Secure computing Ssl scanner User manual

USER’S GUIDE

Webwasher

SSLScanner

Version 6.5

www.securecomputing.com

Part Number: 86-0946643-A

reproduced, translated, or reduced to any electronic medium or machine-readable form without prior consent

in writing from Secure Computing Corporation. Every effort has been made to ensure the accuracy of this

manual. However, Secure Computing Corporation makes no warranties with respect to this documentation

and disclaims any implied warranties of merchantability and fitness for a particular purpose. Secure Comput-

ing Corporation shall not be liable for any error or for incidental or consequential damages in connection with

the furnishing, performance, or use of this manual or the examples herein. The information in this document

is subject to change without notice. Webwasher, MethodMix, AV PreScan, Live Reporting, Content Reporter,

ContentReporter, Real-Time Classifier are all trademarks or registered trademarks of Secure Computing Cor-

poration in Germany and/or other countries. Microsoft, Windows NT, Windows 2000 are registered trademarks

of Microsoft Corporation in the United States and/or other countries. McAfee is a business unit of Network

Associates, Inc. CheckPoint, OPSEC, and FireWall-1 are trademarks or registered trademarks of CheckPoint

Software Technologies Ltd. or its affiliates. Sun and Solaris are trademarks or registered trademarks of Sun

Microsystems, Inc. in the United States and other countries. Squid is copyrighted by the University of Califor-

nia, San Diego. Squid uses some code developed by others. Squid is Free Software, licensed under the terms

of the GNU General Public License. The Mozilla SpiderMonkey and NSPR libraries distributed with Webwasher

are built from the original Mozilla source code, without modifications (MPL section 1.9). The source code is

available under the terms of the Mozilla Public License, Version 1.1. NetCache is a registered trademark of

Network Appliances, Inc. in the United States and other countries. Linux is a registered trademark of Linus

Torvalds. Other product names mentioned in this guide may be trademarks or registered trademarks of their

respective companies and are the sole property of their respective manufacturers.

Secure Computing Corporation

Webwasher – A Secure Computing Brand

Vattmannstrasse 3, 33100 Paderborn, Germany

Phone: +49 (0) 5251 50054-0

Fax: +49 (0) 5251 50054-11

info@webwasher.com

www.webwasher.com

www.securecomputing.com

European Hotline

Phone: +49 (0) 5251 50054-460

US Hotline

Phone: +1 800 700 8328, +1 651 628 1500

Contents
Chapter 1 Introduction ....................................................................................... 1– 1
1 About This Guide........................................................................... 1– 2
2 What Else Will You Find in This Introduction? ...................................... 1– 2
3 Using Webwasher.......................................................................... 1– 3
3.1 First Level Tabs............................................................................. 1– 4
3.2 Configuring a Sample Setting........................................................... 1– 5
3.3 General Features of the Web Interface............................................... 1– 7
4 Other Documents .......................................................................... 1–11
4.1 Documentation on Main Products...................................................... 1–12
4.2 Documentation on Special Products .................................................. 1–13
5 The Webwasher Web Gateway Security Products ................................ 1–14
Chapter 2 Home .................................................................................................. 2– 1
1 Overview ..................................................................................... 2– 2
2 Dashboard ................................................................................... 2– 2
2.1 Executive Summary ....................................................................... 2– 8
2.2 Traffic Volume............................................................................... 2–11
2.3 System........................................................................................ 2–13
3 Overview (Feature) ........................................................................ 2–18
3.1 Overview (Feature) ........................................................................ 2–19
4 Support ....................................................................................... 2–23
4.1 Support ....................................................................................... 2–23
5 TrustedSource .............................................................................. 2–24
5.1 TrustedSource .............................................................................. 2–25
5.2 Malware Feedback Black List........................................................... 2–30
5.3 Feedback..................................................................................... 2–33
6 Manuals....................................................................................... 2–34
6.1 Documentation on Main Products...................................................... 2–35
6.2 Documentation on Special Products .................................................. 2–37
6.3 Additional Documentation................................................................ 2–39
7 Preferences.................................................................................. 2–40
7.1 Preferences.................................................................................. 2–40
8 License........................................................................................ 2–44
8.1 Information................................................................................... 2–45
8.2 Notification................................................................................... 2–48
Chapter 3 Common ............................................................................................. 3– 1
1 Overview ..................................................................................... 3– 2
2 Quick Snapshot............................................................................. 3– 3
2.1 Quick Snapshot............................................................................. 3– 4
3 Media Type Filters ......................................................................... 3– 8
3.1 Actions........................................................................................ 3– 9
3.2 Media Type Black List..................................................................... 3–13
3.3 Media Type White List .................................................................... 3–16
i

User’s Guide
4 Document Inspector....................................................................... 3–19
4.1 Document Inspector....................................................................... 3–20
5 Archive Handler............................................................................. 3–26
5.1 Archive Handler............................................................................. 3–27
6 Generic Header Filter ..................................................................... 3–29
6.1 Generic Header Filter ..................................................................... 3–30
7 Generic Body Filter ........................................................................ 3–32
7.1 Generic Body Filter ........................................................................ 3–33
8 Advertising Filters.......................................................................... 3–35
8.1 Settings....................................................................................... 3–36
8.2 Link Filter List ............................................................................... 3–44
8.3 Dimension Filter List....................................................................... 3–47
9 Privacy Filters ............................................................................... 3–50
9.1 Settings....................................................................................... 3–51
9.2 Cookie Filter List............................................................................ 3–56
10 Text Categorization ........................................................................ 3–58
10.1 Settings....................................................................................... 3–59
10.2 Categorization List......................................................................... 3–61
11 HTTP Method Filter List .................................................................. 3–64
11.1 HTTP Method Filter List .................................................................. 3–65
12 FTP Command Filter List................................................................. 3–68
12.1 FTP Command Filter List................................................................. 3–69
13 Welcome Page.............................................................................. 3–73
13.1 Welcome Page.............................................................................. 3–74
14 White List..................................................................................... 3–78
14.1 White List..................................................................................... 3–79
15 User Defined Categories................................................................. 3–83
15.1 User Defined Categories................................................................. 3–83
16 Media Type Catalog ....................................................................... 3–85
16.1 Media Type Catalog ....................................................................... 3–86
Chapter 4 SSL Scanner ....................................................................................... 4– 1
1 Overview ..................................................................................... 4– 2
2 Quick Snapshot............................................................................. 4– 2
2.1 Quick Snapshot............................................................................. 4– 4
3 Certificate Verification..................................................................... 4– 5
3.1 Certificate Verification..................................................................... 4– 6
4 Scan Encrypted Traffic.................................................................... 4– 8
4.1 Scan Encrypted Traffic.................................................................... 4– 9
5 Certificate List............................................................................... 4–13
5.1 Certificate List............................................................................... 4–14
6 Trusted Certificate Authorities........................................................... 4–17
6.1 Trusted Certificate Authorities........................................................... 4–18
7 Global Certificate List ..................................................................... 4–22
7.1 Global Certificate List ..................................................................... 4–22
8 Global Trusted Certificate Authorities................................................. 4–26
8.1 Global Trusted Certificate Authorities................................................. 4–26
9 Incident Manager........................................................................... 4–28
9.1 Incident Manager........................................................................... 4–29
ii

Chapter 1

Introduction

Welcome to the User’s Guide Webwasher® SSL Scanner. It provides you

with the information needed to configure and use the Webwasher SSL Scan-

ner, which is one of the Web Gateway Security products developed by Secure

Computing.

The Webwasher SSL Scanner enables you to extend your existing Web usage

and security policies to the HTTPS protocol and to prevent certificate misuse.

SSL-encrypted content, including viruses, spyware, MP3s, pornography, and

confidential company files, is beyond the reach of any Anti-Virus scanner and

content filter.

The SSL Scanner allows you to manage this encrypted content in the same

way as HTTP content and thus to prevent policy evasion, while it is also scan-

ning Web traffic for all kinds of threats to your network.

1–1

Introduction

1.1

About This Guide

The following overview lists the chapters of this guide and explains briefly what

they are about:

User’s Guide – Webwasher SSL Scanner

Introduction Provides introductory information.

Home Describes basic features that are common to the SSL Scanner and

other Webwasher Web Gateway Security products.

Common Describes filtering features that are common to the SSL Scanner

and other Webwasher Web Gateway Security products.

SSL Scanner Describes the filtering features that are specific to the SSL Scanner.

1.2

What Else Will You Find in This Introduction?

In addition to the overview that was given in the previous section, this intro-

duction also:

• Explains how to handle the Web interface that is provided for using Web-

washer, see 1.3.

• Informs you about the other documents that are provided for users of Web-

washer, see 1.4.

• Provides a list of the Webwasher Web Gateway Security products and

gives a brief description for each of them, see 1.

Introduction

1.3

Using Webwasher

A user-friendly, task-oriented Web interface has been designed for handling

the Webwasher features. It looks like this:

The following sections provide some information to make you familiar with this

interface. These sections:

• List the first level tabs of this interface and explain their meanings, see

1.3.1.

• Describe a sample procedure showing how a setting is configured for a

Webwasher feature, see 1.3.2.

• Explain more about the general features of this interface, see 1.3.3.

1–3

Introduction

1.3.1

First Level Tabs

The Web interface displays a number of tabs and sections for configuring the

Webwasher features. On the topmost level, there are these ten tabs:

• Home, Common, URL Filter, Anti Malware, Anti Spam, SSL Scanner, User

Management, Reporting, Proxies, and Configuration

Their meaning is as follows:

Home, Common – These tabs are for configuring basic and filtering features

that are used not only by the SSL Scanner, but also by other Webwasher Web

Gateway Security products.

Among these features are system alerts, licensing features, media type filters,

etc.

SSL Scanner – This is the top level tab for configuring the features that are

specific to the SSL Scanner.

The tabs mentioned in the following are not described in this document:

URL Filter, Anti Malware, Anti Spam – These are tabs for configuring the

features of other Webwasher Web Gateway Security products.

Note that the Anti Malware tab is used for both the Webwasher Anti-Virus

and the Webwasher Anti-Malware product.

For a description of these tabs, see the corresponding User’s Guides.

User Management, Reporting, Proxies, Configuration – These are tabs

for configuring features that adapt Webwasher to the system environment it is

running in.

For their description, see the System Configuration Guide.

1–4

Introduction

1.3.2

Configuring a Sample Setting

This section explains how to configure a sample setting of a Webwasher fea-

ture. The feature chosen here for explanation is the Animation Filter.

In order to avoid the download of bandwidth-consuming animated images, this

filter detects and modifies or removes them.

For this sample setting, just suppose you want to enable the filter and let it

removeanysuchimages fromthefilteredobjects. Youalso wantthesesettings

to be part of your default filtering policy.

The following overview shows the main steps you need to complete in order to

configure the feature in this way:

Configuring the Animation Filter – Overview

Step 1 Navigate to the section.

2Configure settings.

3Make settings effective.

In more detail, these steps include the following activities:

1. Navigate to the section

a. Select the Common tab:

b. In the navigationareaontheleft,selectAdvertising Filters,whichis

located under Policy:

1–5

Introduction

defaultis selectedin theline below Policy, whichmeans that thesettings

you are going to configure now will be valid under your default filtering

policy. So, leave this selection as it is.

Otherwise,youcouldselectadifferentfilteringpolicy, usingthedrop-down

list provided here.

c. Enable Advertising Filters. To do this, mark the checkbox next to the

inscription.

You need to do this because all features that are placed under this main

feature (like the Animation Filter) will only work if it is enabled.

d. From the tabs provided for configuring the Advertising Filters op-

tions, select the Settings tab:

The Animation Filter section is located on this tab:

2. Configure settings

a. Enable the feature. To do this, mark the checkbox next to the section

heading.

b. Check the radio button labeled Remove all animated images.

Note: To get help information on these settings, click on the question

mark in the top right corner of the section.

The section should now look like this:

1–6

Introduction

3. Make settings effective

Click on the Apply Changes button:

This completes the sample configuration.

1.3.3

General Features of the Web Interface

This section explains more about the features that are provided in the Web

interface for solving general tasks, e. g. applying changes to the Webwasher

settings or searching for a term on the tabs of the interface.

The following features are explained here:

•Apply Changes

•Click History

•Information Update

•Logout

•Main Feature Enabling

•Search

•Session Length

•System Information

Apply Changes

After modifying the settings in one or more of the sections on a tab, you need to

click on the Apply Changes button to make effective what you have modified.

The Apply Changes button is located in the top right corner of the Web inter-

face area:

When modifying settings that belong only to a particularfiltering policy, you can

make the modified settings apply to all policies nevertheless.

An arrow is displayed next to the Apply Changes button on each tab where

policy-dependent settings can be configured:

1–7

Introduction

Clicking on this arrow will display a button, which you can use to apply changes

to all policies.

After clicking on this button, your modifications will be valid for settings of all

policies.

When you are attempting to leave a tab after modifying its settings, but without

clicking on Apply Changes, an alert is displayed to remind you to save your

changes:

Answerthe alert byclicking Yes orNo according towhat youintend to doabout

your changes. This will take you to the tab you invoked before the alert was

displayed.

Clicking on Cancel will make the alert disappear, so you can continue your

configuration activities on the current tab.

Click History

The tabs you visited while configuring settings are recorded on the top left

corner of the Web interface area. They are recorded together with the paths

leading to them.

The current tab and path are always visible in the display field, e. g.:

Clicking on the arrow to the right of the path display willshow the “click history”,

i. e. a list of the tabs you visited prior to this one:

Clicking on any of the entries displayed in the list will take you to the corre-

sponding tab.

1–8

Introduction

The click history is only recorded for the current session, i. e. until you log out.

After logging in for a new session, the recording of tabs and paths will start all

over again.

Information Update

Some parts of the information that is provided on the tabs of the Web interface

willchangefrom timeto time. Inthesecases, theinformationdisplayisupdated

automatically every three seconds by Webwasher.

So, e. g. you might have performed a manual update of the anti-virus engines.

This means that the information provided in the Current Status and Log File

Content sections on the corresponding AV Engine tab will begin to change

continuously over a certain period of time until the update is completed.

These sections are then updated automatically every three seconds to reflect

the status of the update process.

Logout

To logout from a Webwasher session, click on the logout link, which is located

in middle position at the top of the Web interface area.

After logging out, the login page is displayed, where you can login again and

start a new session.

Main Feature Enabling

There are Webwasher settings that cannot only be modified if a corresponding

main feature is disabled. So, e. g. if you want to modify the settings of the

Phishing Filter sectionontheSettings tab under Anti-Spam > Message

Filters, you need to make sure the Message Filter feature itself is also en-

abled.

If you attempt to modify settings while the corresponding main feature is not

enabled, an alert is displayed to make you aware of this situation:

1–9

Introduction

ASearch input field and button are located in the top right corner of the Web

interface area.

Using these, you can start keyword queries of the entire Web interface by en-

tering a search term in the input field and clicking on the Search button:

The search output will be presented in a separate window, which displays a

list of the tabs the search term was found on and the paths leading to them:

Clicking on any of the entries displayed in the list will take you to the corre-

sponding tab.

Note: In order to be able to use the search function, make sure JavaScript is

enabled.

Session Length

When working with the Web interface, you need to mind the session length.

This interval can be configured in the Session Options section of the Ses-

sions tab under Configuration > Web Interfaces.

1–10

Introduction

After modifying the interval specified there, click on Apply Changes to make

the modification effective.

When a session has timed out, the following notification is displayed:

Click OK to acknowledge the notification. After clicking on a tab or button of

the Web interface, the login window opens, where you can login again and

start a new session.

System Information

At the top of the Web interface area, system information is provided on the

current Webwasher session. This information includes:

• Version and build of the Webwasher software

• Name of the system Webwasher is running on

• Name of the user logged in for the current session, e. g. Admin

• Role assigned to this user, e. g. Super Administrator

• Permissions granted to this user, e. g. read/write

1.4

Other Documents

This guide belongs to a series of documents provided for users of the

Webwasher Web Gateway Security products. The following sections give an

overview of them.

The Webwasher user documentation can be viewed after navigating to the

Manuals tab of the Web interface.

Itcanalso beviewedon theWebwasherExtranetand intheSecure Computing

Resource Center.

1–11

Introduction

The following is provided in this section for the Webwasher Web Gateway Se-

curity products:

• An overview of the documents on the main products, see 1.4.1

• An overview of the documents on products for special tasks and environ-

ments, see 1.4.2

1.4.1

Documentation on Main Products

This section introduces the user documentation on the main Webwasher Web

Gateway Security products.

Document Group Document Name What about?

General Documents Deployment Planning Guide Is Webwasher suited to my environ-

ment?

Installation Guide How to install Webwasher?

Quick Configuration Guide First steps to get Webwasher

running.

System Configuration Guide Features for configuring Webwasher

within the system environment.

Advanced Configuration

Guide More sophisticated configuration

tasks.

Upgrade Guide What should I know when upgrading

to a new Webwasher release?

Product Documents User’s Guide URL Filter Features for configuring URL filtering

policies.

User’s Guide Anti-Virus Features for configuring anti-virus

filtering policies.

User’s Guide Anti-Malware Features for configuring

anti-malware filtering policies.

User’s Guide Anti-Spam Features for configuring anti-spam

filtering policies.

User’s Guide SSL Scanner

– this document Features for configuring

SSL-encrypted traffic filtering

policies.

Reference Docu-

ment Reference Guide Items concerning more than product,

e. g. featuresfor customizing actions

or log files.

1–12

Introduction

1.4.2

Documentation on Special Products

This section introduces the user documentation on the Webwasher Web Gate-

way Security products for special tasks and environments.

Document Group Document Name What about?

Content Reporter

Documents Content Reporter Installation

and Configuration Guide Installing and configuring the

Webwasher Content Reporter, which

is done separately from the main

products.

Content Reporter User’s

Guide for Reporting Creating reports.

Instant Message Filter

Installation andConfiguration

Guide

Installing and configuring the

Webwasher Instant Message Filter,

which is done separately from the

main products.

Instant Message

Filter Documents

User’s Guide Instant

Message Filter Description of features.

Special Environment

Documents Setting Up Webwasher on

Microsoft ISA Server Setting up Webwasher or a

product running with it in a special

environment.

Setting Up Webwasher with

Blue Coat See above.

Setting Up NetCache with

ICAP See above.

NTML Agent Set-up Guide Setting up an additional Webwasher

product to enable authentication

using the NTLM method on platforms

other than Windows.

HSM Agent Set-up Guide Setting up an additional Webwasher

product to enable use of a HSM

(High Security Module) device.

Appliances

Documents Appliances Installation and

Configuration Guide Installing and configuring the

Webwasher appliances.

Appliances Upgrade Guide What should I know when upgrading

to a new release of the Webwasher

appliances?

1–13

Introduction

1.5

The Webwasher Web Gateway Security Products

The Webwasher Web Gateway Security products provide an optimal solution

for all your needs in the field of Web gateway security.

They are unique in that they offer best-of-breed security solutions for individual

threats and at the same time a fully integrated architecturethat affords in-depth

security and cost/time savings through inter-operability.

A brief description of these products is given in the following.

Webwasher®

URL Filter Helps you boost productivity by reducing non-business related

surfing to a minimum, thus curbing your IT costs. Suppresses

offensive sites and prevents downloads of inappropriate files, thus

minimizing risks of legal liabilities.

Webwasher®

Anti-Virus Combines the strength of multiple anti-virus engines concurrently

scanning all Web and e-mail traffic. The Proactive Scanning

filtering technology additionally detects and blocks unknown

malicious code, not relying on time-delayed virus pattern updates.

This combination provides in-depth security against a multitude of

threats while offering unmatched performance through use of the

Anti-Virus PreScan technology.

Webwasher®

Anti-Malware Offers in-depth security against all kinds of malicious code, such

as aggressive viruses, potentially unwanted programs, spyware,

day-zero attacks and blended threats not covered by traditional

anti-virus and firewall solutions. The highly efficient anti-malware

engine is used in combination with the Proactive Scanning filtering

technology.

Webwasher®

Anti-Spam Offers complete protection of the central Internet gateway. The

highly accurate spam detection filters stem the flood of unwanted

spam mail before it reaches the user’s desktop. Your systems

will not be impaired, the availability of valuable internal mail

infrastructures, such as group servers, is thus maintained.

Webwasher®

SSL Scanner

–this

product

Helps you protect your network against attacks via the HTTPS

protocol and prevents the disclosure of confidential corporate data,

as well as infringements of Internet usage policies, thus ensuring

that no one is illicitly sharing sensitive corporate materials.

See next page

1–14

Introduction

These two products have their own user interfaces, which are described in the

corresponding documents:

Webwasher®

Content

Reporter

Features a library of rich, customizable reports based on built-in

cache, streaming media, e-mail activity, Internet access and

content filtering queries, all supported by unmatched convenience

and performance features.

Webwasher®

Instant

MessageFilter

Detects, reports and selectively blocks the unauthorized use

of high-risk and evasive P2P and IM from enterprise networks

and scans network traffic for characteristics that match the

corresponding protocol signatures.

1–15

This manual suits for next models

Table of contents

Other Secure Computing Software manuals

Secure Computing

Secure Computing ADMINGUIDEREVA User manual

Popular Software manuals by other brands

McAfee

McAfee MIS09EMB3RAA - Internet Security 2009 user guide

THOMSON

THOMSON GUIDE PLUS+ GOLD SYSTEM Setup & features

Lucid

Lucid A75 Pro4/MVP installation guide

MobiBlu

MobiBlu B153 user manual

Brother

Brother PE-DESIGN V7 instruction manual

Texas Instruments

Texas Instruments TI-83 Plus Silver Edition Guide book

Pioneer

Pioneer Elite N-50 operating instructions

Cowon

Cowon iAUDIO X5 20GB supplementary guide

Altigen

Altigen AltiWare ACC 5.1 Administration manual

Autodesk

Autodesk AUTOCAD MECHANICAL brochure

McAfee

McAfee AGENT 4.0 PATCH 2 - FOR WINDOWS S 10-03-2009 release note

Dell

Dell A920 - Personal All-in-One Printer Color... user guide

Adaptec

Adaptec RAID 5405Z user guide

Symantec

Symantec PCANYWHERE - V12.5 user guide

Tripp Lite

Tripp Lite B092-016 quick start guide

GRASS VALLEY

GRASS VALLEY EDIUS 6 release note

Oki

Oki LP441s manual

Blackbe;rry

Blackbe;rry S-MIME SUPPORT PACKAGE VERSION 4.1 - release note

Secure Computing SSL Scanner User manual

Popular Software manuals by other brands