chart

    4: A ONFIGURATION ECTION HAPTER NALYZE SAGE RENDS The top and bottom sections of this panel contains tabs. For the bandwidth trend chart, buttons display above this panel. Information about all actions that can be performed in this panel appears in the Navigate a trend chart sub-section. Navigate a trend chart The following actions can be performed in this panel: •...

  • Page 107: View Gauge Activity For A Different Time Period

    4: A ONFIGURATION ECTION HAPTER NALYZE SAGE RENDS View gauge activity for a different time period To view a pie chart showing activity for a different time period of gauge activity, click the appropriate tab above the pie chart diagram: •...

  • Page 108: Analyze Gauge Activity In A Pie Chart

    4: A ONFIGURATION ECTION HAPTER NALYZE SAGE RENDS Analyze gauge activity in a pie chart Once a pie chart displays in the panel, its pieces can be analyzed by mousing over that slice of the pie chart: Fig. 3:4-3 Pie Gauge Trend Chart slice The following information displays for that pie slice: gauge component name, percentage of that pie slice (based on a total of 100 percent for all pie slices), and total end user...

  • Page 109: Analyze Gauge Activity In A Line Chart

    4: A ONFIGURATION ECTION HAPTER NALYZE SAGE RENDS Analyze gauge activity in a line chart 1. To view a line chart showing activity for a slice of the pie chart, do either of the following: • Click that slice of the pie chart •...
  • Page 110 4: A ONFIGURATION ECTION HAPTER NALYZE SAGE RENDS • To include other gauge component activity in this line chart, click the checkboxes corresponding to the gauge names. TIP: Click a populated checkbox to remove the check mark and the line showing activity for that gauge. •...

  • Page 111: View In/Outbound Bandwidth Gauge Activity

    4: A ONFIGURATION ECTION HAPTER NALYZE SAGE RENDS View In/Outbound bandwidth gauge activity By default, the total inbound and outbound bandwidth activity is included in the Overall Bandwidth Trend Chart. To view only Inbound or Outbound activity, click the Inbound or Outbound button above the pie chart, to the right of the Total button.

  • Page 112: Access Web Filter, Er Applications

    4: A ONFIGURATION ECTION HAPTER NALYZE SAGE RENDS Access Web Filter, ER Applications The Web Filter can be accessed to configure this applica- tion and end user filtering profiles. If an ER server is connected to the Web Filter, ER Web Client reports can be generated for viewing historical Internet usage trend data, and the ER Administrator console can be accessed for trou- bleshooting or for further analysis.

  • Page 113: Chapter 5: Identify Users, Threats

    5: I ONFIGURATION ECTION HAPTER DENTIFY SERS HREATS Chapter 5: Identify Users, Threats If there are certain end users who are generating excessive, unwanted traffic on the network, or if some library catego- ries containing URLs against your organization’s policies are persistently being frequented, you can target offending entities by performing a custom search to identify which users, URLs, and port are being accessed.

  • Page 114: Specify Search Criteria

    5: I ONFIGURATION ECTION HAPTER DENTIFY SERS HREATS Specify Search Criteria 1. In the Users accordion, do one of the following: • To identify users with the highest scores - Click the All Users checkbox to select all users in the list and to grey-out the list.
  • Page 115 5: I ONFIGURATION ECTION HAPTER DENTIFY SERS HREATS Fig. 3:5-2 Custom Search results for Bandwidth Threats For each record in the table, the following information displays: • For a URL search - User (user name/IP address), Threat name, and the end user’s total Score for that record.

  • Page 116: View Urls Within The Accessed Category

    5: I ONFIGURATION ECTION HAPTER DENTIFY SERS HREATS View URLs within the accessed category In the Results frame, do the following to view a specific URL: 1. Click the User name/IP address to highlight that user’s record and to activate the View Details button. 2.

  • Page 117: Administration Section

    DMINISTRATION ECTION NTRODUCTION DMINISTRATION ECTION Introduction The Administration Section of this user guide is comprised of six chapters with instructions on maintaining the TAR server or its database. NOTES: As part of the maintenance procedures, the TAR server will dispatch an email message to the global administrator— whose email address was supplied during the TAR wizard hard- ware installation procedures—if there is any potential system error on TAR.
  • Page 118 DMINISTRATION ECTION NTRODUCTION • Chapter 5: Install Software Updates - This chapter explains how the global administrator installs software updates on the TAR server. • Chapter 6: View Hard Disk Status - This chapter explains how to view the current hardware drive status on a TAR- SL, HL, or H server with RAID technology.

  • Page 119: Chapter 1: View The User Profiles List

    1: V DMINISTRATION ECTION HAPTER IEW THE ROFILES Chapter 1: View the User Profiles List The User Profiles panel contains the list of users that is created when TAR first communicates with the source Web Filter. This list is used for verifying that the list of active end users on the source Web Filter matches the list of end users on the TAR server.

  • Page 120: Search The User Database

    1: V DMINISTRATION ECTION HAPTER IEW THE ROFILES At the bottom left of the panel is the Search Options menu that lets you search for a specific user by User Name or IP Address. At the bottom right of the panel is the User Summary button takes you to the User Summary panel for the selected user.

  • Page 121: Chapter 2: View Administrator Activity

    2: V DMINISTRATION ECTION HAPTER DMINISTRATOR CTIVITY Chapter 2: View Administrator Activity The Admin Trails panel is used for viewing the most recent administrative activity performed on TAR. In the navigation toolbar, with the Administration tab selected, click Admin Trails to display the Admin Trails panel: Fig.

  • Page 122: Perform A Search On A Specified Activity

    2: V DMINISTRATION ECTION HAPTER DMINISTRATOR CTIVITY Perform a Search on a Specified Activity To perform a search on a specified activity: 1. Select the type of Activity from available choices in the list: All, Admin Login Successful, Admin Login Unsuc- cessful, Add Admin, Edit Admin, Delete Admin, Add Admin Group, Edit Admin Group, Delete Admin Group, Add Alert, Edit Alert, Delete Alert, Backup Admin,...
  • Page 123 2: V DMINISTRATION ECTION HAPTER DMINISTRATOR CTIVITY 7. Click Search to display the specified records for the selected dates in the Results list: Fig. 4:2-2 Admin Trails results M86 S ECURITY UIDE...

  • Page 124: Search Results

    2: V DMINISTRATION ECTION HAPTER DMINISTRATOR CTIVITY Search results When populated with rows of records, the Results list includes data in the following columns: Admin Name (entry from the Admin Name field in the login window); Activity; Target (administrator group name or group administrator name, if applicable), and Timestamp (using the YYYY-MM- DD HH:MM:SS format).

  • Page 125: Chapter 3: Maintain The Device Registry

    3: M DMINISTRATION ECTION HAPTER AINTAIN THE EVICE EGISTRY Chapter 3: Maintain the Device Registry TAR’s device registry is used by the global administrator to view information about devices connected to the TAR unit, synchronize TAR with the source Web Filter’s devices and its user groups and libraries, edit M86 appliance criteria, and add or delete a Web Filter or ER to/from the registry.
  • Page 126 3: M DMINISTRATION ECTION HAPTER AINTAIN THE EVICE EGISTRY • Shutdown TAR - Click this button to shut down the TAR server. • Refresh Devices - Click this button if any icon repre- senting a device does not properly display in the user interface.

  • Page 127: Generate An Ssl Certificate For Tar

    3: M DMINISTRATION ECTION HAPTER AINTAIN THE EVICE EGISTRY Generate an SSL Certificate for TAR 1. Click Generate SSL Certificate to open the Generate Self-Signed Certificate dialog box with the following message: “Generation of a self-signed certificate might take a long time. Afterwards, this application server would restart.

  • Page 128: Web Filter Device Maintenance

    3: M DMINISTRATION ECTION HAPTER AINTAIN THE EVICE EGISTRY Web Filter Device Maintenance View, edit Web Filter device criteria 1. Go to the Web Filter server icon in the Device Registry panel and click Edit to open the Web Filter pop-up window: Fig.

  • Page 129: Add A Web Filter To The Device Registry

    3: M DMINISTRATION ECTION HAPTER AINTAIN THE EVICE EGISTRY Add a Web Filter to the device registry 1. At the bottom of the Device Registry panel, click New Web Filter to open the New Web Filter pop-up window: Fig. 4:3-3 New Web Filter pop-up window 2.

  • Page 130: Threat Analysis Reporter Maintenance

    Threat Analysis Reporter Maintenance View TAR device criteria Go to the TAR server icon in the Device Registry panel and click Edit to open the Threat Analysis Reporter pop-up window: Fig. 4:3-4 Threat Analysis Reporter pop-up window The following displays at the left side of this window: Device...

  • Page 131: Add, Remove A Bandwidth Range

    3: M DMINISTRATION ECTION HAPTER AINTAIN THE EVICE EGISTRY and Subnet Mask previously entered in this window displays in the list box. Add, remove a bandwidth range 1. Do the following in the Bandwidth Range section: • To add a bandwidth IP address range: a.

  • Page 132: Er Device Maintenance

    3: M DMINISTRATION ECTION HAPTER AINTAIN THE EVICE EGISTRY ER Device Maintenance If an ER is connected to the source Web Filter server, this ER device should be added in the Device Registry. Add an ER to the device registry 1.

  • Page 133: View, Edit Er Device Criteria

    3: M DMINISTRATION ECTION HAPTER AINTAIN THE EVICE EGISTRY View, edit ER device criteria 1. Go to the ER server icon in the Device Registry panel and click Edit to open the Enterprise Reporter pop-up window: Fig. 4:3-6 Enterprise Reporter window, edit The Device Type (Enterprise Reporter) displays and cannot be edited.

  • Page 134: View Other Device Criteria

    3: M DMINISTRATION ECTION HAPTER AINTAIN THE EVICE EGISTRY View Other Device Criteria view only actions are permitted in the Device Registry panel for the following devices: SMTP, Patch Server, NTP Server, and Proxy Server. View SMTP device criteria 1. Go to the image of the SMTP server in the Device Registry panel and click View to open the SMTP Server pop-up window: Fig.

  • Page 135: View Ntp Server Device Criteria

    3: M DMINISTRATION ECTION HAPTER AINTAIN THE EVICE EGISTRY isks display), HTTPS ("on" or "off"), Transfer Mode ("active" or "passive"). 2. Click Close to close this pop-up window. View NTP Server device criteria 1. Go to the image of the NTP Server in the Device Registry panel and click View to open the NTP Server pop-up window.
  • Page 136 3: M DMINISTRATION ECTION HAPTER AINTAIN THE EVICE EGISTRY Fig. 4:3-8 Sync All Devices 2. Check the checkbox(es) pertaining to information to be synchronized between the Web Filter and TAR devices, and to activate the Synchronize button: • Categories - Make this selection to synchronize M86 supplied library category updates and custom library categories from the source Web Filter to TAR.

  • Page 137: Chapter 4: Perform Backup, Restoration

    4: P DMINISTRATION ECTION HAPTER ERFORM ACKUP ESTORATION Chapter 4: Perform Backup, Restoration The Backup/Restore panel is used for reviewing the auto- matic backup file list, backing up gauge configuration settings to the TAR server, or restoring such settings saved from a previous backup to the TAR server.
  • Page 138 4: P DMINISTRATION ECTION HAPTER ERFORM ACKUP ESTORATION This panel includes the Backup/Restore Settings frame to the left with the Backup On Demand and Restore Configu- ration Settings sections. In the Restore Configuration Settings section, the Configu- ration Files box includes a list of the eight most recent auto- matic backup files, and any backup files created on demand by the administrator.

  • Page 139: Execute A Backup On Demand

    4: P DMINISTRATION ECTION HAPTER ERFORM ACKUP ESTORATION Execute a Backup on Demand On demand backups ensure user settings saved in these files are retained on the application indefinitely. 1. In the Backup On Demand section of the Backup/ Restore Settings panel, enter the File Name for the backup file to activate the Backup Configuration Settings button: Fig.

  • Page 140: Restore User Settings

    4: P DMINISTRATION ECTION HAPTER ERFORM ACKUP ESTORATION Restore User Settings 1. In the Restore Configuration Settings section of the Backup/Restore Settings panel, from the Configuration Files box, select the file to be restored by clicking on it to highlight it: Fig.

  • Page 141: Restore To Factory Default Settings

    4: P DMINISTRATION ECTION HAPTER ERFORM ACKUP ESTORATION Restore to Factory Default Settings If a TAR server needs to be purged of all existing data, a global administrator can restore the unit back to factory default settings. WARNING: When using this option, all settings made to the unit—including administrator, group, and gauge configuration—...

  • Page 142: Wizard Login Window

    4: P DMINISTRATION ECTION HAPTER ERFORM ACKUP ESTORATION Fig. 4:4-5 End User License Agreement 4. After reading the contents of the EULA, click Yes to accept it and to go to the Wizard Login window: Fig. 4:4-6 Wizard Login window Wizard Login window 1.

  • Page 143: Confirm Password

    4: P DMINISTRATION ECTION HAPTER ERFORM ACKUP ESTORATION Fig. 4:4-7 Wizard screen 4. In the Main Administrator section, type in the following information: Username, Email address, Password, Confirm Password. 5. In the Bandwidth Range section, type in the IP Address and Subnet Mask, and then click Add to include the bandwidth IP address range in the list box below.
  • Page 144 4: P DMINISTRATION ECTION HAPTER ERFORM ACKUP ESTORATION 7. In the section that asks: Do you have an Enterprise Reporter? click the radio button corresponding to “Yes” or “No”. If “Yes” was selected, enter the Server Name and Server IP address of the ER server connected to the Source Web Filter server: Fig.

  • Page 145: Technical Support / Product Warranties

    ECHNICAL UPPORT RODUCT ARRANTIES Technical Support For technical support, visit M86 Security’s Technical Support Web page at http://www.m86security.com/ support/, or contact us by phone, by email, or in writing. Hours Regular office hours are from Monday through Friday, 8 a.m. to 5 p.m. PST.

  • Page 146: Office Locations And Phone Numbers

    ECHNICAL UPPORT RODUCT ARRANTIES ECHNICAL UPPORT Office Locations and Phone Numbers M86 Corporate Headquarters (USA) 828 West Taft Avenue Orange, CA 92865-4232 Local 714.282.6111 714.282.6116 Domestic US 1.888.786.7999 International +1.714.282.6111 M86 Taiwan 7 Fl., No. 1, Sec. 2, Ren-Ai Rd. Taipei 10055 Taiwan, R.O.C.

  • Page 147: Support Procedures

    ECHNICAL UPPORT RODUCT ARRANTIES ECHNICAL UPPORT Support Procedures When you contact our technical support department: • You will be greeted by a technical professional who will request the details of the problem and attempt to resolve the issue directly. • If your issue needs to be escalated, you will be given a ticket number for reference, and a senior-level technician will contact you to resolve the issue.

  • Page 148: Product Warranties

    ARRANTIES Product Warranties Standard Warranty M86 Security warrants the medium on which the M86 product is provided to be free from defects in material and workmanship under normal use for period of one year (the “Warranty Period”) from the date of delivery. This standard Warranty Period applies to both new and refurbished equip- ment for a period of one year from the delivery date.

  • Page 149: Technical Support And Service

    ARRANTIES RODUCT ARRANTIES Technical Support and Service M86 Security will provide initial installation support and technical support for up to 90 days following installation. M86 Security provides after-hour emergency support to M86 server customers. An after hours technician can be reached by voice line.

  • Page 150: Extended Warranty (Optional)

    If parts are discontinued from production during the Warranty Period, immediate replacement product(s) or hardware parts will be available for exchange with defective parts from M86 Security’s local reseller or distributor. Extended Technical Support and Service Extended technical support is available to customers under a Technical Support Agreement.

  • Page 151: Appendices Section

    PPENDICES ECTION PPENDIX PPENDICES ECTION Appendix A Disable Pop-up Blocking Software An administrator with pop-up blocking software installed on his/her workstation will need to disable pop-up blocking in order to use the administrator console. This appendix provides instructions on how to disable pop- up blocking software for the following products: Yahoo! Toolbar, Google Toolbar, AdwareSafe, and Windows XP Service Pack 2 (SP2).
  • Page 152 PPENDICES ECTION PPENDIX 2. Choose Always Allow Pop-Ups From to open the Yahoo! Pop-Up Blocker dialog box: Fig. A-2 Allow pop-ups from source 3. Select the source from the Sources of Recently Blocked Pop-Ups list box to activate the Allow button. 4.

  • Page 153: Google Toolbar Pop-Up Blocker

    PPENDICES ECTION PPENDIX Google Toolbar Pop-up Blocker Add the Client to the White List To add the Client to the white list so that it will always be allowed to pass, go to the Google Toolbar and click the Pop- up blocker button: Fig.

  • Page 154: Adwaresafe Pop-Up Blocker

    PPENDICES ECTION PPENDIX AdwareSafe Pop-up Blocker Disable Pop-up Blocking AdwareSafe’s SearchSafe toolbar lets you toggle between enabling pop-up blocking (# popups blocked) and disabling pop-up blocking (Popup protection off) by clicking the pop- up icon. 1. In the IE browser, go to the SearchSafe toolbar and click the icon for # popups blocked to toggle to Popup protec- tion off.

  • Page 155: Mozilla Firefox Pop-Up Blocker

    PPENDICES ECTION PPENDIX Mozilla Firefox Pop-up Blocker Add the Client to the White List 1. From the Firefox browser, go to the toolbar and select Tools > Options to open the Options dialog box. 2. Click the Content tab at the top of this box to open the Content section: Fig.
  • Page 156 PPENDICES ECTION PPENDIX Fig. A-6 Mozilla Firefox Pop-up Window Exceptions 4. Enter the Address of the web site to let the client pass. 5. Click Allow to add the URL to the list box section below. 6. Click Close to close the Allowed Sites - Pop-ups box. 7.

  • Page 157: Windows Xp Sp2 Pop-Up Blocker

    PPENDICES ECTION PPENDIX Windows XP SP2 Pop-up Blocker This sub-section provides information on setting up pop-up blocking and disabling pop-up blocking in Windows XP SP2. Set up Pop-up Blocking There are two ways to enable the pop-up blocking feature in the IE browser.

  • Page 158: Use The Ie Toolbar

    PPENDICES ECTION PPENDIX 4. Click Apply and then click OK to close the dialog box. Use the IE Toolbar In the IE browser, go to the toolbar and select Tools > Pop- up Blocker > Turn On Pop-up Blocker: Fig. A-8 Toolbar setup When you click Turn On Pop-up Blocker, this menu selec- tion changes to Turn Off Pop-up Blocker and activates the Pop-up Blocker Settings menu item.

  • Page 159: Add The Client To The White List

    PPENDICES ECTION PPENDIX Add the Client to the White List There are two ways to disable pop-up blocking for the Client and to add the Client to your white list. Use the IE Toolbar 1. With pop-up blocking enabled, go to the toolbar and select Tools >...

  • Page 160: Use The Information Bar

    PPENDICES ECTION PPENDIX Use the Information Bar With pop-up blocking enabled, the Information Bar can be set up and used for viewing information about blocked pop- ups or allowing pop-ups from a specified site. Set up the Information Bar 1. Go to the toolbar and select Tools > Pop-up Blocker > Pop-up Blocker Settings to open the Pop-up Blocker Settings dialog box (see Fig.
  • Page 161 PPENDICES ECTION PPENDIX 3. Click Yes to add the Client to your white list and to close the dialog box. NOTE: To view your white list, go to the Pop-up Blocker Settings dialog box (see Fig. A-9) and see the entries in the Allowed sites list box.

  • Page 162: Appendix B

    PPENDICES ECTION PPENDIX Appendix B System Tray Alerts: Setup, Usage This appendix explains how to set up and use the feature for System Tray alerts. A TAR Alert is triggered in an adminis- trator’s System Tray if an end user’s Internet usage has reached the upper threshold established for a gauge set up by that administrator.
  • Page 163 PPENDICES ECTION PPENDIX 2. In the Run dialog box, type in the path to the scripts folder: C:\WINDOWS\sysvol\domain\scripts. 3. Click OK to open the scripts folder: Fig. B-2 C:\WINDOWS\sysvol\domain\scripts window 4. Right-click in this Windows folder to open the pop-up menu.
  • Page 164 PPENDICES ECTION PPENDIX 5. Select New > Text Document to launch a New Text Document: Fig. B-3 New Text Document 6. Type the following text in the blank document file: @echo off start “” “\\X.X.X.X\win\tartrayw32.exe” ta[X.X.X.X] in which “X.X.X.X” represents the IP address of the TAR server, and “\win\tartrayw32.exe”...
  • Page 165 PPENDICES ECTION PPENDIX 7. Go to: File > Save As to open the Save As window: Fig. B-4 Save As dialog box 8. In the File name field, type in the name for the file using the “filename.bat” format. For example: tartray21.bat. NOTE: Be sure that the Save as type field has “All Files”...

  • Page 166: Assign System Tray Logon Script To Administrators

    PPENDICES ECTION PPENDIX Assign System Tray logon script to administrators With the “.bat” file created, the administrator with permis- sions on the LDAP server can now begin to assign the System Tray logon script to as many administrators as needed. 1.
  • Page 167 PPENDICES ECTION PPENDIX Fig. B-5 Properties dialog box, Active Directory Users folder 3. In the Properties dialog box, click the Profile tab to display its contents. 4. In the Login script field, type in the “.bat” filename. For example: tartray21.bat. 5.

  • Page 168: Administrator Usage Of System Tray

    PPENDICES ECTION PPENDIX Administrator usage of System Tray Once the System Tray logon script has been added to the administrator’s profile, when the administrator logs on his/ her workstation, the TAR Alert icon (pictured to the far left in the image below) automatically loads in his/her System Tray: NOTE: The TAR Alert icon will not load in the System Tray if the TAR server is not actively running.

  • Page 169: Status Of The Tar Alert Icon

    PPENDICES ECTION PPENDIX Status of the TAR Alert icon If there are no alerts for any gauges set up by the adminis- trator, the following message displays when mousing over the standard TAR Alert icon: “Connected. No Alerts.” However, if an alert is triggered, the TAR Alert icon changes in appearance from the standard gauge to a yellow gauge (pictured to the far left in the image below): The following message appears briefly above the yellow...

  • Page 170: View System Tray Alert Messages

    PPENDICES ECTION PPENDIX View System Tray alert messages 1. Double-click the TAR Alert notification icon to open the TAR Alert box: Fig. B-6 TAR Alert This box contains the following message: “User (user- name/IP address) has triggered the (Alert Name) alert with a threshold of X (in which “X”...

  • Page 171: Appendix C

    NOTE: As part of the ongoing maintenance procedure for your RAID server, M86 Security recommends that you always have a spare drive and spare power supply on hand.

  • Page 172: Part 1: Hardware Components

    PPENDICES ECTION PPENDIX Part 1: Hardware Components The TAR “H”, “SL”, and “HL” RAID server contains two hard drives, two power supplies, and five sets of dual cooling fans (10 in total). Part 2: Server Interface LED indicators in SL and HL units On an “SL”...
  • Page 173 PPENDICES ECTION PPENDIX LED Indicator Chart Below is a chart of LED indicators in the “SL” and “HL” unit: Color Condition Description Indicator Green Downloading a log No log download detected RAID Green RAID mode enabled and running RAID mode is inactive Check user interface for status of hard drive Green...

  • Page 174: Front Control Panels On H, Sl, And Hl Units

    PPENDICES ECTION PPENDIX Front control panels on H, SL, and HL units Control panel buttons, icons, and LED indicators display on the right side of the front panel. The buttons let you perform a function on the unit, while an LED indicator corresponding to an icon alerts you to the status of that feature on the unit.
  • Page 175 PPENDICES ECTION PPENDIX Overheat/Fan Fail (icon) – This LED is unlit unless the chassis is overheated. A flashing red LED indicates a fan failure. A steady red LED (on and not flashing) indicates an overheating condi- tion, which may be caused by cables obstructing the airflow in the system or the ambient room tem- perature being too warm.

  • Page 176: Rear Panels On H And Hl Units

    PPENDICES ECTION PPENDIX Rear panels on H and HL units UID (LED indicator) – On the rear of the “H” or “HL” chassis, to the left of the power supplies, a steady blue UID LED indi- cator displays when the UID button on the control panel is pressed.

  • Page 177: Part 3: Troubleshooting

    PPENDICES ECTION PPENDIX Part 3: Troubleshooting The text in this section explains how the server alerts the administrator to a failed component, and what to do in the event of a failure. Hard drive failure Step 1: Review the notification email If a hard drive fails, a notification email is sent to the admin- istrator of the server.

  • Page 178: Step 2: Verify The Failed Drive In The Admin Console

    PPENDICES ECTION PPENDIX Step 2: Verify the failed drive in the Admin console The Hardware Detector panel in the Administrator console is accessible via the Administration > Hardware Detector menu selection: Fig. C-1 Hardware Detector panel, failed hard drive detected The Hardware Detector panel displays the current RAID Array Status for the two hard drives (HD 1 and HD 2).

  • Page 179: Step 3: Replace The Failed Hard Drive

    PPENDICES ECTION PPENDIX Step 3: Replace the failed hard drive After verifying the failed hard drive in the Administrator console, go to the server to replace the drive. Press the red release button to release the handle on the carrier, and then extend the handle fully and pull the carrier out towards you.

  • Page 180: Step 4: Rebuild The Hard Drive

    PPENDICES ECTION PPENDIX Step 4: Rebuild the hard drive A. Once the failed hard drive has been replaced, return to the Hardware Detector panel in the Administrator console, and click Rebuild Now to open the Results alert box: Fig. C-2 Hardware Detector panel, initiate Rebuild process The Results alert box displays the following messages if the RAID rebuild proceeds as expected: “RAID rebuild process starting.

  • Page 181: Step 5: Contact Technical Support

    Step 5: Contact Technical Support Contact Technical Support to order a new replacement hard drive and for instructions on returning your failed hard drive to M86 Security. Power supply failure Step 1: Identify the failed power supply The administrator of the server is alerted to a power supply failure on the chassis by an audible alarm and an amber power supply LED—or an unlit LED—on the front and rear...

  • Page 182: Step 3: Replace The Failed Power Supply

    Step 4: Contact Technical Support Contact Technical Support to order a new replacement power supply and for instructions on returning your failed power supply to M86 Security. M86 S ECURITY UIDE...

  • Page 183: Fan Failure

    Technical Support for an RMA (Return Merchandise Authorization) number and for instructions on returning the unit to M86 Security. A steady red LED (on and not flashing) indicates an over- heating condition, which may be caused by cables obstructing the airflow in the system or the ambient room temperature being too warm.

  • Page 184: Glossary

    PPENDICES ECTION PPENDIX Appendix D Glossary This glossary includes definitions for terminology used in this user guide. base group - A user group consisting of end users whose network activities are monitored by the designated group administrator(s). Only the creator of the base group can modify the base group, delegate the base group to another group administrator, or delete the base group.
  • Page 185 Using TCP, applications on networked hosts can create connections to one another, over which streams of data can be exchanged. Traveler - M86 Security’s executable program that down- loads updates to TAR at a scheduled time. UDP - An abbreviation for User Data Protocol, one of the core protocols of the Internet protocol suite.
  • Page 186 PPENDICES ECTION PPENDIX URL - An abbreviation for Uniform Resource Locator, the global address of Web pages and other resources on the Internet. A URL is comprised of two parts. The first part of the address specifies which protocol to use (such as "http"). The second part specifies the IP address or the domain name where the resource is located (such as “203.15.47.23”...

  • Page 187: Index

    NDEX accordion, terminology 4 alert box, terminology 4 alert log in TAR 87 alert messages in TAR 77 backup 127 bandwidth gauge 46 base group definition 174 base group in TAR 22 button, terminology 4 byte score in TAR 48 checkbox, terminology 4 Ctrl key 15 custom category...
  • Page 188 NDEX expand or contract a column in TAR 15 field, terminology 5 Firefox 8 Flash plug-in 8 frame, terminology 5 definition 174 FTP bandwidth gauge 49 gauge restore configuration settings 127 global administrator 2 definition 174 group administrator 2 definition 174 H server 161 hide a gauge 62 HL server 161...
  • Page 189 NDEX IM bandwidth gauge 50 Installation Guide 10 installation prerequisite 9 instant messaging definition 174 Internet Explorer 8 IP group authentication method 152 IPGROUP member type in TAR 21 Java Plug-in 8 Java Virtual Machine 8 Java virtual machine 9 JavaScript 8 LDAP 152 definition 175...
  • Page 190 NDEX Macintosh 8 navigation toolbar in TAR 13 network requirements 9 definition 175 P2P bandwidth gauge 50 panel, terminology 5 peer-to-peer definition 175 pop-up blocking, disable 141 pop-up box/window, terminology 6 Product Warranties section 138 protocol bandwidth gauge 46 definition 175 pull-down menu, terminology 6 radio button, terminology 6 rearrange the gauge display 62...
  • Page 191 NDEX slider, terminology 7 SMTP definition 175 SMTP bandwidth gauge 49 sort records in TAR 16 synchronization definition 175 Master User List update in TAR 109 update device registry in TAR 115 system requirements 8 System Tray 152 tab, terminology 7 definition 175 TCP port in TAR 49 technical support 135...
  • Page 192 NDEX M86 S ECURITY UIDE...

This manual is also suitable for:

M86 threat analysis reporter

Table of Contents