Category Archives: CyBlock Software

Wavecrest Early Adopter Program

Be part of Wavecrest’s innovative process

When participating in the Early Adopter Program (EAP), you will have access to our latest innovations and emerging technologies. Having the opportunity to provide suggestions on new solutions before they are publicly released, you will play an integral part in the future enhancements to our products. We will also provide a dedicated EAP Wavecrest expert who will be there to assist you throughout the program.

How does the program work:

Simply put, you apply for the Wavecrest EAP program and select what product/features interests you most. We will provide you with access to the latest fully tested products/features. You communicate with your EAP Wavecrest expert on your progress and any issues.

Who can participate:

All current Wavecrest Computing customers are eligible to join the Early Adopter Program (EAP)

How to participate:

Register for Wavecrest EAP Program.

New User Interface Now Available in CyBlock/Cyfin Release 9.0.4

We are excited to announce the availability of a major release with a redesigned user interface and enhanced functionality in our products – CyBlock Software, CyBlock Appliance, and Cyfin. Some of the highlights of the enhancements are listed below within the new menu structure.

  • Rebranding
    • CyBlock Proxy has been renamed to CyBlock Software, and Cyfin Reporter to Cyfin.
    • Product version numbers have been consolidated, and all products now have the same version number.
  • Logon
    • A more secure logon is available. After logging on with the default password, you will be required to change your password on the Change Your Password screen. If you forget your password, a “Forgot password” link is available to reset your password to the default.
  • Menu Structure
    • Web Management (CyBlock). In this menu, you will find the Filtering features, such as Control Web Categories, Web Content, and Web Search, and Web Blocking Message. Bandwidth Management and the Client Download and Install screen for CyBlock Appliance are also in this menu.
      • You can now customize your blocking message using a Message Editor embedded in the interface. Previously, your HTML file would have to be modified outside the product. A Restore Default button allows you to revert to the Wavecrest default blocking message.
    • Data Management. This menu covers the screens for setting up, viewing, and revalidating log file data. The screens for enabling and configuring settings for the Report Database are in this menu as well as the screens for importing, viewing, and deleting the data.
    • User Management. This menu covers all aspects of managing users including adding groups and IDs, setting up and importing users from Active Directory, importing users from a text file, adding administrator and operator logon accounts, and authentication.
      • The Change Your Password screen lets you change your password at any time and requires your password to meet certain criteria.
    • Categorization. This menu contains all screens associated with the Wavecrest URL List including changing the location, downloading the list, checking the categories of URLs, adding custom categories, and selecting categories to display on reports.
    • Real-Time Monitors (CyBlock). In this menu, you will find the protocol (CyBlock Appliance), Web, and bandwidth monitors.
      • The Real-Time Web Monitor includes new options to display authentication challenge (407) requests and wrapped URLs. The settings and controls are now also available in a toolbar and can be changed while the monitor is gathering data in real time.
    • Reports (CyBlock Software and Cyfin). This menu covers running Dashboard Top and Trend charts, creating different types of reports, and viewing sample reports. The ability to customize or schedule a report has been consolidated with creating a report giving you a streamlined way to manage reports.
      • The Dashboard Top Coached Report is now available in CyBlock Appliance.
    • System Status. This menu covers system information that is intended for administrators’ use, such as server status and information, filter status (CyBlock), job queue, and policy reports.
      • New screens allow you to see array communication messages, dates and times of the URL List and product updates, product event errors and messages, and profiling information. The event and profiling logs are used by Technical Support for troubleshooting purposes.
    • Settings. In this menu, you will find those features that usually require a one-time setup, such as license information, product admin e-mail address, PAC file, SSL certificates, SSL inspection, array setup, memory settings, and report options.
      • (CyBlock Appliance) The Web Redirects screen allows you to redirect HTTP traffic from port 80 to port 8080 and also exclude IP addresses from being redirected.
    • Help.  Along with product documentation, Support screens, and contact information, the Help menu now contains the Category Descriptions and Check for Product Updates screens.

To see the full release notes for your product, visit our Support Web site. You can download the latest release by going to the Administration – Product Update screen in your Cyfin or CyBlock product.

For additional assistance, please contact us.

Cyfin Release 8.8.3 and CyBlock Release 6.8.3 Now Available

We are pleased to announce the release of three new audit reports in the new versions of Cyfin and CyBlock, which can provide management with detailed Web-use data on specific employees. These audit reports could be of interest to corporate IT forensic personnel, law enforcement agencies, anyone in the legal community, and forensic criminal investigators. They are capable of processing large amounts of log file data and support several types of log file formats such as Blue Coat and IronPort. The new reports are as follows:

  • Search Terms Audit Detail – The report shows search terms that users entered on popular search engine sites such as Google. It includes an option to show “prefetched” search results that were performed as the user was typing. These results are referred to as keystroke searches. This report can be used as a tool to aid in forensic investigations. It also indicates the number of search terms entered and can give the details of a user’s keystrokes.
  • Denied Detail – The report shows the specific URLs to which users were denied access. The data is broken out by user. Each Web page attempt is displayed with its corresponding category. Denied attempts for a Web page can signify that the user may not be authorized to receive the page, the page may not have been found by the Web server, or the page may have been blocked for access. If you have Web filtering enabled, this report can verify that it is working and is a very useful supplementary tool for individual user audits.
  • Legal Liability Detail – The report shows the specific URLs of Legal Liability Web activity by user, that is, visits to only the Anonymous/Public Proxy, Cults, Drugs, Gambling, Hate and Crime, Malware, and Pornography categories that pose a legal liability risk. By reporting on only these categories, smaller, more focused reports are available to facilitate analyses, investigations, and audits related to legal liability issues.

To see the full release notes for your product, visit the Support Forum. You can download the latest release by going to the Administration – Product Update screen in your Cyfin or CyBlock product.

For additional assistance, please contact us.

Displaying the Blocking Message When Connecting to a Secure Site

Using CyBlock Software or CyBlock Appliance, a secure Web site (https://domain) can be blocked by blocking the corresponding category, explicit URL, or custom category in which the URL has been added. If the secure site contains a path (https://domain/path), the URL match is made on only the domain portion by default. SSL Inspection has to be turned on with the associated blocked category set to be inspected in order to match on the domain and path portions combined.

However, the following issue may be encountered with the browser for a secure site (https://domain). When a user attempts to connect to a blocked secure site through CyBlock Software or CyBlock Appliance, the browser is only capable of receiving a Connection Established header response. Any other response, including a blocking message, is treated as a failed connection, and contents embedded in the response are not rendered due to security constraints.

Therefore, in order to display the blocking message when a user is connecting to a blocked secure site, the proxy must first send a Connection Established header which will require an SSL certificate to be accepted by the browser. This certificate is generated using the Wavecrest root certificate. If the Wavecrest root certificate is not already installed in the browser, a certificate warning message will be issued that must be accepted in order to display the blocking message. Please see the Wavecrest Certificate Installation Guide for instructions on how to install and distribute the Wavecrest root certificate and prevent the certificate warning message for your users.

If you do not accept the certificate when you receive the warning message, just a blank page will be rendered in the browser with a generic browser error message.

For additional assistance, please contact Technical Support at (321) 953-5351, Ext. 4 or support@wavecrest.net.

Analyze Your Encrypted Traffic With CyBlock SSL Inspection

In huge numbers, more and more organizations, particularly e-businesses, are using Web-enabled applications that involve the use of personal, private, and sensitive data. Banking, online shopping, and credit card transactions are good examples, but by no means the only ones. SSL encryption is being increasingly used to protect the confidentiality of this business and personal data on the Web. Surveys show 25%-35% of enterprise traffic is SSL-encrypted, and the number can be as high as 70% in specific industries. SSL encryption is the most cost-effective way of protecting the privacy of this traffic.

While SSL encryption solves many privacy-protection problems, it can allow traffic that poses security threats–both inbound and outbound–to pass through security protection measures uninspected and unchecked.

Inbound Problem.  SSL encryption creates security blind spots in incoming traffic. The traditional security infrastructure that protects an organization is blind to the threats in inbound SSL traffic and provides an easy vehicle for criminals and hackers to hide their cyber attacks.

Outbound Problem.  In addition to the risks of incoming threats hiding over SSL channels bypassing security protections, outbound enterprise traffic is now a growing problem. This is becoming quite a “hot button” for security applications (e.g., content filtering applications) that tackle data loss prevention (DLP), compliance reporting, and lawful intercept. In the past these solutions could see what was outgoing, but now they are suddenly “in the dark” when it comes to the data transferred over SSL.

From a security standpoint, most organizations already deploy an array of network and security appliances and programs to protect their enterprise, enforce internal corporate acceptable use policies, and satisfy external government regulation. Unfortunately, in many instances, they can only inspect plaintext traffic and are unable to inspect HTTPS communications for attack signatures. This makes it difficult or impossible for network administrators to enforce corporate acceptable use policies or ensure threats, such as viruses, spam, and malware, are stopped before they reach individual users.

In addition, without the ability to examine the contents of HTTPS communications, network administrators leave open the possibility for information to be accidentally leaked out of the enterprise or worse, stolen. Regulatory compliance requirements, including identifying accidental or intentional leakage of confidential information, are also virtually impossible to meet because of HTTPS encryption.

CyBlock SSL Inspection gives network administrators the ability to monitor this SSL-encrypted traffic and to identify and respond to any undesirable content. The total HTTPS inspection process decrypts, analyzes, categorizes, and then re-encrypts the traffic. If necessary, specific standard and/or custom URL categories can be exempted from the inspection process; this is known as “tunneling.” In addition, full URL information in a number of Wavecrest audit reports is available to network administrators.

To learn more about how CyBlock SSL Inspection can protect your sensitive data, please see our SSL Inspection Tech Brief or contact Technical Support at (321) 953-5351, Ext. 4 or support@wavecrest.net.

Source:  Examining SSL-Encrypted Communications – Netronome

Downloading Windows 8 Apps

Companies that filter and monitor Web traffic by user name do so in order to enforce their Acceptable Use Policy and for reporting purposes. In order to obtain user names for filtering and reporting purposes, they enable the authentication of all Web requests. An issue that arises with authentication is that there are some Web apps that do not respond to authentication requests.  This is the case with Windows 8 apps.

In order for the Windows 8 operating system to download apps through CyBlock Software or CyBlock Appliance, entries need to be made in the Authentication Manager. This work-around puts these apps in an authentication “Bypass” list where they are exempt from authentication. CyBlock will not require authentication for any URL/User-Agent combination established in the Bypass list. Any user name cached for this connection will be used. If none is cached, the activity will be logged with the user name of “bypass.” The steps below should be followed.

  1. Go to the Advanced Settings – Proxy Settings screen, and click the Authentication Managerlink.
  2. Under Display Selection, select Bypassed or All to display the Bypassed entries. Note that the All option will display the Pending Bypass entries also.
  3. Under Bypassed, click the Add new bypass entry link. A dialog box is displayed.
  4. Enter each of the following combinations of URL or Domain and User-Agent, and click Add after each entry.
URL or Domain User-Agent
*.apps.microsoft.com *
*ws.microsoft.com *
* MSappsHost/*

 

The entries on the screen should look like the following example.

CyBlock Authentication Bypassed Entries

 

For additional assistance, please contact Technical Support at (321) 953-5351, Ext. 4 or support@wavecrest.net.

Cyfin Release 8.8.1 and CyBlock Release 6.8.1 Now Available

We recently released new versions of Cyfin, CyBlock Software, and CyBlock Appliance. In this release, you will find several corrections as well as improvements to the Restore/Download feature and to access accounts. With the Restore/Download enhancement, you will be able to transfer all of your current configuration settings to another installation of the product. This will prove to be useful if you are transitioning to production mode or purchasing a new server. With access accounts, you can now confirm a password when creating or modifying an access account. The enhancements are described below.

  • Restore and Download.This includes the following changes:
    • The ability to transfer all configuration settings to another installation of the product has been added.
    • Transfers of configuration settings are only supported for the same product type, for example, CyBlock Software to CyBlock Software. Transfers across products are not allowed.
    • Transfers of configuration settings are only supported from this release and later. Previous restore points before this release are not transferable.
    • On the Administration – Restore – Restorescreen, the Choose Restore Type field has been added with Full and Configuration Only options.
      • The Full option allows you to transfer configuration settings from one product type to the same product type with the same restore point path on the same computer.
      • The Configuration Only option allows you to transfer configuration settings to a different restore point path on the same computer or to a different computer.
    • On the Administration – Restore – Download screen, the following has been added:
      • A Restore Point Settings section to allow you to edit or select the restore point path.
      • An Update button to reload the new restore point path.
      • A Create Restore Point section to allow you to create a new restore point using a Create button.
      • A Restore Point Filename field that displays the name of the .zip file in the format yyyymmdd+hhmmss.zip. Older restore points with file name ##.zip will still be displayed; however, they are not transferable and should not be used.
  • Access Accounts.This includes the following changes:
    • For Cyfin and CyBlock Software, the Enter Password and Confirm Password fields have been added to the following screens to allow you to enter and confirm a new password when creating or modifying an access account:
      • Administration – Access Accounts – Create
      • Administration – Access Accounts – Modify
    • For CyBlock Appliance, the Enter Password and Confirm Password fields have been added to the Administration – Access Accounts – Modify screen to allow you to enter and confirm a new password when modifying an administrator access account.
    • If the new and confirmable passwords do not match, a red x is displayed, and the Submit button is disabled.

To see the full release notes for your product, visit the Support Forum. You can download the latest release by going to the Administration – Product Update screen in your Cyfin or CyBlock product.

For additional assistance, please contact us.

Cyfin Release 8.8.0 and CyBlock Release 6.8.0 Now Available

We are excited to announce the release of two major enhancements in the new version of Cyfin and CyBlock. The first major enhancement is the new SSL Inspection feature that allows our CyBlock products to decrypt, analyze, and fully inspect all HTTPS traffic. In order to defeat security threats facing companies today, SSL Inspection is essential. The second major enhancement is an innovative technique for protection against automated invasion of malicious scripts and software and/or unauthorized access to internal networks. Enhanced Malware Protection automates the process of identifying large numbers of new malware-spreading sites daily. To facilitate identifying and blocking malware traffic, three security threat categories have been consolidated into a new Malware category.

Other enhancements in this release include the rebranding of our products, new product icons displayed after installation, and new product Help. We also have a number of corrections in this release. The details of the enhancements include the following:

  • Product Rebranding.The Wavecrest products have been rebranded as follows:
    • The products offered are CyBlock and Cyfin (formerly Cyfin Reporter).
    • Three deployment options are available for CyBlock:
      • CyBlock Software (formerly CyBlock Proxy)
      • CyBlock Appliance
      • CyBlock ISA/TMG
    • These changes are reflected on the Wavecrest Web site and the Forum. They will eventually transition to the products and associated documentation.
  • SSL Inspection.This includes the following changes:
    • Ability to view the full URL including path, embedded URLs, and parameters.
    • Domain, path, and parameter matching.
    • Ability to filter detailed HTTPS traffic by Web categories and Web content types and display blocking messages for both.
    • Safe Search blocking (where applicable).
    • Ability to view full URLs in the Real-Time Web Monitor.
    • Ability to view full URLs in the following reports (where applicable), not just domains:
      • Category Audit Detail
      • Category Audit Summary
      • Site Audit Detail
      • User Audit Detail
      • User Audit Summary
    • A new SSL Inspection screen that allows you to select groups and/or IDs and standard and custom categories to be inspected. To access this screen, go to Advanced Settings – Proxy Settings – SSL Inspection. For inspection to occur, you must select a group and/or an ID, and set a category to Inspected. The Financial category is set to Tunneled by default for privacy reasons, but this can be changed to Inspected.

Note:  Before using SSL Inspection, the Wavecrest Certificate must be installed. Refer to the Wavecrest Certificate Installation Guide for instructions on how to install/distribute the certificate. For more information on this enhancement, see the SSL Inspection Tech Brief.

  • Enhanced Malware Protection in URL List.This includes the following changes:
    • Extensive malware site additions were made to the URL List. You will receive the enhanced protection when the list is downloaded manually or automatically.
    • The Hacking, Phishing/Fraud, and Spyware/Malicious categories were consolidated into a new Malware category.
    • Custom URL entries categorized as Hacking, Phishing/Fraud, and Spyware/Malicious are now categorized as Malware.
    • The Hacking, Phishing/Fraud, and Spyware/Malicious categories were replaced by the new Malware category on appropriate screens and in all category drop-down boxes.
    • For CyBlock, on the Block Web Categories screen, the Malware category is set to “Block” in the Default policy in new installations by default. In existing installations, previous settings will not change when the product is upgraded, that is, the Malware category will be set to the previous Spyware/Malicious category setting.
    • The Malware category is displayed on the Help – Reporting – Check URL screen under URL Category Match when there is a category match.
    • Scheduled reports now report on the Malware category if they were set up to report on the Hacking, Phishing/Fraud, and Spyware/Malicious categories.
  • Product Icons. The Wavecrest product icon has been replaced with new CyBlock and Cyfin product icons on the Start menu and on the browser tab (favicon).
  • Product Help. The QR pages in the product have been replaced by a new searchable Help system. The Help system has a similar TOC as the product manual, but also includes an Index and a Search box. If a search result indicates “Web site,” you can right-click the entry to open the page in a new tab or window. You can also print a displayed Help topic by clicking the Print button.

To see the full release notes for your product, visit the Support Forum. You can download the latest release by going to the Administration – Product Update screen in your Cyfin or CyBlock product.

For additional assistance, please contact us.

Cyfin Release 8.7.2 and CyBlock Release 6.7.2 Now Available

Upgrade today with the latest release of Cyfin and CyBlock. In this release, you will find new user guides, significant changes to the Dashboard charts, new pages to display errors, screen communication with the ISA plug-in as well as several corrections. The list of enhancements for CyBlock Proxy, CyBlock ISA, CyBlock Appliance, Cyfin Reporter, and Cyfin Proxy includes the following:

  • User Guides. The user guides were enhanced to add a hyperlinked table of contents and additional hyperlinks in the chapters for ease of navigation when reading as electronic documents. The chapter and section headings, notes, cautions, and important information are color-coded for improved readability. With the improved layout, the user guides can be easily printed double-sided if you prefer to read in hard copy.
  • Dashboard Charts. The charts and screens were modified to remove the need for Adobe Flash Player, add the ability to zoom in the chart, add a legend to toggle options on and off, and update other sections of the screens.
  • Import From Active Directory. After creating or modifying an Active Directory configuration, you can now click an import link on the Configuration Completed screen. You will be directed to the Import – Active Directory – Manual screen to import groups and IDs.
  • Error Pages. Error pages were added to display more detailed error information and allow information to be sent via e-mail to the administrator if the administrator e-mail is set up. The administrator can then submit the error and additional information to Wavecrest Technical Support.
  • New Job Queue Section. For CyBlock, a Job Queue section was added to the Block Web Categories and Block Web Content screens to inform the user that jobs are running in the queue. If jobs are in the queue, this new section is displayed when the page is accessed or after submitting changes. The page is refreshed when the Job Queue is empty.
  • Speed Up ISA Communication. The communication between the ISA plug-in and the CyBlock service was enhanced so that on the Edit URLs screen, only custom categories are loaded and not the entire URL List decreasing the load time. In addition, messages are now queued.
  • Add Screen Communication for ISA.Changes were made to indicate that the ISA plug-in is communicating with specific screens while the communication messages are being queued. Messages will be displayed on the following screens:
    • Login – Results
    • Administration – System Information – Filter Status
    • Advanced Settings – Filter Settings – Block Web Categories
    • Advanced Settings – Filter Settings – Block Web Content

To see the full release notes for your product, visit the Support Forum. You can download the latest release by going to the Administration – Product Update screen in your Cyfin or CyBlock product.

For additional assistance, please contact us.

CyBlock Proxy New Release Version 6.7.0

Application use and non-web-based traffic are oftentimes the primary culprits degrading your network speed.  As much as 70% of your company’s bandwidth is likely being consumed by non-productive pursuits — now is the time to address your poor network performance, slow applications, and bandwidth congestion.  CyBlock Proxy’s latest release of Version 6.7.0 enables administrators to easily manage access to the ever-expanding world of web applications — ensuring maximum network speed and optimum Internet / Intranet performance. 

  • Version 6.7.0 Enhancements
    • Bandwidth Throttling
    • Search Term Matching
    • Web Site Domain Matching
    • Path and Parameter Matching
    • Coaching
    • Filtering by Day and Time
    • Report Time Filter

Our latest release will relieve you from daily grunt work by automatically enforcing your organization’s Internet use policy, rapidly improving employee productivity and blocking Internet threats, freeing you up to work on other areas of importance to your organization and your career.  You can download the latest release by going to the Administration – Product Update screen.

For Product News: Administrators have the option of receiving product news alerts via email.  This setting is found on the Administration – Product News – Setup page.  NOTE: The default setting is “Do not email.”

CyBlock Proxy upgrades are free to current Wavecrest customers.  To download yours, login at CyBlock Proxy Downloads.

Read complete release notes with the full list of enhancements and corrections.  For additional assistance, please feel free to contact us today!