Tag Archives: custom categories

Are the URLs in Your Categories Set Correctly?

If you are upgrading your CyBlock or Cyfin product, you will be using the Wavecrest URL List 7. List 7 supports wildcard entries in domain, path, and parameter matching in URLs. In List 6, wildcard entries were possible, but limited, and thus, the URL matching was slightly different. Therefore, we recommend that you recheck and reset the URLs that were added to your standard and custom categories.

To do this, go to the Advanced Settings – Category Setup – Edit URLs screen and select the category you want to change. In the Supplemental URLs or Custom URLs box, modify your URLs according to the List 7 rules. List 7 allows you to use the following wildcard rules to add multiple URLs simultaneously.

  1. Wildcards With Domain Matching.This URL matching method categorizes Web sites whose pages all contain the same type (category) of content, e.g., Shopping, News, and Sports. In these relatively simple cases, one category applies to the entire site. Under this method, if the Web log entries are in any of the following formats, and the URL List contains a matching URL, the product will categorize the visit on the basis of the domain name.
    • www.mydomain.com
    • *.mydomain.com
    • www.mydomain.*
    • *.mydomain.*


    Note:      For this method to work, and as reflected in the examples, the entry in the URL List must contain a complete domain name element. That is, the domain name between the periods (dots) must be complete and must not be augmented with an asterisk or any other character. For example, the list must not contain mydomain*.com or *mydomain.com.

  2. Wildcards With Domain and Path Matching.This URL matching method categorizes Web site visit-attempts at the path level. This method enables individual pages to be categorized. If the URLs visited (as documented in the Web logs) are in any of the following formats and there is a corresponding entry in the URL List, the product will categorize the visit on the basis of the domain name and path.
    • www.mydomain.com/path/*
    • www.mydomain.com/*/path/*
    • *.mydomain.com/*/path/*
    • *.mydomain.com/path/

    Notes: For this method to work, the entry in the URL List must contain a complete path element. That is, the path element between the forward slashes must be complete and must not be augmented with an asterisk or any other character. For example, the list must not contain /path*/. As indicated at the end of the fourth example above, the asterisk is not always required, i.e., an exact path can be entered. However, as indicated in all four examples, forward slashes are always required.

  3. Wildcards With Parameter Matching.This method adds parameter matching to the two methods defined above (domain alone and domain-plus-path). It focuses more on syntax found in URL parameters than on content of the site being evaluated by the product. The parameter method works as follows. If the Web log entries are in any of the formats listed below, the product will categorize the visit on the basis of (a) the domain name plus the parameter, or (b) domain name plus path and parameter. Note that the first three bullets are examples of the former (no path included).
    • www.mydomain.com/*?keyword=value
    • www.mydomain.com/?keyword=value
    • www.mydomain.com/?id=*
    • www.mydomain.com/?id=*&sr=* (example of multiple pairs)
    • *mydomain.com/*/path/*?id=*

    Notes:  Parameter matching always requires the use of “?”. If a question mark is placed at the end of the domain or the path, the URL List will perform this matching method.The “/” is also required for this method. However the “&” is optional and is only needed when more than one “keyword=value” pairing is involved (as indicated above). Note that the “&” is added between pairs, and the pairs do not have to be in any particular order.

For additional assistance, please contact Technical Support at (321) 953-5351, ext. 4 or support@wavecrest.net.

What’s Hogging Your Company’s Bandwidth? Causes for Slow Network Speed this Holiday.

Leave a reply

If you haven’t noticed, online holiday shopping lasts well beyond Cyber Monday.  According to a ComScore report, after the 2010 holiday shopping season, more than 85% of Americans online visited a retail site in December of last year.  Employees shopping online at work are likely causing critical applications, like Voice over IP (VoIP) and video conferencing, to perform poorly if at all.  The last thing you and your company need is network latency or slowdowns due to non-work related online activity.  Many of our clients are seeing a spike in bandwidth usage from shopping websites and have quickly taken measures to filter browsing to that category.  Which sites consumed the most bandwidth for your company this month?  Determine what factors are impacting your network speed before you decide to purchase more bandwidth – an expense that could be avoided with the right tools and a bit of discipline.

With 19 different types of highly customizable employee Web-use reports, Cyfin Reporter offer insights as to which types of traffic consume the maximum volume throughout the workday.  Monitor, filter, and report over 500 million Web pages in 74 categories and set throttling thresholds for sites that are slowing your company’s Internet speed with CyBlock Proxy.  Now is the time to address your poor network performance, slow applications, and bandwidth congestion.

We’re so sure you’ll benefit from our solutions that we offer a free 30-day product trial. Both products provide quantified data to help IT personnel keep track of bandwidth utilization by users as well as by type of usage (appropriate versus not so appropriate). After you’ve downloaded our products, take advantage of the User Comparison Trend Chart to detect unexpected spikes that could indicate excessive bandwidth or Web use.  Then review your Top Sites Bandwidth Chart (example seen below) and find out which ten sites are consuming the most bandwidth or had the most hits or visits for the time period you specify.

Top Sites Bandwidth Chart

 

Top Sites Bandwidth Chart for both Cyfin and CyBlock

Remember to Set Block Policies for New Custom Categories

Leave a reply

When you create a custom category at the Advanced Settings — Category Setup — Custom Categories screen, the custom category is automatically set to ‘allow’ in all of your block policies.  So anybody will be able to access the sites listed in the newly created custom category.  If you want to block the sites in this category for some or all filter policies, be sure to go to the Advanced Settings — Filter Settings — Block Web Categories screen and set the policies to ‘block’.

Managing Categorization in CyBlock and Cyfin

Leave a reply

CyBlock and Cyfin offers the advanced functionality for you to manage and customize the categorization of sites. By using these categorization features, you can maximize the overall usefulness of your CyBlock or Cyfin product. Follow these 5 tips to get the most out of categorization.

1. Keep your categorization list current via daily updates.
Wavecrest site analysts work continuously to update and expand the categorization list. In fact, the Wavecrest URL list is 100% human reviewed. These updates are available for download daily. It’s a simple process that can be done manually or on an automatic/scheduled basis. You can download the URL list or schedule the download to occur daily on the Administration – URL List screen.

2. Establish custom categories.
Augment Wavecrest’s standard 74 categories with custom categories. You can add up to 25 custom categories. You can activate and use as many or as few of these as you want, and you can easily give them specific names of your own choosing. Names are limited to 50 characters. These settings are found on the Advanced Settings — Category Setup — Name Custom screen. Once a custom category has been established, you can augment the Wavecrest URL List with URLs of your own choosing and place them in the custom category for subsequent monitoring or filtering. Custom categories also provide white list (allow-only) capability for CyBlock users.

3. Add URLs.
You can add URLs to both the Wavecrest standard and custom categories. The applicable settings are found on the Advanced Settings — Category Setup — Edit URLs screen. You can also delete URLs here.

4. Change a URL’s category.
If you wish, you can change the category to which Wavecrest has assigned a particular URL. You can do this by simply adding the URL to the category of your choice. Your categorization will take permanent precedence over the Wavecrest URL list.

5. Participate in our OtherWise program.
To opt in our OtherWise program, you simply need to periodically run a Top Non-categorized Sites report and email a copy to sites@wavecrest.net. Our list technicians will research, identify and categorize the most popular unidentified sites, many of which will be of local or special interest to your organization. Then, after you download the next daily control list update, subsequent visits to those sites by your users will no longer be listed as “Other.” They’ll be properly identified and categorized. NOTE: We hold all customer information sent to us in strict confidence.

New CyBlock and Cyfin Upgrades

Leave a reply

Check out the latest releases for CyBlock Proxy, CyBlock Appliance, Cyfin Reporter, and Cyfin Proxy!  These are packed with tons of great new features that we’re sure you will love.  The new features include:

  • A New Browser Interface with new colors and wider screens.
  • A Dashboard that includes:
    • A Home screen that provides an overview of the organization’s Web use for the last 7 days by displaying charts of Web-use visits, top users, top categories and bandwidth usage.
    • Top charts and trend charts with customizable parameters to view Web usage data by hits, visits or bytes, select the timeframe and compare users Web usage to the group average or enterprise average.
  • More Custom Categories.
  • Enhanced Data Warehousing that includes support for MySQL and SQL server.
  • Full 64-bit support on Windows and Linux systems.
  • Safe Search option to enforce safe search on Google, Yahoo and Bing.

Use the following links to access the full release notes for your Wavecrest product.

If you have any questions about any of the new features or upgrading, please contact Support.

Email: support@wavecrest.net
Phone (Toll-free): 877-442-9346, ext. 4 (U.S. and Canada)
Phone (Direct): 321-953-535, ext. 4

What Is the Purpose of the ‘IP Address’ Category?

Leave a reply

From time to time we are asked, “What is the purpose of the ‘IP Address’ category used by Wavecrest products?” The short answer is — it’s used to capture and segregate the IP addresses of Web sites that the product was unable to associate with ‘regular’ categories. Customers can then analyze them to identify network security threats, traffic to intranet sites, or other patterns of interest.

Here’s a bit more detail.

First note that our products identify many IP addresses and place them in content categories. The Wavecrest URL (control) list contains many such addresses.

Unfortunately though, initially unidentifiable IP addresses still appear from time to time. Generally speaking, we see three types, i.e., addresses associated with:

  1. Internal (and partner) Web pages
  2. Innocent links on Web sites
  3. Possible malware or virus servers

When the product encounters any of these three types, it places them in a special ‘IP Address’ category. Customers can then run reports on that category the same way they do on any other category. In addition, if the customer runs a Top Non-Categorized report, the uncategorized IP addresses will be listed along with uncategorized domain names.

Because the traffic associated with unidentified IP addresses can be important or even dangerous, it’s obviously desirable to pursue the matter further. So what can be done? Well, with a bit of work—and in some cases with some help from Wavecrest—it is possible to:

  • determine the source and purpose of most of the addresses
  • categorize the legitimate ones
  • isolate/neutralize the malicious ones

Let’s see how this is done. We’ll take it one ‘type’ at a time.

  1. Internal and Partner Web Pages. Some unidentified IP addresses may have resulted from users going to internal (intranet) or partner sites. (These normally would not be in the Wavecrest URL list.) To address this issue, start by running a Top Non-Categorized Sites Report or IP Address Category Report. Using your local knowledge, try to determine the IP addresses of those sites and then enter the information in one or more custom categories. (Instructions on how to create custom categories can be found in our manual.)
  2. Innocent links on Web Sites. These addresses could be associated with image or ad servers. If you want to address this issue, send a copy of a Top Non-Categorized Sites (“OtherWise”) Report to Wavecrest (sites@wavecrest.net). Our categorization team will then research and categorize the unidentified IPs for you the same way they categorize domains. If you would like to identify the IPs yourself, you can use IP address lookup tools such as the one available from https://www.networksolutions.com. This tool will provide you with information about the owner of the IP address(es) of interest. For example, the owner of the IP address could be a marketing company that serves ads, or it could be an image server. Once identified, if you desire, you can add the addresses to one or more custom categories.
  3. Possible Malware or Virus Servers. Some of the unidentified IP addresses could be associated with malware, spyware or virus servers. The clue here is very high around-the-clock traffic. This is an indication that the user’s computer has been infected or attacked. The solution in these cases is to isolate the internal computer(s) and remove the malware/spyware or virus. Here’s an approach you can use to help solve this problem.
  • Using the Dashboard, run a Trend report on the IP Address category and look for any unusual spikes. If you see anything suspicious then …
  • Run a category audit on the IP Address category and look for large amounts of activity coming from a particular PC(s). Make a note of the IP address(es) and then scan for infected files.

Summary. The IP address category was created to be a ‘red flag.’ Its purpose is to alert you that further action may be needed to resolve problems or to simply give you a more complete and comprehensive picture of all Web activity.