Author Archives: admin

How to Properly Configure Windows Server 2012 and Windows Server 2008 R2

Configuring Windows Server 2012 and 2008 R2 to push out a group policy to all users can be challenging with Microsoft’s introduction of Group Policy Preferences. These preferences provide more than 20 Group Policy extensions that increase the number of configurable settings in a Group Policy object (GPO). Within most preference items, the configuration interface looks similar to the applicable user interface for configuring settings so the layout will be familiar. The guidelines to set up users’ browsers with a proxy configuration are alike for Internet Explorer 7, 8, 9, and 10, and the following instructions are for Internet Explorer 10.

  1. Go to Group Policy Management, and select the GPO to which you want to add the Internet Explorer 10 settings.
  2. Edit the GPO.
  3. In the Group Policy Management Editor, go to User Configuration, Preferences, Control Panel Settings, and then Internet Settings. If you have already created settings for Internet Explorer 7, 8, and 9, they will be displayed here.
  4. Right-click in the right-hand pane, select “New,” and then select “Internet Explorer 10.”
  5. In the New Internet Explorer 10 Properties dialog box, click the Connections tab, and then click LAN Settings.
  6. Under Proxy server, select the check box to enable the “Use a proxy server…” option.
  7. In the Address field, enter the IP address of your proxy server, and in the Port field, enter the port number.
  8. Now you need to enable the settings and apply them to all users. You can individually enable and disable underlined settings or settings preceded by a circle within a preference item. The underlining or circle of the setting indicates whether it is currently enabled or disabled.
    • A setting with a solid green underline or a green circle is enabled. The preference extension applies this setting’s value to the user or computer.
    • A setting with a dashed red underline or red circle with a slash is disabled. The preference extension does not apply this setting’s value to the user or computer.
  9. Press the following function keys to enable or disable the settings within a preference item. To select a setting, click the actual text of the setting or its text field.

      • F5 – Enable all settings on the current tab.
      • F6 – Enable the currently selected setting.
      • F7 – Disable the currently selected setting.
      • F8 – Disable all settings on the current tab.

    The following diagram illustrates how the function keys work.

  10. After enabling the settings, select the check box to enable the “Bypass proxy server…” option.
  11. Click OK, Apply, and then OK to save the changes. You will see the Internet Settings entry for Internet Explorer 10 along with Internet Explorer 7, 8, and 9, if they were previously created.

For additional assistance, please contact Technical Support at (321) 953-5351, Ext. 4 or support@wavecrest.net.

Sources:

https://blogs.technet.com/b/grouppolicy/archive/2008/10/13/red-green-gp-preferences-doesn-t-work-even-though-the-policy-applied-and-after-gpupdate-force.aspx

https://technet.microsoft.com/en-us/library/cc754299.aspx

Cyfin Release 8.8.3 and CyBlock Release 6.8.3 Now Available

We are pleased to announce the release of three new audit reports in the new versions of Cyfin and CyBlock, which can provide management with detailed Web-use data on specific employees. These audit reports could be of interest to corporate IT forensic personnel, law enforcement agencies, anyone in the legal community, and forensic criminal investigators. They are capable of processing large amounts of log file data and support several types of log file formats such as Blue Coat and IronPort. The new reports are as follows:

  • Search Terms Audit Detail – The report shows search terms that users entered on popular search engine sites such as Google. It includes an option to show “prefetched” search results that were performed as the user was typing. These results are referred to as keystroke searches. This report can be used as a tool to aid in forensic investigations. It also indicates the number of search terms entered and can give the details of a user’s keystrokes.
  • Denied Detail – The report shows the specific URLs to which users were denied access. The data is broken out by user. Each Web page attempt is displayed with its corresponding category. Denied attempts for a Web page can signify that the user may not be authorized to receive the page, the page may not have been found by the Web server, or the page may have been blocked for access. If you have Web filtering enabled, this report can verify that it is working and is a very useful supplementary tool for individual user audits.
  • Legal Liability Detail – The report shows the specific URLs of Legal Liability Web activity by user, that is, visits to only the Anonymous/Public Proxy, Cults, Drugs, Gambling, Hate and Crime, Malware, and Pornography categories that pose a legal liability risk. By reporting on only these categories, smaller, more focused reports are available to facilitate analyses, investigations, and audits related to legal liability issues.

To see the full release notes for your product, visit the Support Forum. You can download the latest release by going to the Administration – Product Update screen in your Cyfin or CyBlock product.

For additional assistance, please contact us.

Using Safe Search With Secure Sites

With our CyBlock Safe Search feature enabled, you can force the Bing, Google, and Yahoo! search engines to use the “strict” Safe Search setting on search result pages. This ensures that adult content will be filtered from your search results. To check that Safe Search is enabled, go to the Advanced Settings – Filter Settings screen and click the Block Search Terms link. The Safe Search Status indicator should be green. If it is red (disabled), click it once. When enabled, CyBlock will reset search engines to Safe Search even if users change the setting in the search engine.

To enforce Safe Search when performing search queries using a secure connection (https://) to Bing, Google, or Yahoo! and Safe Search is enabled, SSL Inspection has to be turned on for the categories in which these search engine sites reside. By default, this category is Search Engines. To enable SSL Inspection, go to Advanced Settings – Proxy Settings and click the SSL Inspection link. Select your groups and/or IDs and categories including any custom categories that contain these search engine sites. Adult content will then be filtered from search results.

For additional assistance, please contact Technical Support at (321) 953-5351, Ext. 4 or support@wavecrest.net.

Displaying the Blocking Message When Connecting to a Secure Site

Using CyBlock Software or CyBlock Appliance, a secure Web site (https://domain) can be blocked by blocking the corresponding category, explicit URL, or custom category in which the URL has been added. If the secure site contains a path (https://domain/path), the URL match is made on only the domain portion by default. SSL Inspection has to be turned on with the associated blocked category set to be inspected in order to match on the domain and path portions combined.

However, the following issue may be encountered with the browser for a secure site (https://domain). When a user attempts to connect to a blocked secure site through CyBlock Software or CyBlock Appliance, the browser is only capable of receiving a Connection Established header response. Any other response, including a blocking message, is treated as a failed connection, and contents embedded in the response are not rendered due to security constraints.

Therefore, in order to display the blocking message when a user is connecting to a blocked secure site, the proxy must first send a Connection Established header which will require an SSL certificate to be accepted by the browser. This certificate is generated using the Wavecrest root certificate. If the Wavecrest root certificate is not already installed in the browser, a certificate warning message will be issued that must be accepted in order to display the blocking message. Please see the Wavecrest Certificate Installation Guide for instructions on how to install and distribute the Wavecrest root certificate and prevent the certificate warning message for your users.

If you do not accept the certificate when you receive the warning message, just a blank page will be rendered in the browser with a generic browser error message.

For additional assistance, please contact Technical Support at (321) 953-5351, Ext. 4 or support@wavecrest.net.

CEO Dennis McCabe spends a few minutes with CEOCFO Magazine

 

 

“We focus on both the security and forensic features that provide not just an IT solution but a company-wide solution.”   Wavecrest Computing CEO Dennis McCabe spends a few minutes with CEOCFO Magazine

A Recognized Leader in Web Security Solutions, Wavecrest Computing Focuses on Maximizing the Benefits of Utilizing the Internet for Greater ROI and Provides Corporations with Essential Tools to Enforce Internet Use Policies and Protection.

 

CEOCFO Magazine Article

 

Analyze Your Encrypted Traffic With CyBlock SSL Inspection

In huge numbers, more and more organizations, particularly e-businesses, are using Web-enabled applications that involve the use of personal, private, and sensitive data. Banking, online shopping, and credit card transactions are good examples, but by no means the only ones. SSL encryption is being increasingly used to protect the confidentiality of this business and personal data on the Web. Surveys show 25%-35% of enterprise traffic is SSL-encrypted, and the number can be as high as 70% in specific industries. SSL encryption is the most cost-effective way of protecting the privacy of this traffic.

While SSL encryption solves many privacy-protection problems, it can allow traffic that poses security threats–both inbound and outbound–to pass through security protection measures uninspected and unchecked.

Inbound Problem.  SSL encryption creates security blind spots in incoming traffic. The traditional security infrastructure that protects an organization is blind to the threats in inbound SSL traffic and provides an easy vehicle for criminals and hackers to hide their cyber attacks.

Outbound Problem.  In addition to the risks of incoming threats hiding over SSL channels bypassing security protections, outbound enterprise traffic is now a growing problem. This is becoming quite a “hot button” for security applications (e.g., content filtering applications) that tackle data loss prevention (DLP), compliance reporting, and lawful intercept. In the past these solutions could see what was outgoing, but now they are suddenly “in the dark” when it comes to the data transferred over SSL.

From a security standpoint, most organizations already deploy an array of network and security appliances and programs to protect their enterprise, enforce internal corporate acceptable use policies, and satisfy external government regulation. Unfortunately, in many instances, they can only inspect plaintext traffic and are unable to inspect HTTPS communications for attack signatures. This makes it difficult or impossible for network administrators to enforce corporate acceptable use policies or ensure threats, such as viruses, spam, and malware, are stopped before they reach individual users.

In addition, without the ability to examine the contents of HTTPS communications, network administrators leave open the possibility for information to be accidentally leaked out of the enterprise or worse, stolen. Regulatory compliance requirements, including identifying accidental or intentional leakage of confidential information, are also virtually impossible to meet because of HTTPS encryption.

CyBlock SSL Inspection gives network administrators the ability to monitor this SSL-encrypted traffic and to identify and respond to any undesirable content. The total HTTPS inspection process decrypts, analyzes, categorizes, and then re-encrypts the traffic. If necessary, specific standard and/or custom URL categories can be exempted from the inspection process; this is known as “tunneling.” In addition, full URL information in a number of Wavecrest audit reports is available to network administrators.

To learn more about how CyBlock SSL Inspection can protect your sensitive data, please see our SSL Inspection Tech Brief or contact Technical Support at (321) 953-5351, Ext. 4 or support@wavecrest.net.

Source:  Examining SSL-Encrypted Communications – Netronome

Downloading Windows 8 Apps

Companies that filter and monitor Web traffic by user name do so in order to enforce their Acceptable Use Policy and for reporting purposes. In order to obtain user names for filtering and reporting purposes, they enable the authentication of all Web requests. An issue that arises with authentication is that there are some Web apps that do not respond to authentication requests.  This is the case with Windows 8 apps.

In order for the Windows 8 operating system to download apps through CyBlock Software or CyBlock Appliance, entries need to be made in the Authentication Manager. This work-around puts these apps in an authentication “Bypass” list where they are exempt from authentication. CyBlock will not require authentication for any URL/User-Agent combination established in the Bypass list. Any user name cached for this connection will be used. If none is cached, the activity will be logged with the user name of “bypass.” The steps below should be followed.

  1. Go to the Advanced Settings – Proxy Settings screen, and click the Authentication Managerlink.
  2. Under Display Selection, select Bypassed or All to display the Bypassed entries. Note that the All option will display the Pending Bypass entries also.
  3. Under Bypassed, click the Add new bypass entry link. A dialog box is displayed.
  4. Enter each of the following combinations of URL or Domain and User-Agent, and click Add after each entry.
URL or Domain User-Agent
*.apps.microsoft.com *
*ws.microsoft.com *
* MSappsHost/*

 

The entries on the screen should look like the following example.

CyBlock Authentication Bypassed Entries

 

For additional assistance, please contact Technical Support at (321) 953-5351, Ext. 4 or support@wavecrest.net.

Cyfin Release 8.8.1 and CyBlock Release 6.8.1 Now Available

We recently released new versions of Cyfin, CyBlock Software, and CyBlock Appliance. In this release, you will find several corrections as well as improvements to the Restore/Download feature and to access accounts. With the Restore/Download enhancement, you will be able to transfer all of your current configuration settings to another installation of the product. This will prove to be useful if you are transitioning to production mode or purchasing a new server. With access accounts, you can now confirm a password when creating or modifying an access account. The enhancements are described below.

  • Restore and Download.This includes the following changes:
    • The ability to transfer all configuration settings to another installation of the product has been added.
    • Transfers of configuration settings are only supported for the same product type, for example, CyBlock Software to CyBlock Software. Transfers across products are not allowed.
    • Transfers of configuration settings are only supported from this release and later. Previous restore points before this release are not transferable.
    • On the Administration – Restore – Restorescreen, the Choose Restore Type field has been added with Full and Configuration Only options.
      • The Full option allows you to transfer configuration settings from one product type to the same product type with the same restore point path on the same computer.
      • The Configuration Only option allows you to transfer configuration settings to a different restore point path on the same computer or to a different computer.
    • On the Administration – Restore – Download screen, the following has been added:
      • A Restore Point Settings section to allow you to edit or select the restore point path.
      • An Update button to reload the new restore point path.
      • A Create Restore Point section to allow you to create a new restore point using a Create button.
      • A Restore Point Filename field that displays the name of the .zip file in the format yyyymmdd+hhmmss.zip. Older restore points with file name ##.zip will still be displayed; however, they are not transferable and should not be used.
  • Access Accounts.This includes the following changes:
    • For Cyfin and CyBlock Software, the Enter Password and Confirm Password fields have been added to the following screens to allow you to enter and confirm a new password when creating or modifying an access account:
      • Administration – Access Accounts – Create
      • Administration – Access Accounts – Modify
    • For CyBlock Appliance, the Enter Password and Confirm Password fields have been added to the Administration – Access Accounts – Modify screen to allow you to enter and confirm a new password when modifying an administrator access account.
    • If the new and confirmable passwords do not match, a red x is displayed, and the Submit button is disabled.

To see the full release notes for your product, visit the Support Forum. You can download the latest release by going to the Administration – Product Update screen in your Cyfin or CyBlock product.

For additional assistance, please contact us.

Enhanced Malware Protection

Wavecrest Computing is pleased to announce an enhancement that delivers a tenfold increase in CyBlock’s ability to protect computer networks from malware and Cyfin’s ability to identify increasing security threats. Here is some background information.

Malware is the scourge of the Internet. The term “malware” includes computer viruses, worms, Trojan horses, spyware, adware, and other malicious programs that can disrupt computer operations, gather sensitive information, or gain access to private computer systems. For Wavecrest’s purposes, malware also includes Web sites that support hacking. Most malware originates and is spread from particular Web sites. Unfortunately, many thousands of such sites exist today, and to make matters worse, the number is growing steadily every day at distressingly fast rates.

The malware problem is not new to Wavecrest. For a number of years, companies have been using CyBlock and Cyfin products to protect against and identify automated invasions of malicious scripts and software, and unauthorized access to their internal networks–the two major problems caused by malware. CyBlock provided protection–under customer control–by blocking and reporting on employees’ attempts to visit sites in 3 of more than 70 URL List categories: Hacking, Phishing/Fraud, and Spyware/Malicious.

While this methodology was effective, it was not perfect. The difficulty lay in keeping the URL List up to date in the face of the relentless and rapid increase in the number of malware-spreading sites. This issue has been addressed with an enhancement that significantly improves the ability to keep the list current.

At the same time, three related categories, Hacking, Phishing/Fraud, and Spyware/Malicious, have been consolidated into one called Malware. This consolidation increases the ease of administration for customers.

This enhancement with its improved URL List is included in the latest release of CyBlock v.6.8.0 and Cyfin v.8.8.0. To realize its benefits as soon as possible, it is recommended that you upgrade your CyBlock or Cyfin product as soon as you can. Wavecrest will continue to update the enhanced list daily and make it available for download by customers. The download process remains unchanged.

You can schedule the list to be downloaded automatically every day, or you can download it manually at any time. In any case, as soon as it is downloaded, you will immediately begin to receive the added protection and see a significant reduction in the number of security threats to which you may be exposed.

To download the latest release, go to the Administration – Product Update screen in your CyBlock or Cyfin product. For additional assistance, please contact Technical Support at (321) 953-5351, Ext. 4 or support@wavecrest.net.