Category Archives: Security Threats

Wavecrest Recommends Users Upgrade from Internet Explorer 6

If you are still using Internet Explorer 6, we and Microsoft recommend that you upgrade as soon as possible.  One of the main reasons to upgrade is that Wavecrest’s CyBlock versions 6.3.0 and later and Cyfin versions 8.3.0 and later no longer support IE6.

Microsoft also has a big push now to get users to upgrade and stop using IE6.  See their new website ie6countdown.com. One of the main reasons they are pushing the upgrade is security. They state, “we recommend that Internet Explorer 6 users upgrade to a newer version of Internet Explorer for a safer browsing experience.” So if you haven’t done so already, Wavecrest recommends that you take a minute to make sure all of the computers and servers in your network are upgraded to a later version of Internet Explorer.

If you have any questions, please contact Wavecrest’s technical support team by phone at 321-953-5351, ext. 4 or toll-free at 1-877-442-9346, ext. 4.

Sources:

The Internet Explorer 6 Countdown
Microsoft Begs Users to Stop Using IE6
It’s Time to Finally Drop Internet Explorer 6

Online Holiday Shopping Is Coming Soon

With the holiday season coming up, now is a good time to remind your employees of your organization’s Web-use policy.  Black Friday and Cyber Monday are just around the corner, and many employees may want to do some pre-searching and shopping to find those upcoming holiday deals. Online holiday shopping can generate network security and performance issues and be a huge productivity waster for businesses.

If you have CyBlock, your product can be set up to block Web access by categories and by hour so employees can access shopping sites on their lunch break or after hours. This approach can help sustain morale while minimizing the risks associated with online shopping. If you have Cyfin, you can monitor employees’ Web use to ensure that Web-use policies are followed or that unwanted spyware or malware is not downloaded as a result.

Web Use in the Workplace: Risks and Solutions

Approximately 20% of personal Internet use at work poses potential threats to the employer. Web access in the workplace can be a valuable business tool, but it also carries significant risks. Check out our presentation that discusses the risks associated with Web use and why monitoring and filtering helps mitigate those risks.

 

Detecting and Controlling Unauthorized Outbound Connections

Do you have a good handle on all outbound connections from your network, and how do you know?  Many times legitimate programs and applications downloaded are creating outbound connections without your knowledge or approval.  This can cause a serious drain on an organization’s network resources.  This exact scenario recently happened to a Wavecrest customer, and with the help of Wavecrest’s reports and technical support specialists, they were able to locate a program that was making 1,400+ outbound connections a day without their knowledge.

Many times, a program like this can be running in the background without the organization’s knowledge and is not necessarily identifiable in the process table.  It can only be caught if an organization is monitoring outbound Web connections through reports such as the ones in Wavecrest’s Cyfin and CyBlock products.

In this particular scenario, the customer became knowledgeable of these unauthorized outbound connections because there were a couple of users being locked out of their computers.  To troubleshoot the issue, they along with Wavecrest technical support used the Authentication Manager in their CyBlock Proxy product to investigate.  They found that the users’ computers were creating some outbound traffic that was not authenticating with the proper credentials, thus eventually locking the users out due to an authentication security setting the organization had on their Active Directory configuration.  By using the Authentication Manager, Real-time Web Monitor and other reports, our technical support specialists were able to identify the file that was making these unauthorized outbound connections and remove it from the computers.

This scenario proves that it is important to be aware of what is going on in your network, and Wavecrest’s products can help IT administrators do that. There are several steps you can take to prevent and identify these types of problems in your network.

  1. Use reporting tools to spot unusual activity.
    1. Look for unusual patterns of Web activity.
      1. Review Dashboard trends to spot any unexpected spikes in activity.
      2. Review Dashboard top sites and top categories charts to find any unexpected sites or categories showing up in the top ten all of the sudden.
      3. Run a Site Analysis report at least once a week and be alert to changes in the volume and pattern of outbound Web activity. For example, if a single user is suddenly logging thousands of visits a day, chances are there’s an issue. That’s because “human” activity is usually more random.
    2. Watch the following categories: IP Address, Spyware/Malicious, Unsolicited or Push, Phishing/Fraud and Uncategorized “Other” Sites. High activity in these categories should raise a red flag for administrators. High traffic volume here warrants further investigation.
    3. Identify the source of the problem. Dig deeper by running a Category Audit Detail report to uncover both the site and the affected user. If your Category Audit Detail report shows an unusual number of hits to a specific Web site, that site is most likely the source of the issue.  You can also monitor the traffic in real time using the Real-Time Monitor to uncover the site causing the problem.
  2. Update your Web-use management tools.
    1. Update your Acceptable Use Policy. Employees need to understand the risks of Web surfing. Minimize risks of Internet abuse by implementing a policy to curtail at-work surfing and communicate it clearly to employees.
    2. Update your Wavecrest list. The Wavecrest control list is updated daily. We recommend downloading your Wavecrest control list daily to minimize the number of visits categorized as “Other” and ensure the best coverage possible. You can set Cyfin and CyBlock to do this automatically on the Administration – URL List – Schedule screen. (Note: If you spot a problem Web site that is uncategorized, email it to us at sites@wavecrest.net. Our site analysts will review the site and categorize it appropriately.)
  3. Contact Wavecrest Technical Support. Our support specialist are always eager to help you troubleshoot any issues you are having by helping you get the best out of the features and tools our products offer.

For more information on how Wavecrest’s products can help keep your network safe, we recommend you read our previous blog post on “Controlling Spyware” and “The Purpose of the IP Address Category.”

Note: The program in question that is addressed in this post is the Akamai NetSession Interface. It was hitting cn1.redswoosh.akadns.net and cn2.redswoosh.akadns.net 1400+ times a day. The program was located at C:\Program Files\Common Files\Akamai\AdminTool.exe. To remove the program with Wavecrest’s help, the customer:

  1. Opened the Command Prompt
  2. Went to the folder location by typing”Program Files\Common Files\Akamai”
  3. Then typed “admin uninstall-force” to remove it.

Remember: Our technical support specialists are here to help. If you ever need help with your product configuration or see something unusual in a report or on the real-time monitor that you are unsure about, please feel free to contact Wavecrest technical support, and they will be happy to help you.

Technical Support Contact Information
Direct: 321-953-5351, ext. 4
Toll-Free: 877-442-9346 ext. 4
Email: support@wavecrest.net

Cut Costs with Wavecrest’s Internet Filtering, Monitoring and Reporting Products

It has always been important to know that your company’s resources are being used properly and to the best of their capability.  Businesses want to ensure that their employees are being productive and not wasting the organization’s time and resources.

Internet access is one of those resources that can easily be abused, costing an organization time and money. Internet filtering and/or monitoring with one of Wavecrest’s Cyfin or CyBlock products can help preclude or drive down costs in at least four areas: productivity, bandwidth, legal liability and security.

1. Productivity

  • The average worker admits to frittering away 2.09 hours per 8-hour workday, not including lunch and scheduled break-time (America Online and Salary.com survey, 2006).
  • The average employee costs a company $29.71 per hour (including salary, overhead costs, benefits, payroll taxes, etc.) —- United States Department of Labor Bureau of Labor Statistics — March 2010.
  • Lost productivity costs the company $59.42 per day per employee (2 hrs x $29.71).
  • Average employee works 240 days per year.
  • Yearly loss per employee is $14,260.80  (240 x $59.42)
  • Loss per 1000 employees is $14,260,800 per year.
  • Average cost for a Wavecrest Internet filtering or monitoring product with a 1000-employee license is $3,500 per year ($3.50 per user).

Conclusion:  Cost of a Wavecrest license is less than three tenths of one percent of the cost of lost productivity. A well-communicated Web-use policy, coupled with an effective monitoring product, greatly increases productivity in the workplace.

2.  Bandwidth

Reliable studies indicate that as much as 70% of a company’s bandwidth is being consumed by non-productive pursuits. Activities such as online video, audio streaming, downloading movies or MP3’s are especially damaging.  It is quite clear that eliminating or significantly reducing bandwidth abuse can improve network performance and preclude or decelerate the need for organizations to support increased bandwidth use.

3.  Legal Liability

Web-related legal costs typically result from employees visiting pornography sites.  Many studies show this to be a serious problem. In fact, according to research by Nielsen Online in October 2008, one quarter of employees who use the Internet visit porn sites during the workday.  Hits to porn sites are higher during office hours than at any other time of day, according to M.J. McMahon, publisher of AVN Online magazine, which tracks the adult video industry.

This type of activity puts the employer at serious risk of being sued by other workers who are offended or upset by being exposed to pornographic images. Such suits usually take the form of sexual harassment or hostile workplace litigation and can be very costly in terms of damage to reputation as well as legal costs.

4.  Security

Studies show that approximately twenty percent of personal use of the Internet by employees involves activities that pose potential threats to employer network security. Examples include file sharing, the use of malicious code, spyware and more. Like bandwidth abuse, the associated costs are difficult to quantify, but such activities can easily result in network disruptions or slowdowns and/or loss or compromise of proprietary data; these all come with a cost.

Stop A Pornography Surfing Problem Before It Starts: Why Monitoring Is Important

USA Today reported today that “several top Security and Exchange Commission staffers surfed porn sites as economy teetered.”  While many of us like to think that “everyone” knows it’s inappropriate to surf porn at work using the office computer, time and time again stories like these still pop up.  While whether or not to allow social networking in the office and how to control the use of these sites seems to be the big surfing topic today, apparently we still cannot forget about pornography.  Pornography poses several risks to businesses and government agencies. These include productivity losses, security issues and legal liability.  No matter how strict or lenient your acceptable use policy is, one thing is clear.  Communicating your Web-use policy and regularly monitoring employees’ Web use is important.  You want to stop the problem before it starts or turns into an employee spending “up to eight hours a day looking at and downloading pornography.”

Source: https://content.usatoday.com/communities/ondeadline/post/2010/04/ig-report-several-top-sec-staffers-surfed-porn-sites-as-economy-teetered/1

How Much Personal Internet Surfing in the Workplace is Too Much?

It depends on what your organization considers “acceptable.” Research shows that the average person spends around one hour per day on non-work related internet surfing.   It also shows that the majority of viruses enter via Internet surfing.

Wavecrest’s Cyfin and CyBlock products are configurable to fit your organization’s acceptable use policy. You can set acceptability ratings and visit thresholds to each category.  To set acceptability ratings, go to the Advanced Settings – Category Settings – Classification screen in your product.

With CyBlock you can select to “block” or “allow” each category and configure blocking by hour on the Advanced Settings – Filter Settings – Block Web Categories screen.  You can also configure real-time filtering with our deep packet analysis for content types and file extensions on the Advanced Settings – Filter Settings – Block Web Content screen in your CyBlock product.

Read more about personal surfing in the workplace on Business Blogs.

Few Employers Have a Social Networking Policy in Place

A recent report by Manpower found that very few companies have policies regarding social networking use.  In fact, only 29% of US companies have a formal social networking policy in place.  Social networks are not only time wasters, but they can pose serious security risks or damage a company’s reputation if employees post confidential or harmful material about the company.  No matter what an employer’s stance is on social networking use in the workplace, it is highly recommended to have a policy in place and educate employees on that policy. Joseph P. Paranac, a shareholder in LeClairRyan’s Labor and Employment Group has offered Web-use policy suggestions on what companies should include.

If you’re unsure whether or not you want to block social networking, we have also written a paper that addresses the issues surrounding social networking use in the workplace, the importance of creating a policy, and monitoring or filtering employee’s Web use according to that policy.

White Paper: Social Networking or Social Not-working?

Source: https://www.emarketer.com/Article.aspx?R=1007493

What Is the Purpose of the ‘IP Address’ Category?

From time to time we are asked, “What is the purpose of the ‘IP Address’ category used by Wavecrest products?” The short answer is — it’s used to capture and segregate the IP addresses of Web sites that the product was unable to associate with ‘regular’ categories. Customers can then analyze them to identify network security threats, traffic to intranet sites, or other patterns of interest.

Here’s a bit more detail.

First note that our products identify many IP addresses and place them in content categories. The Wavecrest URL (control) list contains many such addresses.

Unfortunately though, initially unidentifiable IP addresses still appear from time to time. Generally speaking, we see three types, i.e., addresses associated with:

  1. Internal (and partner) Web pages
  2. Innocent links on Web sites
  3. Possible malware or virus servers

When the product encounters any of these three types, it places them in a special ‘IP Address’ category. Customers can then run reports on that category the same way they do on any other category. In addition, if the customer runs a Top Non-Categorized report, the uncategorized IP addresses will be listed along with uncategorized domain names.

Because the traffic associated with unidentified IP addresses can be important or even dangerous, it’s obviously desirable to pursue the matter further. So what can be done? Well, with a bit of work—and in some cases with some help from Wavecrest—it is possible to:

  • determine the source and purpose of most of the addresses
  • categorize the legitimate ones
  • isolate/neutralize the malicious ones

Let’s see how this is done. We’ll take it one ‘type’ at a time.

  1. Internal and Partner Web Pages. Some unidentified IP addresses may have resulted from users going to internal (intranet) or partner sites. (These normally would not be in the Wavecrest URL list.) To address this issue, start by running a Top Non-Categorized Sites Report or IP Address Category Report. Using your local knowledge, try to determine the IP addresses of those sites and then enter the information in one or more custom categories. (Instructions on how to create custom categories can be found in our manual.)
  2. Innocent links on Web Sites. These addresses could be associated with image or ad servers. If you want to address this issue, send a copy of a Top Non-Categorized Sites (“OtherWise”) Report to Wavecrest (sites@wavecrest.net). Our categorization team will then research and categorize the unidentified IPs for you the same way they categorize domains. If you would like to identify the IPs yourself, you can use IP address lookup tools such as the one available from https://www.networksolutions.com. This tool will provide you with information about the owner of the IP address(es) of interest. For example, the owner of the IP address could be a marketing company that serves ads, or it could be an image server. Once identified, if you desire, you can add the addresses to one or more custom categories.
  3. Possible Malware or Virus Servers. Some of the unidentified IP addresses could be associated with malware, spyware or virus servers. The clue here is very high around-the-clock traffic. This is an indication that the user’s computer has been infected or attacked. The solution in these cases is to isolate the internal computer(s) and remove the malware/spyware or virus. Here’s an approach you can use to help solve this problem.
  • Using the Dashboard, run a Trend report on the IP Address category and look for any unusual spikes. If you see anything suspicious then …
  • Run a category audit on the IP Address category and look for large amounts of activity coming from a particular PC(s). Make a note of the IP address(es) and then scan for infected files.

Summary. The IP address category was created to be a ‘red flag.’ Its purpose is to alert you that further action may be needed to resolve problems or to simply give you a more complete and comprehensive picture of all Web activity.

New Releases: CyBlock 5.9.2 and Cyfin 7.9.2

New versions of Wavecrest Computing’s CyBlock and Cyfin Internet filtering and monitoring software were recently released. Below is a list of some of the enhancements included in these versions.

  • Enhancement – Groups and IDs. Subgrouping up to 10 levels is supported.
  • Enhancement – Run Now. You can now run any scheduled report immediately. Simply go to the Reports – Schedule – Run Now screen and click on the report you want to run. The report will be delivered using the scheduled report settings you previously configured.
  • Enhancement – Array. The communication between computers in a Wavecrest product array has been enhanced to do authentication automatically. This prevents communication from halting when a “secondary” machine responds to a “primary” machine with an authentication request.
  • Enhancement – Safe Search (CyBlock ISA Only). The Google and Yahoo Safe Search is now fully implemented with this release. Go to the Setup – Filtering screen to enable this feature.

For full release notes on the products, please visit the forum at https://forum.wavecrest.net/index.php. Current customers can download the latest release from their product by going to the Administration – Product Update screen.