Author Archives: admin

U.S. Department of Justice Monitors Web Use with Cyfin Reporter

The U.S. Department of Justice (DOJ) recently renewed Cyfin Reporter for the seventh consecutive year.  Cyfin Reporter enables the DOJ to conduct up to 100,000 employees’ Web usage simultaneously. The Department continues to use Cyfin Reporter because of its robust performance, accuracy and scalability and the many benefits it provides, i.e., improved productivity and decreases in bandwidth consumption, legal liability and security threats.

It’s important for employers to ensure that their employees are using the Internet in a productive manner and are not accessing sites that hurt productivity or degrade network performance.  Cyfin Reporter helps organizations do this by providing actionable and accurate employee Web-use investigations. Its features include automatic abuse detection, interactive drill-down, and a report scheduler that runs and distributes reports automatically.

Dennis McCabe, Vice President of Business Development at Wavecrest Computing, states, “the great thing about Cyfin Reporter is that it not only allows organizations to monitor ‘bad’ sites, but it also allows them to monitor those sites that employees should be utilizing on a regular basis, e.g., the company’s Web site or intranet.”  This is what makes Cyfin Reporter a truly effective tool for managing Web use.

For 12 years, Wavecrest Computing has been providing Internet filtering and monitoring solutions to business, government, and educational organizations worldwide.  Wavecrest’s customer base includes well-known names such as the Department of Veterans Affairs, Procter and Gamble, Burlington Northern Santa Fe Railway, Bridgestone, Mazda and many others.  Government agencies and educational institutions can purchase Wavecrest products through GSA’s Federal Supply Schedule at a substantial discount.

Don’t Forget to Check Your Product News

The Wavecrest Computing product news system was introduced in September 2006 in CyBlock Version 5.5.3 and Cyfin Version 7.5.3.  If you have one of these versions of CyBlock and Cyfin or later, you may notice that the icon below occasionally shows up in the right-hand corner of the browser interface indicating that you have new product news.

This icon will stay in the upper right-hand corner of the browser interface until you click on it to read your product news.

We send product news to let you know general and critical information about your product.  Product news items are generally updates or things you need to know about the latest product release.

When viewing a news item, you will notice at the top that we indicate whether or not the news is Critical or Non-critical.  Critical news is identified with a red bar, meaning that it is very important that you read the message and may require some action, while Non-critical news is identified with a green bar.  A Non-critical message is typically a notification that there is a new release or update available for your product.

New Minor Releases: CyBlock 5.9.0 and Cyfin 7.9.0

New versions of Wavecrest Computing’s CyBlock and Cyfin monitoring and filtering software were recently released.  They include the following new features and enhancements.

  • Enhancement – Array configuration. This release contains a useful new feature which will allow you to combine all of your proxy data into an Enterprise report.  It also lets you apply settings and policies from one ‘primary’ installation to multiple ‘secondary’ installations.  For Cyfin Reporter, this feature works a little differently.  Instead, it allows you to use multiple servers’ CPU’s to process logfile data, while leaving one ‘primary’ Cyfin Reporter machine free to run reports.
  • New Report – Site Audit Detail. This report lists all users that visited a particular Web site and shows the total visits.
  • Enhancement – Proxy Chain ability. CyBlock Proxy and Cyfin Proxy now have the ability to use a ‘downstream’ proxy in a ‘chain’ configuration.
  • Enhancement – Job Queue. New keyboard shortcuts allow you to pause and restart the job queue.  Also, all jobs are now numbered in the queue.
  • Enhancement – Logging optional. (CyBlock Proxy only) Logging of proxy data can be disabled without affecting the filtering policies in place.
  • Enhancement – New logfile formats supported. (Cyfin Reporter only) Cyfin Reporter extends support for Sidewinder Firewall G2, IronPort Appliance, Symantec Web Security and MIMEsweeper logfiles.

For full release notes on the products, please visit the forum at https://forum.wavecrest.net/index.php. Current customers can download the latest release from their product by going to the Administration – Product Update screen.

2008 Summer Olympics: Bandwidth and Productivity Concerns for Businesses

The start of the 2008 Summer Olympic Games are right around the corner, and this year, NBC plans to stream 2,200 hours of live events on NBCOlympics.com.  This may cause several network problems and productivity losses for businesses. To give you an idea of how much bandwidth a video can eat up, an episode of “The Simpsons” uses about 25,000 kb.  This can cause major problems when you multiply that by several employees at one time. 

Whether you’re concerned about productivity, bandwidth or both, your CyBlock or Cyfin application can be used to help you filter and/or track Web access the NBC Olympics site. The site https://www.nbcolympics.com is included in the category Sports but can also be filtered or monitored separately by placing it in a custom category if you don’t want to block the entire Sports category.  Or, you can choose to just block video from the Web site by placing the URL https://www.nbcolympics.com/video/index.html in a custom category.  Dont’ forget that you can also use the hourly blocking option if you want to allow employees access to the site during lunch and after hours.

To use custom categories, simply go to Advanced Settings – Category Setup – Edit URLs.  Simply select the custom category you’d like to use, and type in the URL(s) you’d like to filter or monitor.  For Cyfin users and those that decide to just monitor Web use of NBCOlympics.com, you can run a Category Audit Report on the Custom Category that you created to track that site.

Finding System Information for CyBlock or Cyfin

There’s a quick and easy way to get system and configuration information on your CyBlock or Cyfin product.  Just go to Help – System Information – Server Information on your product’s menu, and it will take you to the Server Information screen, which gives you the:

  • License Information
  • Number of Data Configurations (CyBlock ISA and Cyfin Reporter)
  • Install Directory Path
  • Communication Port
  • Memory Usage
  • URL List Configuration
  • Email Configuration


You will also find your various directory configurations on this screen for your Scheduler Directory, Email Reports and more.  This is a great screen to check out to find out how much available memory you have, if the URL list is properly configured, and where your configuration files are located.

Are Some Web Domains More Dangerous Than Others?

The simple answer is “yes.”

A recent report published by McAfee showed that specific country domains and some generic domains are more dangerous than others. The most dangerous country domain is Hong Kong (.hk) with 19.2% of sites posing a security threat to visitors. Second to Hong Kong was China (.cn) with just over 11% of sites found to pose a security threat. The most dangerous generic domain is .info with 11.8% of sites posing a security threat, while government sites (.gov) still remain the safest domains.

The report also revealed that security threats from surfing the Web have increased 41.5% over 2007. So then the question becomes, “how can I protect my Internet users from accessing these sites that are prone to harboring spyware, adware, viruses, etc.?”

There are several steps you can take to help protect your network from a Web-use management perspective.

  1. If you have CyBlock, you can block access to those domains that are the most dangerous by using the wild card option in a custom category. Assuming that access to these domains in your workplace is not needed for the majority of Internet users, then simply blocking the domains is a good way to keep users from accessing them on purpose or on accident. Should a user ever have a need to access a legitimate site with that domain, then it can simply be added to an allow list in either a custom category or one of the other 69 predefined Wavecrest categories that you allow.
  2. If you are using Cyfin, while you can’t block sites with a particular domain, you can still track access to them by using a custom category and running a report against that category to see if there is any activity in those domains.
  3. Also be sure to monitor and/or block the existing Spyware/Malicious, Phishing/Fraud, Public Proxy, and Hacking categories to help protect your network.
  4. Finally, the most important step you can take to ensure that your Internet users are surfing safely is to make them aware of Web security threats and the type of sites that are more likely to harbor them.

New Releases: CyBlock 5.8.7 and Cyfin 7.8.7

I am thrilled to announce that several enhancements were recently made to Wavecrest Computing’s Cyfin and CyBlock products. These include:

New Scalability. The latest versions of CyBlock Proxy and Cyfin Proxy include high-performance scalability. These new scalable multiplexed proxy servers replace the previous thread-based versions, meaning that they can handle large numbers of users and requests. These new versions will:

  • react quicker to new requests
  • minimize resource contention
  • tolerate slow or unresponsive clients and servers more efficiently.

Enhanced Reporting Options. Several enhancements were made to the Web-use reporting features for all products. These include:

  • a new “Last 24 Hours” time frame option
  • the ability to name scheduled reports
  • the ability to enter other email addresses to receive scheduled reports.

Array Configuration. The array feature is now available for blocking policies in the latest version of CyBlock ISA. For full release notes on the products, please visit the forum at https://forum.wavecrest.net/index.php. Current customers can download the latest release from their product by going to the Administration – Product Update screen.

Controlling Spyware with Cyfin and CyBlock

Introduction
Spyware – software that tracks Web surfers’ activity without their knowledge and sends the information back to a third party – is a growing concern for IT administrators. Spyware can compromise security, consume bandwidth and slow networks to a crawl. The good news is you can help protect your network from spyware with Cyfin and CyBlock software.

Spyware Problems
Spyware can get into your computer(s) very easily, and it can be extremely hard to detect. Most employees never realize their computers are infected, and those that do have no idea how it happened.

Because spyware enters a user’s system with “legitimate” traffic through an open Internet port, firewalls are not an adequate defense. Spyware remains undetected by firewalls designed to block suspicious inbound traffic rather than monitor the heavy outbound activity spyware generates. (Inbound spyware doesn’t look suspicious.)

Wavecrest Solutions
Your Cyfin web monitoring software or CyBlock web filtering software can help identify spyware and reduce your risk of downloading it in the future.

1) Use reporting tools to spot spyware activity with Cyfin or CyBlock.

A. Look for unusual patterns of Web activity. Run a Site Analysis report at least once a week and be alert to changes in the volume and pattern of outbound Web activity. For example, if a single user is suddenly logging thousands of visits a day, chances are it’s a spyware issue. That’s because “human” activity is usually more random than spyware activity. Here’s another clue. If you notice that every morning at 3 a.m. a user appears to be accessing the same Web site repeatedly, most likely the activity is being automatically triggered by a spyware program.

B. Watch the IP Address category. High activity in this reporting category should raise a red flag for administrators. Most spyware programs send information back to an IP address, while actual user activity is almost always driven by a domain name. Wavecrest software will categorize all IP Address activity automatically. High traffic volume here warrants further investigation.

C. Identify the source of the problem. Dig deeper by running a Category Audit Detail report to uncover both the spyware site and the affected user. If your Category Audit Detail report shows an unusual number of hits to a specific Web site, that site is most likely the source.

2) Use CyBlock’s filtering tools to control surfing.

A. Create a strict “allow” list. One way to prevent spyware is to strictly control employee Internet access. With CyBlock, you can limit online access to only the Web sites you know to be trustworthy and automatically block access to any Web site not on your “allow” list.

B. Block access to social networks high-risk sites. Another less restrictive way to minimize exposure to spyware is to block user access to high-risk site categories. These include spyware/malicious, hacking, phishing/fraud, music downloads, download sites, social networks, games, chat and pornography.

3) Update your Web-use management tools.

A. Update your Acceptable Use Policy. Employees need to understand the risks of Web surfing. Minimize risks of Internet abuse by implementing a policy to curtail at-work surfing and communicate it clearly to employees.

B. Update your Wavecrest list. The Wavecrest control list is updated daily, adding Web sites known to host spyware. We recommend downloading your Wavecrest control list daily to minimize the number of visits categorized as “Other” and ensure the best coverage possible. You can set Cyfin and CyBlock to do this automatically on the Administration – URL List – Schedule screen.

(Note: If you spot a Web site you suspect may be spyware, email it to us at sites@wavecrest.net. Our OtherWise research team will review the site and categorize it appropriately.)

C. Update your operating system. Download updates to your operating system on a regular basis. Spyware multiplies on your network by exploiting weaknesses in OS software. Frequent updates will help plug these holes and minimize the damage if you become infected.

4) Work with your employees.

Counsel employees about the dangers of spyware. Brief your employees on the dangers and detrimental effects of malicious software, and tell them about the actions you’re taking as well as the actions they should take and the sites they should avoid.

Reminder: March Madness Begins Next Week

This is just a reminder that March Madness begins next week with the first game on Tuesday, March 18 and the first online games on Thursday, March 20. Experts estimate that more than 1.5 million employees will be watching the games from their desks and an overall potential $1.7 billion lost in productivity. And just like last year, NCAA On Demand is including the “boss button,” which brings up a fake spreadsheet to make it appear that employees are busy working.

Many businesses and schools are also concerned that the widespread viewing of the streaming video will slow or crash their computer networks. This is especially worrisome because for the first time this year all 63 tournament games will be available online, without online blackouts of games showing on local CBS TV stations.

CBSSports.com and NCAA.com, including NCAA On Demand, are included in the Wavecrest site-blocking list under Sports, and for those using Cyfin, access to these sites will be monitored under Sports. If you want to only block and/or monitor the live video, you can use one of Wavecrest’s custom categories to block and/or monitor www.ncaasports.com/mmod/player.

The Dangers of Public Proxies

Introduction.
Public proxies are often used by employees or students who want to get around Web filters and/or avoid being identified by Internet logging. In other words, public proxies allow individuals to surf the Web “anonymously.”

The way public proxies work is by making the requested Web site appear to be going to a Web address other than the address of the site actually being requested. They act like a “middle man.” When a Web site is requested, the request is sent to the public proxy, which forwards the request to the original destination, and then returns the site that was requested.

Problems with Public Proxies.
The claim that a public proxy hides a user’s identity may sound safe, but the fact is that public proxies that are used to get around filters can be very dangerous to the user and his/her company or school.

Many public proxies promote spyware or malware activity. They are created to gather user information, or even worse, company information on an employee’s computer. They often log an individual’s online browsing, emails, and chat sessions to gather user names, passwords, credit card or banking information. Some of the information gained, e.g., email addresses, is often used to sell to other companies for marketing purposes.

Solutions.
An enormous and fast-growing number of dangerous public proxy sites exist around the world with new ones popping up every day. Many of them even change their IP addresses at frequent intervals. For these reasons, it is totally impossible to completely solve the problem with technical approaches alone.

Instead, there are several steps you can take to prevent or identify the use of public proxies. The first is to make sure your company or school’s acceptable use policy and consequences of breaking that policy are clearly communicated.

Secondly, back up your AUP by filtering and/or monitoring employees and students’ Web access. Many public proxies use IP addresses to avoid easy detection, so a spike in IP address visits could be an indication that an employee or student may be using one. Wavecrest Computing’s CyBlock and Cyfin Internet filtering and monitoring software have categories for both public proxies and IP addresses.

Finally, make sure that your employees or students are aware of the security dangers associated with public proxies. Many are not aware of the security risk associated with public proxies and may be less inclined to use one if they are educated on the dangers they pose to the user and his/her company or school.