USER’S GUIDEWebwasher SSL ScannerVersion 6.5www.securecomputing.com
Introductiondefaultis selected in the line below Policy, which means that the settingsyou are going to configure now will be valid under your default
Common3.6.1Generic Header FilterThe Generic Header Filter tab looks like this:There is one section on this tab:• Header Filter ListIt is described in
CommonHeader Filter ListThe Header Filter List section looks like this:Using this section, you can configure the Generic Header Filter to delete head-
Common3.7Generic Body FilterThe Generic Body Filter options are invoked by clicking on the correspondingbutton under Common:If you want to enable any
Common3.7.1Generic Body FilterThe Generic Body Filter tab looks like this:There is this section on this tab:• Body Filter ListIt is described in the f
CommonBody Filter ListThe Body Filter List section looks like this:Using this section, you can configure the Generic Body Filter blocking andother act
CommonSo, to block, e. g. all HTML pages encoded as UTF-16 you can configure arule like the following:0-128 Contains I"<\00h\00t\00m\00l\00&qu
Common3.8.1SettingsThe Settings tab looks like this:There are six sections on this tab:• Link Filter• Dimension Filter• Popup Filter• Script Filter• A
Common• Advertising Filter SettingsThey are described in the following.Link FilterThe Link Filter section looks like this:Using this section, you can
Common
Common— Text linksEnables or disables the filtering of text links.A text link is the grouping of linked text that, when clicked on, takesyou to anothe
Introduction3. Make settings effectiv eClick on the Apply Changes button:This completes the sample configuration.1.3.3General Features of the Web Inte
CommonTheir meaning is as follows:— ImagesEnables or disables the filtering of images.— AppletsEnables or disables the filtering of Java applets.These
CommonUse the following checkbox to configure the additional setting:• Also disable manually opened windo wsIf this option is enabled, pop-ups will no
Common• Prevent modification of the browser’s status barIf this option is enabled, the filter will prevent the status bar of the browserfrom being mod
CommonAdvertising Filter SettingsThe Advertising Filter Settings section looks like this:Using this section, you can configure settings that will appl
CommonThen check the radio buttons below to further specify the exclusion:— the same pathEnable this option to exclude objects within the s ame place
CommonLink Filter ListThe Link Filter List section looks like this:Using this section, you can add URLs to the Link Filter List and edit them.To do th
Common— do not filterEnable this option to exclude the URL you entered above from filtering.— Add to Li n k Filter ListAfter specifying the informatio
Common3.8.3Dimension Filter ListThe Dimension Filter List tab looks like this:There is this one section on this tab:• Dimension Filter ListIt is descr
CommonDimension Filter ListThe Dimension Filter List section looks like this:Using this section, you can add dimension settings to the Dimension Filte
Common— Add to Dimension Filter ListAfter specifying the dimensions settings in the w ay described above,click on this button to add them to the list.
IntroductionClicking on this arrow will display a button, which you can use to apply changesto all policies.After clicking on this button, your modifi
Common3.9Privacy FiltersThe Privacy Filters options are invoked by clicking on the corresponding but-ton under Common:If you want to enable any of the
Common3.9.1SettingsThe Settings tab looks like this:There are four sections on this tab:• Web Bug Filter• Referer Filter• Prefix Filter• Cookie F ilte
CommonUsing this section, you can configure a filter to eliminate Web bugs.These are also known as clear GIFs or Web beacons. They are are usually1 pi
CommonIt leaves the referer unaffected if you the user moves through the sameor subsequent path.This option may be enabled if user movement should be
CommonCookie FilterThe Cookie Filter section looks like this:Using this section, you can configure a filter to block bad cookies.You can set the life
Common• Neutral cookies expire afterUse the radio buttons and input fields provided here in the following way:— a time period of . . . h . . . minMake
Common3.9.2Cookie Filter ListThe Cookie Filter List tab looks like this:There is one section on the tab:• Cookie Filte r ListIt is described in the fo
CommonCookie Filter ListThe Cookie Filter List section looks like this:Using this section, you can add entries to the Cookie Filter List and edit them
CommonThe Cookie Filter List is displayed at the bottom of this section.To display only a particular number of list entries at a time, type this numbe
CommonTo do this, select a policy from the drop-down list labeled Policy, which is lo-cated above the Media Type Filters button:The options are arrang
IntroductionThe click history is only recorded for the current session, i. e. until you log out.After logging in for a new session, the recording of t
CommonText CategorizationThe Text Categorization section looks like this:Using the text categorization filter you can specify single keywords and comb
Common3.10.2Categorization ListThe Categorization List tab looks like this:There is one section on this tab:• Text Catego rization ListIt is described
CommonText Categorization ListThe Text Categorization List section looks like this:Using the text categorization filter you can specify single keyword
CommonIn the input fields, enter the words or word combinations you want tofilter, e. g. Bahamas, Maledives, work tosetuparulelikethefol-lowing:Bahama
CommonUse the following items to perform other activities relating to the list:• FilterType a filter expression in this input field and enter it using
Common3.11.1HTTP Method Filter ListThe HTTP Method Filter List tab looks like this:There is one section on this tab:• HTTP Me thod Filter ListIt is de
CommonHTTP Method Filter ListThe HTTP Method Filter List section looks like this:Using this section, you can configure rules for assigning actions to
Common— CategoryFrom this drop-down list, select a URL filtering category you want toassign to the HTTP method. Setting this category is also optional
CommonUse the following items to perform other activities relating to the list:• FilterType a filtering term in the input field of the URL or Descript
CommonThese are policy-dependent options, i. e. they are configured for a particularpolicy. When you are configuring these options, you need to specif
IntroductionSearchA Search input field and button are located in the top right corner of the Webinterface area.Using these, you can start keyword quer
CommonFTP Command Filter ListThe FTP Command Filter List section looks like this:Using this section, you can configure rules for assigning actions to
CommonTo add a rule to the list, use the area labeled:• Add ruleUse the following items to configure the rule:— Command category
CommonThe FTP Command Filter List is displayed at the bottom of the section. Youcan edit list entries, change their order or delete them.To display on
Common3.13Welcome PageThe Welcome Page options are invoked by clicking on the correspondingbutton under Common:If you want to enable any of these opti
Common3.13.1Welcome PageThe Welcome Page tab looks like this:There are three sections on this tab:• Welcome Page Options• Manipulate User History• Upl
CommonUse the following items to configure the Welcome Page options:• Show once a day at . . .To let the Welcome Page appear only once a day, make sur
Common• Show againClick on this button to let the Welcome Page appear again for this user. Thismeans that the page is displayed not only once, but als
CommonUse the following items to handle the upload of a Welcome Page:• FilenameIn this input field, enter the name of the file you want to upload. Typ
Common3.14White ListThe White List options are invoked by clicking on the corresponding buttonunder Common:These are policy-dependent options, i. e. t
Common3.14.1White ListThe White List tab looks like this:There is one section on this tab:• White ListIt is described in the following.3–79
IntroductionAfter modifying the interval specified there, click on Apply Changes to makethe modification effective.When a session has timed out, the f
CommonWhite ListThe White List section l ooks like this:Using this section, you can add an object to the White List and exclude it fromthe application
CommonTo add an object to the white list, use the area labeled:• Add new entrySelect String or International Domain Name from the first of the drop-do
CommonTo sort the list in ascending or descending order, c lick on the symbol next tothe Media Type or Description column heading.To edit an entry, ty
Common3.15User Defined CategoriesThe User Defined Categories options are invoked by clicking on the corre-sponding button under Common:The options are
CommonUser Defined CategoriesThe User Defined Categories section l ooks like this:Using this section, you can configure your own categories for URL cl
Common• Category 1 to Category nIn the input fields provided here, enter the category names you want to useand the abbreviated formats of these names.
Common3.16.1Media Type CatalogThe Media Type Catalog tab l ooks like this:There is one section on this tab:• Media Type CatalogIt is described in the
CommonMedia Type CatalogThe Media Type Catalog section looks like this:Using this section, you can add a m edia type to the Media Type Catalog.A media
CommonThe media type tells the application that receives the data what kind of appli-cation is needed to process the content, e. g. Real Audio is to p
Common— Magic BytesIn the input fields provided here, enter up to five magic byte sequencesand their offsets to identify a media type:OffsetIn the inp
IntroductionThe following is provided in this section for the Webwasher Web G ateway Se-curity products:• An overview of the documents on the main pro
Chapter 4SSL ScannerThe features that are described in this chapter are accessible over the SSLScanner tab of the Web interface:These features allow y
SSL Scanner4.1OverviewThe following overview shows the sections that are in this chapter:User’s Guide – Webwasher SSL Scan nerIntroductionHomeCommonOv
SSL ScannerBefore this is done, however, the following subsection provides some generalinformation on this quick snapshot feature.Handling the Quick S
SSL Scanner4.2.1Quick SnapshotThe Quick Snapshot tab looks like this:There is one section on this tab:• Certificate Verification OverviewIt is describ
SSL Scanner• Wildcard MatchA wildcard name has been used in a certificate for a host, which matchesthe host name provided by the URL.Whenever a verifi
SSL ScannerTo do this, select a policy from the drop-down list labeled Policy, which is lo-cated above the Certificate Verification button:The options
SSL ScannerFurthermore, there is this section on the tab:• Certificate VerificationIt is described in the following.Certificate VerificationThe Certif
SSL ScannerIf the Common Name in a certificate is, e. g. abcde.com, but the Webserver’sURLisinfactwww.abcde.com, no match is achieved.• Wildcard match
SSL ScannerTo do this, select a policy from the drop-down list labeled Policy, which is lo-cated above the Certificate Verification button:The options
Introduction1.4.2Documentation on Special ProductsThis section introduces the user documentation on the Webwasher Web Gate-way Security products for s
SSL ScannerTunneling by CategoryThe Tunneling by Category section looks like this:Using this section, you c an configure tunneling for particular URL
SSL Scanner— Bypass SSL ScannerThe SSL Scanner is bypassed completely, i. e. no activities whatso-ever are performed.Client Certificate HandlingThe Cl
SSL Scanner• Verify server certificate, but do not decrypt sessionEnable this option, to have the s erver certificate checked by the verificationproce
SSL Scanner4.5Certificate ListThe Certificate L ist options are invoked by clicking on the corresponding but-ton under SSL Scanner:If you want to enab
SSL Scanner4.5.1Certificate ListThe Certificate List tab looks like this:There is one section on this tab:• Certificate ListIt is described in the fol
SSL ScannerTo add an exception to the list, use the area labeled:• Add new exceptionIn the input field provided here, enter the exception you want to
SSL Scanner— by hostEnabling the by host method means that the host is checked without acertificate being included in the verification process. If the
SSL ScannerIf the number of entries is higher than this number, the remaining entries areshown on successive pages. A page indicator is then displayed
SSL Scanner4.6.1Trusted Certificate AuthoritiesThe Trusted Certificate Authorities tab looks like this:At the top of this tab, there is the Known Cert
SSL ScannerUsing this section, you can configure actions for content with certificates issuedby known Certificate Authorities (CAs) that are either tr
Introduction1.5The Webwasher Web Gateway Security P roductsThe Webwasher Web Gateway Security products provide an optimal solutionfor all your needs i
SSL ScannerTrusted Certificate AuthoritiesThe Trusted Certificate Authorities section looks like this:This section provides the list of Trusted Certif
SSL ScannerTo make the addition valid for all policies, mark the checkbox labeled Addto all policies before proceeding any further.Then click on eithe
SSL Scanner4.7Global Certificate ListThe Global Certificate List options are invoked by clicking on the corre-sponding button under SSL Scanner:If you
SSL ScannerThere is one section on this tab:• Global Certificate ListIt is described in the following.Global Certificate ListThe Global Certificate Li
SSL ScannerFor the meaning of these actions, see the following table:by certificate by hostAllow Theexceptionisallowed. not availableBlock The excepti
SSL ScannerFor the meaning of these actions, see the description of the by cer-tificate method above.A message will then be displayed, stating if the
SSL Scanner4.8Global Trusted Certificate AuthoritiesThe Global Trusted Certificate Authorities options are invoked by clickingon the corresponding but
SSL ScannerTrusted Certificate AuthoritiesThe Trusted Certificate Authorities section looks like this:This section provides the global list of Trusted
SSL ScannerIf the number of entries is higher than this number, the remaining entries areshown on successive pages. A page indicator is then displayed
SSL ScannerThey are described in the upcoming section:• Incident Manager, see 4.9.14.9.1Incident ManagerThe Incident Manager tablookslikethis:There is
IntroductionThese two products have their own user interfaces, which are described in thecorresponding documents:Webwasher®ContentReporterFeatures a l
SSL ScannerUsing this section, you can inspect and manage incidents relating to SSL-en-crypted communication.The Incident Manager enables you to retri
SSL ScannerA list entry consists of the following fields:• Host - URL that caused the incident.Incidents can be added to the certificate lists either
Part Number: 86-0946643-AAll Rights Reserved, Published and Printed in G erma ny©2007 Secure Computing Corporation. This document may not, in whole or
Chapter 2HomeThe features that are described in this chapter are accessible over the Hometab of the Web interface:These are basic features that are co
Home2.1OverviewThe following overview shows the sections that are in this chapter:User’s Guide – Webwasher SSL Scan nerIntroductionHome Overview –this
HomeThe dashboard provides the following tabs:They are described in the upcoming sections:• Executive Summary, see 2.2.1• Traffic Volume, see 2.2.2• S
HomeOn the right side of a section, parameter values are shown as they developedin time, using either a line or a stacked mode, see also further below
HomeNote that the color of a category in the selection list is also used when thecategory is displayed in proportion to other categories by means of a
HomeSince only the categories are shown that yielded the top six values or thecategories you selected on your own, values that may have occurred inoth
Home• Selecting stacked or line modeYou can have parameter values displayed in stacked or line mode:— In line mode, lines are displayed to represent t
Home2.2.1Executive SummaryThe Executive Summary tab looks like this:There are three sections on this tab:• URL Executive Summary• Mail Executive Summa
HomeURL Executive SummaryThe URL Executive Summary section displays the number of URLs thatwere processed by the Webwasher filters within a given time
ContentsChapter 1 Introduction ... 1– 11.1 About This Guide...
Home• Spam level lowThis category is for e-mails that were classified as low-level spam.Number of Feedbacks SentThe Number of Feedbacks Sent section d
Home2.2.2Traffic VolumeThe Traffic Volume tab looks like this:There are two sections on this tab:• Traffic Volum e per Policy• Traffic Volume per Prot
Home• EmergencyPrefix ListThe list below shows the prefixes that are used for multiples of bytes, with bytevalues calculated in binary mode, to measur
Home2.2.3SystemThe System tab is shown here in two parts because of its size. The upperpart of the tab looks like this:2–13
HomeThe lower part looks like this:There are seven sections on this tab:• Update Status• Open Ports• CPU Utilization• Memory Usage• Swap Utilization•
HomeUpdate StatusThe Update Status section d isplays the status of several Webwasher filteringfeatures, e. g. SmartFilter, Secure Anti Malware, etc.,
HomeCPU UtilizationThe CPU Utilization (All CPUs) section shows to what extent the CPUs ofthe system Webwasher is running on have been used. within a
Home• UsedAmount of swap memory that was usedFilesystem Utilization (Used Capacity)The Filesystem (Used Capacity) section displays the percentages of
Home2.3Overview (Feature)The Overview options are invoked by clicking on the corresponding buttonunder Home:The options are arranged under the followi
Home2.3.1Overview (Feature)The Overview tab looks like this:There are four sections on this tab:• System Alerts• System Summary• One-Click Lockdown• V
User’s Guide3.4 Document Inspector ... 3–193.4.1 Document Inspector...
HomeSystem AlertsThe System Alerts section looks like this:This section displays alerts to make you aware of any problems concerning thesystem s tatus
HomeSystem SummaryThe System Summary section looks like this:This section d isplays information on the system status.Information is provided on the us
HomeTo enable the emergency mode:• Click on the Activate emergency mode button.This button is a toggle s witch. After enabling the emergency mode, the
Home2.4SupportThe Support options are invoked by clicking on the corresponding button un-der Home:The options are arranged under the following tab:The
HomeAssistanceThe Assistance section provides a link to contact the Secure Computing tech-nical support team.A click on this link takes you to the Wel
Home2.5.1TrustedSourceThe TrustedSource tab looks like this:There are four sections on this tab:• Spam False Positives Feedback Queue• Spam False Nega
HomeE-mails that were released from a queue after receiving a digest e-mail will becopied to the false positives queue and sent from there to Secure C
HomeSpam False Negatives Feedback QueueThe Spam False Neg atives Feedback Queue section looks like this:Using this section, you can configure the send
HomeE-mails can be sent manually, however, using the Queue Managementpage, which is launched after clicking on the See Content of Queue linknext to th
HomeThe queue should be used for no other purpose than that of collectingmalware since it will be cleared after e-mails and downloads have beensent of
Chapter 1IntroductionWelcome to the User ’s Guide Webwasher® SSL Scanner. It provides youwith the information needed to configure and use the Webwashe
HomeUse the following item to configure the URL feedback:• Send interval in . . . minute sIn the input field provided here, enter a time interval (in
HomeMalware Feedback Media Type Black ListThe Malware Feedback Media Type Black List section looks like this:Using this section, you can add a media t
HomeTo sort the list in ascending or descending order, c lick on the symbol next tothe Media Type or Description column heading.To edit an entry, type
Home2.5.3FeedbackThe Feedback tab looks like this:There are two sections on this tab:• Feedback E-Mail Address• URL Filter Database FeedbackThey are d
HomeURL Filter Database FeedbackThe URL Filter Database Feedba ck section looks like this:Using this section, you can submit uncategorized or incorrec
Home2.6.1Documentation on Main ProductsThe DocumentationonMainProductstab looks like this:There are three sections on this tab:• General Documents• Pr
HomeTo view any of the documents listed here, click on the PDF link in the sameline. This will open a .pdf format version of the document.Product Docu
Home2.6.2Documentation on Special ProductsThe Documentation on Special Products tab looks like this:There are four sections on this tab:• Content Repo
HomeInstant Message Filter DocumentsThe Instant Message Filter Documents section looks like this:This section allows you to v iew user documentation o
HomeTo view any of the documents listed here, click on the PDF link in the sameline. This will open a .pdf format version of the document.2.6.3Additio
Introduction1.1About This GuideThe following overview lists the chapters of this guide and explains briefly whatthey are about:User’s Guide – Webwashe
Home2.7PreferencesThe Preferences options are invoked by clicking on the corresponding buttonunder Home:The options are arranged under the following t
HomeThey are described in the following.Change PasswordThe Change Password section looks like this:Using this section, you can change the password you
HomeIf you are only interested in viewing and configuring settings for Web traffic,you can hide the e-mail related settings and vice versa.Furthermore
HomeTo what extent you are allowed to configure access permissions for other ad-ministrators, depends on your seniority level. This is measured by a v
Home— Allow read o nly accessCheck this radio button to allow read only access.• Deny simultaneous accessCheck this radio button to deny simultaneous
Home2.8.1InformationThe Information tablookslikethis:There are four sections on this tab:• License Information• Webwasher End User License Agreement•
HomeLicense InformationThe License Information section looks like this:This section displays information regarding the license of the Webwasher soft-w
HomeTo import a license, proceed as follows:1. Click on the Browse button provided here and browse for the license fileyou want to import.Before you c
Home2.8.2NotificationThe Notification tab looks like this:There are two sections on this tab:• System Notifications• Too Many ClientsThey are describe
HomeAfter specifying the appropriate information, click on Apply Changes to makeyour settings effective.Use the following items to configure the syste
Introduction1.3Using WebwasherA user-friendly, task-oriented Web interface has been designed for handlingthe Webwasher features. It looks like this:Th
HomeUsing this section, you can configure messages to be written to the system logif connections were refused due to heavy work load or license exhaus
Chapter 3CommonThe features that are described in this chapter are accessible over the Com-mon tab of the Web interface:These are filtering features t
Common3.1OverviewThe following overview shows the sections that are in this chapter:User’s Guide – Webwasher SSL Scan nerIntroductionHomeCommon Overvi
Common3.2Quick SnapshotThe Quick Snapshot for the common filtering functions is invoked by clickingon the corresponding button under Common:The follow
Common3.2.1Quick SnapshotThe Quick Snapshot tab looks like this:There are four sections on this tab:• Frequent Media Types by Hits• Frequent Media Typ
CommonThey are described in the following.Before this is done, however, the following subsection provides some generalinformation on the quick snapsho
CommonThere is, however, a property of the quick snapshot features that is not presenton the dashboard tabs. It is described in the following:• Resett
CommonMedia Types by HitsThe Media Types by Hits section displays a list of the top media types, i.e. the media types that were most often processsed
Common3.3MediaTypeFiltersThe Media Type Filters options are invoked by clicking on the correspondingbutton under Common:If you want to enable any of t
Common3.3.1ActionsThe Actions tablookslikethis:There are two sections on this tab:• Media Type Filter• Web Upload FilterThey are described in the foll
Introduction1.3.1First Level TabsThe Web interface displays a number of tabs and sections for configuring theWebwasher features. On the topmost level,
CommonMedia Type FilterThe Media Type Filter section looks like this:Using this section, you can configure actions, e. g. Block, Block, log andnotify,
Common• Non-rectifiable media types with magic bytes mismatchThe actions configured here will be executed when content types do notmatch their magic b
CommonFurthermore, you need to enable an option on the REQMOD Settings tab touse this filter. To do this, click on the REQMOD Settings link provided a
Common3.3.2Media Type Black ListThe Media Type Black List tablookslikethis:There is one section on this tab:• Media Type Black ListIt is described in
CommonMedia Type Black ListThe Media Type Black List section looks like this:Using this section, you can add a media type to the Media Type Black List
Common— Add to Media Type Black ListAfter s electing a media type, click on this button to add it to the list.This addition will be valid only under t
Common3.3.3Media Type White ListThe Media Typ e White List tab looks like this:There is one section on this tab:• Media Type White ListIt is described
CommonMedia Type White ListThe Media Type White List section l ooks like this:Using this section, you can add a media type to the Media Type White Lis
Common— Add to Media Type White ListAfter s electing a media type, click on this button to add it to the list.This addition will be valid only under t
Common3.4Document InspectorThe Document Inspector options are invoked by clicking on the correspond-ing button under Common:If you want to enable any
Introduction1.3.2Configuring a Sample SettingThis section explains how to configure a s ample setting of a Webwasher fea-ture. The feature chosen here
Common3.4.1Document InspectorThe Document Inspector tab looks like this:There are five sections on this tab:• Document Download Filter• Document Uploa
CommonDocument Download FilterThe Document Download Filter section looks like this:Using this section, you can configure actions for inbound office do
CommonTo view or modify the actions that are currently configured for these actions,click on the Text Categorization link in the checkbox inscription.
CommonDocument Mail FilterThe Document Mail Filter section looks like this:Using this section, you can configure actions for office documents that are
CommonDocument TypesThe Document Types section looks like this:Using this section, you can configure which of the filters that are accessibleover the
CommonUse the following checkboxes to modify the assignment of filters to documentformats:• Download FilterMark or clear the checkboxes in this line t
Common• Structured Storage document, like Visio or MSI, not readableFrom the drop-down lists provided here, select actions for documents inWeb and e-m
CommonThe options are arranged under the following tab:They are described in the upcoming section:• Archive Handler, see 3.5.13.5.1Archive HandlerThe
CommonArchive HandlingThe Archive Handling section looks like this:Using this section, you can configure blocking and other actions for encrypted,corr
CommonAfter specifying the appropriate settings click on Apply Changes to makethem effective.Use the following input fields to configure limits for ar
Comments to this Manuals