Category Archives: CyBlock

Downloading Windows 8 Apps

Companies that filter and monitor Web traffic by user name do so in order to enforce their Acceptable Use Policy and for reporting purposes. In order to obtain user names for filtering and reporting purposes, they enable the authentication of all Web requests. An issue that arises with authentication is that there are some Web apps that do not respond to authentication requests.  This is the case with Windows 8 apps.

In order for the Windows 8 operating system to download apps through CyBlock Software or CyBlock Appliance, entries need to be made in the Authentication Manager. This work-around puts these apps in an authentication “Bypass” list where they are exempt from authentication. CyBlock will not require authentication for any URL/User-Agent combination established in the Bypass list. Any user name cached for this connection will be used. If none is cached, the activity will be logged with the user name of “bypass.” The steps below should be followed.

  1. Go to the Advanced Settings – Proxy Settings screen, and click the Authentication Managerlink.
  2. Under Display Selection, select Bypassed or All to display the Bypassed entries. Note that the All option will display the Pending Bypass entries also.
  3. Under Bypassed, click the Add new bypass entry link. A dialog box is displayed.
  4. Enter each of the following combinations of URL or Domain and User-Agent, and click Add after each entry.
URL or Domain User-Agent
*.apps.microsoft.com *
*ws.microsoft.com *
* MSappsHost/*

 

The entries on the screen should look like the following example.

CyBlock Authentication Bypassed Entries

 

For additional assistance, please contact Technical Support at (321) 953-5351, Ext. 4 or support@wavecrest.net.

Cyfin Release 8.8.1 and CyBlock Release 6.8.1 Now Available

We recently released new versions of Cyfin, CyBlock Software, and CyBlock Appliance. In this release, you will find several corrections as well as improvements to the Restore/Download feature and to access accounts. With the Restore/Download enhancement, you will be able to transfer all of your current configuration settings to another installation of the product. This will prove to be useful if you are transitioning to production mode or purchasing a new server. With access accounts, you can now confirm a password when creating or modifying an access account. The enhancements are described below.

  • Restore and Download.This includes the following changes:
    • The ability to transfer all configuration settings to another installation of the product has been added.
    • Transfers of configuration settings are only supported for the same product type, for example, CyBlock Software to CyBlock Software. Transfers across products are not allowed.
    • Transfers of configuration settings are only supported from this release and later. Previous restore points before this release are not transferable.
    • On the Administration – Restore – Restorescreen, the Choose Restore Type field has been added with Full and Configuration Only options.
      • The Full option allows you to transfer configuration settings from one product type to the same product type with the same restore point path on the same computer.
      • The Configuration Only option allows you to transfer configuration settings to a different restore point path on the same computer or to a different computer.
    • On the Administration – Restore – Download screen, the following has been added:
      • A Restore Point Settings section to allow you to edit or select the restore point path.
      • An Update button to reload the new restore point path.
      • A Create Restore Point section to allow you to create a new restore point using a Create button.
      • A Restore Point Filename field that displays the name of the .zip file in the format yyyymmdd+hhmmss.zip. Older restore points with file name ##.zip will still be displayed; however, they are not transferable and should not be used.
  • Access Accounts.This includes the following changes:
    • For Cyfin and CyBlock Software, the Enter Password and Confirm Password fields have been added to the following screens to allow you to enter and confirm a new password when creating or modifying an access account:
      • Administration – Access Accounts – Create
      • Administration – Access Accounts – Modify
    • For CyBlock Appliance, the Enter Password and Confirm Password fields have been added to the Administration – Access Accounts – Modify screen to allow you to enter and confirm a new password when modifying an administrator access account.
    • If the new and confirmable passwords do not match, a red x is displayed, and the Submit button is disabled.

To see the full release notes for your product, visit the Support Forum. You can download the latest release by going to the Administration – Product Update screen in your Cyfin or CyBlock product.

For additional assistance, please contact us.

Cyfin Release 8.8.0 and CyBlock Release 6.8.0 Now Available

We are excited to announce the release of two major enhancements in the new version of Cyfin and CyBlock. The first major enhancement is the new SSL Inspection feature that allows our CyBlock products to decrypt, analyze, and fully inspect all HTTPS traffic. In order to defeat security threats facing companies today, SSL Inspection is essential. The second major enhancement is an innovative technique for protection against automated invasion of malicious scripts and software and/or unauthorized access to internal networks. Enhanced Malware Protection automates the process of identifying large numbers of new malware-spreading sites daily. To facilitate identifying and blocking malware traffic, three security threat categories have been consolidated into a new Malware category.

Other enhancements in this release include the rebranding of our products, new product icons displayed after installation, and new product Help. We also have a number of corrections in this release. The details of the enhancements include the following:

  • Product Rebranding.The Wavecrest products have been rebranded as follows:
    • The products offered are CyBlock and Cyfin (formerly Cyfin Reporter).
    • Three deployment options are available for CyBlock:
      • CyBlock Software (formerly CyBlock Proxy)
      • CyBlock Appliance
      • CyBlock ISA/TMG
    • These changes are reflected on the Wavecrest Web site and the Forum. They will eventually transition to the products and associated documentation.
  • SSL Inspection.This includes the following changes:
    • Ability to view the full URL including path, embedded URLs, and parameters.
    • Domain, path, and parameter matching.
    • Ability to filter detailed HTTPS traffic by Web categories and Web content types and display blocking messages for both.
    • Safe Search blocking (where applicable).
    • Ability to view full URLs in the Real-Time Web Monitor.
    • Ability to view full URLs in the following reports (where applicable), not just domains:
      • Category Audit Detail
      • Category Audit Summary
      • Site Audit Detail
      • User Audit Detail
      • User Audit Summary
    • A new SSL Inspection screen that allows you to select groups and/or IDs and standard and custom categories to be inspected. To access this screen, go to Advanced Settings – Proxy Settings – SSL Inspection. For inspection to occur, you must select a group and/or an ID, and set a category to Inspected. The Financial category is set to Tunneled by default for privacy reasons, but this can be changed to Inspected.

Note:  Before using SSL Inspection, the Wavecrest Certificate must be installed. Refer to the Wavecrest Certificate Installation Guide for instructions on how to install/distribute the certificate. For more information on this enhancement, see the SSL Inspection Tech Brief.

  • Enhanced Malware Protection in URL List.This includes the following changes:
    • Extensive malware site additions were made to the URL List. You will receive the enhanced protection when the list is downloaded manually or automatically.
    • The Hacking, Phishing/Fraud, and Spyware/Malicious categories were consolidated into a new Malware category.
    • Custom URL entries categorized as Hacking, Phishing/Fraud, and Spyware/Malicious are now categorized as Malware.
    • The Hacking, Phishing/Fraud, and Spyware/Malicious categories were replaced by the new Malware category on appropriate screens and in all category drop-down boxes.
    • For CyBlock, on the Block Web Categories screen, the Malware category is set to “Block” in the Default policy in new installations by default. In existing installations, previous settings will not change when the product is upgraded, that is, the Malware category will be set to the previous Spyware/Malicious category setting.
    • The Malware category is displayed on the Help – Reporting – Check URL screen under URL Category Match when there is a category match.
    • Scheduled reports now report on the Malware category if they were set up to report on the Hacking, Phishing/Fraud, and Spyware/Malicious categories.
  • Product Icons. The Wavecrest product icon has been replaced with new CyBlock and Cyfin product icons on the Start menu and on the browser tab (favicon).
  • Product Help. The QR pages in the product have been replaced by a new searchable Help system. The Help system has a similar TOC as the product manual, but also includes an Index and a Search box. If a search result indicates “Web site,” you can right-click the entry to open the page in a new tab or window. You can also print a displayed Help topic by clicking the Print button.

To see the full release notes for your product, visit the Support Forum. You can download the latest release by going to the Administration – Product Update screen in your Cyfin or CyBlock product.

For additional assistance, please contact us.

Cyfin Release 8.7.2 and CyBlock Release 6.7.2 Now Available

Upgrade today with the latest release of Cyfin and CyBlock. In this release, you will find new user guides, significant changes to the Dashboard charts, new pages to display errors, screen communication with the ISA plug-in as well as several corrections. The list of enhancements for CyBlock Proxy, CyBlock ISA, CyBlock Appliance, Cyfin Reporter, and Cyfin Proxy includes the following:

  • User Guides. The user guides were enhanced to add a hyperlinked table of contents and additional hyperlinks in the chapters for ease of navigation when reading as electronic documents. The chapter and section headings, notes, cautions, and important information are color-coded for improved readability. With the improved layout, the user guides can be easily printed double-sided if you prefer to read in hard copy.
  • Dashboard Charts. The charts and screens were modified to remove the need for Adobe Flash Player, add the ability to zoom in the chart, add a legend to toggle options on and off, and update other sections of the screens.
  • Import From Active Directory. After creating or modifying an Active Directory configuration, you can now click an import link on the Configuration Completed screen. You will be directed to the Import – Active Directory – Manual screen to import groups and IDs.
  • Error Pages. Error pages were added to display more detailed error information and allow information to be sent via e-mail to the administrator if the administrator e-mail is set up. The administrator can then submit the error and additional information to Wavecrest Technical Support.
  • New Job Queue Section. For CyBlock, a Job Queue section was added to the Block Web Categories and Block Web Content screens to inform the user that jobs are running in the queue. If jobs are in the queue, this new section is displayed when the page is accessed or after submitting changes. The page is refreshed when the Job Queue is empty.
  • Speed Up ISA Communication. The communication between the ISA plug-in and the CyBlock service was enhanced so that on the Edit URLs screen, only custom categories are loaded and not the entire URL List decreasing the load time. In addition, messages are now queued.
  • Add Screen Communication for ISA.Changes were made to indicate that the ISA plug-in is communicating with specific screens while the communication messages are being queued. Messages will be displayed on the following screens:
    • Login – Results
    • Administration – System Information – Filter Status
    • Advanced Settings – Filter Settings – Block Web Categories
    • Advanced Settings – Filter Settings – Block Web Content

To see the full release notes for your product, visit the Support Forum. You can download the latest release by going to the Administration – Product Update screen in your Cyfin or CyBlock product.

For additional assistance, please contact us.

Coaching Now Available for CyBlock

 

Since 1996, Wavecrest has been creating solutions that help customers implement and enforce their Internet Usage policies. As the Internet landscape changes, some websites that were once categorized as unproductive are not so clear these days, causing current Acceptable Use Policies (AUP) to impede necessary productivity as organizations struggle to keep up with the ever-changing Internet. As part of Wavecrest’s mission to constantly improve, the coaching feature has recently been added to CyBlock Proxy v6.7 and CyBlock ISA / TMG v6.7 to alleviate this growing concern.

Standard CyBlock Proxy Blocking Message

Customize this Message to Reflect Company AUP

Customize this Message to Reflect Company AUP

This optional-use, customer-configurable, policy support feature allows authenticated / authorized users to override CyBlock’s blocking function while allowing them to proceed to the site they have requested. Coaching can be enabled on categories that have been set to “block”, and policies are customizable based on time of day, user name or group. The coaching feature provides customers with more flexibility and control while continuing to support their company policies through custom block messages.

For more information using CyBlock’s coaching function and creating your own custom blocking message, check out our easy-to-follow instructions on our latest Tech Tip: Create a Custom Blocking Message While Coaching.

Managing Bandwidth to Cut Unnecessary Costs

save bandwidth, save money

Inappropriate Web use resulting in excessive bandwidth consumption is often the primary culprit behind network issues. Typically, the worst offenders are social networking, video and music streaming, gaming sites, and browser-based file sharing. These are all widely accepted applications for use on corporate networks but the majority of them are often operating unchecked, opening your entire network up to bandwidth hogs, productivity-draining activity, and security risks.

There are multiple policies you can implement to monitor your bandwidth, so which one is right for your business? Pay attention to patterns: How much of your company’s bandwidth is being consumed by non-productive Web use? Who were the top users of bandwidth on your company’s network? Both questions seem easy enough to answer, but this data is oftentimes scattered around your network, especially if you have multiple data centers. Without easy access to these insights, many companies are simply unaware of possible lost revenue due to bandwidth congestion. Fortunately, Wavecrest Computing’s CyBlock Proxy solution now offers bandwidth management in addition to the Web filtering and reporting tools favored by many.

From within our solution, you can easily create multiple ‘category-control’ or ‘group-control’ policies that can be activated when usage reaches specified thresholds of consumption. Typically, customers set these thresholds at points that reflect how closely they want actual consumption to approach total available bandwidth before imposing restrictions. Once a policy is activated, policy-specified traffic is throttled one or more degrees of restriction on lower priority Web applications, allowing business-critical applications (VoIP, CRM, etc) to continue operating as needed.

While most other solutions base their throttling process on overall traffic volume rather than on the contents of the Internet packets, CyBlock Proxy breaks the traffic down into content categories and bases its controls on those categories rather than just volume. Alternatively, throttling can be imposed on selected users or groups, regardless of the content they’re seeking. The general concept is to synergistically combine your organization’s particular Internet and bandwidth usage policies with CyBlock Proxy’s customizable bandwidth throttling technology. Before you consider paying for more bandwidth, first leverage CyBlock Proxy’s built-in bandwidth management functionality (at no additional cost) by throttling the top non-critical bandwidth users. This feature has already provided businesses with the insight needed to most efficiently manage and utilize their Web traffic.

Tech Tip: Create a Custom Blocking Message While Coaching

Based on your policy configuration, access to blocked websites direct the user to a message which can be customized to remind them of the current Acceptable Use Policy (AUP).  CyBlock Proxy v6.7  and CyBlock ISA / TMG v6.7 now offers the ability for the user to proceed beyond the blocked page through a feature called coaching.  A custom blocking message does not automatically have coaching enabled because of a required token needed in the body of the blocking message. In order to enable the coaching feature with a custom blocking message, follow the below steps.

  1. Open the folder that contains the Standard Web Blocking Message file. The default location of this file is [INSTALL PATH]\wc\cyblock\db\stdBlkMsg.htm.
  2. Make a copy of this file, and rename the copy to CustomBlockedMessage.htm.
  3. Edit the HTML of ‘CustomBlockedMessage.htm’ to meet your needs. Your Custom Blocked Message file must contain *tokens {0} through {4}. Include the Coaching token ({6}) to enable the Coaching feature in the Block Web Categories Screen.
  4. Save your ‘CustomBlockedMessage.htm’ file
  5. Ensure the “Message Source” option is selected.
  6. Browse to and select your CustomBlockedMessage.htm file.
  7. Apply your changes by clicking the Submit button.
  8. You will now have the coaching feature option with your custom blocking message.

Definitions:

The following describes the available tokens, and their use within the blocked message file:

*Token Description
{0} The username that is being blocked.
{1} The URL being accessed, that caused the user to be blocked.
{2} The Category Name that the URL is classified as.
{3} Your organization name as defined on the License Information screen.
{4} The current Block Policy name that is blocking the user.
{5} Not used for Blocking Messages.
{6} Coaching feature. Optional. If present and enabled in the Block Web Categories Screen, the user will be presented with
a notice and a link to bypass the block message.
NOTE: To disable the Coaching feature in the Block Web Categories Screen, omit this token.

Monitoring Internet Usage … From the IT Department

During July, August, and September of 2011, Commtouch assessed categories of Web sites most likely to be home to malware, below are the top ranking offenders.  The Portals category includes those sites offering free hosting which are often abused to publish malware and phishing content or will redirect to sites with this content.

What were the most-visited categories by your employees during 2011?

Are you currently monitoring and/or blocking the existing Spyware/Malicious, Phishing/Fraud, Public Proxy, and Hacking categories to help protect your network?

Source: Commtouch

In today’s wired workplace, internet security and bandwidth consumption are top concerns for IT professionals while employee productivity and legal liability ail management and HR professionals.  As a major contributor to the Web-use management effort, IT typically becomes deeply involved in planning, testing, selecting, installing, and administering Internet monitoring software.  With the different departments playing a role in deciding on the best product to fit their vast needs, most are left without a solution.  Fortunately, Wavecrest’s products have been reviewed by our customers as meeting each role’s needs most effectively, offering manager-ready, easy-to-interpret reports that can be accessed without the IT personnel in addition to providing a robust, truly scalable IT-friendly remedy.

With Wavecrest Computing, customers have the insight needed to proactively monitor / block the notorious malicious sites based on custom categories, the Wavecrest Control List, and a real-time deep packet analysis process.  Plus, our 19 comprehensive templates provide a variety of summarized and detailed Web-use activity reports on users, groups, categories, sites, acceptability ratings, and bandwidth consumption.  Conveniently import your current Web Use Policy to easily customize or classify categories, implement abuse thresholding, and monitor employee productivity while our Administrator and Operator Accounts allow for non-IT personnel to create and obtain their role-specific reports.

While serving a diverse mixture of commercial businesses, industrial firms, government agencies, military units, educational institutions, and non-profit organizations since 1996, our products continue to present the most up-to-date, proactive coverage in line with the one factor that underlies all Web-use management issues, human online activity. Wavecrest’s managers and developers understand human resource management well and we use that knowledge to develop features that prevent productivity losses, legal liability problems, network issues, and unnecessary costs.

What’s Hogging Your Company’s Bandwidth? Causes for Slow Network Speed this Holiday.

If you haven’t noticed, online holiday shopping lasts well beyond Cyber Monday.  According to a ComScore report, after the 2010 holiday shopping season, more than 85% of Americans online visited a retail site in December of last year.  Employees shopping online at work are likely causing critical applications, like Voice over IP (VoIP) and video conferencing, to perform poorly if at all.  The last thing you and your company need is network latency or slowdowns due to non-work related online activity.  Many of our clients are seeing a spike in bandwidth usage from shopping websites and have quickly taken measures to filter browsing to that category.  Which sites consumed the most bandwidth for your company this month?  Determine what factors are impacting your network speed before you decide to purchase more bandwidth – an expense that could be avoided with the right tools and a bit of discipline.

With 19 different types of highly customizable employee Web-use reports, Cyfin Reporter offer insights as to which types of traffic consume the maximum volume throughout the workday.  Monitor, filter, and report over 500 million Web pages in 74 categories and set throttling thresholds for sites that are slowing your company’s Internet speed with CyBlock Proxy.  Now is the time to address your poor network performance, slow applications, and bandwidth congestion.

We’re so sure you’ll benefit from our solutions that we offer a free 30-day product trial. Both products provide quantified data to help IT personnel keep track of bandwidth utilization by users as well as by type of usage (appropriate versus not so appropriate). After you’ve downloaded our products, take advantage of the User Comparison Trend Chart to detect unexpected spikes that could indicate excessive bandwidth or Web use.  Then review your Top Sites Bandwidth Chart (example seen below) and find out which ten sites are consuming the most bandwidth or had the most hits or visits for the time period you specify.

Top Sites Bandwidth Chart

 

Top Sites Bandwidth Chart for both Cyfin and CyBlock

Online Holiday Shopping Can Cost Your Business More Than Time

Online Shopping Risks

Cyber Monday is no more – in an uncertain economy, post-Thanksgiving online holiday shopping has increased since coined in 2005 and now lasts for one month with more than 50% of all online spending taking place during working hours1.  What does this mean for your business?  A large decrease in employee productivity, a boost in bandwidth consumption, and one of the most popular times for cybercriminals to attack your secure data.

Lost productivity can mean big bucks for your company, reducing employee output to a mere 60%2.  A survey by CareerBuilder states that more than half of the 4,000 respondents polled intend on shopping online while at work with one third of those planning for more than one hour each day, in addition to the two typical hours daily already reported by respondents (time excludes lunch hour and scheduled breaks).  If you do not have a Web-use policy or Internet Acceptable Use Policy (AUP) in place, one is necessary to help report, monitor, and prevent employee Internet abuse in addition to protecting your company from legal liability.

Downloading malware is another risk as employees use the Internet for personal reasons. Spyware and malicious code are big threats to company networks as they can consume bandwidth and compromise security.  Recent studies show that company networks are being infected with spyware and malicious code most often through employees surfing the Web; with the holidays increasing that risk, these threats make it imperative for companies to enforce an AUP to protect their networks. Wavecrest Computing suggests that companies monitor and/or filter employee Web use in order to better protect themselves from security threats. In addition to the inherent risks associated with hacking your online security – loss of company reputation, destruction of company data, and the downtime employees face while systems are restored – the costs to mitigate attacks are extraordinary and rising each year.  This year, U.S. companies are expected to spend more than triple the costs spent in 20063.

To ensure these threats do not happen to your company this holiday season, run through our checklist and remember to check it twice!

  • Install all applicable system and program updates to avoid malware from infiltrating any system frailty that could have easily been patched with an update.
  • Create a Web usage policy and clearly communicate it to your employees.
  • Be cautious prior to clicking on links to different websites particularly those found on social networking sites as they’re often a hotspot for malware.
  • Avoid the use of pirated / illegal software as many contain malware.
  • Never open email attachments from unknown senders and make sure to scan attachments you do decide to download.
  • Make steps to consistently back up your computer in the case that malware wipes your hard drive clean.
  • Monitor servers and security devices 24x7x365 for security issues and require preventative actions be taken on security threats in real time – this is where we come in!

CyBlock can be set up to block Web access by categories and by hour so employees can access shopping sites on their lunch break or after hours. This approach can help sustain morale while minimizing the risks associated with online shopping.  With Cyfin, you can monitor employees’ Web use to ensure that Web-use policies are followed or that unwanted spyware or malware is not downloaded as a result.  Let us guide you to a safer, more reliable, robust security solution with exceptional support at an unbeatable price!

Sources:

1https://blog.comscore.com/2011/11/cyber_monday_work_computers.html

2 https://www.wavecrest.net/editorial/costsavings.html

3https://money.cnn.com/galleries/2011/technology/1107/gallery.cyber_security_costs/index.html?iid=EL