Author Archives: admin

Detecting and Controlling Unauthorized Outbound Connections

Leave a reply

Do you have a good handle on all outbound connections from your network, and how do you know?  Many times legitimate programs and applications downloaded are creating outbound connections without your knowledge or approval.  This can cause a serious drain on an organization’s network resources.  This exact scenario recently happened to a Wavecrest customer, and with the help of Wavecrest’s reports and technical support specialists, they were able to locate a program that was making 1,400+ outbound connections a day without their knowledge.

Many times, a program like this can be running in the background without the organization’s knowledge and is not necessarily identifiable in the process table.  It can only be caught if an organization is monitoring outbound Web connections through reports such as the ones in Wavecrest’s Cyfin and CyBlock products.

In this particular scenario, the customer became knowledgeable of these unauthorized outbound connections because there were a couple of users being locked out of their computers.  To troubleshoot the issue, they along with Wavecrest technical support used the Authentication Manager in their CyBlock Proxy product to investigate.  They found that the users’ computers were creating some outbound traffic that was not authenticating with the proper credentials, thus eventually locking the users out due to an authentication security setting the organization had on their Active Directory configuration.  By using the Authentication Manager, Real-time Web Monitor and other reports, our technical support specialists were able to identify the file that was making these unauthorized outbound connections and remove it from the computers.

This scenario proves that it is important to be aware of what is going on in your network, and Wavecrest’s products can help IT administrators do that. There are several steps you can take to prevent and identify these types of problems in your network.

  1. Use reporting tools to spot unusual activity.
    1. Look for unusual patterns of Web activity.
      1. Review Dashboard trends to spot any unexpected spikes in activity.
      2. Review Dashboard top sites and top categories charts to find any unexpected sites or categories showing up in the top ten all of the sudden.
      3. Run a Site Analysis report at least once a week and be alert to changes in the volume and pattern of outbound Web activity. For example, if a single user is suddenly logging thousands of visits a day, chances are there’s an issue. That’s because “human” activity is usually more random.
    2. Watch the following categories: IP Address, Spyware/Malicious, Unsolicited or Push, Phishing/Fraud and Uncategorized “Other” Sites. High activity in these categories should raise a red flag for administrators. High traffic volume here warrants further investigation.
    3. Identify the source of the problem. Dig deeper by running a Category Audit Detail report to uncover both the site and the affected user. If your Category Audit Detail report shows an unusual number of hits to a specific Web site, that site is most likely the source of the issue.  You can also monitor the traffic in real time using the Real-Time Monitor to uncover the site causing the problem.
  2. Update your Web-use management tools.
    1. Update your Acceptable Use Policy. Employees need to understand the risks of Web surfing. Minimize risks of Internet abuse by implementing a policy to curtail at-work surfing and communicate it clearly to employees.
    2. Update your Wavecrest list. The Wavecrest control list is updated daily. We recommend downloading your Wavecrest control list daily to minimize the number of visits categorized as “Other” and ensure the best coverage possible. You can set Cyfin and CyBlock to do this automatically on the Administration – URL List – Schedule screen. (Note: If you spot a problem Web site that is uncategorized, email it to us at sites@wavecrest.net. Our site analysts will review the site and categorize it appropriately.)
  3. Contact Wavecrest Technical Support. Our support specialist are always eager to help you troubleshoot any issues you are having by helping you get the best out of the features and tools our products offer.

For more information on how Wavecrest’s products can help keep your network safe, we recommend you read our previous blog post on “Controlling Spyware” and “The Purpose of the IP Address Category.”

Note: The program in question that is addressed in this post is the Akamai NetSession Interface. It was hitting cn1.redswoosh.akadns.net and cn2.redswoosh.akadns.net 1400+ times a day. The program was located at C:\Program Files\Common Files\Akamai\AdminTool.exe. To remove the program with Wavecrest’s help, the customer:

  1. Opened the Command Prompt
  2. Went to the folder location by typing”Program Files\Common Files\Akamai”
  3. Then typed “admin uninstall-force” to remove it.

Remember: Our technical support specialists are here to help. If you ever need help with your product configuration or see something unusual in a report or on the real-time monitor that you are unsure about, please feel free to contact Wavecrest technical support, and they will be happy to help you.

Technical Support Contact Information
Direct: 321-953-5351, ext. 4
Toll-Free: 877-442-9346 ext. 4
Email: support@wavecrest.net

Check Out the New Report Guide to CyBlock and Cyfin Reports

Leave a reply

If you are ever unsure about what a term or metric in a report means, check out our new Report Guide.  It includes key concepts and definitions to help you gain a better understanding of the data displayed and how combining different reports can get you the exact information you need.  The guide also includes a detailed list of every standard report with a description of the information provided in each.  Check out the report guide and bookmark it in case you ever need to refer to it in the future.  You can always find it on our Web site too under Support Documentation for your specific Wavecrest product.

Make Sure Web Use Data Is Imported Without Error

Leave a reply

When raw logfile data is being imported into the Data Manager, occasionally an error can occur with the import. If an error occurs and you are not aware of it, this data will not appear in reports, and data can be skewed. To avoid this, we recommend that you set the product to notify you if an error ever does occur with the import.

To set the email notification, go to Logfiles – Data Manager and click on the Settings link. Select the Enable radio button to Notify Admin of Errors and click Submit to save your changes. An email will now be sent to the Administrator email address that you set at the Setup – Email screen if there is ever an error with the import.

Wavecrest Computing Summer 2010 Newsletter

Leave a reply

The Wavecrest quarterly newsletter is back by popular demand!  In the Summer 2010 issue, you’ll find information on:

Tech Tip: Re-Installing or Changing Wavecrest Products

Leave a reply

If you are ever attempting to “re-install” any of our products, or if you are changing from one product to another, you may encounter an error message with the ‘fresh’ install.  The error message will read “Unable to detect previous configured files…”.  This error indicates that previous files have been left behind by the uninstaller.  To get rid of them, delete the folder ‘…\Wavecrest\’.  (The default location for this folder is C:\Program Files\Wavecrest\.)  Next, reboot your machine and then attempt to re-install the product. You should be successful now!

New Releases – CyBlock 6.2.2 and Cyfin 8.2.2

Leave a reply

New WatchGuard and Websense Support in Cyfin Reporter 8.2.2

We have recently added support for the WatchGuard Log Server PostgreSQL database and Websense in Cyfin Reporter 8.2.2.  If you are interested in the added support for either of these logfile types, you can check out the simple configuration for each at the links below.

WatchGuard Configuration: https://www.wavecrest.net/products/cyfin/reporter/compatibility/watchguardPostgreSQL.html

Websense Configuration: https://www.wavecrest.net/products/cyfin/reporter/compatibility/websense.html

If you have any questions or would like additional help in the configuration process, please contact technical support. They will be happy to assist you.

Technical Support Contact Information
Direct: 321-953-5351, ext. 4
Toll-Free: 877-442-9346 ext. 4
Email:support@wavecrest.net

Cyfin Reporter supports over 95 other different log file formats, so if you need support for other log file formats, visit our Cyfin Reporter technical specifications page to see if we support them. If not, contact our technical support team, and we will be happy to see if support can be added.

Other New Enhancements

Other enhancements made to CyBlock Proxy, Cyfin Reporter, Cyfin Proxy and CyBlock ISA include:

  • URL Hyperlinks in Detail Audit Reports. URLs listed in Audit Detail reports are now hyperlinked if the following conditions are met: 1) the Data Manager is enabled, 2) Interactive is selected for the Report Type, and 3) the total number of URLs for a single report is less than 50,000 URLs. The reports with this functionality are User Audit Detail, Category Audit Detail and Site Audit Detail.
  • More Drill-Down Capability. On reports that contain Hourly Visits and Hourly Bandwidth tables (such as Site Analysis), you can now drill-down to the single hour of activity of your choosing.

Managing Categorization in CyBlock and Cyfin

Leave a reply

CyBlock and Cyfin offers the advanced functionality for you to manage and customize the categorization of sites. By using these categorization features, you can maximize the overall usefulness of your CyBlock or Cyfin product. Follow these 5 tips to get the most out of categorization.

1. Keep your categorization list current via daily updates.
Wavecrest site analysts work continuously to update and expand the categorization list. In fact, the Wavecrest URL list is 100% human reviewed. These updates are available for download daily. It’s a simple process that can be done manually or on an automatic/scheduled basis. You can download the URL list or schedule the download to occur daily on the Administration – URL List screen.

2. Establish custom categories.
Augment Wavecrest’s standard 74 categories with custom categories. You can add up to 25 custom categories. You can activate and use as many or as few of these as you want, and you can easily give them specific names of your own choosing. Names are limited to 50 characters. These settings are found on the Advanced Settings — Category Setup — Name Custom screen. Once a custom category has been established, you can augment the Wavecrest URL List with URLs of your own choosing and place them in the custom category for subsequent monitoring or filtering. Custom categories also provide white list (allow-only) capability for CyBlock users.

3. Add URLs.
You can add URLs to both the Wavecrest standard and custom categories. The applicable settings are found on the Advanced Settings — Category Setup — Edit URLs screen. You can also delete URLs here.

4. Change a URL’s category.
If you wish, you can change the category to which Wavecrest has assigned a particular URL. You can do this by simply adding the URL to the category of your choice. Your categorization will take permanent precedence over the Wavecrest URL list.

5. Participate in our OtherWise program.
To opt in our OtherWise program, you simply need to periodically run a Top Non-categorized Sites report and email a copy to sites@wavecrest.net. Our list technicians will research, identify and categorize the most popular unidentified sites, many of which will be of local or special interest to your organization. Then, after you download the next daily control list update, subsequent visits to those sites by your users will no longer be listed as “Other.” They’ll be properly identified and categorized. NOTE: We hold all customer information sent to us in strict confidence.

Display ID and IP in Wavecrest’s CyBlock and Cyfin Reports

Leave a reply

There is an option to display both the user ID and IP address in reports. To do so, go to the Advanced Settings – Report Settings page in your CyBlock or Cyfin product and open the Advanced Options link. On this screen, you will see an option to “Display Login Name and IP Address.” Simply click the checkbox so that it is enabled and click Submit. Now you will see both login names and IP addresses when running user reports.

Cut Costs with Wavecrest’s Internet Filtering, Monitoring and Reporting Products

Leave a reply

It has always been important to know that your company’s resources are being used properly and to the best of their capability.  Businesses want to ensure that their employees are being productive and not wasting the organization’s time and resources.

Internet access is one of those resources that can easily be abused, costing an organization time and money. Internet filtering and/or monitoring with one of Wavecrest’s Cyfin or CyBlock products can help preclude or drive down costs in at least four areas: productivity, bandwidth, legal liability and security.

1. Productivity

  • The average worker admits to frittering away 2.09 hours per 8-hour workday, not including lunch and scheduled break-time (America Online and Salary.com survey, 2006).
  • The average employee costs a company $29.71 per hour (including salary, overhead costs, benefits, payroll taxes, etc.) —- United States Department of Labor Bureau of Labor Statistics — March 2010.
  • Lost productivity costs the company $59.42 per day per employee (2 hrs x $29.71).
  • Average employee works 240 days per year.
  • Yearly loss per employee is $14,260.80  (240 x $59.42)
  • Loss per 1000 employees is $14,260,800 per year.
  • Average cost for a Wavecrest Internet filtering or monitoring product with a 1000-employee license is $3,500 per year ($3.50 per user).

Conclusion:  Cost of a Wavecrest license is less than three tenths of one percent of the cost of lost productivity. A well-communicated Web-use policy, coupled with an effective monitoring product, greatly increases productivity in the workplace.

2.  Bandwidth

Reliable studies indicate that as much as 70% of a company’s bandwidth is being consumed by non-productive pursuits. Activities such as online video, audio streaming, downloading movies or MP3’s are especially damaging.  It is quite clear that eliminating or significantly reducing bandwidth abuse can improve network performance and preclude or decelerate the need for organizations to support increased bandwidth use.

3.  Legal Liability

Web-related legal costs typically result from employees visiting pornography sites.  Many studies show this to be a serious problem. In fact, according to research by Nielsen Online in October 2008, one quarter of employees who use the Internet visit porn sites during the workday.  Hits to porn sites are higher during office hours than at any other time of day, according to M.J. McMahon, publisher of AVN Online magazine, which tracks the adult video industry.

This type of activity puts the employer at serious risk of being sued by other workers who are offended or upset by being exposed to pornographic images. Such suits usually take the form of sexual harassment or hostile workplace litigation and can be very costly in terms of damage to reputation as well as legal costs.

4.  Security

Studies show that approximately twenty percent of personal use of the Internet by employees involves activities that pose potential threats to employer network security. Examples include file sharing, the use of malicious code, spyware and more. Like bandwidth abuse, the associated costs are difficult to quantify, but such activities can easily result in network disruptions or slowdowns and/or loss or compromise of proprietary data; these all come with a cost.

The World Cup Means Time Wasted at Work

Leave a reply

The 2010 FIFA World Cup games begin today and will run until July 11.  Challenger, Gray & Christmas, a research firm that deals with lost workplace productivity, ranks the World Cup as one of the biggest time wasters in the workplace worldwide.  And it’s not just time that World Cup viewers will suck up in the workplace.  Bandwidth consumption will also increase with the availability of video streaming of the games.

While the World Cup ranks number 4 in the US as a top time waster behind March Madness, the Super Bowl and Fantasy Football, it will still cost American companies about $121.7 million in lost productivity.  The British economy, however, is looking to lose about $7.36 billion in productivity, according to the British law firm Brabners Chaffe Street.

Wavecrest’s Cyfin and CyBlock products and services help all types of organizations manage and control employee Web activity. Cyfin and CyBlock products do this by monitoring and/or filtering employees’ Web use and reporting on the activity by content categories, e.g., sports, social networking, games, and others. Of particular note, with regard to the World Cup, CyBlock products can be set up to block Web access by categories and by hour so employees can access sports sites on their lunch break or after hours. This approach can help sustain morale while minimizing lost productivity and bandwidth associated with the World Cup.

Sources:
https://blogs.reuters.com/shop-talk/2010/06/08/world-cup-is-no-march-madness-in-sapping-productivity/
https://www.bizjournals.com/kansascity/blog/2010/06/world_cup_promises_some_kick_to_productivity_apps_aim_to_help.html
https://www.usnews.com/usnews/biztech/articles/060608/8worldcup.htm