AppRiver SecureSurf Web Protection TM
Product Guide Version 1.1
COPYRIGHT
Copyright © 2009 AppRiver, LLC. All Rights Reserved.
Issued June 2009 / AppRiver™ AppRiver SecureSurf Version 1.1 TM
Contents
About this Document
7
Conventions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .7 Acronyms . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .8
1
Before You Begin
9
About SecureSurf Web Protection Service . . . . . . . . . . Advanced technologies . . . . . . . . . . . . . . . . . . . . How it works . . . . . . . . . . . . . . . . . . . . . . . . . . . Benefits . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Considering the deployment options . . . . . . . . . . . . . . Planning a method of policy administration . . . . . . Planning what traffic to redirect . . . . . . . . . . . . . . Planning an authentication method . . . . . . . . . . . .
2
.. .. .. .. .. .. .. ..
.. .. .. .. .. .. .. ..
.. .. .. .. .. .. .. ..
. . . . . . . .
. . . . . . . .
. . . . . . . .
. . . . . . . .
. . . . . . . .
. . . . . . . .
. . . . . . . .
. . . . . . . .
. . . . . . . .
. . . . . . . .
. . . . . . . .
. . . . . . . .
. . . . . . . .
. . . . . . . .
. . . . . . . .
. . . . . . . .
. . . . . . . .
. . . . . . . .
. . . . . . . .
. . . . . . . .
. . . . . . . .
. . . . . . . .
. . . . . . . .
. . . . . . . .
. . . . . . . .
. . . . . . . .
. . . . . . . .
.. .. .. .. .. .. .. .. .. .. .. .. .. .. ..
... ... ... ... ... ... ... ... ... ... ... ... ... ... ...
.. .. .. .. .. .. .. .. .. .. .. .. .. .. ..
. . . . . . . . . . . . . . .
. . . . . . . . . . . . . . .
. . . . . . . . . . . . . . .
. . . . . . . . . . . . . . .
. . . . . . . . . . . . . . .
. . . . . . . . . . . . . . .
. . . . . . . . . . . . . . .
. . . . . . . . . . . . . . .
. . . . . . . . . . . . . . .
. . . . . . . . . . . . . . .
. . . . . . . . . . . . . . .
. . . . . . . . . . . . . . .
. . . . . . . . . . . . . . .
. . . . . . . . . . . . . . .
. . . . . . . . . . . . . . .
. . . . . . . . . . . . . . .
. . . . . . . . . . . . . . .
. . . . . . . . . . . . . . .
. . . . . . . . . . . . . . .
. . . . . . . . . . . . . . .
. . . . . . . . . . . . . . .
. 17 . 17 . 17 . 19 . 19 . 19 . 20 . 20 . 20 . 20 . 21 . 21 . 23 . 23 . 24
. . . . . . . . . . . . .
. . . . . . . . . . . . .
. . . . . . . . . . . . .
. . . . . . . . . . . . .
. . . . . . . . . . . . .
. . . . . . . . . . . . .
. . . . . . . . . . . . .
. . . . . . . . . . . . .
. . . . . . . . . . . . .
. . . . . . . . . . . . .
. . . . . . . . . . . . .
. . . . . . . . . . . . .
. . . . . . . . . . . . .
. . . . . . . . . . . . .
. . . . . . . . . . . . .
. . . . . . . . . . . . .
. . . . . . . . . . . . .
. . . . . . . . . . . . .
. . . . . . . . . . . . .
. . . . . . . . . . . . .
. . . . . . . . . . . . .
. . . . . . . . . . . . .
. . . . . . . . . . . . .
. . . . . . . . . . . . .
. . . . . . . . . . . . .
. . . . . . . . . . . . .
. . . . . . . . . . . . .
. . . . . . . . . . . . .
. . . . . . . . . . . . .
. 25 . 26 . 27 . 27 . 27 . 28 . 29 . 29 . 30 . 30 . 32 . 32 . 33
... ... ... ... ... ... ... ...
. . . . . . . .
. . . . . . . .
. . . . . . . .
. . . . . . . .
. . . . . . . .
. . . . . . . .
. . . . . . . .
. . . . . . . .
. . . . . . . .
. . . . . . . .
. . . . . . . .
. . . . . . . .
. . . . . . . .
. . . . . . . .
. . . . . . . .
. . . . . . . .
. . . . . . . .
. . . . . . . .
. . . . . . . .
. . . . . . . .
. . . . . . . .
. . . . . . . .
. . . . . . . .
. . . . . . . .
. . . . . . . .
. . . . . . . .
. . . . . . . .
. . . . . . . .
. 35 . 36 . 36 . 37 . 37 . 37 . 38 . 38
25 . . . . . . . . . . . . .
. . . . . . . . . . . . .
. . . . . . . . . . . . .
. . . . . . . . . . . . .
. . . . . . . . . . . . .
. . . . . . . . . . . . .
. . . . . . . . . . . . .
. . . . . . . . . . . . .
. . . . . . . . . . . . .
. . . . . . . . . . . . .
. . . . . . . . . . . . .
. . . . . . . . . . . . .
. . . . . . . . . . . . .
. . . . . . . . . . . . .
. . . . . . . . . . . . .
. . . . . . . . . . . . .
. . . . . . . . . . . . .
. . . . . . . . . . . . .
. . . . . . . . . . . . .
. . . . . . . . . . . . .
Groups, Users, and IP Ranges About groups and users or IP ranges . . . . . . . . . . . . . View groups, users, and IP ranges . . . . . . . . . . . . Navigate on the Users & Groups window . . . . . . . . Managing groups . . . . . . . . . . . . . . . . . . . . . . . . . . . View groups . . . . . . . . . . . . . . . . . . . . . . . . . . . . Add a group . . . . . . . . . . . . . . . . . . . . . . . . . . . . Edit a group . . . . . . . . . . . . . . . . . . . . . . . . . . . . Delete a group . . . . . . . . . . . . . . . . . . . . . . . . . .
SecureSurf Web Protection 1.1 Product Guide
TM
. .9 . .9 . 10 . 10 . 11 . 11 . 12 . 12
17
Policy Manager About policies . . . . . . . . . . . . . . . View policies . . . . . . . . . . . . . Navigate on the Policies window Managing policies . . . . . . . . . . . . Review the default policies . . . . Add a policy . . . . . . . . . . . . . . Edit a policy . . . . . . . . . . . . . . Delete a policy . . . . . . . . . . . . Managing rules . . . . . . . . . . . . . . Add a rule . . . . . . . . . . . . . . . Prioritize a rule . . . . . . . . . . . . Edit a rule . . . . . . . . . . . . . . . Delete a rule . . . . . . . . . . . . .
4
. . . . . . . .
Start-up Deploying SecureSurf Web Protection Service . . . . . . . . . . . . . . Logging in . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Log in the first time . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Log in (general) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Configuring SecureSurf Web Protection Service . . . . . . . . . . . . . Set up your policies . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Set up groups plus users or IP ranges . . . . . . . . . . . . . . . . . Customize your Allow and Block Lists . . . . . . . . . . . . . . . . . Customize your Block and Warn Templates . . . . . . . . . . . . . Redirecting your web traffic . . . . . . . . . . . . . . . . . . . . . . . . . . Redirect by Web Filter Agent . . . . . . . . . . . . . . . . . . . . . . . Redirect by explicit proxy . . . . . . . . . . . . . . . . . . . . . . . . . . Redirect by explicit proxy plus NTLM . . . . . . . . . . . . . . . . . . Redirect by firewall (transparent proxy) . . . . . . . . . . . . . . . Features at a glance . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
3
. . . . . . . .
35 .. .. .. .. .. .. .. ..
.. .. .. .. .. .. .. ..
3
Contents
Managing users . . . . . . . . . . . . . . . . . . . . . View users . . . . . . . . . . . . . . . . . . . . . . Add users . . . . . . . . . . . . . . . . . . . . . . Trigger a password change . . . . . . . . . . Edit a user . . . . . . . . . . . . . . . . . . . . . . Reassign users . . . . . . . . . . . . . . . . . . . Delete users . . . . . . . . . . . . . . . . . . . . . Managing IP ranges . . . . . . . . . . . . . . . . . . View IP ranges . . . . . . . . . . . . . . . . . . . Add an IP range . . . . . . . . . . . . . . . . . . Edit an IP range . . . . . . . . . . . . . . . . . . Reassign multiple IP ranges . . . . . . . . . . Delete IP ranges . . . . . . . . . . . . . . . . . .
5
. . . . . . . . . . . . .
. . . . . . . . . . . . .
. . . . . . . . . . . . .
. . . . . . . . . . . . .
. . . . . . . . . . . . .
. . . . . . . . . . . . .
. . . . . . . . . . . . .
. . . . . . . . . . . . .
. . . . . . . . . . . . .
. . . . . . . . . . . . .
. . . . . . . . . . . . .
. . . . . . . . . . . . .
. . . . . . . . . . . . .
. . . . . . . . . . . . .
. . . . . . . . . . . . .
. . . . . . . . . . . . .
. . . . . . . . . . . . .
. . . . . . . . . . . . .
. . . . . . . . . . . . .
. . . . . . . . . . . . .
. . . . . . . . . . . . .
. . . . . . . . . . . . .
. . . . . . . . . . . . .
. . . . . . . . . . . . .
. . . . . . . . . . . . .
. . . . . . . . . . . . .
. . . . . . . . . . . . .
. . . . . . . . . . . . .
... ... ... ... ... ... ... ... ... ... ... ... ...
. . . . . . . . . . . . .
. . . . . . . . . . . . .
. . . . . . . . . . . . .
. . . . . . . . . . . . .
. 40 . 40 . 40 . 43 . 43 . 44 . 44 . 45 . 45 . 45 . 46 . 47 . 47
. . . . . . . . .
. . . . . . . . .
. . . . . . . . .
. . . . . . . . .
. . . . . . . . .
. . . . . . . . .
. . . . . . . . .
. . . . . . . . .
. . . . . . . . .
. . . . . . . . .
. . . . . . . . .
. . . . . . . . .
. . . . . . . . .
. . . . . . . . .
. . . . . . . . .
. . . . . . . . .
. . . . . . . . .
. . . . . . . . .
. . . . . . . . .
. . . . . . . . .
. . . . . . . . .
. . . . . . . . .
. . . . . . . . .
. . . . . . . . .
. . . . . . . . .
. . . . . . . . .
. . . . . . . . .
. . . . . . . . .
. . . . . . . . .
. . . . . . . . .
. . . . . . . . .
. . . . . . . . .
. . . . . . . . .
. . . . . . . . .
. . . . . . . . .
. . . . . . . . .
. 49 . 49 . 50 . 52 . 52 . 53 . 53 . 53 . 54
49 . . . . . . . . .
. . . . . . . . .
. . . . . . . . .
. . . . . . . . .
. . . . . . . . .
. . . . . . . . .
. . . . . . . . .
. . . . . . . . .
. . . . . . . . .
. . . . . . . . .
. . . . . . . . .
57 .. .. .. .. .. .. ..
. . . . . . .
. . . . . . .
. . . . . . .
. . . . . . .
. . . . . . .
. . . . . . .
. . . . . . .
. . . . . . .
. . . . . . .
. . . . . . .
. . . . . . .
. . . . . . .
. . . . . . .
. . . . . . .
. . . . . . .
. . . . . . .
. . . . . . .
. . . . . . .
. . . . . . .
. . . . . . .
. . . . . . .
. . . . . . .
. . . . . . .
. . . . . . .
. . . . . . .
. . . . . . .
. . . . . . .
. . . . . . .
. . . . . . .
. . . . . . .
. . . . . . .
. . . . . . .
. . . . . . .
. . . . . . .
. . . . . . .
. . . . . . .
. . . . . . .
. . . . . . .
. . . . . . .
. . . . . . .
. . . . . . .
. . . . . . .
. . . . . . .
. . . . . . .
. . . . . . .
. . . . . . .
. . . . . . .
. . . . . . .
. . . . . . .
. . . . . . .
. 57 . 58 . 59 . 59 . 59 . 60 . 60
.. .. .. .. .. .. .. ..
.. .. .. .. .. .. .. ..
. . . . . . . .
. . . . . . . .
. . . . . . . .
. . . . . . . .
. . . . . . . .
. . . . . . . .
. . . . . . . .
. . . . . . . .
. . . . . . . .
. . . . . . . .
. . . . . . . .
. . . . . . . .
. . . . . . . .
. . . . . . . .
. . . . . . . .
. . . . . . . .
. . . . . . . .
. . . . . . . .
. . . . . . . .
. . . . . . . .
. . . . . . . .
. . . . . . . .
. . . . . . . .
. . . . . . . .
. . . . . . . .
. . . . . . . .
. . . . . . . .
. . . . . . . .
. . . . . . . .
. . . . . . . .
. . . . . . . .
. . . . . . . .
. . . . . . . .
. . . . . . . .
. . . . . . . .
. . . . . . . .
. . . . . . . .
. . . . . . . .
. . . . . . . .
. . . . . . . .
. . . . . . . .
. . . . . . . .
. . . . . . . .
. . . . . . . .
. . . . . . . .
. . . . . . . .
. . . . . . . .
. . . . . . . .
. 61 . 62 . 62 . 63 . 63 . 63 . 63 . 65
.. .. .. .. .. .. .. .. .. .. ..
. . . . . . . . . . .
. . . . . . . . . . .
. . . . . . . . . . .
. . . . . . . . . . .
. . . . . . . . . . .
. . . . . . . . . . .
. . . . . . . . . . .
. . . . . . . . . . .
. . . . . . . . . . .
. . . . . . . . . . .
. . . . . . . . . . .
. . . . . . . . . . .
. . . . . . . . . . .
. . . . . . . . . . .
. . . . . . . . . . .
. . . . . . . . . . .
. . . . . . . . . . .
. . . . . . . . . . .
. . . . . . . . . . .
. . . . . . . . . . .
. . . . . . . . . . .
. . . . . . . . . . .
. . . . . . . . . . .
. . . . . . . . . . .
. . . . . . . . . . .
. . . . . . . . . . .
. . . . . . . . . . .
. . . . . . . . . . .
. . . . . . . . . . .
. 69 . 70 . 70 . 71 . 72 . 72 . 72 . 73 . 73 . 73 . 73
61
Administration and Support About administration . . . . . . . . . . . . . . . . . . . . . . . . Managing administrators . . . . . . . . . . . . . . . . . . . . . Differentiate administrator accounts . . . . . . . . . . . Add an administrator . . . . . . . . . . . . . . . . . . . . . . Trigger a password change . . . . . . . . . . . . . . . . . Edit an administrator . . . . . . . . . . . . . . . . . . . . . . Delete an administrator . . . . . . . . . . . . . . . . . . . . Viewing and changing your account information . . . . . View your login information . . . . . . . . . . . . . . . . . Change your password . . . . . . . . . . . . . . . . . . . . Forgot password . . . . . . . . . . . . . . . . . . . . . . . . .
4
. . . . . . . . .
Reports About Reports . . . . . . . . . . . . Available reports . . . . . . . . . . All reports . . . . . . . . . . . . About the Forensic Report . About the Audit Log . . . . . Generating reports . . . . . . . . . All reports except Forensic . Forensic Report . . . . . . . .
8
... ... ... ... ... ... ... ... ... ... ... ... ...
Dashboard About the Dashboard . . . . . . . Viewing the charts . . . . . . . . . Customizing the Dashboard . . Set the time zone . . . . . . . Select the time period . . . . Customize the chart view . . Login and account information .
7
.. .. .. .. .. .. .. .. .. .. .. .. ..
Lists and Templates About the Allow and Block Lists . . . . View the Allow and Block Lists . . Add URLs . . . . . . . . . . . . . . . . . Edit a URL . . . . . . . . . . . . . . . . Delete URLs . . . . . . . . . . . . . . . Using the Block and Warn Templates View the Templates window . . . . Use the existing notices . . . . . . . Customize the notices . . . . . . . .
6
.. .. .. .. .. .. .. .. .. .. .. .. ..
SecureSurf Web Protection 1.1 Product Guide
TM
69 .. .. .. .. .. .. .. .. .. .. ..
.. .. .. .. .. .. .. .. .. .. ..
Contents
About Support . . . . . . . . . . . . . Technical support information Tools . . . . . . . . . . . . . . . . . End user authentication . . . . Documentation . . . . . . . . . .
TM
.. . .. .. ..
SecureSurf Web Protection 1.1 Product Guide
. . . . .
. . . . .
. . . . .
. . . . .
. . . . .
. . . . .
. . . . .
. . . . .
. . . . .
. . . . .
. . . . .
. . . . .
. . . . .
. . . . .
. . . . .
. . . . .
. . . . .
. . . . .
. . . . .
. . . . .
. . . . .
. . . . .
. . . . .
. . . . .
. . . . .
. . . . .
. . . . .
. . . . .
. . . . .
. . . . .
. . . . .
. . . . .
. . . . .
. . . . .
. . . . .
. . . . .
. . . . .
. . . . .
. . . . .
. . . . .
. . . . .
. . . . .
. . . . .
. . . . .
. . . . .
. . . . .
. . . . .
. . . . .
. . . . .
. 74 . 74 . 75 . 76 . 76
5
Contents
6
SecureSurf Web Protection 1.1 Product Guide
TM
About this Document
This Product Guide describes the features and capabilities of SecureSurf Web Protection service, a hosted Web service for organizations of all sizes that need comprehensive web security. TM
This guide is intended for network and security administrators. It assumes familiarity with the Internet, networks, and related terminology. For additional information, see also: • Release Notes and Quick Start – Go to http://securesurf.appriver.com/support and select the appropriate documentation • Knowledge Base – Go to http://support.appriver.com/Main/Default.aspx and select the Knowledgebase link for more information.
Conventions Refer to Table 1 for a list of the text conventions used in this guide. Table 1 Text conventions Convention
Description
Courier bold
Identifies commands and key words you type at a system prompt
Note: A backslash (\) signals a command that does not fit on the same line. Type the command as shown, ignoring the backslash.
Courier italic
Indicates a placeholder for text you type
When enclosed in angle brackets (< >), identifies optional text
nnn.nnn.nnn.nnn
Indicates a placeholder for an IP address you type
Courier plain
Used to show text that appears on a computer screen
Plain text italics
Identifies the names of files and directories Used for emphasis (for example, when introducing a new term)
Plain text bold
Identifies buttons, field names, and tabs that require user interaction
[ ]
Signals conditional or optional text and instructions (for example, instructions that pertain only to a specific configuration)
Caution
Signals be careful—in this situation, you might do something that could result in the loss of data or an unpredictable outcome.
Note
Used for a helpful suggestion or a reference to material not covered elsewhere in the guide
Security Alert
Identifies information that is critical for maintaining product integrity or security
Tip
Indicates time-saving actions; may help you solve a problem
Note: The IP addresses, screen captures, and graphics used within this document are for illustration purposes only. They are not intended to represent a complete or appropriate configuration for your specific needs. Features may be enabled in screen captures to make them clear; however, not all features are appropriate or desirable for your setup.
SecureSurf Web Protection 1.1 Product Guide
TM
7
Acronyms
Acronyms Refer to Table 2 for the acronyms used throughout this document. Table 2 Acronyms
8
Acronym
Description
CSV
comma-separated values
GPO
Group Policy Object
HTML
Hypertext Markup Language
HTTP
Hypertext Transfer Protocol
HTTPS
Hypertext Transfer Protocol over Secure Socket Layer
IP
Internet Protocol
LAN
local area network
ms
milliseconds
NTLM
NT LAN Manager
PAC
proxy automatic configuration
URL
Uniform Resource Locator
VPN
virtual private network
SecureSurf Web Protection 1.1 Product Guide
TM
1
Before You Begin
Contents TM About SecureSurf Web Protection Considering the deployment options
TM
About SecureSurf Web Protection AppRiver’s SecureSurf Web Protection is a subscription-based, hosted Web service for organizations of all TM sizes that need comprehensive Web security. With SecureSurf Web Protection, you can take advantage of AppRiver’s advanced technologies for Web filtering, reputation-based filtering, and anti-malware protection. TM
Advanced technologies Every time users access the Web, active content is delivered to, and executed by, their computers. In this process, users provide information to the Web, creating both inbound (malware) and outbound (data TM leakage) security concerns. SecureSurf Web Protection addresses these concerns by analyzing the intent of all content entering the network and protecting your organization from malicious sites.
Web filtering Select categories of information you want to control in a policy that is customized to meet your organization’s specific needs. By controlling Web access and enforcing your Internet use policy, you can: • Enhance Web security • Enforce your company’s acceptable use policy for Web browsing • Increase productivity • Reduce legal liability • Focus bandwidth on business-related activities
Reputation-based filtering Rely on SecureSurf Web Protection to detect potentially malicious behavior. The SecureSurf Web Database organizes similar types of URLs (Web pages) into groups based on categories and Web reputation: TM
TM
• Categories – Categories are defined using objective standards and definitions. You can select categories when you configure the rules for your organization. • Reputation – SecureSurf determines a reputation score that indicates, in real time, the level of risk you are exposed to when you visit a particular URL. The higher the score, the greater the risk. A summary of the reputation ratings is shown in Table 8 on page 32. TM
Anti-malware protection Take advantage of the SecureSurf anti-malware engine for advanced protection against viruses, Trojans, spyware, and other Web 2.0 threats. The anti-malware engine includes several proactive, intent-based filters that scan the active Web content and determine the intent or predicted behavior. You benefit from network defense against spyware, zero day threats, blended threats, and targeted attacks. TM
SecureSurf Web Protection 1.1 Product Guide
TM
9
Before You Begin TM About SecureSurf Web Protection
How it works During start-up, you configure SecureSurf Web Protection to meet your organization’s needs by selecting methods for policy administration, authentication, and traffic redirection. TM
Once start-up is complete, users can begin browsing. Figure 1 illustrates how SecureSurf acts on user requests.
TM
Web Protection
Figure 1 User requests
When a user requests Web page content, SecureSurf Web Protection takes these actions: TM
1 Redirects the request to the proper SecureSurf
TM
Web Protection Data Center
2 Checks for a valid IP range or user 3 Applies the policies in effect, including the TrustedSource category and reputation 4 Retrieves the Web page content from the Internet (unless already in the cache) 5 Filters the content through the SecureSurf anti-malware engine for evaluation TM
If the request advances through all of these checkpoints, SecureSurf Web Protection passes the Web page TM to the user. If not, SecureSurf Web Protection acts based on your configurations. TM
Benefits With SecureSurf Web Protection, you benefit from: TM
• Real-time threat protection • Rapid deployment • Reduced cost with better performance and scalability over appliance-based offerings • Centralized management, reports, and snapshots that provide insight into your organization’s Web traffic
10
SecureSurf Web Protection 1.1 Product Guide
TM
Before You Begin Considering the deployment options
Considering the deployment options SecureSurf Web Protection offers a variety of options for administering policies, redirecting traffic, and authenticating. Before you begin, it is important to consider these deployment options to determine the best approach for your organization’s needs. TM
Refer to Table 3 for an overview of all the deployment options. Table 3 Deployment options Authentication method
Policy administration IP ranges
Web traffic
Users
HTTP
•
•
HTTPS
Agent-based authentication Redirection by Web Filter Agent
IP authentication Redirection by explicit proxy
•
Redirection by explicit proxy plus NTLM identification
•
Firewall redirection by transparent proxy
•
• •
•
• •
Proxy authentication
•
•
Redirection by explicit proxy
•
•
Firewall redirection by transparent proxy
•
•
Redirection by explicit proxy
•
Cookie authentication
We can separate this table into three main questions that need to be answered in the planning phase: • How do you want to administer policies? • What type of WebWeb traffic do you want to redirect? • How do you want to authenticate? The sections that follow explore all of the deployment options in more detail to help you with the decision process. As you weigh your options, keep in mind that each decision affects the remaining available options.
Step 1 - Planning a method of policy administration Decide how you want to administer your policies. There are two options: • IP ranges • Users Policy administration depends on whether you want to apply one policy to everyone or apply different policies to different groups; see Table 4. Table 4 Policy Administration options Policy administration Apply the same policy to everyone Apply different policies to different groups
SecureSurf Web Protection 1.1 Product Guide
TM
IP ranges
Users
• •
11
Before You Begin Considering the deployment options
Selecting IP ranges If you want to apply the same policy to everyone, IP ranges is the available method. Example: Company 1 has 50 employees. They have no need to differentiate policies for their employees, so the administrator selects IP ranges as the method of policy administration. With this method, you will need to set up a group and specify the IP ranges or addresses. The IP range TM should be small and should include only the actual public IP addresses that SecureSurf Web Protection connections will use. For more information about IP ranges, see Managing IP ranges on page 45.
Selecting users If you want to apply different policies to different groups, users is the available method. Example: School 1 must manage unique staff and student needs, so the administrator selects users as the method of policy administration. With this method, you will need to set up the groups, then set up the users and assign them to a group. For more information about users, see Managing users on page 40.
Step 2 - Planning what traffic to redirect Decide what type of traffic you want to redirect to SecureSurf Web Protection: TM
• HTTP only • HTTP and HTTPS This decision plus the decision you made for policy administration determine your available authentication methods, which are discussed in the next section. See Table 5.
Step 3 - Planning an authentication method The last step in the planning phase is to decide on a method for authenticating and redirecting traffic. Refer to Table 5. Based on your decisions for policy administration and the type of traffic you are redirecting, the table identifies one or more available methods for authenticating and redirecting Web traffic. Table 5 Policy administration, type of traffic, and authentication options Policy administration
Type of traffic
Available authentication methods Web Filter Agent
If you chose IP ranges:
IP
Proxy
Cookie
Explicit
Explicit
Explicit
HTTP only
NTLM Firewall HTTP and HTTPS If you chose users:
HTTP only
Explicit Transparent
NTLM
Firewall HTTP and HTTPS
Explicit
The remainder of this section explains the various authentication methods and options for redirecting traffic.
12
SecureSurf Web Protection 1.1 Product Guide
TM
Before You Begin Considering the deployment options
SecureSurf
TM
Web Protection offers four authentication methods:
• Agent-based authentication • IP authentication • Proxy authentication • Cookie authentication Note: These authentication methods are listed in the order that SecureSurf for them.
TM
Web Protection checks
Each authentication method includes one or more options for redirecting Web traffic. All Web traffic is redirected to http://proxy.securewebbrowsing.com. This host name is globally load balanced; that is, TM SecureSurf Web Protection automatically determines the nearest Data Center and redirects the traffic to that center.
Agent-based authentication Web Filter Agent is a lightweight plug-in that you install directly on a user’s computer. The agent provides TM user information to SecureSurf Web Protection, including the user’s Active Directory identification. The user identification can be an email address or one or more user aliases, but it must be unique within TM your organization. SecureSurf Web Protection uses this information to match the user to the policy. Web Filter Agent authenticates users and redirects traffic transparently. Use this method if you want to administer policies with users and are redirecting only HTTP traffic. Web Filter Agent is an excellent solution for all users, including those who are remote or mobile. Advantages include: • Transparent, per-user authentication • Support for remote and mobile users • Authentication that user cannot uninstall, disable, or bypass • User-based information for reports
IP authentication If you want to administer policies using IP ranges, this is the available method. Traffic redirects according to IP range rules. IP authentication includes an explicit proxy plus NTLM option that allows you to administer policies by user or IP range. With IP authentication, there are three options for redirecting Web traffic: • Redirection by explicit proxy • Redirection by explicit proxy plus NTLM identification • Firewall redirection by transparent proxy
SecureSurf Web Protection 1.1 Product Guide
TM
13
Before You Begin Considering the deployment options
Redirection by explicit proxy With the explicit proxy option, you configure the browser. A PAC file is also an option. Refer to Table 6. Redirection by explicit proxy is an available option for IP, cookie, and proxy authentication. One variable is whether you are administering policies with IP ranges or users. The second variable is that cookie authentication does not include HTTPS support. For IP authentication, use the explicit proxy option if you want to administer policies with IP ranges and are redirecting any combination of HTTP and HTTPS traffic. Table 6 Explicit proxy options Option
Description
Browser configuration
With this method, IP ranges are used to implement enterprise-level policies and IP authentication. You manually add the Data Center address as the proxy server in your browser. Users authenticate with the proxy authentication dialog box. Advantages include:
PAC file
•
IP range option for enterprise-wide authentication and policy
•
Support for all browser-independent, per-user authentication for HTTP and HTTPS traffic
•
HTTPS filtering support
You can also use a PAC file for a proxy mode that allows central administration of the proxy configuration. The configuration is described using JavaScript in a file with .pac as the file TM extension. SecureSurf Web Protection automatically generates the file using your configured settings, and it is always available from http://proxy.securewebbrowsing.com/proxy.pac. The PAC file downloads periodically based on the cache period expiration that is set in the browser. TM The file instructs SecureSurf Web Protection to: •
Bypass all URLs within your intranet (your IP ranges)
•
Ignore any sites that are included in your Allow List; SecureSurf automatically adds your Allow List entries to the PAC file
TM
Web Protection
A PAC file offers two advantages over normal configurations: •
Capability for central administration and updating of network-based PAC files; administrators share files using HTTP, which allows automatic updates
•
Useful solution in complicated environments—PAC files support load balancing and failover
Redirection by explicit proxy plus NTLM identification NTLM is supported by Windows-based hosts, and both Internet Explorer and Mozilla Firefox browsers are supported. With NTLM, you do not need to install software, and there are no passwords to manage. NTLM provides transparent authentication using IP ranges or users. NTLM activates per IP range. Browsers using that range attempt to retrieve the Windows user name, which is used for it for policy enforcement and group assignment. • If the user name (an alias) is configured to a policy, SecureSurf Web Protection uses that policy. TM
• If the user name is unknown, SecureSurf Web Protection uses the policy for the IP range. TM
With this option, you manually add the Data Center address as the proxy server in your browser. Use this method if you are administering policies with IP ranges or users and want to redirect only HTTP traffic. Advantages include: • Policy administration using IP ranges or users • NTLM option for transparent authentication without additional software
14
SecureSurf Web Protection 1.1 Product Guide
TM
Before You Begin Considering the deployment options
Firewall redirection by transparent proxy TM With this option, you configure your firewall to redirect port 80 traffic. SecureSurf Web Protection supports a port forwarding rule with a static IP. Users manually configure their browser for cookies and authenticate using the login page. Firewall redirection by transparent proxy is an available option for the IP authentication and cookie authentication methods. For this discussion of IP authentication, use this method if you want to administer policies using IP ranges and are redirecting only HTTP traffic. Support for HTTPS is limited (port 443 traffic generally cannot be redirected). Advantages include: • Easy implementation—redirect port 80 traffic to SecureSurf Web Protection TM
• IP range option for enterprise-wide authentication and policy
Proxy authentication With proxy authentication, you configure your local Web proxy servers to redirect traffic to the Data Center as an upstream proxy. Users authenticate using the proxy authentication dialog box. Users log in with their email address and a password they establish during initial login. A Reset Password feature is also available. After authentication, users proceed to their home page. Users log in once per day. SecureSurf Web Protection does not request user authentication in the following situations: TM
• If the user does not have a user account on the Users & Groups window • If the user has been on a corporate network or VPN for less than 24 hours and their external IP address has not changed Remote users who are not logged in to the corporate LAN or VPN must configure their browser settings to TM proxy through SecureSurf Web Protection. Tip: You can initiate this action for users by creating a PAC file (page 14) and pushing it to all users.
Redirection is handled by explicit proxy (see Redirection by explicit proxy on page 14). For the proxy authentication method, explicit proxy is the available option. Use this method if you are administering policies at the user level and redirecting any combination of HTTP and HTTPS traffic. The main advantage is that proxy authentication supports HTTP and HTTPS.
Cookie authentication With cookie authentication, you manually configure the browser for cookies, and users authenticate with the login page. Users log in with their email address and a password they establish during the initial login. A Reset Password feature is also available. After authentication, users proceed to their home page. Users log in once per day. SecureSurf Web Protection does not request user authentication in the following situations: TM
• If the user does not have a user account on the Users & Groups window • If the user has been on a corporate network or VPN for less than 24 hours and their external IP address has not changed Remote users that are not logged in to the corporate LAN or VPN must configure their browser settings to TM proxy through SecureSurf Web Protection. Tip: You can initiate this action for users by creating a PAC file (page 14) and pushing it to all users.
SecureSurf
TM
TM
Web Protection supports a port forwarding rule with either a static or dynamic IP.
SecureSurf Web Protection 1.1 Product Guide
15
Before You Begin Considering the deployment options
Cookie authentication includes two options for redirecting Web traffic: • Explicit proxy – see Redirection by explicit proxy on page 14 • Firewall redirection using transparent proxy – see Firewall redirection by transparent proxy on page 15 Use either of these redirection options if you are administering policies at the users level and want to redirect only HTTP traffic. The main advantage is in the options for redirecting traffic.
16
SecureSurf Web Protection 1.1 Product Guide
TM
2
Start-up
Contents TM Deploying SecureSurf Web Protection Logging in Configuring SecureSurf Web Protection TM
Redirecting your Web traffic Features at a glance
Deploying SecureSurf
TM
Web Protection
This chapter explains how to deploy AppRiver’s SecureSurf . The instructions assume you have made decisions for all of the key questions outlined in Considering the deployment options on page 11. TM
Logging in Use the following procedures to log in the first time and for subsequent logins.
Log in the first time When you subscribe to SecureSurf and provide your contact information, the SecureSurf Web Protection Data Center administrator creates your account and sends you an activation email. The email includes a link to the data center that will provide your service (Figure 2). TM
TM
Figure 2 Activation email
Your Data Center
To log in the first time: 1 Open one of the following browsers.
• Internet Explorer 7 (or later) • Firefox version 2 (or later) Note: As an administrator, you must access SecureSurf end users are not limited to these browsers.
SecureSurf
TM
Web Protection 1.1 Product Guide
TM
using one these two browsers; however,
17
Start-up Logging in
2 Open the activation email and click the link. The Set Password window appears (Figure 3). Figure 3 Set Password window
Note: The link in the activation email is active for only 72 hours. If the time period expires, click the link. The Login window appears. Click I forgot my password. The Sending Password Reset Request TM confirmation message appears, and SecureSurf automatically sends a new activation email and link. 3 Complete the following information:
• New Password – Type a new password that meets the requirements listed. • Confirm Password – Type your password again. 4 Click Save. The Password Confirmation window appears (Figure 4). Figure 4 Password Confirmation window
5 Click Close. The Login window appears (Figure 5). Figure 5 Login window
6 Type your email address and password.
18
SecureSurf
TM
Web Protection 1.1 Product Guide
Start-up TM Configuring SecureSurf Web Protection
7 Click Login. The SecureSurf
TM
Web Protection Dashboard appears (Figure 6).
Figure 6 Dashboard
Login (general) After you have logged in for the first time and created your password, follow these steps to access TM SecureSurf Web Protection. 1 Navigate to SecureSurf
TM
Web Protection using the link provided by the Data Center. The login window
appears (Figure 5). 2 Type your email address and password. 3 Click Login. The SecureSurf
TM
Web Protection Dashboard appears (Figure 6).
Configuring SecureSurf Web Protection
TM
This section explains how to set up SecureSurf or configuration activities for:
TM
Web Protection to meet your needs. Setup includes review
• Policies • Groups plus users or IP ranges • Allow and Block Lists • Block and Warn Templates
Set up your policies SecureSurf
TM
includes three default policies:
• Business Policy (enabled) • Minimal Policy • School Policy By default, the Business Policy is enabled. Note: You must have one policy enabled at all times.
SecureSurf
TM
Web Protection 1.1 Product Guide
19
Start-up Redirecting your Web traffic
Begin by reviewing the default policies to determine whether any of them meet your needs. If not, add one or more new policies. 1 Click the Policy Manager tab. The Policy Manager window appears, and the policies appear in the Policies
pane. 2 Click a policy to select it. The rules associated with that policy appear in the Rules pane. 3 [Optional] If you want to add a new policy, follow the instructions in Add a policy on page 29.
Set up groups plus users or IP ranges When your policies are in place, the next step is to set up your groups and add users or IP ranges, depending on the method you chose for administering policies (page 11). Note: If you are redirecting traffic using the explicit proxy plus NTLM option, set up groups plus users and IP ranges. 1 Click the Users & Groups tab. The Users and Groups window appears. 2 Add your groups first; see Add a group on page 37. 3 [Conditional] If you are administering policies with users (applying different policies to different groups),
set up the users; see Add a user on page 40. 4 [Conditional] If you are administering policies with IP ranges (applying the same policy to everyone), set
up the IP ranges; see Add an IP range on page 45.
Customize your Allow and Block Lists [Optional] If you want to add URLs to the Allow List or Block List: 1 Click the Allow & Block Lists tab. The Allow and Block Lists window appears. 2 To add URLs to either list, follow the instructions in Add URLs on page 50.
Customize your Block and Warn Templates [Optional] You can use the default block and warn notices or customize the notices to meet your needs. TM SecureSurf Web Protection provides the templates for your use. To review or change the notices: 1 Click the Templates tab. The Templates window appears showing the default block and warn notices. 2 To customize the notices, follow the instructions in Customize the notices on page 54.
Redirecting your Web traffic In Planning an authentication method on page 12, you decided on a method for redirecting your web traffic TM to the SecureSurf Data Center. This section contains instructions for deploying the various redirection options: • Web Filter Agent • Explicit proxy • Explicit proxy plus NTLM identification • Firewall redirection by transparent proxy
20
SecureSurf
TM
Web Protection 1.1 Product Guide
Start-up Redirecting your Web traffic
Redirect by Web Filter Agent [Conditional] If you are using the Web Filter Agent: 1 Click the Administration tab. The Administration window appears. 2 In the Web Filter Agent pane, click the link in the Client Download field and save the file. 3 Manually install the Web Filter Agent for all users.
Note: You can also create a .zap file and deploy Web Filter Agent using GPO. For instructions, see the Microsoft Knowlege Base article at http://support.microsoft.com/?kbid=231747. a Copy the Web Filter Agent file to the user’s computer. b Double-click webfltragnt_install.exe. The Web Filter Agent installs and begins authenticating and
redirecting the user’s web traffic transparently. You must use a password to remove the Web Filter Agent from a computer. See Uninstall the Web Filter Agent on page 75.
Redirect by explicit proxy If you chose explicit proxy, follow the instructions for redirecting traffic using the browser or a PAC file. Note: With the explicit proxy option, SecureSurf Web Protection automatically generates an email to each new user that contains a link for setting their password. TM
Configure the browser [Conditional] If you are using this method, manually configure the browser by adding the SecureSurf Center as the proxy server.
TM
Data
1 From the browser Proxy Settings window (see Figure 7 for one example), complete the following
information for the type of traffic you are redirecting: • Proxy address – Type http://proxy.securewebbrowsing.com. • Port – Type port 8080. Figure 7 Proxy Settings window (Internet Explorer)
2 In SecureSurf Web Protection, add your internal hosts to the Allow List. TM
a Click the Allow & Block Lists tab. The Allow & Block Lists window appears. b Add each of your internal hosts using the instructions in Add URLs on page 50. 3 To enforce the browser setting, add a firewall rule to block port 80 traffic.
SecureSurf
TM
Web Protection 1.1 Product Guide
21
Start-up Redirecting your Web traffic
Use a PAC file [Conditional] If you are redirecting with a PAC file: 1 In SecureSurf , click the Support tab. TM
2 In the Proxy Automatic Configuration (PAC) section, click the link to download the proxy.pac file. 3 Configure the maximum time the proxy.pac file should remain stored on the client. 4 Distribute the file to all users using one of these options:
• GPO • Manual configuration Distribute using GPO In Active Directory environments, use GPO to automate the PAC file deployment. With this method, push the proxy.pac file from Active Directory to all users in the company (or a selected set of users). To use GPO: 1 Select Start > Run. The Run window appears. 2 Type mmc. The Microsoft Management Console window appears. a Select File > Add/Remove Snap-In....The Add/Remove Snap-in window appears. b From the Standalone tab, click Add. The Add Standalone Snap-in window appears. c
Select Group Policy Object Editor, and click Add. The Select Group Policy Object window appears.
d Click Browse..., and select the GPO object.
Tip: In many cases, the GPO is the Default Domain Policy. e Click Finish > Close > OK. 3 From the Microsoft Management Console window, select the policy and expand it. a Select User Configuration > Windows Settings > Internet Explorer Maintenance > Connection. b In the right pane, right-click Automatic Browser Configuration and select Properties. The Automatic
Browser Configuration window appears. c
Select the checkbox for: • Automatically detect configuration settings • Enable Automatic Configuration
d In the Auto-proxy URL (.JS, .JVS, or .PAC file) field, type the location of the proxy.pac file,
http://proxy.securewebbrowsing.com/proxy.pac. e Click OK. 4 Configure the policy to disable a user’s ability to change the settings locally: a From the Microsoft Management Console window, locate your policy. b Select User Configuration > Administrative Templates > Windows Components > Internet
Explorer. c
In the right pane, enable the following settings: • Disable changing proxy settings • Disable changing Automatic Configuration settings To enable the setting, right-click on the state and select Properties. From the Properties window, select Enabled, then click OK.
22
SecureSurf
TM
Web Protection 1.1 Product Guide
Start-up Redirecting your Web traffic
5 To activate the policy immediately, select Start > Run. From the Run window, type gpupdate /force.
Otherwise, the policy becomes active based on the defined policy application interval. Manually configure the browser Manually configure each browser to use http://proxy.securewebbrowsing.com/proxy.pac, the PAC file. TM SecureSurf will bypass all whitelisted sites.
Redirect by explicit proxy plus NTLM [Conditional] If you are using this method: 1 Click the Users & Groups tab. The Users & Groups window appears. 2 For each group, check the IP ranges pane to make sure the NTLM checkmark appears for each IP range.
Note: NTLM can also be used with a PAC file. See Use a PAC file.
Redirect by firewall (transparent proxy) [Conditional] If you are using this method, create a firewall rule to redirect all port 80 traffic to the TM SecureSurf Data Center at http://proxy.securewebbrowsing.com. Resolve the host name to obtain an IP address. Support for dynamic and static IPs is based on the type of authentication: • IP – If you are using IP authentication (page 13), SecureSurf static IP.
TM
supports a port forwarding rule using a
• Cookie – If you are using cookie authentication (page 15), SecureSurf using either a static or dynamic IP.
TM
Note: With cookie authentication, SecureSurf contains a link for setting their password.
TM
supports a port forwarding rule
automatically generates an email to each new user that
A variety of Application Notes are available documenting firewall configurations. To view them: 1 Visit the Resource Center at www.securecomputing.com/goto/resourcecenter. 2 Select Application Notes > Secure Web Documents.
SecureSurf
TM
Web Protection 1.1 Product Guide
23
Start-up Features at a glance
Features at a glance You should now be successfully filtering your Web traffic and ready to take advantage of all the TM SecureSurf features. When you log in to SecureSurf , the Dashboard appears by default (Figure 6 on page 19). In addition to the Dashboard tab, you’ll see tabs for each functional area. The tabs are generally organized by work flow—that is, you create policies first, then groups and users or IP ranges; see (Figure 8). TM
Figure 8 SecureSurf
TM
Web Protection tabs
The remaining chapters explain each tab in greater detail: • Dashboard – See an overview of your network’s filtered traffic (page 57). • Policy Manager – Create and maintain policies for organization-wide filtering (page 25). • Users & Groups – Manage groups plus user accounts or IP ranges (page 35). • Allow & Block Lists – Create and maintain URLs that are always allowed or blocked (page 49). • Templates – Use the default block and warn notices, or customize the notices to meet your needs (page 53). • Reports – Get a variety of configurable data summaries that help you analyze traffic over time (page 61). • Administration – Manage administrator accounts and passwords, and access the Web Filter Agent and password (page 69). • Support – Access the latest SecureSurf Web Protection documentation, find Technical Support information, and access tools (page 76). TM
24
SecureSurf
TM
Web Protection 1.1 Product Guide
3
Policy Manager
Contents About policies Managing policies Managing rules
About policies To configure and maintain effective policies, it is important to understand how they work. A policy is a collection of rules that defines Internet use standards for your organization. A rule exists within a policy and contains instructions for all groups, users, and IP ranges associated with the policy, including: • What to watch for (such as malware, categories, and reputation) • When to watch for it (for example, 24 hours a day, seven days a week) • What action to take (for example, alert an administrator when the rule triggers) Refer to Figure 9 for an illustration of a policy and its rules. Figure 9 Policy and rules
Typical Business Policy
TM
SecureSurf Web Protection evaluates rules
— Rule 1: Block sites with Malicious Reputation — Rule 2: Allow Business sites — Rule 3: Block Risk/Fraud/Crime sites — Rule 4: Block Gambling sites
Rule 4 triggers
— Rule 5: Block Mature/Violent sites
No other rules are evaluated
— Rule 6: Block Pornography/Nudity sites — Rule 7: Block illegal Drug/tobacco sites
AppRiver’s SecureSurf Web Protection Service evaluates Web content against all enabled policies and acts TM according to the rules for that policy. The rules are organized by priority. SecureSurf Web Protection begins at the top (highest priority), evaluating the web content against each rule until a rule triggers. A rule triggers when the Web content meets all the conditions specified in the rule (for example, reputation, time, day, and category). If multiple categories are specified, the rule triggers when the Web content matches any single category. TM
Once a rule triggers, SecureSurf Web Protection stops evaluating and takes the actions specified for that TM rule. If no rule triggers, SecureSurf Web Protection takes the default action for the policy. TM
You can have multiple policies enabled at the same time, and you can assign the same policy to multiple groups to meet a variety of Web browsing needs.
SecureSurf Web Protection 1.1 Product Guide
TM
25
Policy Manager About policies
View policies Click the Policy Manager tab. The Policy Manager window appears (Figure 10) showing all configured policies for your network. Figure 10 Policy Manager window
From the Policy Manager window, you can view the following information: • Policy name – name of the policy • Description – description of the policy • Action – symbol for the default action assigned to the policy when no rule triggers: Allow Warn Block
• SafeSearch – symbol identifying whether SafeSearch is enabled (for details, see page 28): Enabled Disabled
• Malware – symbol identifying whether Anti-Malware protection is enabled: Enabled Disabled
26
SecureSurf Web Protection 1.1 Product Guide
TM
Policy Manager Managing policies
• Groups – groups assigned to the policy • Rules – number of rules associated with the policy
Navigate on the Policies window Click a policy and it appears highlighted. The rules associated with that policy appear in the Rules pane. Click a rule, and it appears highlighted. Sort the policies by clicking a heading. You can sort using any heading except Groups, Rules, and Tasks. Tasks provide the means for editing and deleting policies and rules (discussed later). Additional actions are available on the Policies and Rules toolbars: • Click the Refresh icon to refresh the window at any time. • Use the New Policy and New Rule links to create a new policy or rule (discussed later). • If you have more than 25 policies or rules, use the page navigation to move between pages of information. The remainder of this chapter explains how to set up and manage policies and rules. Note: Only administrator accounts with an Admin role can configure and manage policies—accounts with a Read-only role do not have access. For more information, see Differentiate administrator accounts on page 70.
Managing policies Begin by reviewing the default policies and setting up new policies as needed. Note: You must have one policy enabled at all times.
Review the default policies SecureSurf
TM
Web Protection provides three policies for your use:
• Business Policy – designed to meet the needs of a typical business; automatically enabled • Minimal Policy – designed to provide a minimum level of protection; default policy Note: AppRiver recommends that you do not delete the Minimal Policy because SecureSurf that policy for some functions.
TM
uses
• School Policy – designed to meet the needs of a typical school See Table 7 for a comparison of the rules associated with these policies. Table 7 Default policy rules Rule
Business
Minimal
School
Block Sites with Malicious Reputation
•
•
•
Allow Business Sites
• •
Allow Education Sites Block Risk/Fraud/Crime Sites
•
•
• •
Block Games/Gambling Sites Block Gambling Sites
•
•
Block Mature/Violent Sites
•
•
•
Block Pornography/Nudity Sites
•
•
• •
Block Drug/Tobacco Sites Block Illegal Drug/Tobacco Sites Block Personal Communication Sites
SecureSurf Web Protection 1.1 Product Guide
TM
•
• •
27
Policy Manager Managing policies
Table 7 Default policy rules (continued) Rule
Business
Minimal
School
Block IT/Security Sites
•
Block Lifestyle/Productivity Sites
•
Block Stock Trading/Purchasing Sites
•
You can edit the default policies and rules, or add new policies to meet your needs.
Add a policy To add a new policy: 1 From the Policies toolbar, click New Policy. The New Policy dialog appears (Figure 11). Figure 11 New Policy dialog
2 Complete the following information: a Policy Name – Type a descriptive name for the policy. b Description – Type a description of the policy. c
Action – Click the drop-down arrow and select an action for the policy—Allow, Warn, or Block. You are
specifying the default action to take when no rule triggers. d Time Zone – Click the drop-down arrow and select the time zone for this policy.
Note: The Dashboard also includes a time zone feature. However, that feature operates independently, and changes to the Policies time zone do not affect the Dashboard time zone. 3 Click Save. The Policies pane refreshes, and the message confirms the policy was saved.
Note: At this point, you have a new policy, but the policy is not enabled until it has at least one rule and one group assigned. See Add a rule on page 30 and Add a group on page 37.
28
SecureSurf Web Protection 1.1 Product Guide
TM
Policy Manager Managing policies
Edit a policy To edit a policy: 1 In the Tasks column, click the Edit icon for the policy. The Edit Policy dialog appears (Figure 12). Figure 12 Edit Policy dialog
2 Make your changes, then click Save. The Policies pane refreshes, and a confirmation message appears.
Delete a policy When you are deleting a policy, consider the following: • One policy must be present at all times. • All groups assigned to the policy must be reassigned. Note: AppRiver recommends that you do not delete the Minimal Policy because SecureSurf policy for some functions. You can delete the other default policies.
TM
uses that
To delete a policy: 1 In the Tasks column, click the Delete icon for the policy you want to delete. 2 If you are deleting a policy that has groups assigned to it, the Delete Policy dialog appears showing the
groups assigned (Figure 13). Figure 13 Delete Policy dialog showing groups assigned
a Click the drop-down arrow, and select another policy to assign the groups to. b Click Delete. The Policies pane refreshes, and the message confirms the policy was deleted. 3 If no groups are assigned to the policy you are deleting, the Delete Policy dialog appears (Figure 14). Figure 14 Delete Policy dialog
SecureSurf Web Protection 1.1 Product Guide
TM
29
Policy Manager Managing rules
Click Delete to delete the policy. The message confirms the policy was deleted.
Managing rules A policy must contain at least one rule, and it can contain multiple rules. Rules are made up of parameters that you configure to meet your needs. There are three types of parameters: • Required – Define these parameters for every rule: • Name • Action • Additional – Define at least one of these parameters for every rule: • Reputation • Category • Optional – Define these parameters as needed: • Alerts • Schedule The following sections explain how to add, edit, and delete rules.
Add a rule To add a rule: 1 Click the policy you want to add a new rule to. 2 On the Rules toolbar, click New Rule. The New Rule dialog appears (Figure 15). Figure 15 New Rule dialog
There are four main sections in the New Rule dialog: • General • Scheduling • Reputation Filtering • Categories
30
SecureSurf Web Protection 1.1 Product Guide
TM
Policy Manager Managing rules
3 In the General section, complete the following information: a Rule name – Type a descriptive name for the rule. b Alerts – [Optional] If you want SecureSurf
to send email alerts to an administrator when the rule triggers, type one or more email addresses using comma separators. TM
c
Action – Click the drop-down arrow to select the action for the rule—Allow, Warn, or Block.
4 [Optional] By default, SecureSurf
applies rules 24 hours a day, seven days a week. Use the Scheduling section to set up a different schedule. TM
a Days – Select the checkbox for each day to apply the rule. Select the All checkbox to select all days. b From / To – Set the start and end time using a 24-hour time designation (for example, type 13:00 for
1:00 p.m.). You can change the time using any of the following methods: • In the Presets field, click the drop-down arrow to select a preset time period. The options include All Day, Lunch Time, 9 to 5, 8 to 6, and Custom. • Highlight the existing time and type a new time (hh:mm). • Use the time navigation icons [ ] to set the time. Click the left and right arrows to toggle between the hours and minutes. Click [+] and [–] to increase or decrease the hours and minutes. 5 [Optional] Reputation filtering is not enabled by default. Use one of the following methods to specify a
reputation class or range. Note: You can set a range that crosses reputation class boundaries. a In the Presets field, click the drop-down arrow to select a reputation class. The options include all the
classes in Table 8 plus three additional options: All, Malicious & Suspicious (combined), and Custom. Table 8 Web reputation scores Reputation class
Reputation score Start range
End range
Trusted
–127
–1
Neutral
0
14
Unverified
15
29
Suspicious
30
49
Malicious
50
127
Once you select a reputation class, the Presets field, the starting range, and the ending range automatically populate with your selection. b To define a custom range, select the start and end score, and type in a new start and end score—you
can also drag the start and end sliders to define a custom range. The Presets field automatically changes to Custom.
SecureSurf Web Protection 1.1 Product Guide
TM
31
Policy Manager Managing rules
6 [Optional] SecureSurf
includes default categories and subcategories of web content that you can select to trigger a rule. All of the categories in a rule are combined with a logical OR condition. For example, if you select the Entertainment/Culture and Games/Gambling categories, then any site with either category triggers the rule. TM
Note: You can add multiple categories to a single rule.
• Click a category name to expand it and view its subcategories. Click the name again to collapse the category. • To include a category and some of its subcategories, select the subcategory checkboxes. The category checkbox appears with a [–], indicating that only some categories are selected. To deselect a subcategory, select the checkbox again. • To include a category and all of its subcategories, select the category checkbox. It appears with a checkmark, indicating that all subcategories are selected. To deselect the category or some subcategories, click the corresponding checkbox. 7 Click Save. The Rules pane refreshes, and the message confirms the rule was added.
Prioritize a rule Rules are logical OR conditions—they are evaluated in the order listed, from top to bottom. If the first rule TM does not trigger, SecureSurf evaluates the next rule, and the process continues until a rule triggers. If a TM rule does not trigger, SecureSurf takes the default action for the policy (see page 28). To change the priority of a rule, click the rule (it will appear highlighted), and drag it up or down.
Edit a rule To edit a rule: 1 In the Tasks column, click the Edit icon for the rule you want to change. The Edit Rule dialog appears
(Figure 16). Figure 16 Edit Rule dialog
2 Make your changes, then click Save. The Rules pane refreshes, and the message confirms the rule was
edited.
32
SecureSurf Web Protection 1.1 Product Guide
TM
Policy Manager Managing rules
Delete a rule To delete a rule: 1 In the Tasks column, click the Delete icon for the rule you want to delete. The Delete Rule dialog appears
(Figure 17). Figure 17 Delete Rule dialog
2 Verify the rule, then click Delete. The Rules pane refreshes, and the message confirms the rule was
deleted.
SecureSurf Web Protection 1.1 Product Guide
TM
33
Policy Manager Managing rules
34
SecureSurf Web Protection 1.1 Product Guide
TM
4
Groups, Users, and IP Ranges
Contents About groups and users or IP ranges Managing groups Managing users Managing IP ranges
About groups and users or IP ranges The groups feature allows you to establish groups of users or IP ranges and apply web usage policies at the group level. Consider the following: • A policy can contain multiple groups. • A group must be assigned to a policy, and only one policy can be assigned. • Each user or IP range must be assigned a group, and only one group can be assigned. Note: AppRiver SecureSurf
TM
provides a default group.
During start-up, you selected a method for administering your policies by means of users or IP ranges. • Users – With this method, you establish groups of users and apply different policies to different groups. • IP ranges – With this method, you establish one or more groups of IP ranges and apply the same policy to everyone. Note: If you are using NTLM authentication, you will set up users and IP ranges.
This chapter explains how to set up and manage groups, users, and IP ranges.
SecureSurf Web Protection 1.1 Product Guide
TM
35
Groups, Users, and IP Ranges About groups and users or IP ranges
View groups, users, and IP ranges Click the Users & Groups tab. The Users & Groups window appears (Figure 18). Figure 18 Users & Groups window
The Users & Groups window contains three panes: • Groups pane • Users pane • IP ranges pane
Navigate on the Users & Groups window Navigating on the Users & Groups window is similar for the Groups, Users, and IP Ranges panes. Select a group first: • To select a single group, select the checkbox for the group. The group appears highlighted, and the users or IP ranges for that group appear in the Users or IP Ranges pane. • To add another group, select the checkbox; the Users and IP Ranges panes refresh to show the users and IP ranges for both groups. • To select all groups, select the checkbox next to the Group Name heading. The Users and IP Ranges panes refresh to show the users and IP ranges for all groups. To select one or more users or IP ranges, select the checkboxes. To deselect a group, user, or IP range, select the checkbox again. Sort groups, users, or IP ranges by clicking a heading. You can sort using any heading except Tasks. Tasks provide the means for editing and deleting groups, users, and IP ranges (discussed later).
36
SecureSurf Web Protection 1.1 Product Guide
TM
Groups, Users, and IP Ranges Managing groups
Additional actions are available on the toolbar for each pane (discussed later). • Click the Refresh icon to refresh the pane at any time. • If you have more than 25 groups, users, or IP ranges, use the page navigation to move between pages of information.
Managing groups Begin by setting up your groups. This section explains how to view, add, edit, and delete groups. Note: SecureSurf provides a default group for your use. AppRiver recommends that you keep the default group because it is used for importing CSV files. TM
View groups The Groups pane (Figure 19) provides information about: • Group Name – name of the group • Description – description of the group • Users – number of users in the group • IP Ranges – number of IP ranges in the group • Policy – name of the policy the group is assigned to Figure 19 Groups pane
Add a group To add a group: 1 From the Groups toolbar, click New Group. The Create a New Group dialog appears (Figure 20). Figure 20 Create a New Group dialog
SecureSurf Web Protection 1.1 Product Guide
TM
37
Groups, Users, and IP Ranges Managing groups
2 Complete the following information: a Group Name – Type a descriptive name for the group. b Description – Type a description for the group. c
Policy – Click the drop-down list to select the policy for this group.
Note: When you assign the first group to a policy, the policy automatically becomes enabled. 3 Click Save. The Groups pane refreshes, and the Group Created message appears.
Edit a group To edit a group: 1 In the Tasks column, click the Edit icon for the group you want to change. The Edit Group dialog appears
(Figure 21). Figure 21 Edit Group dialog
2 Make your changes. 3 Click Save. The Groups pane refreshes, and the Group Updated message appears.
Delete a group Before you delete a group, consider the following: • AppRiver recommends that you keep the default group because it is used for importing CSV files. • One group must be present at all times. • You cannot delete a group that has users or IP ranges assigned to it. To delete a group. 1 In the Groups pane, select the checkbox for the group you want to delete. 2 Check the Users column to determine whether users are assigned to the group. If users are assigned: a In the Users pane, select the checkbox for users who will be reassigned to the same group. b From the Users toolbar, click Set Group. The Set Group for Users dialog appears (Figure 22). Figure 22 Set Group for Users dialog
38
SecureSurf Web Protection 1.1 Product Guide
TM
Groups, Users, and IP Ranges Managing groups
c
Click the drop-down arrow to select a group for these users.
d Click Save. The Users pane refreshes, and the Group set for users message appears. e Repeat these steps to reassign all users to another group. 3 Check the IP Ranges column to determine whether IP ranges are assigned to the group. If IP ranges are
assigned: a In the IP Ranges pane, select the checkbox for IP ranges that will be reassigned to the same group. b From the IP Ranges toolbar, click Set Group. The Set Group for IP Ranges dialog appears (Figure 23). Figure 23 Set Group for IP Ranges dialog
c
Click the drop-down arrow to select a group for these IP ranges.
d Click Save. The IP Ranges pane refreshes, and the Group set for IP ranges message appears. e Repeat these steps to reassign all IP ranges to another group. 4 In the Tasks column on the Groups pane, click the Delete icon for the group you want to delete.
The Delete Group Confirmation dialog appears (Figure 24). Figure 24 Confirmation dialog
5 Click Delete. The Groups pane refreshes, and the Group Deleted message appears.
SecureSurf Web Protection 1.1 Product Guide
TM
39
Groups, Users, and IP Ranges Managing users
Managing users [Conditional] This section applies if you are administering policies with users. If you are administering policies using IP ranges, see Managing IP ranges on page 45. When your groups are established, you are ready to add users. This section includes instructions for viewing, adding, editing, and deleting users; triggering a password change; and reassigning users to a different group.
View users The Users pane (Figure 25) provides information about: • Email – email address for the user (user name) • Aliases – aliases associated with the user Figure 25 Users pane
Add users There are three ways to add users: • Manually add a user • Import users • User Export Agent
Add a user Note: If you are authenticating using NTLM, follow the instructions in Import users on page 41.
To add a single user: 1 Click New. The Create a New User dialog appears (Figure 26). Figure 26 Create a New User dialog
40
SecureSurf Web Protection 1.1 Product Guide
TM
Groups, Users, and IP Ranges Managing users
2 Specify an email address, an alias, or both.
• User Email – Type a globally unique email address for the user (user name). • Aliases – Type one or more company-unique aliases for the user. Note: If you use only an alias, the password field is not enabled. If the user authenticates using the Web Filter Agent, the alias automatically passes (a password is not required).
• Group – Click the drop-down arrow to select a group for the user. 3 Click Save. The pane refreshes, and the User account created message appears.
SecureSurf
TM
automatically sends an email to the user with instructions for establishing a password.
Import users To import multiple users with a CSV file: 1 Create a file, such as a text file. 2 Use one line for each user, and type the information in the following order using a CSV format; refer to
Figure 27. a Group – Type a company-unique group name.
Note: If you do not include a group name, the user is added to the Default Group. If the Default Group does not exist, the user is added to the oldest group. When you sort groups by Group Name, the oldest group appears at the top of the list. b Email address – Type a globally unique email address. The first email address automatically becomes
the user name. c
Alias – All additional email addresses automatically become aliases.
• [Conditional] If you are authenticating using NTLM, type an email address and an alias. Type the alias using the format, [domain]\[alias]; for example, company1.com\tuser. • [Optional] For all authentication methods except NTLM, type one or more company-unique aliases. Note: SecureSurf
TM
ignores any email address or alias that already exists in the system.
Figure 27 CSV file of users
3 From the Groups toolbar, click Upload CSV. The file selection window appears. 4 Navigate to your CSV file, then click Open.
• SecureSurf
TM
creates any new groups needed, assigning each group to the default policy.
Note: The Minimal Policy, included with SecureSurf , is the default policy. AppRiver recommends that you retain the Minimal Policy for this reason. TM
• The users load into the respective groups at the rate of ten users per second, and the Import Complete message appears. • The service automatically generates an email to each new user with instructions for setting a password.
SecureSurf Web Protection 1.1 Product Guide
TM
41
Groups, Users, and IP Ranges Managing users
Use the User Export Agent The User Export Agent retrieves users from Active Directory, transparently collecting group, user, and alias TM information, then uploading it to SecureSurf . SecureSurf
TM
adds users based on the following:
• The agent collects all users, even if they already exist in SecureSurf . TM
• All aliases must be company-unique. • A user can be a member of only one group. • If the group and user are new, the service creates the group and adds the new user. • If a group exists but the user is new, the service adds the new user to the group. • If a group is new but the user exists, the service creates the group and moves the user to that group. • If the group and user exist and have not changed, including any change in alias, the service ignores both. Note: If you do not include a group name, the user is added to the Default Group. If the Default Group does not exist, the user is added to the oldest group. When you sort groups by Group Name, the oldest group appears at the top of the list.
• When a user is deleted from Active Directory, the user is also deleted from SecureSurf the next time you run the script. TM
With the User Export Agent, there is nothing to configure. To use the agent: 1 From the Groups toolbar, click User Export Agent. The File Download window appears. 2 Click Save, and save the file to your desktop. 3 Double-click the export_users.vbs file and follow the prompts to install the agent on a server that is
connected to your Active Directory server. Note: You must have AD Enterprise Administrator access. 4 Run the script to update your users. SecureSurf
TM
saves the file as a CSV file.
See Table 9; the agent retrieves Active Directory information and uploads it to SecureSurf . TM
Table 9 Active Directory information to SecureSurf
TM
Active Directory information
SecureSurf information
TM
Organizational Unit (OU)
Group
Email Address
Email address (user name)
User name
Alias
5 To import the users from the CSV file, follow Step 3 and Step 4 on page 41.
42
SecureSurf Web Protection 1.1 Product Guide
TM
Groups, Users, and IP Ranges Managing users
Trigger a password change To request that a user change their password: 1 In the Tasks column, click the Email User to Change Password icon. The Email User Confirmation dialog
appears (Figure 28). Figure 28 Email User Confirmation dialog
2 Click Continue. SecureSurf
TM
automatically sends an email to the user with a link for establishing their
password. 3 The user clicks the link in the email, and the Set Password window appears (Figure 29). Figure 29 Set Password window
4 The user enters their initial password, confirms the password, and clicks Submit.
Edit a user To edit a user: 1 In the Tasks column, click the Edit icon for the user you want to edit. The Edit User dialog appears
(Figure 30). Figure 30 Edit User dialog
2 Make your changes. 3 Click Save. The pane refreshes, and the User Updated message appears.
SecureSurf Web Protection 1.1 Product Guide
TM
43
Groups, Users, and IP Ranges Managing users
Reassign users To reassign users to a different group: 1 In the Users pane, select the checkbox for each user you want to reassign. 2 From the Users toolbar, click Set Group. The Set Group for Users dialog appears (Figure 31). Figure 31 Set Group for Users dialog
3 Click the drop-down arrow to select another group. 4 Click Save. The Users pane refreshes, and the Group set for users message appears.
Delete users This section explains how to delete one or multiple users.
Delete a single user To delete a user: 1 In the Tasks column, click the Delete icon for the user. The Delete Users dialog appears (Figure 32). Figure 32 Delete Users dialog
2 Verify the user, then click Delete. The Users pane refreshes, and the User Deleted message appears.
Delete multiple users To delete multiple users: 1 Select the checkbox for each user you want to delete. 2 From the Users toolbar, click Delete. The Delete Users dialog appears (Figure 32). 3 Verify the users, then click Delete. The Users pane refreshes, and the User Deleted message appears.
44
SecureSurf Web Protection 1.1 Product Guide
TM
Groups, Users, and IP Ranges Managing IP ranges
Managing IP ranges [Conditional] This section applies if you are administering policies using IP ranges. If you are administering policies with users, see Managing users on page 40. When your groups are established, you are ready to add IP ranges. This section explains how to view, add, edit, and delete IP ranges. You will also find instructions for reassigning IP ranges to a different group.
View IP ranges The IP Ranges pane (Figure 33) provides information about: • Name – name of the IP range • Start IP – starting value for the IP range • End IP – ending value for the IP range • NTLM – whether NTLM is enabled Figure 33 IP Ranges pane
Add an IP range When you are adding an IP range, consider the following: • The IP address must be a valid IP format. • The Start IP address must be lower than the End IP address. • When combined, the Start IP and End IP addresses must represent a range—you cannot use separate IP addresses. • All IP addresses and ranges must be unique. Note: The IP ranges or IP addresses should cover a small range and include only the actual public IP addresses TM that SecureSurf connections will use. This range could be a single IP of the external gateway. If the IP ranges TM overlap with those provided by another customer, SecureSurf will not accept them. The overlap issue must be resolved before your service can be activated. Contact Technical Support to resolve the issue (see Technical support information on page 76).
SecureSurf Web Protection 1.1 Product Guide
TM
45
Groups, Users, and IP Ranges Managing IP ranges
To add an IP range. 1 Click New. The Create New IP Range dialog appears (Figure 34). Figure 34 Create New IP Range dialog
2 Complete the following information:
• Name – Type a descriptive name for the IP range. • Start IP– Type the starting value for the IP range. • End IP– Type the ending value for the IP range. • Request NTLM – [Conditional] If you are using NTLM authentication, select this checkbox. • Group – Click the drop-down arrow to select a group for the IP range. 3 Click Save. The pane refreshes, and the IP Range Created message appears.
Edit an IP range To edit an IP range: 1 From the Tasks column, click the Edit icon for the range you want to edit. The Edit IP Range dialog
appears (Figure 35). Figure 35 Edit IP Range dialog
2 Make your changes. 3 Click Save. The pane refreshes, and the IP Range Updated message appears.
46
SecureSurf Web Protection 1.1 Product Guide
TM
Groups, Users, and IP Ranges Managing IP ranges
Reassign multiple IP ranges If you want to reassign multiple IP ranges to a different group: 1 From the IP Ranges toolbar, click Set Group. The Set Group for IP Ranges dialog appears (Figure 36). Figure 36 Set Group for IP Ranges dialog
2 Click the drop-down arrow to select another group. 3 Click Save. The pane refreshes, and the Group set for IP ranges message appears.
Delete IP ranges This section explains how to delete one or multiple IP ranges.
Delete an IP range To delete a single IP range: 1 In the Tasks column, click the Delete icon for the IP range. The Delete IP Ranges dialog appears
(Figure 37). Figure 37 Delete IP Ranges dialog
2 Verify the IP range, then click Delete. The pane refreshes, and the IP Range Deleted message appears.
Delete multiple IP ranges To delete multiple IP ranges: 1 Select the checkbox for each IP range you want to delete. 2 From the IP Ranges toolbar, click Delete. The Delete IP Ranges dialog appears (Figure 37). 3 Verify the IP ranges, then click Delete. The pane refreshes, and the IP Range Deleted message appears.
SecureSurf Web Protection 1.1 Product Guide
TM
47
Groups, Users, and IP Ranges Managing IP ranges
48
SecureSurf Web Protection 1.1 Product Guide
TM
5
Lists and Templates
Contents About the Allow and Block Lists Using the Block and Warn Templates
About the Allow and Block Lists With AppRiver SecureSurf , you can designate certain Web sites (URLs) that are or are not allowed to send content into your network. TM
• Allow List – URLs in the Allow List are always allowed to communicate. • Block List – URLs in the Block List are never allowed to communicate. Note: The Allow and Block Lists are global and take precedence over all policies—the URLs are allowed or blocked regardless of the policies you define.
This section explains how to view the lists and add, edit, and delete URLs.
View the Allow and Block Lists Click the Allow & Block Lists tab. The lists load, and the Allow & Block Lists window appears (Figure 38). Figure 38 Allow & Block Lists window
SecureSurf Web Protection 1.1 Product Guide
TM
49
Lists and Templates About the Allow and Block Lists
From the Allow & Block Lists window, you can view information about: • URL – URL entry • Category – URL category • Reputation – reputation class associated with the URL • Notes – any notes about the URL Click a URL and it appears highlighted. Sort the URLs by clicking a heading. You can sort using the URL and Notes headings. Tasks provide the means for editing and deleting URLs (discussed later). Additional actions are available on the Allow and Block List toolbars. • Click the Refresh icon to refresh the pane at any time. • If you have more than 25 URLs in either list, use the page navigation to move between pages of information. This section provides instructions for adding or importing URLs, editing URLs, and deleting URLs.
Add URLs When you are adding or importing URLs, consider these guidelines: • You can use wildcards in the URL name. • SecureSurf inserts wildcards before and after each URL entry. See Table 10 for examples of how the wildcards work. TM
Table 10 Wildcard examples Allow or block Domain
Description To allow or block the site with any host, type the domain name. Example: google.com •
•
Entire site
Matches: •
www.google.com/path
•
images.google.com/path
•
google.com/path
•
mail.google.com
Does not match: •
www.mygoogle.com
•
www.google.comtv
To allow or block an entire site, type the site name and do not specify a path. Example: •
•
Section of a site
www.google.com matches: •
www.google.com/ads
•
www.google.com/services
http://example.com/path matches: •
http://www.subdomain.example.com
•
http://example.com/path/to/page.html
To allow or block only a section of a site, type the site name and path. Example: www.google.com/about
Page of a site
To allow or block only a page of a site, type the site name, path, and page. Example: www.google.com/about/info.html
50
SecureSurf Web Protection 1.1 Product Guide
TM
Lists and Templates About the Allow and Block Lists
Add a single URL To add a URL to the Allow or Block List: 1 Click Add URL at the bottom of the Allow List or Block List, whichever list you are adding the URL to.
The New URL dialog appears (Figure 39). Figure 39 New URL dialog
2 In the URL field, complete the following: a Click the drop-down arrow to select a protocol; options include:
• *:// • http:// • https:// b Type the URL. 3 In the Notes field, add any notes. 4 Click Save. The pane refreshes, and the confirmation message appears.
Import URLs To import URLs to the Allow or Block List using a CSV file: 1 Create a file, such as a text file. 2 Type the URLs in CSV format, beginning each entry with one of the following; see Figure 40:
• *:// • http:// • https:// Figure 40 CSV file
3 Click Upload CSV at the bottom of the Allow or Block List, whichever pane you are importing URLs to.
The file selection window appears. 4 Locate and select the CSV file you created. The CSV file loads. The pane refreshes, and the confirmation
message appears.
SecureSurf Web Protection 1.1 Product Guide
TM
51
Lists and Templates About the Allow and Block Lists
Edit a URL For existing URLs, you can change the name and associated notes. The category and reputation data update automatically in real time. To change a URL in the Allow or Block List: 1 In the Tasks column, click the Edit icon for the URL you want to change. The Edit URL dialog appears
(Figure 41). Figure 41 Edit URL dialog
2 Make your changes. 3 Click Submit. The pane refreshes, and the confirmation message appears.
Delete URLs This section explains how to delete a URL and how to delete unintended reputation classes.
Delete a URL To delete a URL in the Allow or Block List: 1 Click the Delete icon for the URL you want to delete. The Delete URL Confirmation dialog appears
(Figure 42). Figure 42 Delete URL Confirmation dialog
2 Verify the URL, then click Continue. The pane refreshes, and the URL Deleted message appears.
Delete reputation classes SecureSurf automatically updates the URL category and reputation data in real time. These updates can change a reputation class, and you may notice a reputation class in the Allow List or Block List that is not intended (for example, a Trusted category in the Block List). TM
Follow these steps to easily update any unintended Allow List or Block List reputation classes. 1 To update the Allow List: a Click Remove Malicious, then click Continue in the confirmation dialog. URLs with a Malicious class
are deleted. b Click Remove Malicious & Suspicious, then click Continue in the confirmation dialog. URLs with a
Malicious & Suspicious class are deleted. 2 To update the Block List, click Remove Trusted, then click Continue in the confirmation dialog. URLs with
a Trusted class are deleted.
52
SecureSurf Web Protection 1.1 Product Guide
TM
Lists and Templates Using the Block and Warn Templates
Using the Block and Warn Templates When a rule triggers, the user receives a block or warn notice. The type of notice depends on the action you configured for the rule. You can use the default block and warn notices or customize the notices to meet your needs. SecureSurf provides templates for your use.
TM
View the Templates window Click the Templates tab. The Templates window appears showing the Block Template and Warn Template (Figure 43). Figure 43 Templates window
Use the existing notices If you want to use the existing block and warn notices, no changes are needed. Users will receive the default notices. • Block notice – If your rule includes an action to Block when triggered, the user will receive the default block notice and cannot proceed to the URL; see Figure 44. Figure 44 Block notice
SecureSurf Web Protection 1.1 Product Guide
TM
53
Lists and Templates Using the Block and Warn Templates
• Warn notice – If your rule includes an action to Warn when triggered, the user will receive the default warn notice, which includes a link allowing the user to proceed to the URL; see Figure 45. Figure 45 Warn notice
Customize the notices If you want to customize the block (including malware block) and warn notices, you can easily change them. Edit the templates directly on the Templates window, or use the HTML Editor.
Edit on the Templates window You can update the templates directly on the Templates window. Each template includes: • Toolbar with editing options; see Figure 46 • Text • Tokens (variables) that automatically populate with the URL and related information; see Table 11 Figure 46 Template toolbar
Token (variable)
Formatting options
Undo Redo
Links
HTML
Save
Table 11 Template tokens (variables) Token
Description
Available in Block Template
Available in Warn Template
%%URL%%
URL of the blocked page
•
•
%%REPSCORE%%
Numeric URL reputation score
•
•
%%REPCLASS%%
URL reputation class, such as malicious or suspicious
•
•
%%CATEGORIES%%
CSV list of categories the URL belongs to
•
•
%%REASON%%
Reason the rule triggered
•
•
%%LINK%%
Hyperlink allowing the user to bypass the warning
•
1 From the Block or Warn Template pane:
• Click in the template to add text. Highlight existing text to edit or delete it. • From the toolbar, click the Tokens icon to add a token. You can use each token multiple times. • From the toolbar, use the formatting options to change the look of the text and tokens. 2 When your changes are complete, click the Save icon on the toolbar.
54
SecureSurf Web Protection 1.1 Product Guide
TM
Lists and Templates Using the Block and Warn Templates
Edit using the HTML editor If you prefer to view and edit the templates using the HTML editor, that option is also available. 1 From the Block or Warn Template toolbar, click HTML. The HTML Source Editor window appears. Figure 47 HTML Source Editor window
2 Add, edit, or delete the text or tokens. 3 When your changes are complete, click Update.
SecureSurf Web Protection 1.1 Product Guide
TM
55
Lists and Templates Using the Block and Warn Templates
56
SecureSurf Web Protection 1.1 Product Guide
TM
6
Dashboard
Contents About the Dashboard Viewing the charts Customizing the Dashboard Login and account information
About the Dashboard The Dashboard appears when you log in to AppRiver SecureSurf Web Protection Service or click the Dashboard tab; see Figure 48. Use the Dashboard for a quick, visual summary of your filtered traffic over a specific time period. TM
Note: SecureSurf
TM
also includes a variety of reports; see Reports on page 61 for more information.
Figure 48 Dashboard
SecureSurf Web Protection 1.1 Product Guide
TM
57
Dashboard Viewing the charts
Viewing the charts From the Dashboard, you can view a variety of charts; see Table 12. The charts refresh each time you visit the page, or you can refresh them manually using the browser. Data appears for the time period you select. Table 12 Dashboard charts Chart
Description
Actions for Web Page Requests
Relative proportion of all allowed, warned, and blocked requests acted on by your policies
Bandwidth Saved from Blocked Web Page Requests (estimate)
Estimated daily bandwidth saved as a result of the requests blocked by your enabled policies
Top Categories by Hits: Daily
Top eight categories by number of connection requests, both allowed and blocked, that passed through your network
Top Categories by Hits: Cumulative
Top eight categories by number of connection requests using both the volume and the actual request dates; use to monitor trends
Total Bandwidth
Total bandwidth in use per day
Total Requests to Malicious and Suspicious Web Pages
Daily number of requests to connections that are known or suspected to be malicious; based on real-time reputation technology
Total Requests to Web Pages with Malware
Total requests to web pages that are known to contain malware
Total Web Page Hits
Total number of web access connections per day, including allowed and blocked requests
Blocked Web Page Requests due to Malicious Reputation and Malware
Number of blocked requests as a result of being directed to Web sites with reputations as senders of malicious content or known to be sending malware
Total Web Page Requests Blocked
Total number of requests blocked per day by your enabled policies
To view specific details in the chart data: 1 Place your cursor over any chart. Crosshairs appear over the chart data. 2 Move the cursor to the area you want data for, and the details appear; see Figure 49. Figure 49 Crosshair selection
58
SecureSurf Web Protection 1.1 Product Guide
TM
Dashboard Customizing the Dashboard
Customizing the Dashboard SecureSurf Web Protection provides each administrator with a custom view of the Dashboard. Customize your view, and it is automatically saved for you. TM
Set the time zone When you log in the first time, set the time zone. In the Time Zone field, click the drop-down arrow and TM select your zone. SecureSurf Web Protection refreshes the chart data to show the days and times for your zone. The selection you make for the Dashboard is also automatically applied to the Reports window. Note: The Edit Policy dialog also includes a time zone feature. However, that feature operates independently, and changes to the Dashboard time zone do not affect the Edit Policy time zone.
Select the time period The default charts show data for the past month, but you can select a different time period; see Figure 50. Figure 50 Time period
Tip: When you first begin using SecureSurf , consider setting a shorter time period, such as a day or week. Later, when more data has accumulated, expand the date range. TM
Use one of the following options to select a time period: • Preset – If you want to use a preset time period, click one of the following: • Yesterday • Past Week • Past 30 Days • Past Year The Start Date and End Date fields populate automatically, and the charts refresh to display data for the period you selected. • Calendar – To specify a custom time period using the calendar: a Click the Calendar icon for the Start Date. The calendar appears.
Click the drop-down arrows to select a month and year, then select the day. The Start Date field populates with the date. b Click the Calendar icon for the End Date, and repeat the process to select a date. The End Date field
populates with the date, and the charts refresh to display data for the period you selected. • Type – To specify a time period by typing the dates, highlight the existing start and end dates, and enter the new dates in mm/dd/yyyy format. The charts refresh to display data for the period you selected.
SecureSurf Web Protection 1.1 Product Guide
TM
59
Dashboard Login and account information
Customize the chart view Show or hide charts, and move their position on the Dashboard to create a custom view that is meaningful to you.
Add a chart To add one or more charts to the Dashboard: 1 Click Add Chart. The Add Charts dialog appears showing the charts that do not currently appear
(Figure 51). Figure 51 Add Charts dialog
2 Click the Add Chart icon for each chart you want to add, then click Close. The Dashboard refreshes.
Move a chart To change the order of a chart on the Dashboard, use the up and down arrows for the chart you want to move (Figure 52). Figure 52 Chart actions
• To move the chart up one position, click the Move Chart Up arrow. • To move the chart down one position, click the Move Chart Down arrow.
Hide a chart To hide a chart so it does not appear on the Dashboard, click [X] for the chart you want to hide; refer to Figure 52. To add the chart to the Dashboard again, follow the steps in Add a chart.
Login and account information At the top of the Dashboard page and all other tab pages, you can view your login information and log out. You can also access the Your Account link. For more information, see Change your password on page 73.
60
SecureSurf Web Protection 1.1 Product Guide
TM
7
Reports
Contents About Reports Available reports Generating reports
About Reports The AppRiver SecureSurf reporting capability gives you the tools you need for viewing and analyzing historical information to help you detect trends and make informed decisions. TM
Click the Reports tab to access the Reports window; see Figure 53. Figure 53 Reports window
From the Reports window, you can view information about: • ID – report number • Name – report name • Data – description of the data reported • Measure – method of measurement • Scope – company, group, user, or IP range • Statistic – quantity reported Click a report and it appears highlighted. Sort the reports by clicking a heading. You can sort using any heading except Tasks. Tasks provide the means for viewing and printing reports.
SecureSurf Web Protection 1.1 Product Guide
TM
61
Reports Available reports
Available reports The Reports page includes a variety of reports you can use to analyze your company’s web traffic.
All reports Refer to Table 13 for a list of all available reports and a description of each. Table 13 SecureSurf reports
TM
Report
Description
Data
ID
Forensic Report
Web browsing details; see About the Forensic Report on page 63
Variety of data and filter options for custom reports
Audit Log
Administrator actions (changes) to TM SecureSurf ; see About the Audit Log on page 63
Object, action, details, user, date, and time
Top Blocked URLs
Top 100 URLs blocked
Count, URL
2
Top Visited URLs
Top 100 URLs visited
Count, URL
3
Top Malware URLs
Top 100 malware URLs blocked
Count, malware name, URL
4
Top Accessed Categories
Top 100 categories accessed
Count, category
Top Blocked Domains
Top 100 domains blocked
Count, domain
22
Top Visited Domains
Top 100 domains visited
Count, domain
23
Top Malware Domains
Top 100 malware domains blocked
Count, malware name, domain
24
Top 10 users with malware blocked
User, count, top URLs
Administrative 1 27
Company
5
User Users by Malware Blocked
6
Users Visited Categories
Top 10 categories visited per user
User, count, top categories
9
Users Blocked Categories
Top 10 categories blocked per user
User, count, top categories
12
Users Visiting Malicious or Suspicious URLs
Top 10 users visiting malicious or suspicious URLs
User, count, top URLs
15
Users Visiting the Most URLs
Top 10 users visiting the most URLs
User, count, top URLs
18
Users Visiting Domains
Top 10 domains visited by users
User, count, top domains
21
Users Visiting the Most Domains
Top 10 users visiting the most domains
User, count, top domains
25
Group Groups by Malware Blocked
Top 10 groups with malware blocked
Group, count, top URLs
Groups Visited Categories
Top 10 categories visited per group
Group, count, top categories
7
Groups Blocked Categories
Top 10 categories blocked per group
Group, count, top categories
13
Groups Visiting Malicious or Suspicious URLs
Top 10 groups visiting malicious or suspicious URLs
Group, count, top URLs
16
Groups Visiting the Most URLs
Top 10 groups visiting the most URLs
Group, count, top URLs
19
Groups Visiting the Most Domains
Top 10 groups visiting the most domains
Group, count, top domains
26
IP ranges by Malware Blocked
Top 10 IP ranges with malware blocked
IP range, count, top URLs
IP ranges Visited Categories
Top 10 categories visited per IP range
IP range, count, top categories
10
IP range 8 11
IP ranges Blocked Categories
Top 10 categories blocked per IP range
IP range, count, top categories
14
IP ranges Visiting Malicious or Suspicious URLs
Top 10 IP ranges visiting malicious or suspicious URLs
IP range, count, top URLs
17
IP ranges Visiting the Most URLs
Top 10 IP ranges visiting the most URLs
IP range, count, top URLs
20
* When you are reviewing category-based reports, remember that a single URL can exist in multiple categories. As a result, the category count is higher than it would be if a URL existed in only one category.
62
SecureSurf Web Protection 1.1 Product Guide
TM
Reports Generating reports
About the Forensic Report The Forensic Report provides information about all web browsing activities at the most detailed level available. This report allows you to select a variety of data and filter options to produce custom reports that meet your needs. See Forensic Report on page 65 for instructions on setting up, viewing, printing, and exporting the Forensic Report. Select the Forensic Report when you want to check specific details about Web browsing events.
About the Audit Log The Audit Log shows all administrator actions (changes) to SecureSurf . The report is sorted by date and time and includes information about: TM
• Object – area affected (for example, group or user) • Action – action taken (for example, add or edit) • Details – details associated with the change (for example,
[email protected] logged in) • User – administrator who took the action • Time – date and time the action was implemented Select the Audit Log when you want to check the details about recent administrator actions.
Generating reports This section explains how to view and print reports.
All reports except Forensic Follow these instructions to view and print all reports except the Forensic Report; see page 65 for information specific to the Forensic Report.
Select the time period Begin by selecting the date range. By default, the reports show data for the past 30 days, but you can select another time period using one of the following options: • Preset – If you want to use a preset time period, click one of the following: • Yesterday • Past Week • Past 30 Days • Past Year The Start Date and End Date fields populate automatically. • Calendar – To specify a custom time period using the calendar: a Click the Calendar icon for the Start Date. The calendar appears.
Click the drop-down arrows to select a month and year, then select the day. The Start Date field populates with the date. b Click the Calendar icon for the End Date, and repeat the process to select a date. The End Date field
populates with the date. • Type – To specify a time period by typing the dates, highlight the existing start and end dates, and type the new dates in mm/dd/yyyy format.
SecureSurf Web Protection 1.1 Product Guide
TM
63
Reports Generating reports
View the report To view a report: 1 In the Tasks column, click the View icon for a report. The report appears highlighted and processes. 2 The report data appears in the bottom pane (Figure 54). Figure 54 View Report feature
Expand/Collapse arrow
Report data
To view additional report data without scrolling, click the Expand/Collapse arrow. The Available Reports pane collapses, allowing more data to appear. To view the available reports, click the arrow again. To refresh the report data, click the View icon again.
Print the report To print a report: 1 In the Tasks column, click the Print icon for the report. The report processes, and your browser displays
the results (Figure 55). Figure 55 Print Report feature
2 Print the report using your browser’s print function.
64
SecureSurf Web Protection 1.1 Product Guide
TM
Reports Generating reports
Forensic Report The Forensic Report provides you with options for creating a custom report. This section explains how to set up, view, print, and export the Forensic Report.
Set up the Forensic Report From the Reports window, click Forensic Report. The Available Reports list collapses, and the Forensic Report appears. Use the toolbar to set up and generate the report; see Figure 56 and Table 14. Figure 56 Forensic Report toolbar
Table 14 toolbar functions
Choose Date
Select a date or date range for the report
Reset
Reload the default report—removes all of the current column selections
Print
Show report data only and print the report; click again to show all window information
Show Columns
View all available columns
Update
Generate the report using the current selections
Settings
View the following: •
Information – User name, report date and time, and rows of data currently displaying
•
Sort – Sort order for the report (for example, Date Descending)
•
Filters – List of filters used to generate the report
(for example, 0–100 of 250)
Export
Export the report to Microsoft Office Excel using a CSV format
Page
Navigate between report pages
1 Click Choose Date to set a time period for the report. The following options appear:
• Today
• Specific Date
• Yesterday
• All Dates Before
• Last 7 Days
• All Dates After
• Month to Date
• Date Range
• Last 30 Days
• Date & Time Range
2 Click a date option. The date field updates with your selection or a calendar appears, allowing you to
specify additional information: • Specific Date, All Dates Before, or All Dates After – Click a date on the calendar, then click Done. • Date Range • On the Start Date calendar, click a beginning date for the report. • On the End Date calendar, click an ending date for the report. • Click Done. • Date & Time Range • On the Start Date calendar, click the beginning date, then type the time (hh:mm) or use the time navigation [ ] to set the time. Click the left and right arrows to toggle between the hours and minutes. Click [+] and [–] to increase or decrease the hours and minutes. • On the End Date calendar, click the ending date, then type the time or use the time navigation to set the time. • Click Done.
SecureSurf Web Protection 1.1 Product Guide
TM
65
Reports Generating reports
3 Click Show Columns to view the available columns of data; see Table 15 for descriptions. Table 15 Data columns Column
Description
Default columns Time
Date and time of each web browsing event
User
User name (email address) or netblock name
Group
Group the user is assigned to
Domain
Domain name of the URL
Action
Symbol for the action taken on the URL—Allow, Warn, or Block
Reputation
Reputation class and score for the URL; see Table 8 on page 32
Upload
Upload bandwidth
Download
Download bandwidth
Categories
Categories associated with the URL
Media Type
Type of media (for example, text/html or application/x-javascript)
URL
Destination URL
Optional columns Browser
Client application used (for example, Mozilla/5.0 or Windows Update Agent)
Server IP
Web server IP address
Client IP
User IP address
Protocol
HTTP or HTTPS
Action Detail
Whether the URL is included in the Allow or Block List
Note: If the URL is included in either list, no category or reputation data appear in the Forensic Report. Alerts
Email addresses that were alerted
Malware
Name of any malware detected
4 Select the checkbox for each column you want to include in the report. Make sure the remaining
checkboxes are deselected. 5 Drag the columns up or down to set the column order. 6 Click Show Columns again to hide the dialog, or click Update to generate an initial report.
66
SecureSurf Web Protection 1.1 Product Guide
TM
Reports Generating reports
Apply filters [Optional] You can set a filter on one or more columns to drill down into the report and retrieve more specific data. Example: If you have a report that contains the Group column but only want data for the Research group, you can use the column filter to specify Research. To use the filters: 1 Click on the column heading. The filter pane appears. 2 Set up the filter. You can use a logical AND to set multiple filters on a single column or across columns.
(The logical OR is not available.) The filter options vary by column and include: • Format – Click the drop-down arrow to select the column format (such as icon or text). • Filter – Select a measurement (such as equal to, has, or has not), then type the value. • Sort – Click the drop-down arrow and select a sort order for the report (none, ascending, or descending). Note: Only one sort is allowed across columns. For example, if you set up the sort option on the Domain column, the report will sort in ascending or descending order by Domain. If you set up TM the sort option on the Domain column and set it again for the Reputation column, SecureSurf will sort the report based on your last selection. 3 Click Close.
View the Forensic Report To view the Forensic Report: 1 Click Update. The Loading message appears, and the report loads. Use the page function on the toolbar
to navigate from one page to another. 2 [Optional] To view the report settings (see Table 14 on page 65 for descriptions): a Click Settings on the toolbar. The Settings pane appears. b Click Settings again to close the pane. 3 [Optional] To make changes in the report: a Use the toolbar to change the date or the data columns. b Use the column filter options to add or change a filter. c
Click Update to generate a new report.
To view all available reports, click the Expand/Collapse arrow (see Figure 54 on page 64). Click the arrow again to view only the Forensic Report.
Print the Forensic Report To print the report: 1 Click the Print icon. The top banner hides, and the Print window appears. 2 Set any print options or preferences, then click Print.
SecureSurf Web Protection 1.1 Product Guide
TM
67
Reports Generating reports
Export the Forensic Report You can export the Forensic Report to Microsoft Office Excel. Note: SecureSurf exports up to 10,000 rows of data. If the data exceeds 10,000 rows, a message appears that only the first 10,000 rows were exported. TM
1 After you generate the report, click Export on the toolbar. The report regenerates using CSV format, and
the File Download window appears. 2 Click Open. The Verifying window appears and Microsoft Office Excel opens with your data. 3 Set up the spreadsheet to meet your needs and save the file.
68
SecureSurf Web Protection 1.1 Product Guide
TM
8
Administration and Support
Contents About administration Managing administrators Viewing and changing your account information Accessing the Web Filter Agent About Support
About administration Click the Administration tab. The Administration window opens (Figure 57). From this window, you can: • Manage administrator accounts • Access the Web Filter Agent link and password Figure 57 Administration window
SecureSurf Web Protection 1.1 Product Guide
TM
69
Administration and Support Managing administrators
Managing administrators From the Administrator Accounts pane, you can view the following information: • Email – administrator’s email address (user name) • Role – administrator’s role • Last Login – date and time of the administrator’s last login Click to select an administrator; the account appears highlighted. Sort the administrators by clicking a heading. You can sort using any heading except Tasks. Tasks provide the means for triggering a password change, editing, and deleting administrators (discussed later). Additional actions are available from the Administrator Accounts toolbar. • Click the Refresh icon to refresh the pane. • Use the New Administrator link to add an administrator (explained later). • If you have more than 25 administrators, use the page navigation to move between pages of information.
Differentiate administrator accounts There are two types of administrator accounts: • Admin • Read-Only Table 16 lists the permissions for each type of account. Table 16 Administrator account permissions Access by tab
Admin
Read-Only
Dashboard
•
Policy Manager
•
Limited viewing
•
Users & Groups
•
View only
Allow & Block Lists
•
View only
Templates
•
View only
Reports
•
•
Administration
•
Limited to changing their password
Support
•
•
Admin accounts Admin accounts have full access to all SecureSurf Web Protection features. Administrators with this type of account can: TM
• View Dashboard summaries • Create and manage policies and rules for the company • Manage groups, users, IP ranges, and administrator accounts • Manage the Allow and Block Lists • Change the Block and Warn Templates • Generate reports
70
SecureSurf Web Protection 1.1 Product Guide
TM
Administration and Support Managing administrators
Read-only accounts Read-only accounts can access all tabs but have limited viewing on some. Administrators with this type of account can: • Monitor the filtered traffic, including: • View Dashboard charts • Generate reports • View limited Policy Manager information • View the Users & Groups, Allow & Block Lists, and Templates windows • Change their password Read-only accounts cannot manage policies and rules, groups, users and IP ranges, or administrator accounts.
Add an administrator To add an administrator: 1 From the Administrator Accounts toolbar, click New Administrator. The New Administrator dialog
appears (Figure 58). Figure 58 New Administrator dialog
2 Complete the following information: a Email – Enter the administrator’s email address (user name). b Role – Click the drop-down arrow and select the role—Admin or Read Only (see Differentiate
administrator accounts on page 70). 3 Click Save. The Administrator Accounts pane refreshes, and a message appears confirming the new
administrator account. SecureSurf Web Protection automatically emails the administrator with instructions for establishing a password. TM
SecureSurf Web Protection 1.1 Product Guide
TM
71
Administration and Support Managing administrators
Trigger a password change To request that an administrator change their password: 1 In the Tasks column, click the Email User to Change Password icon. The Email User dialog appears
(Figure 59). Figure 59 Email User dialog
2 Click Continue. SecureSurf
TM
automatically sends an email to the administrator with a link for establishing
their password. 3 The administrator clicks the link in the email, and the Change Password window appears. 4 The administrator changes their password using the instructions in Change your password on page 73.
Edit an administrator To edit an administrator: 1 From the Tasks column, click the Edit icon for the administrator you want to change. The Edit
Administrator dialog appears (Figure 60). Figure 60 Edit Administrator dialog
2 Make your changes. 3 Click Save. The Administrator Accounts pane refreshes, and the Admin User Updated message appears.
Delete an administrator To delete an administrator: 1 From the Tasks column, click the Delete icon for the administrator you want to delete. The Delete
Administrator Confirmation dialog appears (Figure 61). Figure 61 Delete Administrator Confirmation dialog
2 Click Continue. The Administrator Accounts pane updates, and the User Deleted message appears.
72
SecureSurf Web Protection 1.1 Product Guide
TM
Administration and Support Viewing and changing your account information
Viewing and changing your account information At the top of the Dashboard page and all other tab pages, you can view your login information, log out, and access a link for changing your password.
View your login information Your company and login name appear at the top of each main page. Click Log Out to log out of SecureSurf . TM
Change your password To change your password: 1 Click Your Account. The Change Password window appears (Figure 62). Figure 62 Change Password window
2 Complete the following information: a Old Password – Type your existing password. b New Password – Type the new password you want to use. The password must meet the following
requirements: • Contain at least one number • Contain at least one upper-case letter • Contain at least one lower-case letter • Be at least six characters long c
Confirm Password – Type the new password again.
3 Click Save. Your password is changed.
Forgot password If you do not remember your password: 1 From the main login window, click I forgot my password. The Sending Password Reset Request
confirmation message appears, and SecureSurf Web Protection automatically sends you an email. TM
2 Open the email and click the link. The Set Password window appears. 3 Type your new password, re-enter the password to confirm it, and click Save. 4 Log in using your email address and new password.
SecureSurf Web Protection 1.1 Product Guide
TM
73
Administration and Support About Support
About Support Click the Support tab. The Support window appears (Figure 63). Figure 63 Support window
From the Support window, you can: • Access the latest SecureSurf
TM
documentation
• Find technical support information • Access tools such as the PAC file or proxy test
Technical support information This section explains Technical Support services and provides helpful links for: • Knowledge Base – http://support.appriver.com/Main/Default.aspx • URL category check – www.trustedsource.org/urlcheck
74
SecureSurf Web Protection 1.1 Product Guide
TM
Administration and Support About Support
Tools The Tools section includes: • PAC file download • Proxy Test
Download the PAC file PAC—one of the deployment methods available for SecureSurf (page 14)—is a proxy mode where the proxy configuration is described in a file using JavaScript, called a PAC file. The file name contains a .pac file extension. TM
SecureSurf automatically generates the PAC file using your configured settings, and it is always available from http://proxy.securewebbrowsing.com/proxy.pac. In addition, your configured Allow List entries are automatically added to the PAC file and are exempt from being sent through the proxy. TM
You can control the duration for when the PAC file will update to all user browsers.
Run the Proxy Test You can run a proxy test to check the performance of your proxy configuration. This test measures the TM difference in time between accessing a control site directly and accessing it through the SecureSurf proxy. To run the test, click Run Proxy Test. The test runs three times. SecureSurf presents the results from fastest to slowest. The average time in milliseconds (ms) is highlighted, and your recommended result is shown at the bottom of the results. See Figure 64 and Table 17. TM
Figure 64 Proxy Test results
Table 17 Results descriptions Color
Response
Difference (ms)
Green
Optimal
< 100 ms
Yellow
Acceptable
101–1000 ms
Red
Contact Technical Support
> 1000 ms
SecureSurf Web Protection 1.1 Product Guide
TM
75
Administration and Support About Support
End user authentication When SecureSurf authenticates end users, the information maps from: TM
• Machine to end user • End user to group • Group to policy You can take advantage of this information when supporting end user machines. Navigate to http://whoami.securewebbrowsing.com. • [Conditional] If the end user is browsing through SecureSurf Web Protection, the Authentication Information Page appears; see Figure 65 and Table 18. TM
Figure 65 Authentication Information page
Table 18 Authentication information fields Field
Description
IP Address
External IP address
Company
Unique company identification number (also available from the Administration tab; see the Web Filter Agent pane)
Group
Group identification number (used internally within SecureSurf
User
Web Protection)
TM
Includes:
Policy
•
Email address (user name) or IP range associated with the user
•
User identification number (used internally within SecureSurf
TM
Web Protection)
Policy identification number (used internally within SecureSurf ) Web Protection TM
• [Conditional] If you are not browsing through SecureSurf Web Protection, a message appears notifying you that the browser is not using the service. TM
Documentation You can access the latest SecureSurf
TM
• Quick Start • Product Guide • Release Notes
76
SecureSurf Web Protection 1.1 Product Guide
TM
Web Protection documentation from the Support window, including:
version 1.1