Author Archives: admin

Monitoring Internet Usage … From the IT Department

Leave a reply

During July, August, and September of 2011, Commtouch assessed categories of Web sites most likely to be home to malware, below are the top ranking offenders.  The Portals category includes those sites offering free hosting which are often abused to publish malware and phishing content or will redirect to sites with this content.

What were the most-visited categories by your employees during 2011?

Are you currently monitoring and/or blocking the existing Spyware/Malicious, Phishing/Fraud, Public Proxy, and Hacking categories to help protect your network?

Source: Commtouch

In today’s wired workplace, internet security and bandwidth consumption are top concerns for IT professionals while employee productivity and legal liability ail management and HR professionals.  As a major contributor to the Web-use management effort, IT typically becomes deeply involved in planning, testing, selecting, installing, and administering Internet monitoring software.  With the different departments playing a role in deciding on the best product to fit their vast needs, most are left without a solution.  Fortunately, Wavecrest’s products have been reviewed by our customers as meeting each role’s needs most effectively, offering manager-ready, easy-to-interpret reports that can be accessed without the IT personnel in addition to providing a robust, truly scalable IT-friendly remedy.

With Wavecrest Computing, customers have the insight needed to proactively monitor / block the notorious malicious sites based on custom categories, the Wavecrest Control List, and a real-time deep packet analysis process.  Plus, our 19 comprehensive templates provide a variety of summarized and detailed Web-use activity reports on users, groups, categories, sites, acceptability ratings, and bandwidth consumption.  Conveniently import your current Web Use Policy to easily customize or classify categories, implement abuse thresholding, and monitor employee productivity while our Administrator and Operator Accounts allow for non-IT personnel to create and obtain their role-specific reports.

While serving a diverse mixture of commercial businesses, industrial firms, government agencies, military units, educational institutions, and non-profit organizations since 1996, our products continue to present the most up-to-date, proactive coverage in line with the one factor that underlies all Web-use management issues, human online activity. Wavecrest’s managers and developers understand human resource management well and we use that knowledge to develop features that prevent productivity losses, legal liability problems, network issues, and unnecessary costs.

Tech Tip: How to Change Your Proxy Port

Leave a reply

If you want to change our default proxy port for security reasons or you have another application already listening on that port, just follow these instructions:

1) Go to your hidden screen, https://xx.xx.xx.xx:7999/admin/setup/proxy/adv.php
2) Change the ‘Proxy Server Port:’ option to any port number
3) Click Submit
4) Restart service

Default Port: 8080

We never stop improving and we love to receive feedback from you!

Our in-house support staff is available to assist you and can be reached at (321) 953-5351, ext. 4 or email at support@wavecrest.net.

What’s Hogging Your Company’s Bandwidth? Causes for Slow Network Speed this Holiday.

Leave a reply

If you haven’t noticed, online holiday shopping lasts well beyond Cyber Monday.  According to a ComScore report, after the 2010 holiday shopping season, more than 85% of Americans online visited a retail site in December of last year.  Employees shopping online at work are likely causing critical applications, like Voice over IP (VoIP) and video conferencing, to perform poorly if at all.  The last thing you and your company need is network latency or slowdowns due to non-work related online activity.  Many of our clients are seeing a spike in bandwidth usage from shopping websites and have quickly taken measures to filter browsing to that category.  Which sites consumed the most bandwidth for your company this month?  Determine what factors are impacting your network speed before you decide to purchase more bandwidth – an expense that could be avoided with the right tools and a bit of discipline.

With 19 different types of highly customizable employee Web-use reports, Cyfin Reporter offer insights as to which types of traffic consume the maximum volume throughout the workday.  Monitor, filter, and report over 500 million Web pages in 74 categories and set throttling thresholds for sites that are slowing your company’s Internet speed with CyBlock Proxy.  Now is the time to address your poor network performance, slow applications, and bandwidth congestion.

We’re so sure you’ll benefit from our solutions that we offer a free 30-day product trial. Both products provide quantified data to help IT personnel keep track of bandwidth utilization by users as well as by type of usage (appropriate versus not so appropriate). After you’ve downloaded our products, take advantage of the User Comparison Trend Chart to detect unexpected spikes that could indicate excessive bandwidth or Web use.  Then review your Top Sites Bandwidth Chart (example seen below) and find out which ten sites are consuming the most bandwidth or had the most hits or visits for the time period you specify.

Top Sites Bandwidth Chart

 

Top Sites Bandwidth Chart for both Cyfin and CyBlock

Online Holiday Shopping Can Cost Your Business More Than Time

Leave a reply

Online Shopping Risks

Cyber Monday is no more – in an uncertain economy, post-Thanksgiving online holiday shopping has increased since coined in 2005 and now lasts for one month with more than 50% of all online spending taking place during working hours1.  What does this mean for your business?  A large decrease in employee productivity, a boost in bandwidth consumption, and one of the most popular times for cybercriminals to attack your secure data.

Lost productivity can mean big bucks for your company, reducing employee output to a mere 60%2.  A survey by CareerBuilder states that more than half of the 4,000 respondents polled intend on shopping online while at work with one third of those planning for more than one hour each day, in addition to the two typical hours daily already reported by respondents (time excludes lunch hour and scheduled breaks).  If you do not have a Web-use policy or Internet Acceptable Use Policy (AUP) in place, one is necessary to help report, monitor, and prevent employee Internet abuse in addition to protecting your company from legal liability.

Downloading malware is another risk as employees use the Internet for personal reasons. Spyware and malicious code are big threats to company networks as they can consume bandwidth and compromise security.  Recent studies show that company networks are being infected with spyware and malicious code most often through employees surfing the Web; with the holidays increasing that risk, these threats make it imperative for companies to enforce an AUP to protect their networks. Wavecrest Computing suggests that companies monitor and/or filter employee Web use in order to better protect themselves from security threats. In addition to the inherent risks associated with hacking your online security – loss of company reputation, destruction of company data, and the downtime employees face while systems are restored – the costs to mitigate attacks are extraordinary and rising each year.  This year, U.S. companies are expected to spend more than triple the costs spent in 20063.

To ensure these threats do not happen to your company this holiday season, run through our checklist and remember to check it twice!

  • Install all applicable system and program updates to avoid malware from infiltrating any system frailty that could have easily been patched with an update.
  • Create a Web usage policy and clearly communicate it to your employees.
  • Be cautious prior to clicking on links to different websites particularly those found on social networking sites as they’re often a hotspot for malware.
  • Avoid the use of pirated / illegal software as many contain malware.
  • Never open email attachments from unknown senders and make sure to scan attachments you do decide to download.
  • Make steps to consistently back up your computer in the case that malware wipes your hard drive clean.
  • Monitor servers and security devices 24x7x365 for security issues and require preventative actions be taken on security threats in real time – this is where we come in!

CyBlock can be set up to block Web access by categories and by hour so employees can access shopping sites on their lunch break or after hours. This approach can help sustain morale while minimizing the risks associated with online shopping.  With Cyfin, you can monitor employees’ Web use to ensure that Web-use policies are followed or that unwanted spyware or malware is not downloaded as a result.  Let us guide you to a safer, more reliable, robust security solution with exceptional support at an unbeatable price!

Sources:

1https://blog.comscore.com/2011/11/cyber_monday_work_computers.html

2 https://www.wavecrest.net/editorial/costsavings.html

3https://money.cnn.com/galleries/2011/technology/1107/gallery.cyber_security_costs/index.html?iid=EL

 

Explanation of the “IP Address” Category in Wavecrest Products

Leave a reply

Unfortunately, some instances of Web-use activity cannot be readily identified or categorized by Web access management products.  One type appears in the Wavecrest products’ Web Monitor and employee internet usage reports simply as IP addresses with no domain.

If the IP address is not recognized by our product it is put into IP address category and not into “Other” for the below reasons  (While some IP addresses have been identified and categorized in the Wavecrest URL control list, many have not.) If the product does not recognize the IP Address, it initially assigns them – in parallel to two special categories: (a) the IP Address category, and (b) the “Other” (uncategorized) category. This ‘groups’ them so they can be dealt with, as follows.

Using IP Addresses to Help Analyze Web Activity. At first glance it may appear impossible to make use of these initially unidentified IP addresses, but that’s not really the case. With a bit of work, it’s possible to:

  • Deduce the source and purpose of most of them
  • Categorize the legitimate ones
  • Isolate/neutralize the malicious ones

Let’s see how this is done.

First though, for purposes of this discussion, let’s ‘label’ the four general types of unidentified IP addresses. We’ll call them:

  • ‘Internal and partner Web pages without domain names’
  • ‘Innocent links on Web sites’
  • ‘Possible malware or virus servers.’
  • ‘Public proxies’

Identification and Corrective Action Process. This is a three step process: (a) listing the IP addresses; (b) classifying them by the types defined above; and (c) taking appropriate action.

To take the first step, simply run a Top Non-Categorized Sites Report and note the rows with IP addresses.  Then, as explained below, classify each (by type) and take action.

  1. IP Addresses Associated with Internal and Partner Web Pages.  These IP addresses could result from user-generated or Web application traffic. Using local knowledge, determine the sources and then enter the addresses in one or more custom categories. If you wish, give the addresses recognizable names. Complete instructions on how to create custom categories can be found in our manual.
  2. IP Addresses Associated with Innocent links on Web sites. These addresses could be associated with image or ad servers. If you send a Otherwise report that contains these IPs to Wavecrest our categorization team will research and categorize these IPs for you  the same way we would categorize domains. If you would like to identify them yourself there are IP Address lookup tools like the one available from https://www.networksolutions.com This tool will provide you with information about the owner of the IP address(es) of interest. For example, the owner of the IP address could be a marketing company that serves ads, or it could be an image server. Once identified, add the addresses to one or more custom categories. If you wish, give the addresses recognizable names.
  3. IP Addresses Associated with Possible Malware or Virus Servers. These addresses could be associated with malware, spyware or virus servers. The clue here is very high around-the-clock traffic (an indication that the user’s computer has been infected or attacked).  The solution in these cases is to isolate the internal computer(s) and remove the malware/spyware or virus.
  4. Public proxies. Also known as “Anonymous proxies”, public proxies are often used by employees or students who want to get around Web filters and/or avoid being identified by Internet logging. In other words, public proxies allow individuals to surf the Web “anonymously.” Many public proxies promote spyware or malware activity. They are created to gather user information, or even worse, company information on an employee’s computer. They often log an individual’s online browsing, emails, and chat sessions to gather user names, passwords, credit card or banking information. Some of the information gained, e.g., email addresses, is often used to sell to other companies for marketing purposes.

For more information, read our post: The danger of public proxies.

New Releases CyBlock and Cyfin Internet Monitoring Software

Leave a reply

We recently released newer versions of our CyBlock Proxy, Cyfin Reporter, CyBlock ISA and Cyfin Proxy software.  CyBlock Version 6.5.0 and Cyfin Version 8.5.0 are now available and include the following new features:

  • Dashboard Traffic Chart. A new trend chart to track allowed and denied hits traffic has been added to the Dashboard. This chart is available by going to the Dashboard and selecting Trend – Traffic.
  • Dashboard Metrics: Denied Visits and Denied Hits. Two new metric options have been added to the Dashboard Top and Trend charts. They are Denied Visits and Denied Hits. Denied Visits are failed attempts to access a Web site. For the most part this occurs because the user is not authorized to access the site, i.e., his access has been “blocked.” However, a “denied” indication can also be caused by technical anomalies, e.g., “page not found by server”, etc. Denied Hits are any type of viewable or usable data transmission that is triggered by a visit to a Web site and is denied or blocked. Denied hits can be in the form of a denied or blocked file, message, object, graphic, link, banner, ad, or push item.
  • New Option for Scheduled Deletion of Import Data. An option to delete data “older than 4 months” has been added to the Data Manager – Import Data – Delete – Schedule screen.
  • Pause/Restart Button on the Real-Time Web Monitor (CyBlock Proxy and Cyfin Proxy Only). A Pause/Restart button was added to the top of the real-time Web monitor screen. Clicking Pause will stop new results from being displayed. A new IP address column has also been added to the Web monitor. Now the Web monitor displays the ID, IP, Date/Time, Category Name and Web Page. Note: When Authentication is disabled, the ID column will not be displayed.

To see the full release notes for your product, visit the Support Forum. You can download the latest release by going to the Administration – Product Update screen in your CyBlock or Cyfin product.

Get Your Wavecrest Reports in PDF

Leave a reply

Many customers have asked for it, so back in March, Wavecrest Computing added a new option to receive or email reports in PDF format.  This option is available for any manual or scheduled report in your Cyfin or CyBlock product.  To receive or email your reports in PDF format, simply select PDF in the Report Format pulldown on any of the reporting screens.

The option to email and run reports in HTML format is still available, and HTML format must be used when using Interactive reporting for drill-down purposes.

If you have any questions about this new feature or any other features in your Cyfin or CyBlock product, please feel free to contact us.

Upgrade Today! New Releases for CyBlock and Cyfin

Leave a reply

We’re thrilled to bring you more new features in our latest releases of CyBlock and Cyfin. In CyBlock Version 6.3.3 and Cyfin Version 8.3.3, we are happy to deliver you with the following:

  • Classification Policies. New classification policies can be created and saved for use in manual and scheduled reports. The policies can be created and selected from a new option on the Reports – Manual and Reports – Schedule screens. Two named classification policies are provided with this release: Default and No Classification. The default classifications policy is set at the Category Setup – Classify Categories screen, and no classification means that no classifications will appear in the report.
  • Dashboard Drill-down. Drill-down reporting has been added to the Dashboard Top Users and Top Categories charts. When clicking on a user from the Top Users chart, a User Audit Detail report will automatically run, and when clicking on a category from the Top Categories chart, a Category Audit report will automatically run.
  • Download Restore Points. The ability to download and save a restore point for product settings has been added. The restore points can be downloaded from the Administration – Restore – Download screen.
  • Email Notification When License Exceeded (CyBlock Only). If the number of filtered users exceeds what the product license allows, an email notification will be sent to the product’s administrator every three days.
  • Using Active Directory for Access Accounts. A “Lookup” link has been added to the Advanced Settings – Access Accounts screen. When using Active Directory authentication for access accounts, clicking this link will cause the full name and email address for the access account to be automatically populated from Active Directory.

To see the full release notes for your product, visit the Support Forum. You can download the latest release by going to the Administration – Product Update screen in your CyBlock or Cyfin product.

Wavecrest Recommends Users Upgrade from Internet Explorer 6

Leave a reply

If you are still using Internet Explorer 6, we and Microsoft recommend that you upgrade as soon as possible.  One of the main reasons to upgrade is that Wavecrest’s CyBlock versions 6.3.0 and later and Cyfin versions 8.3.0 and later no longer support IE6.

Microsoft also has a big push now to get users to upgrade and stop using IE6.  See their new website ie6countdown.com. One of the main reasons they are pushing the upgrade is security. They state, “we recommend that Internet Explorer 6 users upgrade to a newer version of Internet Explorer for a safer browsing experience.” So if you haven’t done so already, Wavecrest recommends that you take a minute to make sure all of the computers and servers in your network are upgraded to a later version of Internet Explorer.

If you have any questions, please contact Wavecrest’s technical support team by phone at 321-953-5351, ext. 4 or toll-free at 1-877-442-9346, ext. 4.

Sources:

The Internet Explorer 6 Countdown
Microsoft Begs Users to Stop Using IE6
It’s Time to Finally Drop Internet Explorer 6

New Release – CyBlock 6.3.2 and Cyfin 8.3.2

Leave a reply

We have been busy and working hard to add features that you have been asking for into CyBlock and Cyfin. In this latest release, here are some new features we have added:

  • Custom Reports – This allows you to use Wavecrest’s existing standard reports and customize them by selecting which sections of the report to display.  You can create, name and save these reports to be run manually or scheduled to run automatically.
  • PDF Option in Reports – You now have the option to choose whether you want your report in PDF or HTML format. This option is available in manual, scheduled and custom reports.
  • Ability to Add Full URLs to Categories and Custom Categories – Full or partial URLs, not just the domain, can now be added to a category or custom category on the Advanced Settings – Category Setup – Edit URLs screen. This means that you can add bbc.com/sports to the Sports category, and all other pages on bbc.com that are not sports will still be categorized as News.

To see the full release notes for your product, visit the Support Forum. You can download the latest release by going to the Administration – Product Update screen in your CyBlock or Cyfin product.