Category Archives: CyBlock

Finding System Information for CyBlock or Cyfin

There’s a quick and easy way to get system and configuration information on your CyBlock or Cyfin product.  Just go to Help – System Information – Server Information on your product’s menu, and it will take you to the Server Information screen, which gives you the:

  • License Information
  • Number of Data Configurations (CyBlock ISA and Cyfin Reporter)
  • Install Directory Path
  • Communication Port
  • Memory Usage
  • URL List Configuration
  • Email Configuration


You will also find your various directory configurations on this screen for your Scheduler Directory, Email Reports and more.  This is a great screen to check out to find out how much available memory you have, if the URL list is properly configured, and where your configuration files are located.

Are Some Web Domains More Dangerous Than Others?

The simple answer is “yes.”

A recent report published by McAfee showed that specific country domains and some generic domains are more dangerous than others. The most dangerous country domain is Hong Kong (.hk) with 19.2% of sites posing a security threat to visitors. Second to Hong Kong was China (.cn) with just over 11% of sites found to pose a security threat. The most dangerous generic domain is .info with 11.8% of sites posing a security threat, while government sites (.gov) still remain the safest domains.

The report also revealed that security threats from surfing the Web have increased 41.5% over 2007. So then the question becomes, “how can I protect my Internet users from accessing these sites that are prone to harboring spyware, adware, viruses, etc.?”

There are several steps you can take to help protect your network from a Web-use management perspective.

  1. If you have CyBlock, you can block access to those domains that are the most dangerous by using the wild card option in a custom category. Assuming that access to these domains in your workplace is not needed for the majority of Internet users, then simply blocking the domains is a good way to keep users from accessing them on purpose or on accident. Should a user ever have a need to access a legitimate site with that domain, then it can simply be added to an allow list in either a custom category or one of the other 69 predefined Wavecrest categories that you allow.
  2. If you are using Cyfin, while you can’t block sites with a particular domain, you can still track access to them by using a custom category and running a report against that category to see if there is any activity in those domains.
  3. Also be sure to monitor and/or block the existing Spyware/Malicious, Phishing/Fraud, Public Proxy, and Hacking categories to help protect your network.
  4. Finally, the most important step you can take to ensure that your Internet users are surfing safely is to make them aware of Web security threats and the type of sites that are more likely to harbor them.

New Releases: CyBlock 5.8.7 and Cyfin 7.8.7

I am thrilled to announce that several enhancements were recently made to Wavecrest Computing’s Cyfin and CyBlock products. These include:

New Scalability. The latest versions of CyBlock Proxy and Cyfin Proxy include high-performance scalability. These new scalable multiplexed proxy servers replace the previous thread-based versions, meaning that they can handle large numbers of users and requests. These new versions will:

  • react quicker to new requests
  • minimize resource contention
  • tolerate slow or unresponsive clients and servers more efficiently.

Enhanced Reporting Options. Several enhancements were made to the Web-use reporting features for all products. These include:

  • a new “Last 24 Hours” time frame option
  • the ability to name scheduled reports
  • the ability to enter other email addresses to receive scheduled reports.

Array Configuration. The array feature is now available for blocking policies in the latest version of CyBlock ISA. For full release notes on the products, please visit the forum at https://forum.wavecrest.net/index.php. Current customers can download the latest release from their product by going to the Administration – Product Update screen.

Controlling Spyware with Cyfin and CyBlock

Introduction
Spyware – software that tracks Web surfers’ activity without their knowledge and sends the information back to a third party – is a growing concern for IT administrators. Spyware can compromise security, consume bandwidth and slow networks to a crawl. The good news is you can help protect your network from spyware with Cyfin and CyBlock software.

Spyware Problems
Spyware can get into your computer(s) very easily, and it can be extremely hard to detect. Most employees never realize their computers are infected, and those that do have no idea how it happened.

Because spyware enters a user’s system with “legitimate” traffic through an open Internet port, firewalls are not an adequate defense. Spyware remains undetected by firewalls designed to block suspicious inbound traffic rather than monitor the heavy outbound activity spyware generates. (Inbound spyware doesn’t look suspicious.)

Wavecrest Solutions
Your Cyfin web monitoring software or CyBlock web filtering software can help identify spyware and reduce your risk of downloading it in the future.

1) Use reporting tools to spot spyware activity with Cyfin or CyBlock.

A. Look for unusual patterns of Web activity. Run a Site Analysis report at least once a week and be alert to changes in the volume and pattern of outbound Web activity. For example, if a single user is suddenly logging thousands of visits a day, chances are it’s a spyware issue. That’s because “human” activity is usually more random than spyware activity. Here’s another clue. If you notice that every morning at 3 a.m. a user appears to be accessing the same Web site repeatedly, most likely the activity is being automatically triggered by a spyware program.

B. Watch the IP Address category. High activity in this reporting category should raise a red flag for administrators. Most spyware programs send information back to an IP address, while actual user activity is almost always driven by a domain name. Wavecrest software will categorize all IP Address activity automatically. High traffic volume here warrants further investigation.

C. Identify the source of the problem. Dig deeper by running a Category Audit Detail report to uncover both the spyware site and the affected user. If your Category Audit Detail report shows an unusual number of hits to a specific Web site, that site is most likely the source.

2) Use CyBlock’s filtering tools to control surfing.

A. Create a strict “allow” list. One way to prevent spyware is to strictly control employee Internet access. With CyBlock, you can limit online access to only the Web sites you know to be trustworthy and automatically block access to any Web site not on your “allow” list.

B. Block access to social networks high-risk sites. Another less restrictive way to minimize exposure to spyware is to block user access to high-risk site categories. These include spyware/malicious, hacking, phishing/fraud, music downloads, download sites, social networks, games, chat and pornography.

3) Update your Web-use management tools.

A. Update your Acceptable Use Policy. Employees need to understand the risks of Web surfing. Minimize risks of Internet abuse by implementing a policy to curtail at-work surfing and communicate it clearly to employees.

B. Update your Wavecrest list. The Wavecrest control list is updated daily, adding Web sites known to host spyware. We recommend downloading your Wavecrest control list daily to minimize the number of visits categorized as “Other” and ensure the best coverage possible. You can set Cyfin and CyBlock to do this automatically on the Administration – URL List – Schedule screen.

(Note: If you spot a Web site you suspect may be spyware, email it to us at sites@wavecrest.net. Our OtherWise research team will review the site and categorize it appropriately.)

C. Update your operating system. Download updates to your operating system on a regular basis. Spyware multiplies on your network by exploiting weaknesses in OS software. Frequent updates will help plug these holes and minimize the damage if you become infected.

4) Work with your employees.

Counsel employees about the dangers of spyware. Brief your employees on the dangers and detrimental effects of malicious software, and tell them about the actions you’re taking as well as the actions they should take and the sites they should avoid.

The Dangers of Public Proxies

Introduction.
Public proxies are often used by employees or students who want to get around Web filters and/or avoid being identified by Internet logging. In other words, public proxies allow individuals to surf the Web “anonymously.”

The way public proxies work is by making the requested Web site appear to be going to a Web address other than the address of the site actually being requested. They act like a “middle man.” When a Web site is requested, the request is sent to the public proxy, which forwards the request to the original destination, and then returns the site that was requested.

Problems with Public Proxies.
The claim that a public proxy hides a user’s identity may sound safe, but the fact is that public proxies that are used to get around filters can be very dangerous to the user and his/her company or school.

Many public proxies promote spyware or malware activity. They are created to gather user information, or even worse, company information on an employee’s computer. They often log an individual’s online browsing, emails, and chat sessions to gather user names, passwords, credit card or banking information. Some of the information gained, e.g., email addresses, is often used to sell to other companies for marketing purposes.

Solutions.
An enormous and fast-growing number of dangerous public proxy sites exist around the world with new ones popping up every day. Many of them even change their IP addresses at frequent intervals. For these reasons, it is totally impossible to completely solve the problem with technical approaches alone.

Instead, there are several steps you can take to prevent or identify the use of public proxies. The first is to make sure your company or school’s acceptable use policy and consequences of breaking that policy are clearly communicated.

Secondly, back up your AUP by filtering and/or monitoring employees and students’ Web access. Many public proxies use IP addresses to avoid easy detection, so a spike in IP address visits could be an indication that an employee or student may be using one. Wavecrest Computing’s CyBlock and Cyfin Internet filtering and monitoring software have categories for both public proxies and IP addresses.

Finally, make sure that your employees or students are aware of the security dangers associated with public proxies. Many are not aware of the security risk associated with public proxies and may be less inclined to use one if they are educated on the dangers they pose to the user and his/her company or school.

Welcome to the Wavecrest Computing Blog

Welcome to the official Wavecrest Computing blog. Now you can stay up-to-date on the latest news and updates to Wavecrest’s CyBlock and Cyfin Internet filtering and monitoring software products. This means that you’ll learn about new product features that you’ve been wanting, and any enhancements or updates to the products. It will also be a resource where you can get tips and best practices for using your CyBlock or Cyfin product as a Web-use management tool.

With that said, we’ll get this first post started with our latest update to Cyfin Reporter. This latest version includes an:

  • Event Log. This log is automatically created in the product and logs when the product is started or stopped, when someone logs into or out of the product, product errors and more.
  • Import Data Job Queue. All import data jobs sent to the job queue are now sorted by their start time, processing the oldest first and the newest last.
  • MSDE Log Data Correction. Problems with configuration and receiving data in reports in previous versions of the product are now corrected.

You are welcome to view the release notes on our technical support forum at https://forum.wavecrest.net. You can download the latest version of Cyfin Reporter directly through your product by going to Administration – Product Update.

Finally, we hope that you will find this blog beneficial by either subscribing to the feed or visiting it every once in a while to see what’s new!