Tag Archives: SSL inspection

Don’t let size fool you.

smallpower

 

Don’t be fooled by the name–CyBlock Mini Appliance is powerful, comprehensive, and worth every inch of its compactness.

Maintaining visibility throughout your workforce is key to running a secure business today. Don’t settle on just any solution that really doesn’t meet your needs. If you need coverage for a remote office, have limited space either in your server room or in your office, or are struggling with how to keep your business secure with a limited IT budget, Wavecrest has more choices than ever. No matter what business size or industry type, CyBlock Mini Appliance is likely to be just what you have been looking for.

The powerful Mini Appliance provides the comprehensive Web-use security capabilities of CyBlock, including HTTP and HTTPS URL filtering, comprehensive detailed reporting, secure guest Wi-Fi services with captive portal, advanced threat protection, bandwidth management, cloud services management, as well as coverage for non-HTTP activity, e.g., P2P, torrents, IM, and e-mail. Get all of this in one compact and economical package. The general size of a Wi-Fi hub, the Mini allows you to put it in the corner, on your desk, or in that tiny space you have left in your packed server room!

As a cost-effective choice for any business type or size, the robust, yet compact Mini Appliance provides the leading-edge, comprehensive Web-use security capabilities of CyBlock. Designed to fit every business environment, the Mini Appliance can be paired with CyBlock Appliance or deployed on its own, depending on the required Web-use security solution needs.

For more information on CyBlock Mini Appliance or any of our other products, please contact us today!

About Wavecrest Computing

Celebrating 20 years in business, Wavecrest Computing, headquartered in historic downtown Melbourne, FL, has provided commercial business and government clients with reliable, accurate Web-use management and Cloud Access Security Broker products since 1996. Managed Service Providers, IT specialists, HR professionals, and business managers trust Wavecrest’s Cyfin and CyBlock products to manage employee Internet usage — managing cloud services, reducing liability risks, improving productivity, saving bandwidth, and controlling costs. Wavecrest has clients worldwide, including General Electric, Lockheed Martin, Florida Department of Health, Siemens, Department of Homeland Security, and a growing list of global enterprises and government agencies. We are a proud long-term GSA contract holder. For more information on the company, products, and partners, visit https://www.wavecrest.net.

CyBlock/Cyfin Release 9.0.5 Now Available

We are pleased to announce the release of a new version of CyBlock Appliance, CyBlock Cloud, CyBlock Software, and Cyfin. In this release, you will find corrections as well as enhancements to the products. For CyBlock Cloud, several enhancements have been added including the new SSL Inspection feature that allows our CyBlock products to decrypt, analyze, and fully inspect all HTTPS traffic. The enhancements are described below.

CyBlock Cloud

  • SSL Inspection. The new functionality includes the following:
    • Ability to view the full URL including path, embedded URLs, and parameters.
    • Domain, path, and parameter matching.
    • Ability to filter detailed HTTPS traffic by Web categories and Web content types and display blocking messages for both.
    • Search Term blocking.
    • Ability to view full URLs in the Real-Time Web Monitor.
    • Ability to view full URLs, not just domains in the following reports:
      • Category Audit Detail
      • Category Audit Summary
      • Site Audit Detail
      • User Audit Detail
      • User Audit Summary
    • A new SSL Inspection page that allows you to first install the Wavecrest Certificate, and then select groups and/or IDs and categories to be inspected. Go to Settings – Proxy – SSL Inspection to access this page.
  • Control Web Categories. The following features have been added:
    • The Filtering Schedule allows you to block categories by day, hour, or half hour
    • Coaching can be enabled on blocked categories and allows users to temporarily bypass blocked sites.
  • Web Blocking Message. The following features have been added:
    • The Redirect option allows you to specify a URL that the user will be redirected to when he or she tries to access a blocked site.
    • “Coaching” has been added to the Tokens drop down in the Message Editor, and token {6} to the blocking message for coaching purposes. If coaching is enabled on the Control Web Categories page, the message will include a link to bypass the blocking message allowing the user to access the Web site.
  • Reports. The following features have been added:
    • On the Manage Reports page, in the Recently Run Reports section, the view icon allows you to view your recently run report. If multiple reports were generated depending on how you ran the report, a list is displayed with links.
    • On the Create Report page, the following options have been added:
      • Report Format. A PDF version of the report can now be generated in addition to the HTML format.
      • Time Frame Filter. The Filter field allows you to filter the days and times to include in the report data. You can create a new filter or select an existing filter.
    • Sample Site Analysis and User Audit Detail reports are now available. Go to Reports – Sample Reports to access these reports.
  • Product Help. The Technical Support contact page has been replaced by the product Help. The Help system has a similar TOC as the product manual, but also includes an Index and a Search box. Access the product Help by clicking Help in the navigation bar at the top.

CyBlock Appliance and CyBlock Software

  • Web Blocking Message. This includes the following changes:
    • “Coaching” has been added to the Tokens drop down in the Message Editor.
    • For the Redirect option, a note is displayed indicating that the URL for the blocking message must include “https://.”
  • SSL Inspection. The URL live.mozillamessaging.com has been added from the URL List to the list of domains to be tunneled and cannot be deleted from the domain list.

CyBlock Appliance, CyBlock Software, and Cyfin

  • E-Mail Settings. The ability to use e-mail server authentication has been added to the Settings – E-Mail page. If authentication is required, you can now enter the e-mail server user name and password.

To see the full release notes for your product, visit our Web site. You can download the latest release by going to CyBlock Software Downloads or Cyfin Downloads. To upgrade CyBlock Appliance, please contact Technical Support at (321) 953-5351, Ext. 4 or support@wavecrest.net.

For additional assistance, please feel free to contact us.

Using Safe Search With Secure Sites

With our CyBlock Safe Search feature enabled, you can force the Bing, Google, and Yahoo! search engines to use the “strict” Safe Search setting on search result pages. This ensures that adult content will be filtered from your search results. To check that Safe Search is enabled, go to the Advanced Settings – Filter Settings screen and click the Block Search Terms link. The Safe Search Status indicator should be green. If it is red (disabled), click it once. When enabled, CyBlock will reset search engines to Safe Search even if users change the setting in the search engine.

To enforce Safe Search when performing search queries using a secure connection (https://) to Bing, Google, or Yahoo! and Safe Search is enabled, SSL Inspection has to be turned on for the categories in which these search engine sites reside. By default, this category is Search Engines. To enable SSL Inspection, go to Advanced Settings – Proxy Settings and click the SSL Inspection link. Select your groups and/or IDs and categories including any custom categories that contain these search engine sites. Adult content will then be filtered from search results.

For additional assistance, please contact Technical Support at (321) 953-5351, Ext. 4 or support@wavecrest.net.

Displaying the Blocking Message When Connecting to a Secure Site

Using CyBlock Software or CyBlock Appliance, a secure Web site (https://domain) can be blocked by blocking the corresponding category, explicit URL, or custom category in which the URL has been added. If the secure site contains a path (https://domain/path), the URL match is made on only the domain portion by default. SSL Inspection has to be turned on with the associated blocked category set to be inspected in order to match on the domain and path portions combined.

However, the following issue may be encountered with the browser for a secure site (https://domain). When a user attempts to connect to a blocked secure site through CyBlock Software or CyBlock Appliance, the browser is only capable of receiving a Connection Established header response. Any other response, including a blocking message, is treated as a failed connection, and contents embedded in the response are not rendered due to security constraints.

Therefore, in order to display the blocking message when a user is connecting to a blocked secure site, the proxy must first send a Connection Established header which will require an SSL certificate to be accepted by the browser. This certificate is generated using the Wavecrest root certificate. If the Wavecrest root certificate is not already installed in the browser, a certificate warning message will be issued that must be accepted in order to display the blocking message. Please see the Wavecrest Certificate Installation Guide for instructions on how to install and distribute the Wavecrest root certificate and prevent the certificate warning message for your users.

If you do not accept the certificate when you receive the warning message, just a blank page will be rendered in the browser with a generic browser error message.

For additional assistance, please contact Technical Support at (321) 953-5351, Ext. 4 or support@wavecrest.net.

Analyze Your Encrypted Traffic With CyBlock SSL Inspection

In huge numbers, more and more organizations, particularly e-businesses, are using Web-enabled applications that involve the use of personal, private, and sensitive data. Banking, online shopping, and credit card transactions are good examples, but by no means the only ones. SSL encryption is being increasingly used to protect the confidentiality of this business and personal data on the Web. Surveys show 25%-35% of enterprise traffic is SSL-encrypted, and the number can be as high as 70% in specific industries. SSL encryption is the most cost-effective way of protecting the privacy of this traffic.

While SSL encryption solves many privacy-protection problems, it can allow traffic that poses security threats–both inbound and outbound–to pass through security protection measures uninspected and unchecked.

Inbound Problem.  SSL encryption creates security blind spots in incoming traffic. The traditional security infrastructure that protects an organization is blind to the threats in inbound SSL traffic and provides an easy vehicle for criminals and hackers to hide their cyber attacks.

Outbound Problem.  In addition to the risks of incoming threats hiding over SSL channels bypassing security protections, outbound enterprise traffic is now a growing problem. This is becoming quite a “hot button” for security applications (e.g., content filtering applications) that tackle data loss prevention (DLP), compliance reporting, and lawful intercept. In the past these solutions could see what was outgoing, but now they are suddenly “in the dark” when it comes to the data transferred over SSL.

From a security standpoint, most organizations already deploy an array of network and security appliances and programs to protect their enterprise, enforce internal corporate acceptable use policies, and satisfy external government regulation. Unfortunately, in many instances, they can only inspect plaintext traffic and are unable to inspect HTTPS communications for attack signatures. This makes it difficult or impossible for network administrators to enforce corporate acceptable use policies or ensure threats, such as viruses, spam, and malware, are stopped before they reach individual users.

In addition, without the ability to examine the contents of HTTPS communications, network administrators leave open the possibility for information to be accidentally leaked out of the enterprise or worse, stolen. Regulatory compliance requirements, including identifying accidental or intentional leakage of confidential information, are also virtually impossible to meet because of HTTPS encryption.

CyBlock SSL Inspection gives network administrators the ability to monitor this SSL-encrypted traffic and to identify and respond to any undesirable content. The total HTTPS inspection process decrypts, analyzes, categorizes, and then re-encrypts the traffic. If necessary, specific standard and/or custom URL categories can be exempted from the inspection process; this is known as “tunneling.” In addition, full URL information in a number of Wavecrest audit reports is available to network administrators.

To learn more about how CyBlock SSL Inspection can protect your sensitive data, please see our SSL Inspection Tech Brief or contact Technical Support at (321) 953-5351, Ext. 4 or support@wavecrest.net.

Source:  Examining SSL-Encrypted Communications – Netronome

Cyfin Release 8.8.0 and CyBlock Release 6.8.0 Now Available

We are excited to announce the release of two major enhancements in the new version of Cyfin and CyBlock. The first major enhancement is the new SSL Inspection feature that allows our CyBlock products to decrypt, analyze, and fully inspect all HTTPS traffic. In order to defeat security threats facing companies today, SSL Inspection is essential. The second major enhancement is an innovative technique for protection against automated invasion of malicious scripts and software and/or unauthorized access to internal networks. Enhanced Malware Protection automates the process of identifying large numbers of new malware-spreading sites daily. To facilitate identifying and blocking malware traffic, three security threat categories have been consolidated into a new Malware category.

Other enhancements in this release include the rebranding of our products, new product icons displayed after installation, and new product Help. We also have a number of corrections in this release. The details of the enhancements include the following:

  • Product Rebranding.The Wavecrest products have been rebranded as follows:
    • The products offered are CyBlock and Cyfin (formerly Cyfin Reporter).
    • Three deployment options are available for CyBlock:
      • CyBlock Software (formerly CyBlock Proxy)
      • CyBlock Appliance
      • CyBlock ISA/TMG
    • These changes are reflected on the Wavecrest Web site and the Forum. They will eventually transition to the products and associated documentation.
  • SSL Inspection.This includes the following changes:
    • Ability to view the full URL including path, embedded URLs, and parameters.
    • Domain, path, and parameter matching.
    • Ability to filter detailed HTTPS traffic by Web categories and Web content types and display blocking messages for both.
    • Safe Search blocking (where applicable).
    • Ability to view full URLs in the Real-Time Web Monitor.
    • Ability to view full URLs in the following reports (where applicable), not just domains:
      • Category Audit Detail
      • Category Audit Summary
      • Site Audit Detail
      • User Audit Detail
      • User Audit Summary
    • A new SSL Inspection screen that allows you to select groups and/or IDs and standard and custom categories to be inspected. To access this screen, go to Advanced Settings – Proxy Settings – SSL Inspection. For inspection to occur, you must select a group and/or an ID, and set a category to Inspected. The Financial category is set to Tunneled by default for privacy reasons, but this can be changed to Inspected.

Note:  Before using SSL Inspection, the Wavecrest Certificate must be installed. Refer to the Wavecrest Certificate Installation Guide for instructions on how to install/distribute the certificate. For more information on this enhancement, see the SSL Inspection Tech Brief.

  • Enhanced Malware Protection in URL List.This includes the following changes:
    • Extensive malware site additions were made to the URL List. You will receive the enhanced protection when the list is downloaded manually or automatically.
    • The Hacking, Phishing/Fraud, and Spyware/Malicious categories were consolidated into a new Malware category.
    • Custom URL entries categorized as Hacking, Phishing/Fraud, and Spyware/Malicious are now categorized as Malware.
    • The Hacking, Phishing/Fraud, and Spyware/Malicious categories were replaced by the new Malware category on appropriate screens and in all category drop-down boxes.
    • For CyBlock, on the Block Web Categories screen, the Malware category is set to “Block” in the Default policy in new installations by default. In existing installations, previous settings will not change when the product is upgraded, that is, the Malware category will be set to the previous Spyware/Malicious category setting.
    • The Malware category is displayed on the Help – Reporting – Check URL screen under URL Category Match when there is a category match.
    • Scheduled reports now report on the Malware category if they were set up to report on the Hacking, Phishing/Fraud, and Spyware/Malicious categories.
  • Product Icons. The Wavecrest product icon has been replaced with new CyBlock and Cyfin product icons on the Start menu and on the browser tab (favicon).
  • Product Help. The QR pages in the product have been replaced by a new searchable Help system. The Help system has a similar TOC as the product manual, but also includes an Index and a Search box. If a search result indicates “Web site,” you can right-click the entry to open the page in a new tab or window. You can also print a displayed Help topic by clicking the Print button.

To see the full release notes for your product, visit the Support Forum. You can download the latest release by going to the Administration – Product Update screen in your Cyfin or CyBlock product.

For additional assistance, please contact us.