Secure Computing SSL Scanner Guía de usuario

USER’S GUIDEWebwasher SSL ScannerVersion 6.0www.securecomputing.com

IntroductionOtherwise, you could select a different filtering policy, using the drop-downlist.As you will have noticed, Advertising Filter is enabled,

CommonIt leaves the referer unaffected if you the user moves through the sameor subsequent path.This option may be enabled if user movement should be

CommonCookie FilterThe Cookie Filter section looks like this:Using this section, you can configure a filter to block bad cookies.You can set the life

CommonMake sure this radio button is checked if you want to configure a lifespan for neutral cookies. The radio button is checked by default.Enter the

Common3.8.2Cookie Filter ListThe Cookie Filter List tab looks like this:There is one section on the tab:• Cookie Filte r ListIt is described in the fo

CommonCookie Filter ListThe Cookie Filter List section looks like this:Using this section, you can add entries to the Cookie Filter List and edit them

CommonThe Cookie Filter List is displayed at the bottom of this section.To display only a particular number of list entries at a time, type this numbe

CommonTo do this, select a policy from the drop-down list labeled Policy, which is lo-cated above the Media Type Filters button:The options are arrang

CommonText CategorizationThe Text Categorization section looks like this:Using the text categorization filter you can specify single keywords and comb

Common3.9.2Categorization ListThe Categorization List tab looks like this:There is one section on this tab:• Text Catego rization ListIt is described

CommonText Categorization ListThe Text Categorization List section looks like this:Using the text categorization filter you can specify single keyword

Introduction1.3.3General Features of the Web InterfaceThis section explains a number features that are provided in the Web interfacefor solving genera

CommonIn the input fields, enter the words or word combinations you want tofilter, e. g. Bahamas, Maledives, work tosetuparulelikethefol-lowing:Bahama

CommonUse the following items to perform other activities relating to the list:• FilterType a filter expression in this input field and enter it using

Common3.10.1White ListThe White List tab looks like this:There is one section on this tab:• White ListIt is described in the following.3–58

CommonWhite ListThe White List section l ooks like this:Using this section, you can add an object to the White List and exclude it fromthe application

CommonTo add an object to the white list, use the area labeled:• Add new entrySelect String or International Domain Name from the first of the drop-do

CommonTo sort the list in ascending or descending order, click on the symbol next tothe Media Type or Description column heading.To edit an entry, typ

Common3.11User Defined CategoriesThe User Defined Categories options are invoked by clicking on the corre-sponding button under Common:The options are

CommonUser Defined CategoriesThe User Defined Categories section l ooks like this:Using this section, you can configure your own categories for URL cl

Common• Category 1 to Category nIn the input fields provided here, enter the category names you want to useand the abbreviated formats of these names.

Common3.12.1Media Type CatalogThe Media Type Catalog tab l ooks like this:There is one section on this tab:• Media Type CatalogIt is described in the

IntroductionWhen you are attempting to leave a tab after modifying its settings, but withoutclicking on Apply Changes, an alert is displayed to remind

CommonMedia Type CatalogThe Media Type Catalog section looks like this:Using this section, you can add a m edia type to the Media Type Catalog.A media

CommonThe media type tells the application that receives the data what kind of appli-cation is needed to process the content, e. g. Real Audio is to p

Common— Magic BytesIn the input fields provided here, enter up to five magic byte sequencesand their offsets to identify a media type:OffsetIn the inp

Chapter 4SSL ScannerThe features that are described in this chapter are accessible over the SSLScanner tab of the Web interface:These features allow y

SSL Scanner4.1OverviewThe following overview shows the sections that are in this chapter:User’s Guide SSL ScannerIntroductionHomeCommonSSL Scanner Ove

SSL ScannerTo do this, select a policy from the drop-down list labeled Policy, which is lo-cated above the Certificate Verification button:The options

SSL ScannerFurthermore, there is this section on the tab:• Certificate VerificationIt is described in the following.Certificate VerificationThe Certif

SSL ScannerIf the Common Name in a certificate is, e. g. abcde.com, but the Webserver’sURLisinfactwww.abcde.com, no match is achieved.• Wildcard match

SSL ScannerTo do this, select a policy from the drop-down list labeled Policy, which is lo-cated above the Certificate Verification button:The options

SSL ScannerTunneling by CategoryThe Tunneling by Category section looks like this:Using this section, you c an configure tunneling for particular URL

IntroductionInformation UpdateSome parts of the information that is provided on the tabs of the Web interfacewill change from time to time. In these c

SSL Scanner— Bypass SSL ScannerThe SSL Scanner is bypassed completely, i. e. no activities whatso-ever are performed.Client Certificate HandlingThe Cl

SSL Scanner• Verify server certificate, but do not decrypt sessionEnable this option, to have the s erver certificate checked by the verificationproce

SSL Scanner4.4Certificate ListThe Certificate L ist options are invoked by clicking on the corresponding but-ton under SSL Scanner:If you want to enab

SSL Scanner4.4.1Certificate ListThe Certificate List tab looks like this:There is one section on this tab:• Certificate ListIt is described in the fol

SSL ScannerTo add an exception to the list, use the area labeled:• Add new exceptionIn the input field provided here, enter the exception you want to

SSL Scanner— by hostEnabling the by host method means that the host is checked without acertificate being included in the verification process. If the

SSL ScannerIf the number of entries is higher than this number, the remaining entries areshown on successive pages. A page indicator is then displayed

SSL Scanner4.5.1Trusted Certificate AuthoritiesThe Trusted Certificate Authorities tab looks like this:At the top of this tab, there is the Known Cert

SSL ScannerUsing this section, you can configure actions for content with certificates issuedby known Certificate Authorities (CAs) that are either tr

SSL ScannerTrusted Certificate A uthoritiesThe Trusted Certificate Authorities section looks like this:This section provides the list of Trusted Certi

IntroductionSearchA Search input field and button are located in the top right corner of the Webinterface area.Using these, you can start keyword quer

SSL ScannerTo make the addition valid for all policies, mark the checkbox labeled Addto all policies before proceeding any further.Then click on eithe

SSL Scanner4.6Global C ertificate ListThe Global Certificate List options are invoked by clicking on the corre-sponding button under SSL Scanner:If yo

SSL ScannerThere is one section on this tab:• Global Certificate ListIt is described in the following.Global Certificate ListThe Global Certificate Li

SSL ScannerFor the meaning of these actions, see the following table:by certificate by hostAllow Theexceptionisallowed. not availableBlock The excepti

SSL ScannerFor the meaning of these actions, see the description of the by cer-tificate method above.A message will then be displayed, stating if the

SSL Scanner4.7Global Trusted Certificate AuthoritiesThe Global Trusted Certificate Authorities options are invoked by clickingon the corresponding but

SSL ScannerTrusted Certificate A uthoritiesThe Trusted Certificate Authorities section looks like this:This section provides the global list of Truste

SSL ScannerIf the number of entries is higher than this number, the remaining entries areshown on successive pages. A page indicator is then displayed

SSL ScannerThey are described in the upcoming section:• Incident Manager, see 4.8.14.8.1Incident ManagerThe Incident Manager tablookslikethis:There is

SSL ScannerUsing this section, you can inspect and manage incidents relating to SSL-en-crypted communication.The Incident Manager enables you to retri

IntroductionAfter modifying the interval specified there, click on Apply Changes to makethis setting effective.Clicking OK will redirect you to the lo

SSL ScannerA list entry consists of the following fields:• Host - URL that caused the incident.Incidents can be added to the certificate lists either

Introduction1.4.1Documentation on Main ProductsThis section introduces the user documentation on the main products of Web-washer.Document Group Docume

Introduction1.4.2Documentation on Special ProductsThis section introduces the user documentation on products for special tasksand environments.Documen

Introduction1.5The Webwasher Product SuiteThe Webwasher suite of products provides an optimal solution for all your se-cure content management needs.I

IntroductionThe following two products have their own user interfaces, which are describedin the corresponding guides, see also 1.4.2.Webwasher®Conten

Part Number: 86-0946227-BAll Rights Reserved, Published and Printed in G erma ny©2006 Secure Computing Corporation. This document may not, in whole or

Chapter 2HomeThe features that are described in this chapter are accessible over the Hometab of the Web interface:These are basic features that are co

Home2.1OverviewThe following overview shows the sections that are in this chapter:User’s Guide SSL ScannerIntroductionHome Overview –thissectionOvervi

Home2.2.1Overview (Feature)The Overview tab looks like this:There are four sections on this tab:• System Alerts• System Summary• One-Click Lockdown• V

HomeSystem AlertsThe System Alerts section looks like this:This section displays alerts to make you aware of problems concerning thesystem s tatus. Th

HomeSystem SummaryThe System Summary section looks like this:This section d isplays information on the system status.Information is provided on the us

HomeTo enable the emergency mode:• Click on the Activate emergency mode button.This button is a toggle s witch. After enabling the emergency mode, the

Home2.3SupportThe Support options are invoked by clicking on the corresponding button un-der Home:The options are arranged under the following tab:The

HomeSupportThe Support section looks like this:Using this section, you can contact the Webwasher support team.The section provides a number of buttons

Home2.4FeedbackThe Feedback options are invoked by clicking on the c orresponding buttonunder Home:The options are arranged under the following tabs:T

ContentsChapter 1 Introduction ... 1– 11.1 About This Guide...

Home2.4.1FeedbackThe Feedback tab looks like this:There are two sections on this tab:• Feedback E-Mail Address• URL Filter Database FeedbackThey are d

HomeURL Filter Database FeedbackThe URL Filter Database Feedba ck section looks like this:Using this section, you can submit unclassified or incorrect

HomeThere are three sections on this tab:• Spam False Positives Feedback Queue• Spam False Negatives Feedback Queue• Malware Feedback QueueThey are de

HomeThe default interval is 240 minutes. Entering 0 here means that no e-mailswill be sent automatically.E-mails can be sent manually, however, using

Home• Send interval in . . . minutesIn the input field provided here, enter a time interval (in minutes) to specifythe time that is to elapse between

HomeUse the following items to configure the malware feedback:• SMTP queue to useFrom this drop-down list, select an e-mail queue. E-mails and small d

Home2.4.3Malware Feedback Black ListThe Malware Feedback Black List tab looks like this:There is one section on this tab:• Malware Feedback Media Type

HomeUsing this section, you can add a media type to the Media Type Black List formalware feedback. Objects belonging to the media types on this list w

HomeUse the following items to perform other activities relating to the list:• FilterType a filter expression in the input field of the Media Type or

Home2.5.1Documentation on Main ProductsThe DocumentationonMainProductstab looks like this:There are three sections on this tab:• General Documents• Pr

User’s Guide3.6 Generic Body Filter ... 3–253.6.1 Generic Body Filter...

HomeTo view any of the documents listed here, click on the PDF link in the sameline. This will open a .pdf format version of the document.Product Docu

Home2.5.2Documentation on Special ProductsThe Documentation on Special Products tab looks like this:There are four sections on this tab:• Content Repo

HomeInstant Message Filter DocumentsThe Instant Message Filter Documents section looks like this:This section allows you to v iew user documentation o

HomeTo view any of the documents listed here, click on the PDF link in the sameline. This will open a .pdf format version of the document.2.5.3Additio

Home2.6PreferencesThe Preferences options are invoked by clicking on the corresponding buttonunder Home:The options are arranged under the following t

HomeThey are described in the following.Change PasswordThe Change Password section looks like this:Using this section, you can change the password you

HomeIf you are only interested in viewing and configuring settings for Web traffic,you can hide the e-mail related settings and vice versa.Furthermore

HomeTo what extent you are allowed to configure access permissions for other ad-ministrators, depends on your seniority level. This is measured by a v

Home— Allow read o nly accessCheck this radio button to allow read only access.• Deny simultaneous accessCheck this radio button to deny simultaneous

Home2.7.1InformationThe Information tablookslikethis:There are four sections on this tab:• License Information• Webwasher End User License Agreement•

Chapter 1IntroductionWelcome to the Webwasher® User’s G uide SSL Scanner. It provides you withthe information needed to configure and use the SSL Scan

HomeLicense InformationThe License Information section looks like this:This section displays information regarding the license of the Webwasher soft-w

HomeTo import a license, proceed as follows:1. Click on the Browse button provided here and browse for the license fileyou want to import.Before you c

Home2.7.2NotificationThe Notification tab looks like this:There are two sections on this tab:• System Notifications• Too Many ClientsThey are describe

HomeAfter specifying the appropriate information, click on Apply Changes to makeyour settings effective.Use the following items to configure the syste

HomeUsing this section, you can configure messages to be written to the system logif connections were refused due to heavy work load or license exhaus

Chapter 3CommonThe features that are described in this chapter are accessible over the Com-mon tab of the Web interface:These are filtering features t

Common3.1OverviewThe following overview shows the sections that are in this chapter:User’s Guide SSL ScannerIntroductionHomeCommon Overview –thissecti

CommonTo do this, select a policy from the drop-down list labeled Policy, which is lo-cated above the Media Type Filters button:The options are arrang

CommonMedia Type FilterThe Media Type Filter section looks like this:Using this section, you can configure actions, e. g. Block, Block, log andnotify,

Common• Non-rectifiable media types with magic bytes mismatchThe actions configured here will be executed when content types do notmatch their magic b

Introduction1.1About This GuideThe following overview lists the chapters of this guide and explains briefly whatthey are about:User’s Guide SSL Scanne

CommonFurthermore, you need to enable an option on the REQMOD Settings tab touse this filter. To do this, click on the REQMOD Settings link provided a

Common3.2.2Media Type Black ListThe Media Type Black List tablookslikethis:There is one section on this tab:• Media Type Black ListIt is described in

CommonMedia Type Black ListThe Media Type Black List section looks like this:Using this section, you can add a media type to the Media Type Black List

CommonAfter s electing a media type, click on this button to add it to the list.This addition will be valid only under the policy you are currently co

Common3.2.3Media Type White ListThe Media Typ e White List tab looks like this:There is one section on this tab:• Media Type White ListIt is described

CommonMedia Type White ListThe Media Type White List section l ooks like this:Using this section, you can add a media type to the Media Type White Lis

CommonThis addition will be valid only under the policy you are currently con-figuring.To add a media type to the white list for all policies, mark th

Common3.3Document InspectorThe Document Inspector options are invoked by clicking on the correspond-ing button under Common:If you want to enable any

Common3.3.1Document InspectorThe Document Inspector tab looks like this:There are five sections on this tab:• Document Download Filter• Document Uploa

CommonDocument Download FilterThe Document Download Filter section looks like this:Using this section, you can configure actions for inbound office do

Introduction1.3Using WebwasherA user-friendly, task-oriented Web interface has been designed for accessingthe features of the Webwasher products. It l

CommonDocument Upload FilterThe Document Upload Filter section looks like this:Using this section, you can configure actions for outbound user-origina

CommonThis active content may be hostile rather than friendly, so for full protectionagainst files that are embedded into Microsoft Office or PDF docu

CommonUse the following checkboxes to modify the assignment of filters to documentformats:• Download FilterMark or clear the checkboxes in this line t

Common• Structured Storage document, like Visio or MSI, not readableFrom the drop-down lists provided here, select actions for documents inWeb and e-m

CommonTo do this, select a policy from the drop-down list labeled Policy, which is lo-cated above the Media Type Filters button:The options are arrang

CommonArchive HandlingThe Archive Handling section looks like this:Using this section, you can configure blocking and other actions for encrypted,corr

CommonUsing this section, you can configure limits for archive sizes and recursionlevels.After specifying the appropriate settings click on Apply Chan

Common3.5.1Generic Header FilterThe Generic Header Filter tab looks like this:There is one section on this tab:• Header Filter ListIt is described in

CommonHeader Filter ListThe Header Filter List section looks like this:Using this section, you can configure the Generic Header Filter to delete head-

Common3.6Generic Body FilterThe Generic Body Filter options are invoked by clicking on the correspondingbutton under Common:If you want to enable any

Introduction1.3.1First Level TabsThe Web interface displays a number of tabs and sections for configuring thefeatures provided by Webwasher. On the to

Common3.6.1Generic Body FilterThe Generic Body Filter tab looks like this:There is this section on this tab:• Body Filter ListIt is described in the f

CommonBody Filter ListThe Body Filter List section looks like this:Using this section, you can configure the Generic Body Filter blocking andother act

CommonSo, to block, e. g. all HTML pages encoded as UTF-16 you can configure arule like the following:0-128 Contains I"<\00h\00t\00m\00l\00&qu

Common• Dimension Filter List, see 3.7.33.7.1SettingsThe Settings tab looks like this:There are six sections on this tab:• Link Filter• Dimension Filt

CommonThey are described in the following.Link FilterThe Link Filter section looks like this:Using this section, you can configure the filtering of co

Common— WindowsEnables or disables the filtering of windows, which are also commonlyknown as pop-ups.A pop-up is a display area, usually a small windo

CommonA text link is the grouping of linked text that, when clicked on, takesyou to another page either within the same Web site, or to an entirelydif

Common— AppletsEnables or disables the filtering of Java applets.These are small programs accompanying a Web page that is sent to auser. Java applets

CommonScript FilterThe Script Filter section looks like this:Using this section, you can configure a filter to manage the code that manipu-lates brows

CommonAnimation FilterThe Animation Filter section looks like this:Using this section, you can configure a filter to detect animated images. Ani-matio

Introduction1.3.2Configuring a Sample SettingThis section explains how to configure a s ample setting of a Webwasher fea-ture. The feature chosen here

CommonAdvertising Filter SettingsThe Advertising Filter Settings section looks like this:Using this section, you can configure settings that will appl

CommonThen check the radio buttons below to further specify the exclusion:— the same pathEnable this option to exclude objects within the s ame place

CommonLink Filter ListThe Link Filter List section looks like this:Using this section, you can add URLs to the Link Filter List and edit them.To do th

Common— do not filterEnable this option to exclude the URL you entered above from filtering.— Add to Li n k Filter ListAfter specifying the informatio

Common3.7.3Dimension Filter ListThe Dimension Filter List tab looks like this:There is this one section on this tab:• Dimension Filter ListIt is descr

CommonDimension Filter ListThe Dimension Filter List section looks like this:Using this section, you can add dimension settings to the Dimension Filte

Common— Add to Dimension Filter ListAfter specifying the dimensions settings in the w ay described above,click on this button to add them to the list.

Common3.8Privacy FiltersThe Privacy Filters options are invoked by clicking on the corresponding but-ton under Common:If you want to enable any of the

Common3.8.1SettingsThe Settings tab looks like this:There are four sections on this tab:• Web Bug Filter• Referer Filter• Prefix Filter• Cookie F ilte

CommonUsing this section, you can configure a filter to eliminate Web bugs.These are also known as clear GIFs or Web beacons. They are are usually1 pi