Tag Archives: authentication manager

Downloading Windows 8 Apps

Companies that filter and monitor Web traffic by user name do so in order to enforce their Acceptable Use Policy and for reporting purposes. In order to obtain user names for filtering and reporting purposes, they enable the authentication of all Web requests. An issue that arises with authentication is that there are some Web apps that do not respond to authentication requests.  This is the case with Windows 8 apps.

In order for the Windows 8 operating system to download apps through CyBlock Software or CyBlock Appliance, entries need to be made in the Authentication Manager. This work-around puts these apps in an authentication “Bypass” list where they are exempt from authentication. CyBlock will not require authentication for any URL/User-Agent combination established in the Bypass list. Any user name cached for this connection will be used. If none is cached, the activity will be logged with the user name of “bypass.” The steps below should be followed.

  1. Go to the Advanced Settings – Proxy Settings screen, and click the Authentication Managerlink.
  2. Under Display Selection, select Bypassed or All to display the Bypassed entries. Note that the All option will display the Pending Bypass entries also.
  3. Under Bypassed, click the Add new bypass entry link. A dialog box is displayed.
  4. Enter each of the following combinations of URL or Domain and User-Agent, and click Add after each entry.
URL or Domain User-Agent
*.apps.microsoft.com *
*ws.microsoft.com *
* MSappsHost/*

 

The entries on the screen should look like the following example.

CyBlock Authentication Bypassed Entries

 

For additional assistance, please contact Technical Support at (321) 953-5351, Ext. 4 or support@wavecrest.net.

Managing Web Application Authentication Problems with Wavecrest Proxy Products

In order to obtain usernames for filtering and/or reporting purposes in CyBlock Proxy, Cyfin Proxy, or CyBlock Appliance, authentication must be enabled. An issue that arises with authentication is that there are some Web apps and URLs/Domains that do not respond to the authentication request properly.  Because of this, in versions 6.2.0 and 8.2.0 we added the Authentication Manager in CyBlock Proxy, Cyfin Proxy and the CyBlock Appliance.

The Authentication Manager helps prevent these issues by automatically detecting the disruptions, identifying the failed applications, and employing automatic authentication-bypass techniques (when authentication is enabled in Moderate mode). This allows users to bypass proxy authentication (not the proxy server) with those web sites and web applications that do not properly respond to the proxy authentication request.  An example of this is your offensive line in a football game.  Just like your offensive line creates a hole for the running back to run through, bypass authentication opens a hole in the proxy so that the request can go through. The request will bypass authentication but not the proxy.

To learn more about proxy authentication and the Authentication Manager, read our document “Managing Web Application Authentication Problems” and see your product manual for specific instructions on fully utilizing the Authentication Manager.

Detecting and Controlling Unauthorized Outbound Connections

Do you have a good handle on all outbound connections from your network, and how do you know?  Many times legitimate programs and applications downloaded are creating outbound connections without your knowledge or approval.  This can cause a serious drain on an organization’s network resources.  This exact scenario recently happened to a Wavecrest customer, and with the help of Wavecrest’s reports and technical support specialists, they were able to locate a program that was making 1,400+ outbound connections a day without their knowledge.

Many times, a program like this can be running in the background without the organization’s knowledge and is not necessarily identifiable in the process table.  It can only be caught if an organization is monitoring outbound Web connections through reports such as the ones in Wavecrest’s Cyfin and CyBlock products.

In this particular scenario, the customer became knowledgeable of these unauthorized outbound connections because there were a couple of users being locked out of their computers.  To troubleshoot the issue, they along with Wavecrest technical support used the Authentication Manager in their CyBlock Proxy product to investigate.  They found that the users’ computers were creating some outbound traffic that was not authenticating with the proper credentials, thus eventually locking the users out due to an authentication security setting the organization had on their Active Directory configuration.  By using the Authentication Manager, Real-time Web Monitor and other reports, our technical support specialists were able to identify the file that was making these unauthorized outbound connections and remove it from the computers.

This scenario proves that it is important to be aware of what is going on in your network, and Wavecrest’s products can help IT administrators do that. There are several steps you can take to prevent and identify these types of problems in your network.

  1. Use reporting tools to spot unusual activity.
    1. Look for unusual patterns of Web activity.
      1. Review Dashboard trends to spot any unexpected spikes in activity.
      2. Review Dashboard top sites and top categories charts to find any unexpected sites or categories showing up in the top ten all of the sudden.
      3. Run a Site Analysis report at least once a week and be alert to changes in the volume and pattern of outbound Web activity. For example, if a single user is suddenly logging thousands of visits a day, chances are there’s an issue. That’s because “human” activity is usually more random.
    2. Watch the following categories: IP Address, Spyware/Malicious, Unsolicited or Push, Phishing/Fraud and Uncategorized “Other” Sites. High activity in these categories should raise a red flag for administrators. High traffic volume here warrants further investigation.
    3. Identify the source of the problem. Dig deeper by running a Category Audit Detail report to uncover both the site and the affected user. If your Category Audit Detail report shows an unusual number of hits to a specific Web site, that site is most likely the source of the issue.  You can also monitor the traffic in real time using the Real-Time Monitor to uncover the site causing the problem.
  2. Update your Web-use management tools.
    1. Update your Acceptable Use Policy. Employees need to understand the risks of Web surfing. Minimize risks of Internet abuse by implementing a policy to curtail at-work surfing and communicate it clearly to employees.
    2. Update your Wavecrest list. The Wavecrest control list is updated daily. We recommend downloading your Wavecrest control list daily to minimize the number of visits categorized as “Other” and ensure the best coverage possible. You can set Cyfin and CyBlock to do this automatically on the Administration – URL List – Schedule screen. (Note: If you spot a problem Web site that is uncategorized, email it to us at sites@wavecrest.net. Our site analysts will review the site and categorize it appropriately.)
  3. Contact Wavecrest Technical Support. Our support specialist are always eager to help you troubleshoot any issues you are having by helping you get the best out of the features and tools our products offer.

For more information on how Wavecrest’s products can help keep your network safe, we recommend you read our previous blog post on “Controlling Spyware” and “The Purpose of the IP Address Category.”

Note: The program in question that is addressed in this post is the Akamai NetSession Interface. It was hitting cn1.redswoosh.akadns.net and cn2.redswoosh.akadns.net 1400+ times a day. The program was located at C:\Program Files\Common Files\Akamai\AdminTool.exe. To remove the program with Wavecrest’s help, the customer:

  1. Opened the Command Prompt
  2. Went to the folder location by typing”Program Files\Common Files\Akamai”
  3. Then typed “admin uninstall-force” to remove it.

Remember: Our technical support specialists are here to help. If you ever need help with your product configuration or see something unusual in a report or on the real-time monitor that you are unsure about, please feel free to contact Wavecrest technical support, and they will be happy to help you.

Technical Support Contact Information
Direct: 321-953-5351, ext. 4
Toll-Free: 877-442-9346 ext. 4
Email: support@wavecrest.net

New Releases: CyBlock 6.2.0 and Cyfin 8.2.0

New versions of CyBlock and Cyfin were recently released.  You can download the latest release by going to the Administration – Product Update screen. Below are a list of enhancements for each product.

CyBlock Proxy, Cyfin Proxy and CyBlock Appliance Enhancements

  • Proxy Server Authentication. New authentication options are now available on the Setup – Proxy screen.  Options include Strict, Moderate, and Disable (if disabled, IP addresses will be used).  The default setting is Moderate.  These options affect how bypass authentication is handled on the new Authentication Manager.
  • Authentication Manager. Complementing the new proxy server authentication options is the Authentication Manager. This screen allows the administrator to manage improperly authenticating URL/domains, web applications and user-agents. The Authentication Manager is located at Advanced Settings – Proxy Settings – Authentication Manager.
  • PAC File Configuration. This new screen allows for easy PAC file configuration that you can push out to all browsers. It is located at Advanced Settings – Proxy Settings – PAC File Configuration.
  • Product News. With this release, we have added the ability for administrators to get product news alerts via email.  This setting is found on the Administration – Product News – Setup page.  NOTE: The default setting is “Do not email.”

CyBlock ISA Enhancements & Updates

  • Forefront TMG Support. Support is now available for Microsoft Forefront TMG for both filtering and reporting.
  • Product News. With this release, we have added the ability for administrators to get product news alerts via email.  This setting is found on the Administration – Product News – Setup page.  NOTE: The default setting is “Do not email.”
  • ISA Server 2000 No Longer Supported. With this latest upgrade, there is no longer support for ISA Server 2000.

Cyfin Reporter Enhancements

  • New Logfile Support for the following:
    • Microsoft Forefront TMG Support
    • Watchguard Firebox 11 with Syslog
    • Astaro Security
  • Product News. With this release, we have added the ability for administrators to get product news alerts via email.  This setting is found on the Administration – Product News – Setup page.  NOTE: The default setting is “Do not email.”

Use the following links to access the full release notes for your Wavecrest product.

If you have any questions about any of the new features or upgrading, please contact Support.

Email: support@wavecrest.net
Phone (Toll-free): 877-442-9346, ext. 4 (U.S. and Canada)
Phone (Direct): 321-953-535, ext. 4