Category Archives: Tech Tips

Set Your Block Policies For Newly Released Categories

Leave a reply

The new categories released and updated in your product on April 3 are set to “Allow” by default (for all CyBlock products).  This means that you will need to review these new categories and set your policy to “Block” those categories for which you want to restrict access.  Set your block policies at the Advanced Settings – Filter Settings – Block Web Categories screen.

For reporting and monitoring purposes, you may also want to change the new category’s classification statuses at the Advanced Settings – Category Setup – Classification screen to match your organization’s Acceptable Use Policy.

See the Category Update Data Sheet for a full list of categories and their descriptions.

Enforce Safe Search in Google, Yahoo and Bing with CyBlock

Leave a reply

If you haven’t already done so, check out the safe search feature in your CyBlock Proxy, CyBlock Appliance or CyBlock ISA product. With this feature, you can force Google, Yahoo and Bing to strictly use Safe Search. To enable it, go to the Advanced Settings – Filter Settings – Safe Search screen, check the enable box and hit Submit. When enabled, the product will reset search engines to “safe search” even if users change the preference in the search engine. This will block Web pages containing explicit sexual content from appearing in search results.

Note: Safe Search is available only in Versions 6.0.0 and later.

New Categories Coming April 3!

Leave a reply

New categories and category changes will automatically be updated in your product on April 3, 2010 for CyBlock Versions 6.0.0 and later or Cyfin Versions 8.0.0 and later.  If you do not have these versions of the product, you will need to upgrade to the most current version in order to get the new categories and category changes.

For CyBlock, these categories will be allowed by default. Therefore, you will need to go to your Advanced Settings – Filter Settings – Block Web Categories screen and alter your policies.  For reporting and monitoring purposes, you may also want to change the new category’s classification statuses at the Advanced Settings – Category Setup – Classification screen to match your organization’s Acceptable Use Policy.

See the Category Update Data Sheet for a full list of categories and their descriptions.

Check Your Product News to Get the Latest Updates

Leave a reply

You may notice that the icon below occasionally shows up in the right-hand corner of the browser interface indicating that you have new product news.

This icon will stay in the upper right-hand corner of the browser interface until you click on it to read your product news.

We send product news to let you know general and critical information about your product.  Product news items provide you with information on new releases, category changes, updates and more so be sure to check your news when the icon appears.

When viewing a news item, you will notice at the top that we indicate whether or not the news is critical or non-critical.  Critical news is identified with a red bar, meaning that it is very important that you read the message and may require some action, while non-critical news is identified with a green bar.

Blocking IM/Chat with Wavecrest’s CyBlock Products

Leave a reply

Our CyBlock Appliance offers the best coverage for blocking IM and Chat sites. The CyBlock Appliance can block the IM traffic as well as the sites to prevent the user from making a connection to the IM server.  To block IM with the CyBlock Appliance, first go to the Advanced Settings – Filter Settings – Block Web Protocols screen and check all the IM clients that you want to block.  Next, go to the Advanced Settings – Filter Settings – Block Web Categories screen and block the Chat category.  For even more coverage, you can also block the following URLs by placing them in a Custom Category or by adding them to the Chat category.

Yahoo IM: login.yahoo.com (Hardware and Software)

AOL IM: login.oscar.aol.com (Other Category)

MSN Messenger: login.live.com (Note: This site also is used for Hotmail login as well. So if you block the Hardware and Software category or this URL, you will block both MSN Messenger and Hotmail email).

To get the best filtering Chat/IM coverage with CyBlock Proxy or CyBlock ISA, block the Chat category and the sites listed above.

Blocking Unusual Facebook Site Variations

Leave a reply

Facebook has set up their site so that if a user types “www.www.facebook.com”, they will be able to access it through any Web filtering proxy blocking www.facebook.com.  Users can even type in variations, such as “www.www.www.facebook.com” or “hello.www.www.facebook.com” to get access to Facebook.

If users are accessing Facebook by using one of these many variations, it will not show up in reports under the category of Social Networking.  Instead, the URL is categorized as “Other” and is displayed this way in reports.

For now, to prevent users from accessing the site using these variations and to categorize these variations as Social Networking, you need to add the URL as a wildcard to the Social Networking category. To do this, follow the below instructions.

  1. Go to Advanced Settings – Category Setup and click on the Edit URLs link.
  2. Use the Select Category pulldown and select Social Networking.
  3. In the text entry area for Custom URLs, type in the wild card URL *.facebook.com.  If you want to block any time the term facebook shows up in a URL, type in the wild card *.facebook.*

The Wavecrest Development Team is currently looking into alternatives to better handle these types of site variations within the Wavecrest Control List while maintaining speed and scalability in our products.

What Is the Purpose of the ‘IP Address’ Category?

Leave a reply

From time to time we are asked, “What is the purpose of the ‘IP Address’ category used by Wavecrest products?” The short answer is — it’s used to capture and segregate the IP addresses of Web sites that the product was unable to associate with ‘regular’ categories. Customers can then analyze them to identify network security threats, traffic to intranet sites, or other patterns of interest.

Here’s a bit more detail.

First note that our products identify many IP addresses and place them in content categories. The Wavecrest URL (control) list contains many such addresses.

Unfortunately though, initially unidentifiable IP addresses still appear from time to time. Generally speaking, we see three types, i.e., addresses associated with:

  1. Internal (and partner) Web pages
  2. Innocent links on Web sites
  3. Possible malware or virus servers

When the product encounters any of these three types, it places them in a special ‘IP Address’ category. Customers can then run reports on that category the same way they do on any other category. In addition, if the customer runs a Top Non-Categorized report, the uncategorized IP addresses will be listed along with uncategorized domain names.

Because the traffic associated with unidentified IP addresses can be important or even dangerous, it’s obviously desirable to pursue the matter further. So what can be done? Well, with a bit of work—and in some cases with some help from Wavecrest—it is possible to:

  • determine the source and purpose of most of the addresses
  • categorize the legitimate ones
  • isolate/neutralize the malicious ones

Let’s see how this is done. We’ll take it one ‘type’ at a time.

  1. Internal and Partner Web Pages. Some unidentified IP addresses may have resulted from users going to internal (intranet) or partner sites. (These normally would not be in the Wavecrest URL list.) To address this issue, start by running a Top Non-Categorized Sites Report or IP Address Category Report. Using your local knowledge, try to determine the IP addresses of those sites and then enter the information in one or more custom categories. (Instructions on how to create custom categories can be found in our manual.)
  2. Innocent links on Web Sites. These addresses could be associated with image or ad servers. If you want to address this issue, send a copy of a Top Non-Categorized Sites (“OtherWise”) Report to Wavecrest (sites@wavecrest.net). Our categorization team will then research and categorize the unidentified IPs for you the same way they categorize domains. If you would like to identify the IPs yourself, you can use IP address lookup tools such as the one available from https://www.networksolutions.com. This tool will provide you with information about the owner of the IP address(es) of interest. For example, the owner of the IP address could be a marketing company that serves ads, or it could be an image server. Once identified, if you desire, you can add the addresses to one or more custom categories.
  3. Possible Malware or Virus Servers. Some of the unidentified IP addresses could be associated with malware, spyware or virus servers. The clue here is very high around-the-clock traffic. This is an indication that the user’s computer has been infected or attacked. The solution in these cases is to isolate the internal computer(s) and remove the malware/spyware or virus. Here’s an approach you can use to help solve this problem.
  • Using the Dashboard, run a Trend report on the IP Address category and look for any unusual spikes. If you see anything suspicious then …
  • Run a category audit on the IP Address category and look for large amounts of activity coming from a particular PC(s). Make a note of the IP address(es) and then scan for infected files.

Summary. The IP address category was created to be a ‘red flag.’ Its purpose is to alert you that further action may be needed to resolve problems or to simply give you a more complete and comprehensive picture of all Web activity.

Managing Groups and IDs in CyBlock and Cyfin

Leave a reply

There are two options for managing your Groups and IDs in Cyfin or CyBlock.  You can manage them either “Inside the Product” or “Outside the Product.”

By choosing to manage your Groups and IDs “Inside the Product,”  it means exactly that.  You can manually add, delete and move Groups and IDs in the product.  If you import your Groups and IDs from Active Directory or a text file, each time your Groups and IDs are imported either manually or scheduled, only NEW Groups and IDs will import.  The new Groups and IDs that are imported will be based on your configuration setup in the Active Directory Setup wizard.  Your existing Groups and IDs will not be modified, which means if a user left or moved departments, he/she will have to be deleted or moved in the product.  If you want to have users in the VIP group, you must use the “Inside the Product” option.

If you select to manage your Groups and IDs “Outside the Product,” then you will be only managing and making changes to your Groups and IDs at the directory source.  Each time Groups and IDs are imported, whether manually or scheduled from Active Directory or a text file, all Groups and IDs will be updated to identically match that configuration. Typically this option is not used because the directory source is grouped according to your network setup and not according to how you will want to apply Web-use policies.

New Advanced Reporting Options

Leave a reply

New advanced reporting options were recently added to Cyfin and CyBlock. You can configure these options by going to Advanced Settings – Report Settings in your Cyfin or CyBlock product and clicking on the Advanced Options link. The new options include the following:

  • Check For New Logfiles. Before running a report, the product will check for any new logfiles. This option is selected by default.
  • Compress Reports For Email. This compresses the report attachment for read-only reports in an email as a .zip file.
  • Display Login Name and IP Address. Select this option if you want to see both the login name and IP address for each record in the report.
  • Include All Group´s Users. This will display a user ID even if there is no data for that ID in a User Audit Detail or Category Audit Detail report.

If you have any questions about these settings, contact technical support by phone at 321-953-5351, ext. 4 or by email at support@wavecrest.net.

Categorization Update for YouTube

Leave a reply

YouTube(www.youtube.com) has been moved to the Streaming Media category. It was previously categorized as Social Networking. This change will take effect in today’s URL list download in your Cyfin or CyBlock product.

You can change how sites are categorized by going to the Advanced Settings – Category Setup – Edit URLs screen.  Simply use the pulldown to select a category that you wish to assign a site (or sites) to.  Then enter it in the text box, and click Submit.  From then on, the site will be categorized as being in the category you just assigned it to.  You can confirm this by going to the Advanced Settings – Category Setup – Check URL screen and typing in the same site you just re-categorized.

In addition to this ability, you have Custom Categories, which are empty and available for you to use.  These categories can be populated with sites of your choosing, and you can even rename the custom categories on the Advanced Settings – Category Setup – Name Custom screen.  With these tools at your disposal, you can customize the product to truly suit your unique environment.