1500 with Websense Enterprise® Administrator’s Guide · with Websense Enterprise ... Table 1 and...

Content Security Gateway™ 1500 with Websense Enterprise®Administrator’s Guide

CP Secure, Inc.20065 Stevens Creek Boulevard, Building CCupertino, CA 95014www.cpsecure.com

Software Version 2.0Published June 2006Document Part No. CSG1500-20060612

No part of this document may be reproduced, stored in or introduced into a retrieval system, or transmitted in any form or by any means (electronic, mechanical, photocopying, recording, or otherwise), or for any purpose, without the express written permission of CP Secure. CP Secure reserves the right to make changes to this document and the products described herein without prior notice.For the latest versions of CP Secure product documentation, visit the CP Secure Web site at http://www.cpsecure.com.Copyright © 2004-2006 CP Secure Incorporated. All rights reserved. CP Secure, the CP Secure logo, WormSecure, and Content Security Gateway are either registered trademarks or trademarks of CP Secure, Inc. in the United States and/or other countries.Websense, Websense Enterprise, and the Websense logo are trademarks or registered trademarks of Websense, Inc. All other brand and product names are trademarks or registered trademarks of their respective companies or organizations.

ABOUT THIS GUIDE

This guide is intended for use by those responsible for installing and managing network security equipment. It assumes a basic working knowledge of local area networks and network security.

If a readme or release notes are shipped with your product and the information there differs from the information in this guide, follow the instructions in the release notes.Most user guides and release notes are available in Adobe Portable Document Format (PDF) on the CP Secure Web site:

http://www.cpsecure.com

Document ConventionsThroughout this document, conventions are used to call your attention to certain information. Table 1 and Table 2 list these conventions that are used in this document.

Table 1 Notice Icons

Icon Notice Type Description

Information note

Information that describes important features or instructions

Caution Information that alerts you to potential loss of data or potential damage to an application, system, or device

Warning Information that alerts you to potential personal injury

Related DocumentationIn addition to this guide, each Content Security Gateway documentation set includes the following:

■ Online Help – Accessible from the Web interface, provides information that helps you perform tasks using the Web interface.

■ Release Notes – Provide information about the current software release, including new features, modifications, and known issues.

Documentation FeedbackYour suggestions are very important to us. They can help make our documentation more useful to you. Please email any comments about this document to CP Secure at:

[email protected]

When emailing us about our documentation, please include the following information:

■ Document title■ Document part number (found on the title page)■ Page number (if appropriate)

Table 2 Text Conventions

Convention Description

Screen display This typeface represents information as it appears on the screen.

“Enter” and “Type” When you see the word “enter” in this guide, you must type something, and then press Return or Enter. Do not press Return or Enter when an instruction simply says “type.”

Bold This typeface indicates menu names, menu commands, and button names. For example:To access the whitelist page, click Anti-Spam > Whitelist/Blacklist on the menu.

Italics This typeface is used to emphasize a point

4 Related Documentation

For example:■ Content Security Gateway 1500 with Websense Enterprise

Administrator’s Guide■ Part number: CSG1500-20060612 ■ Page 13

Note that we can only respond to comments and questions about CP Secure product documentation at this email address. Questions related to technical support or sales should be directed in the first instance to your CP Secure reseller.

Documentation Feedback 5

6 Documentation Feedback

CONTENTS

ABOUT THIS GUIDE

Document Conventions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3Related Documentation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4Documentation Feedback . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4

1 INTRODUCING CSGWhat is Content Security Gateway? . . . . . . . . . . . . . . . . . . . . . . . . . . . 1

About Stream-based Scanning . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1What You Can Do with CSG . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2

Scan Network Traffic for Malware . . . . . . . . . . . . . . . . . . . . . . . . . . 2Protect the Network Instantly . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2Receive Real-time Alerts and Generate Comprehensive Reports . 2Automate Component Updates . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3Manage CSG from Anywhere on the Network . . . . . . . . . . . . . . . . 3Other Features . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3

Physical Features . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3(1) Liquid Crystal Display . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4(2) Status LEDs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4(3) Console Port . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4(4) Administration Port . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5(5) RJ-45 Ethernet Ports . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5(6) USB Ports . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5(7) Power Supply . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6

Package Contents . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6Getting Started Tasks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6

2 CHOOSING A DEPLOYMENT SCENARIO

Small Network . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9Typical Small Network . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9Network That Connects via an ADSL Modem . . . . . . . . . . . . . . . 10Network with Two Logical Subnets . . . . . . . . . . . . . . . . . . . . . . . . 11Network with Two Subnets Connecting and Using NAT . . . . . . . 12

Medium or Enterprise Network . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13Network with Remote Office . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14

Remote Office that Uses the Main Office Servers . . . . . . . . . . . . . 15

Remote Office with Logical Subnets and Connecting to the Main Office Servers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15

Other Network Topologies . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16

3 PERFORMING PRECONFIGURATION Preconfiguration Using the LCD Screen . . . . . . . . . . . . . . . . . . . . . . . 19

Changing the System Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20Viewing the System Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21

Preconfiguration Using the Serial Interface . . . . . . . . . . . . . . . . . . . . 22Using HyperTerminal on Microsoft Windows . . . . . . . . . . . . . . 23Using Minicom on Linux . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24

Preconfiguration Using the Web Interface . . . . . . . . . . . . . . . . . . . . . 26Step 1: Set Up and Connect the Admin Computer . . . . . . . . . . . 27Step 2: Log On to the Web Interface . . . . . . . . . . . . . . . . . . . . . . . 30Step 3: Run the Setup Wizard . . . . . . . . . . . . . . . . . . . . . . . . . . . . 30

Verifying the CSG Installation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 34Testing Connectivity . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 34Testing HTTP Scanning . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 35

Choosing a Location for CSG . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 35Using the Rack Mounting Kit . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 36Installing the Optional Bypass Card . . . . . . . . . . . . . . . . . . . . . . . . . . 37

4 CONFIGURING THE SCAN AND UPDATE SETTINGS

Default Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 39Enabling Scanning of Services . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 40Configuring Email Scan . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 41

Email Notification Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 42Email Content Filtering . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 43

Protecting Against Spam . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 44Configuring SMTP Outbound Scan . . . . . . . . . . . . . . . . . . . . . . . . . . 51

SMTP Outbound Scan Settings . . . . . . . . . . . . . . . . . . . . . . . . . . 51SMTP Outbound Content Filtering . . . . . . . . . . . . . . . . . . . . . . . 52

Configuring Web Scan . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 54Configuring Web Filtering . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 54

Filtering Network Traffic Using Websense Enterprise . . . . . . . . . . . . 55How Websense Enterprise Works with the CSG . . . . . . . . . . . . . 56Installing Websense Enterprise . . . . . . . . . . . . . . . . . . . . . . . . . . . 56Enabling URL Filtering Using Websense Enterprise . . . . . . . . . . 57Websense Logs and Reports . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 58

Configuring HTTPS Scan . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 58HTTPS Scan Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 60Using an HTTPS Certificate . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 61Managing Certificates . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 61Trusted Hosts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 62

Configuring FTP Scan . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 63Malware Action . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 63Block File by Extension . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 63

Managing Quarantined Files . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 63Query Type . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 63Malware . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 63Spam . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 64

Configuring Updates . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 64Configuring Scheduled Updates . . . . . . . . . . . . . . . . . . . . . . . . . . 64Performing an Offline Update . . . . . . . . . . . . . . . . . . . . . . . . . . . 65Performing a Manual Update . . . . . . . . . . . . . . . . . . . . . . . . . . . . 65

5 CONFIGURING THE SYSTEM SETTINGS

Configuring Network Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 67NIC Grouping . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 67NIC Operation Mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 68Customized MTU Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 68

Defining Internal Domains . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 68Setting the System Time . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 69

Defining Trusted Sites . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 69Managing User Accounts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 69

6 PERFORMING ADMINISTRATIVE TASKS

Registering CSG . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 71Registering Online . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 71Registering Offline . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 72

Backing Up and Restoring Configuration . . . . . . . . . . . . . . . . . . . . . . 72Backing Up the CSG Configuration . . . . . . . . . . . . . . . . . . . . . . . 72Restoring Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 72

Restoring to Factory Defaults . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 73Rebooting CSG . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 73Running Diagnostics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 73

Using the Network Diagnostic Tools . . . . . . . . . . . . . . . . . . . . . . 74Using the Traffic Diagnostic Tools . . . . . . . . . . . . . . . . . . . . . . . . 74

Sending Suspicious Files to CP Secure for Analysis . . . . . . . . . . . . . . 74Using the Online Support Facility . . . . . . . . . . . . . . . . . . . . . . . . . . . . 75

INDEX

1
INTRODUCING CSG
This chapter provides an overview of the features and capabilities of Content Security Gateway. It also identifies the physical features of the appliance and identifies the content of the CSG package.

Topics include:

■ What is Content Security Gateway?■ What You Can Do with CSG■ Physical Features■ Package Contents■ Getting Started Tasks

What is Content Security Gateway?Content Security Gateway (CSG) is a reliable, high-performance network security appliance that protects networks against viruses, spyware, spam, and other types of malware.

CSG integrates CP Secure’s patent-pending stream-based scanning technology with anti-spam and content filtering features to protect against security threats originating from different vectors.

About Stream-based ScanningStream-based scanning is based on the simple observation that network traffic travels in streams. CP Secure's scan engine starts receiving and analyzing traffic as the stream enters the network. As soon as a number of bytes are available, scanning commences. The scan engine continues to scan more bytes as they become available, while at the same time another thread starts outputting the bytes that have been scanned.

This multi threaded approach, in which the receiving, scanning, and outputting processes occur concurrently, ensures that network performance remains unimpeded. The result is that the time to scan a file

is up to twelve times faster than traditional antivirus solutions – a performance advantage that is easily noticeable to the enduser. Stream-based scanning also enables organizations to withstand massive spikes in traffic, as in the event of a malware outbreak.

What You Can Do with CSGCSG combines robust protection against malware with ease-of-use and advanced reporting and notification features to help you deploy and manage the device with minimal effort. Here are some of the things that you can do with CSG.

Scan Network Traffic for MalwareUsing CP Secure’s patent-pending stream-based scanning technology, you can configure CSG to scan HTTP, SMTP, POP3, HTTPS, IMAP, and FTP protocols. Unlike traditional scan engines that need to cache traffic before they can scan, CP Secure’s scan engine checks traffic as it enters the network, ensuring unimpeded network performance.

To ensure proper handling of detected malware, CSG lets you configure primary and secondary actions.

Protect the Network InstantlyCSG is a plug-and-play security solution that can be instantly added to networks without requiring network reconfiguration.

Receive Real-time Alerts and Generate Comprehensive ReportsYou can configure CSG to send out alerts whenever a malware or an outbreak is detected on the network. Real-time alerts can be sent out via pager, email, and SMS, allowing you to monitor malware events wherever you are. By configuring CSG to send out malware alerts, you can isolate and clean the infected computer before the malware incident can develop into a full blown outbreak.

CSG also provides comprehensive reports that you can use to analyze network and malware trendbks.

2 What You Can Do with CSG

Automate Component UpdatesDownloading components regularly is the key to ensuring updated protection against new threats. CSG makes this administrative task easier by supporting automatic virus pattern, program and engine updates.

Manage CSG from Anywhere on the NetworkA Web-based interface enables you to easily and remotely monitor the network from anywhere where there is an Internet connection.

Other Features■ Convenient LCD monitoring – Enables easy system configuration

and provides at-a-glance status information.■ Support for optional bypass card – Ensures unimpeded network

traffic in the event of a hardware failure. See Installing the Optional Bypass Card on page 37 for more information.

Physical FeaturesThe front panel of CSG, shown in Figure 1, contains the LCD monitor and the ports that you use to connect CSG to the network and other devices. The numbered items in the figure refer to the following numbered sections.

Physical Features 3

Figure 1 CSG 1500 Front and Back Panels

(1) Liquid Crystal DisplayThe liquid crystal display (LCD) on the front panel shows CSG status information and may be used to perform the initial configuration of CSG. For more information using the LCD to preconfigure CSG, refer to Preconfiguration Using the LCD Screen on page 19.

(2) Status LEDsCheck the LEDs on the front panel of CSG to verify that the status of its primary hardward components, including power, CPU, admin port, and the four RJ-45 ports.

(3) Console PortUse this port to connect CSG to a COM port on a Microsoft Windows or Linux computer, may be used to perform the initial configuration of CSG. See Preconfiguration Using the Serial Interface on page 22.

4 Physical Features

(4) Administration PortCSG comes with a dedicated administration port that you use to manage the device from anywhere on the network. You can connect this port to the administrative network or directly to an administrative computer.

Having a dedicated admin port helps ensure that the computer or network from which you are managing CSG remains isolated from the main network, in case of a malware outbreak.

(5) RJ-45 Ethernet PortsUse these RJ-45 Ethernet ports to connect CSG to your network using the supplied crossover Ethernet cable. Connect one end of the RJ-45 cable to a router or a switch, and then connect the other end to a port on the firewall.

(6) USB PortsUse these USB ports to update the CSG software image from a portable CD/DVD-ROM drive with USB connector. Updating via the USB port is recommended for CSG appliances that are permanently disconnected from the Internet.

Before updating the software image via the USB port, make sure you record the current software version number. After you perform the software update, you will need to compare the version numbers to verify that the update was completed successfully.

To update the software image1 Obtain an updated CSG software image, normally provided by CP

Secure or an authorized reseller on a CD/DVD-ROM format.

2 Connect a removable CD/DVD-ROM drive with a USB connector to one of the USB ports.

3 Insert the image CD/DVD into the removable CD/DVD-ROM drive.

4 Power off CSG, and then power it back on.

CSG detects the newer software image on the removable drive and updates its current software.

Physical Features 5

(7) Power SupplyUse only the supplied power cord to connect CSG to a power source.

Package ContentsThe CP Secure Content Security Gateway package includes the following items:

■ CP Secure Content Security Gateway appliance■ Power cord■ Crossover Ethernet cable■ Serial console cable■ Documentation CD, which contains the Quick Start Guide, this

Administrator’s Guide, and readme■ Optional mounting kitBefore installing and using CSG, verify that your CSG package has all these items. If any of the above items are damaged or missing, contact your CP Secure reseller immediately.

Getting Started TasksTo help you get CSG up and running in minutes, here is a list of the essential tasks that you need to perform.

1 Choose a deployment scenario – Deciding where to place CSG on the network is an important consideration since it will determine which network segments will be protected after you deploy it. Check the deployment scenarios listed in Choosing a Deployment Scenario starting on page 9 for some examples and decide on how you want to deploy CSG for optimum security.

2 Connect CSG to the network – After deciding on a deployment scenario, connect CSG to the network. The actual connections that you have to make will depend on the chosen deployment scenario. On a small network, for example, you will usually connect CSG to the firewall and switch/hub.

3 Perform preconfiguration – Preconfiguration refers to updating CSG’s basic system settings (IP address, netmask, DNS) so that it can function on the target network. For information on how to perform preconfiguration, refer to Performing Preconfiguration starting on page 19.

6 Package Contents

4 Configure CSG – CSG’s default settings normally provide adequate protection to most networks. You can, however, still customize the settings to ensure that they are suitable for your network. To configure CSG and update its settings, CP Secure recommends using the built-in Web interface. For information on how to configure CSG, refer to Configuring the Scan and Update Settings starting on page 39.

5 Register CSG – Registering CSG with CP Secure is a requirement before your device can start receiving component updates. Registering your device also entitles you to technical support.

CP Secure provides two options for registering your CSG device – online (recommended) and offline. For more information on how to register CSG, refer to Sending Suspicious Files to CP Secure for Analysis starting on page 74.

Getting Started Tasks 7

8 Getting Started Tasks

2
CHOOSING A DEPLOYMENT SCENARIO
CSG is a network device that you can deploy quickly and easily to any point on the network without requiring network reconfiguration. This chapter lists some network scenarios and recommended deployment setup. Deployment scenarios are categorized into the following:

■ Small Network■ Medium or Enterprise Network■ Network with Remote Office

Small NetworkThe following small network scenarios are described in this section:

■ Typical Small Network■ Network That Connects via an ADSL Modem■ Network with Two Logical Subnets■ Network with Two Subnets Connecting and Using NAT

Typical Small NetworkOn a typical small network, install CSG:

■ Between the firewall and router to protect the entire network, or ■ In front of the server group to protect the server group only.

Figure 2 Small Network Deployment

Network That Connects via an ADSL ModemIf users connect to the Internet through an ADSL modem, install the CSG between the firewall and the switch.

For enhanced security, CP Secure recommends installing CSG behind the firewall, instead of between the ADSL modem and the firewall.

10 Small Network

Figure 3 Network That Connects via an ADSL Modem

Network with Two Logical SubnetsOn a network with two logical subnets (for example, VLAN 10 for users and VLAN 20 for servers), the firewall and router are integrated into the same network. The VLAN tag is sent from Switch 2 and Switch 3; it ends before the router and is transparent through Switch 1.

In this scenario, you can install CSG in front of a server to protect the server only. CP Secure highly recommends installing CSG between the firewall and switch (see Figure 4).

Small Network 11

Figure 4 Network with Two Logical Subnets

Network with Two Subnets Connecting and Using NATIf your network has two subnets (for example, 192.168.100.0/24 and 192.168.200.0/24) and it connects to the Internet via NAT, install CSG between the firewall and the switch to protect the entire network.

For enhanced security, CP Secure recommends installing CSG behind the firewall, instead of between the ADSL modem and the firewall.

12 Small Network

Figure 5 Network with Two Subnets and Using NAT

Medium or Enterprise NetworkMedium-sized and enterprise networks typically have a core network consisting of at least two Layer 3 (L3) switches and two routers that back up one another. This network setup normally exists in branch and remote offices.

In this scenario, you can install CSG: ■ In front of the server group to provide dedicated protection for

traffic passing through the server group only. ■ Between the routers for the main and remote offices to protect a

remote office.

It is recommended that you do not install CSG in front of the firewall or between the L3 switch and the firewall.

Medium or Enterprise Network 13

Figure 6 Network with Two L3 Switches and Two Routers

Network with Remote OfficeRemote office scenarios discussed in this section include:

■ Remote Office that Uses the Main Office Servers■ Remote Office with Logical Subnets and Connecting to the Main Office

Servers

14 Network with Remote Office

Remote Office that Uses the Main Office ServersIf you have a firewalled remote office that uses the server group in the main office, you can install CSG:

■ Between the firewall and the Internet port of the router/L3 switch to protect the entire network.

■ Between the switch/hub and the router/L3 switch to protect a particular network segment.

■ In front of the main office export of the router/L3 switch to ensure that traffic to and from the main office server group is scanned.

Figure 7 Remote Office That Uses the Server Group in the Main Office

Remote Office with Logical Subnets and Connecting to the Main Office ServersIf you have a firewalled remote office with two logical subnets (for example, VLAN 10 and VLAN 20) and uses the server group in the main office, you can install CSG:

■ Between the firewall and the Internet export of the router/L3 switch to protect the entire network.

Network with Remote Office 15

■ In front of the main office export of the router/L3 switch to ensure that traffic to and from the main office server group is scanned.

■ Between the Router and the L3 switch to protect the entire network (highly recommended).

Figure 8 Remote Office with Logical Subnets and Connecting to the Main Office Servers

Other Network TopologiesIf you need to install CSG between the firewall and the router but there are no assignable IP addresses, you can assign an internal IP address for CSG and use the third port to connect to the internal switch. This internal address can be used to manage the CSG and to obtain updates.

16 Other Network Topologies

Figure 9 Network without an Assignable IP Address

Other Network Topologies 17

18 Other Network Topologies

3
PERFORMING PRECONFIGURATION
Preconfiguration refers to modifying CSG’s basic system settings (for example, IP address, netmask, and DNS) so that it can function on your network. CSG provides three ways for you to perform the initial configuration:

■ Preconfiguration Using the LCD Screen■ Preconfiguration Using the Serial Interface■ Preconfiguration Using the Web Interface

Preconfiguration Using the LCD ScreenCSG 1500 includes an LCD screen, shown in Figure 10, on the front panel that allows you to quickly configure or modify its basic settings. You can use this LCD screen to perform the initial configuration.

Figure 10 LCD Screen on the Front Panel

The LCD screen includes four buttons that you can use to view and change CSG’s basic settings. Table 1 lists these buttons and their descriptions.

Changing the System Settings1 Press the Up button twice.

2 Press Enter to enter the configuration mode. The current IP address assigned to CSG appears on the LCD screen, with the first digit highlighted.

3 To change the IP address, press the Up or Down button. The highlighted value in the IP address increases or decreases, depending on the button you press. When you have complete changing the first digit in the IP address, press Enter to move to the next digit. Repeat the same procedure until you have gone through all the digits in the IP address.

To move to the next setting, press Enter repeatedly to skip through the IP address digits, until the netmask screen appears. Perform the procedure in the previous paragraph to change the netmask, or press Enter repeatedly to skip through the netmask setting and move to the next setting.

Table 1 LCD Screen Buttons

Button Description

Up button, used to move up to the next screen display and to switch between screen modes. There are three screen modes available:■ View – Shows the CSG’s system settings and the scan

status for all supported protocols. Refer to Viewing the System Settings on page 21 for more information.

■ Configure – Allows you to edit CSG’s system settings. Refer to Changing the System Settings on page 20 for more information.

■ Perform action – Allows you to reboot CSG or reset the settings to factory defaults. For instructions on how to reboot and reset CSG using the LCD screen, refer to Rebooting CSG and Restoring to Factory Defaults on page 73.

Down button, used to move down to the next screen display

Esc Press to return to the time screen display, which is the default screen display

Enter Press to save changes and to enter a screen mode

20 Preconfiguration Using the LCD Screen

IP addresses on the LCD screen appear as xxx.xxx.xxx.xxx and requires leading zeroes for digits lower than 100. For example, if your gateway IP address is 192.168.8.1, you need to enter it as 192.168.008.001 on the LCD screen.

4 Repeat the procedure in Step 3 to change each system setting. The order by which system settings will be displayed on the screen is as follows:

■ IP address■ Netmask■ Gateway■ Primary DNS■ Secondary DNS (optional)

5 After you update or skip the Secondary DNS screen, the following message appears:Save Changes?Press Enter…

6 To save the updated system settings, press Enter.

CSG automatically reboots and applies the updated system settings.

Viewing the System SettingsAfter you update the system settings, verify that they have been applied successfully by viewing the current settings from the LCD screen.

To view the system settings1 Press the Up button once. The Hostname screen appears, displaying

the host name that is currently assigned to CSG.

2 Press the Down button to move to the next screen. Repeat this step to switch to the succeeding screens. The order by which system settings and status are shown is listed in Table 2, including some sample values.

Table 2 Display Order of System Settings and Status

Screen Sample Value

Time 2005/12/20 (yyyy/mm/dd)03:52:15

Hostname CSG 1500

IP Address 192.168.7.233

Preconfiguration Using the LCD Screen 21

Preconfiguration Using the Serial InterfaceAnother way to preconfigure CSG is through a serial console connection from a Windows or Linux computer. Connect CSG to a Windows or Linux computer using the supplied serial cable, and then perform preconfiguration via HyperTerminal on Windows or Minicom on Linux.

In addition to preconfiguration, you can also use the serial interface if you are unable to access the Web interface, or if you lose track of the IP address and need to reconfigure the IP address or other parameters.

Network Mask 255.255.255.0

Gateway 192.168.7.1

Primary DNS 192.168.7.1

Secondary DNS Optional

Last Virus 2006/04/19 (Date when the last malware was detected)

05:37 (Time when the last malware was detected)

Troj.Java.ClassLoader.C (Malware name)

Last Update 2006/03/19 (Date when CSG components were last updated)

Start-up Time 2004/02/13 (Date of last startup)

Protocol Status SMTP OnHTTP OnFTP OffIMAP OffPOP3 Off

Table 2 Display Order of System Settings and Status

Screen Sample Value

22 Preconfiguration Using the Serial Interface

Using HyperTerminal on Microsoft WindowsAfter you connect CSG to your Windows computer, use HyperTerminal to perform CSG configuration.

1 Click Start > Programs > Accessories > Communications >HyperTerminal.

2 In the Connection Description window, type a name for the connection, and then click OK.

3 In Connect Using, select COM1, and then click OK.

4 Configure the COM1 properties with the following settings (see Figure 11):

■ Bits per second: 9600■ Data bits: 8■ Parity: None■ Stop bits: 1■ Flow control: Hardware

Figure 11 COM1 Properties Window

Preconfiguration Using the Serial Interface 23

5 Click OK. The serial interface window for CSG appears, as shown in

Figure 12 CSG Serial Interface Window

For information on commands that you can run, type help.

Using Minicom on LinuxOn a Linux computer, you can configure CSG via Minicom.

1 Check to see which serial port (for example, com1, com2) you are using.

2 Log on and if your machine uses serial port 0, enter the command vi /etc/minirc._dev_ttyS0' to edit file minirc._dev_ttyS0. See Figure 14.

24 Preconfiguration Using the Serial Interface

Figure 13 Configuring CSG via Minicom

3 After editing and saving the file minirc._dev_ttyS0, enter minicom/dev/ttyS0 to log on to the CSG in command mode.

4 At the CSG login prompt, enter the user name admin to continue.

5 Configure CSG's network parameters as shown in Figure 14.

Preconfiguration Using the Serial Interface 25

Figure 14 CSG Network Parameters

Preconfiguration Using the Web InterfaceThe Web interface is the recommended method of configuring and managing CSG. It features a content-rich interface and is easy to navigate. To use the Web interface, you need to designate an admin computer that is either directly or indirectly connected to the Admin port. The admin computer must also have Microsoft Internet Explorer 6.0 or later.

26 Preconfiguration Using the Web Interface

Step 1: Set Up and Connect the Admin ComputerTo configure CSG using the Web interface, you need to connect CSG to an admin computer using an Ethernet cable. Do the following:

1 Connect one end of the crossover Ethernet cable to one of the LAN ports located on the front panel of CSG and the other end into the Ethernet port on your computer.

2 Turn the power on.

3 On the admin computer, select the Control Panel, then Network Connections, and locate your network card connection (typically called Local Area Connection).

4 Right-click the connection, and then click Properties. The Local Area Connection Properties Window appears, as shown in Figure 15.

Preconfiguration Using the Web Interface 27

Figure 15 Local Area Connection Properties Window

If your computer has two network cards, do not use the second port because it will interfere with your system configuration.

5 Click Internet Protocol (TCP/IP), and then click Properties. The Internet Protocol (TCP/IP) Properties window appears.

Remember to record the current settings in case you need to restore these settings at a later point.

6 Configure the admin computer’s TCP/IP settings to enable it to connect to CSG:


a In IP address, enter an IP address that is in the same network range as CSG (for example, 192.168.248.248, unless you plan to install the CSG outside the LAN).

b In Subnet mask, enter 255.255.255.0.

c Click OK to save your changes.

Figure 16 Internet Protocol (TCP/IP) Properties Window


Step 2: Log On to the Web Interface1 Start Internet Explorer, and then enter the CSG IP address in the address

bar. For example, you can enter 192.168.248.248. The welcome screen for the CSG Web interface appears.

Figure 17 Welcome Page of the CSG Web Interface

2 Log on to the Web interface by entering admin as the user name and cpwall as password. Click Log On.

The CSG Setup Wizard appears. Refer to the following section for instructions on how to configure CSG using the setup wizard.

Step 3: Run the Setup WizardThe setup wizard is helps you configure CSG’s basic settings. On the welcome screen, click Next.

Configure the Network Settings1 In System Name, assign a name to CSG. If you have multiple CSG devices

on the network, assigning a name can help you identify this particular CSG device.

2 In IP address, assign an IP address to CSG. This is also the IP address that you will use to access the CSG Web interface.

3 In Subnet mask, enter an appropriate subnet mask for the network to which CSG is connected. The default mask is 255.255.255.0.


4 Enter the IP address of your gateway server and at least one DNS server IP address. These settings depend on your network configuration.

5 If you want to manual set the maximum transmission unit (MTU) for traffic that passes through CSG, enter the value in Maximum Transmission Unit. CP Secure recommends synchronizing the MTU setting on CSG with that of your network to avoid transmission delays.

6 Click Next to continue to the next wizard page.

Define the Internal DomainsYou can apply different scan policies for incoming and outgoing mails. For CSG to be able to identify incoming mails, you need to define the IP addresses or IP address ranges of the internal network. CSG will take emails sent to the IP addresses listed here as Inbound.

1 In LAN IP Ranges or Addresses, enter an IP address range or specific addresses. Use commas to separate multiple entries.Examples

IP address range: 10.1.1.2-11.2.3.4

Specific addresses: 210.1.2.3, 210.13.22.123

2 In Domains, enter domain name (for example, cpsecure.com) here. Use commas to separate multiple entries.


Set the System TimeSetting the correct system time and time zone ensures that the date and time recorded in the CSG logs are accurate.

1 Set the system time either by:■ Entering a Network Time Protocol (NTP) server. A list of public

NTP servers is available at http://ntp.isc.org/bin/view/Servers/WebHome.

■ Manually entering the date and time

2 In Time Zone, select the time zone for the country where CSG is installed.

3 Click Next.


Enable Scanning of Network ServicesOn this wizard page, select which network services you want to scan for malware, set the primary and secondary scan actions, and configure the maximum file size to scan.

1 In Services to Scan, select the check boxes for the services that you want CSG to scan. Options include:■ SMTP■ POP3■ IMAP■ FTP■ HTTP■ HTTPS

To enhance performance, you may disable scanning of any protocols that will not likely be used. For an optimum balance between security and performance, enable scanning only of the most commonly used services on your network. For example, you can enable scanning of POP3, SMTP, FTP and HTTP traffic, but not IMAP and HTTPS (if these last two services are not often used).

2 In Scan Action, set a primary (default) action that you want CSG to perform when it detects a threat, and then set a secondary action, in case the first action fails.

To ensure proper handling of malicious content, set a primary and a secondary action for each service for which you enable scanning.

3 In Scan Exception, set the maximum file size that CSG will scan. CSG 300 and above models can files of up to 512,000KB (512MB) size, while CSG 100 has a 10MB limit.

Setting the maximum file size to a high value may affect CSG's performance. CP Secure recommends setting this value to 3,072KB (default), based on the average size of infected files.



Setting the Notification ServerOn the Email Notification Settings page, specify the SMTP server that CSG will use to send out alerts, logs, and reports.

1 In Specify a mail sender, type that name that you want to appear in the notification email as sender. For example, you can type 'CSG Notification'.

2 In SMTP server, type the SMTP server host name or IP address. CSG will send notification emails via this SMTP server.

If the SMTP server requires authentication, select the This server requires authentication check box, and then enter the user name and password.

3 In Specify mail recipients, type the email addresses to which you want to send administrator notifications. For example, you can enter the mailing list for all administrators in your organization, or enter their individual email addresses. Use commas to separate multiple entries.


Configure the Update SettingsCSG has three main components, which include pattern file, scan engine, and software. To ensure up-to-date protection against malware, CP Secure recommends performing updates regularly.

1 To download component updates from the default CP Secure update server, select Default update server. If you choose to update through the default update server, the system will check for updates at the specified interval.However, if for some reason connecting to the default update server is inapplicable, you have the option to specify a different update server. Contact the CP Secure Support team if you need an alternative update server.

2 Under Frequency, define a schedule when CSG will check the update server for updated components. Update frequency can be weekly, daily, or any of the preconfigured time intervals.

3 If the computers on the network connect to the Internet through an HTTPS proxy server, enter the IP address and port number of the


proxy server. If a firewall is installed in the local network, verify that Internet access is allowed via port 443.

If the proxy server requires authentication, enter a user name and password.


Configure the Web Interface SecurityOn the Security Configuration page, you can specify the maximum idle time after which CSG will automatically log you off the Web interface. You can also specify the IP addresses that will be allowed to access the Web interface.

1 In Web Interface Timeout, enter the number of seconds of inactivity after which CSG will automatically log off the user. Default is 600 seconds (10 minutes).

2 Under Access Control List, specify the IP addresses that you want to allow access to the Web interface. If you do not specify any IP address, any computer that is connected to CSG will be able to connect to the Web interface.


Confirm the ChangesTo confirm and apply the CSG settings that you have configured, click Submit and Reboot. CSG will reboot to apply the updated settings.

To modify the settings, click Back.

Verifying the CSG InstallationCP Secure recommends that you test the CSG before deploying it in a live production environment. The following instructions walk you through a couple of quick tests designed to ensure that your CSG is functioning correctly.

Testing Connectivity■ If your computers access the Internet through a LAN, try pinging a

URL.

34 Verifying the CSG Installation

■ If your computers do not access the Internet through a LAN, try pinging the IP address of a machine located on the opposite side of the CSG.

Testing HTTP ScanningIf your client computers have direct access to the Internet through your LAN, try to download the eicar.com test file from http://www.eicar.org/download/eicar.com.

The eicar.com test file is a legitimate DOS program and is safe to use because it is not a malware and does not include any fragments of malware code. The test file is provided by EICAR, an organization which unites efforts against computer crime, fraud, and misuse of computers or networks.

1 Log on to the CSG interface, and then verify that HTTP scanning is enabled. For instructions, see Enabling Scanning of Services on page 40 and Configuring Web Scan on page 54.

2 Check the downloaded file and note the attached malware information file.

Choosing a Location for CSGCSG is suitable for use in an office environment where it can be free-standing or mounted in a standard 19-inch equipment rack. Alternatively, you can rack-mount CSG in a wiring closet or equipment room. A mounting kit, containing two mounting brackets and four screws, is provided in the CSG package.

When deciding where to position CSG, ensure that:

■ It is accessible and cables can be connected easily.■ Cabling is away from sources of electrical noise. These include lift

shafts, microwave ovens, and air conditioning units. Electromagnetic fields can interfere with the signals on copper cabling and introduce errors, therefore slowing down your network.

■ Water or moisture cannot enter the case of the unit.■ Airflow around the unit and through the vents in the side of the

case is not restricted (CP Secure recommends that you provide a minimum of 25 mm or 1 in. clearance).

Choosing a Location for CSG 35

■ The air is as free of dust as possible.■ Temperature operating limits are not likely to be exceeded. It is

recommended that the unit be installed in a clean, air-conditioned environment.

Using the Rack Mounting KitCP Secure provides a rack mounting kit for ease of storage. Before mounting CSG in a rack, verify that:

■ You have the correct screws (supplied with the installation kit)■ The rack onto which you will mount CSG is suitably located. Refer to

Choosing a Location for CSG on page 35 for tips on how to position CSG.

■ You have already completed preconfiguration. See Performing Preconfiguration starting on page 19 for more information.

To rack-mount CSG1 Attach the rack ear to the device through the smaller-size screw holes. See

Figure 18.

2 When both rack ears are securely attached to the device, mount it onto the brackets using the screws supplied in the installation kit.

Figure 18 Using the Rack Mounting Kit

36 Using the Rack Mounting Kit

Installing the Optional Bypass CardCSG 1500 supports the installation of a bypass card (optional) to provide failopen or LAN bypass capability. In the event that CSG encounters a software or hardware failure, it will continue to pass traffic if the bypass card is installed.

Install the bypass card as shown in to ensure uninterrupted traffic flow.

Figure 19 Installing the Bypass Card

Installing the Optional Bypass Card 37

38 Installing the Optional Bypass Card

4
CONFIGURING THE SCAN AND UPDATE SETTINGS
This chapter provides information on how to configure CSG’s settings using the Web interface. Topics discussed include:

■ Default Settings■ Enabling Scanning of Services■ Configuring Email Scan■ Protecting Against Spam■ Configuring SMTP Outbound Scan■ Configuring Web Scan■ Filtering Network Traffic Using Websense Enterprise■ Configuring HTTPS Scan■ Configuring FTP Scan■ Managing Quarantined Files

Default SettingsTable 3 lists CSG’s default scan and update settings. Before configuring CSG, check this table and see if the default settings already meet your desired security configuration. Table 3 CSG Default Settings

Feature Default Setting Default Actions

Web Scan Enabled Primary: Delete fileSecondary: Delete file

POP3 Scan Enabled Primary: Delete attachmentSecondary: Delete attachment

SMTP Scan Enabled Primary: Block infected attachmentSecondary: Delete attachment

FTP Scan Disabled

HTTPS Scan Disabled

Enabling Scanning of ServicesThe Services page allows you to enable and disable scanning of supported network services (protocols), set the primary and secondary scan actions, and configure the maximum file size to scan.

To enable scanning of services1 On the menu, click Services. The Services page appears, as shown in Figure

20.

Figure 20 Services Page

2 In Services to Scan, select the check boxes for the services that you want CSG to scan. Options include:

■ SMTP■ POP3■ IMAP■ FTP■ HTTP■ HTTPS

IMAP Scan Disabled

Update Enabled Check the default CP Secure update server every 15 minutes for updated components

Table 3 CSG Default Settings

Feature Default Setting Default Actions

40 Enabling Scanning of Services

Scanning all protocols enhances network security, but it may affect the performance of CSG. For an optimum balance between security and performance, enable scanning only of the most commonly used services on your network. For example, you can scan POP3, SMTP, FTP and HTTP, but not IMAP and HTTPS (if these last two services are not often used).

3 In Scan Action, set a primary (default) action that you want CSG to perform when it detects a threat, and then set a secondary action, in case the first action fails.

To ensure proper handling of malicious content, set a primary and a secondary action for each service.

4 In Scan Exception, set the maximum file size that CSG will scan. CSG 300 and above models can files of up to 512,000KB (512MB) size, while CSG 100 has a 10MB limit.

Setting the maximum file size to a high value may affect CSG's performance. CP Secure recommends setting this value to 3,072KB (default), based on the average size of infected files.

5 Click Save Changes.

Configuring Email ScanCSG can quarantine, delete, clean or audit infected emails or attachments. Simply select the action you wish to take from the drop down menu. If you set the primary action to Clean, make sure you set a different secondary action to ensure proper handling of the infected file (in case it cannot be cleaned).

Additional options for email scan include:

■ Notification Settings■ Content FilteringBefore configuring the scan options for your network services, make sure you enable scanning of the particular service. For instructions on how to enable scanning of services, refer to Enabling Scanning of Services on page 40.

If SMTP outbound scan is disabled, CSG will apply the same scan policies for both inbound and outbound mails. To learn more about setting a different set of scan policies for outbound mail, refer to Configuring SMTP Outbound Scan on page 51.

Configuring Email Scan 41

Email Notification SettingsTo configure the notification options for email scan, click Email Scan > Notification Settings on the menu.

Figure 21 Email Notification Settings

Insert Comment to Subject Line (SMTP)You may insert a tag at the beginning of the email subject line as notification. The tag is customizable, for example, [Malware Infected].

Append Safe Stamp to Messages (SMTP & POP3)When there is no malware detected in the mail, you have an option to append safe stamp at the end of a message. The safe stamp insertion serves as a security confirmation to the mail recipient. The message is customizable.

Replace Infected AttachmentIf the attachment in the mail is infected, CSG will either delete or quarantine the attachment depending on the setting you have configured in Content Filtering. You may insert a warning message to inform the mail recipient about the malware, as well as actions that CSG has taken. The message is customizable; make sure to keep the %VIRUSINFO% mark as this is the place where the CSG inserts malware information.

For example:

This attachment contains malware: File 1.exe contains malware EICAR.

42 Configuring Email Scan

Action: Delete

Send Warning Email When Malware Is FoundIn addition to inserting an alert to the message, CSG may send out an email either to the sender, recipient, or both as notification. The subject and message body are customizable. Make sure to keep the %VIRUSINFO% tag so that the malware info will be inserted automatically.

Email Content FilteringCSG provides several options to filter out unwanted content in the email. You can filter mails based on keywords in the subject, file extension, and file name. You can also set an action to perform on emails with password-protected attachments.

Figure 22 Email Content Filtering Page

Keyword in the SubjectEnter the keywords to filter when they appear on the email subject line. Use commas to separate different keywords. And then, select the actions for SMTP and POP3 protocols. Available filtering actions include:

■ Quarantine email■ Block email■ No action (default)

Configuring Email Scan 43

Password-protected AttachmentsSelect the actions to take for the SMTP, IMAP and POP3 protocols when a password-protected file is attached to an email. Currently, CSG supports blocking of password-protected ZIP and RAR files.

For SMTP, select an action the take on password protected attachments. Available actions include Block attachment, Quarantine attachment, Block email, Quarantine email, or No action.

For IMAP and POP3, select either Block attachment or No action.

File ExtensionEnter the file extensions that you want CSG to filter. Use commas to separate multiple entries.

For SMTP, select an action to take on the listed file extensions. Available options include Block attachment, Quarantine attachment, Block email, Quarantine email, and No action.


File NameEnter the file names that you want CSG to filter (for example, netsky.exe). Use commas to separate multiple entries.

For SMTP, select an action to take on the listed file names. Available options include Block attachment, Quarantine attachment, Block email, Quarantine email, and No action.


Protecting Against SpamCSG integrates multiple anti-spam technologies to provide comprehensive protection against unwanted mail. You can enable all or a combination of these anti-spam technologies. CSG implements these spam prevention technologies in the following order:

1 Whitelist

2 Blacklist

3 Real-time blacklist

4 Greylist

5 Heuristic scanning

44 Protecting Against Spam

This order of implementation ensures the optimum balance between spam prevention and system performance. For example, if a mail is originating from a whitelisted source, CSG will deliver the mail immediately to its destination inbox without implementing the other spam prevention technologies, thereby speeding up mail delivery and conserving CSG system resources.

You can configure these anti-spam options in conjunction with content filtering to optimize blocking of unwanted mails.

Setting Up the Whitelist and BlacklistYou can define mails that will be accepted or blocked based on the originating IP address, domain, and email address by setting up the whitelist and blacklist.

The whitelist ensures that mail from listed (trusted) sources are not mistakenly tagged as spam. Mails from these sources are delivered to their destinations immediately, without being scanned. This can help speed up the system and network performance. The blacklist, on the other hand, lists sources from which mails will be blocked.

The whitelist takes precedence over the blacklist, which means that if an email source is on both the blacklist and the whitelist, the email will not be scanned.

Figure 23 Whitelist/Blacklist Page

Protecting Against Spam 45

To define the whitelist1 On the menu, click Anti-Spam > Whitelist/Blacklist.

2 Under the Whitelist column, enter the IP address (or IP address range), domain name, or email address that you want set as a trusted source.

Examples:

IP address/IP address range: 10.1.1.5 or 10.1.2.3-35

Domain name: cpsecure.com

Email address: [email protected]


To define the blacklist1 Under the Blacklist column, enter the IP address (or IP address range),

domain name, or email address that you want set as a blocked source.


Configuring the Real-time BlacklistBlacklist providers are organizations that collect IP addresses of verified open SMTP relays that may be used by spammers as media for sending spam. These known spam relays are compiled by blacklist providers and are made available to the public in the form of real-time blacklists (RBLs). By accessing these RBLs, CSG can block spam originating from listed mail sources.

By default, CSG comes with four pre-defined RBLs, including Ordb, Dsbl, Spamhaus and Spamcop. There is no limit to the number of blacklist providers that you can add to the RBL sources.


Figure 24 Real-time Blacklist Page

To enable the real-time blacklist1 On the menu, click Anti-Spam > RBL.

2 Select the Enable Real-time Blacklist check box.


To add a new RBL provider1 In the New section of the Real-time Blacklist page, type the name of

the RBL provider under the Provider column.

2 Under RBL Domain Suffix, type the domain name from which CSG will retrieve the real-time blacklist.

3 Click Add. The message Configuration saved appears.

To delete an RBL provider1 Select the Active check box for the provider that you want to delete.

2 Click Delete on the same row as the provider name that you want to delete. A confirmation message appears.

3 Click OK. The message Configuration saved appears.

Configuring the GreylistGreylist is a new and effective method of blocking significant amounts of spam based on the behavior of the mail sending server, rather than the content of the messages. The methodology for greylisting is simple


- it looks at three pieces of information (also known as ‘triplet’) in every mail delivery attempt:

■ IP address of sending mail server■ Email address of sender■ Email address of recipientBased on these three factors, a mail ‘relationship’ can be defined to form the following rule — If the triplet was never seen before, then refuse the mail delivery and any related ones that arrive at the mail server within a certain period of time with a temporary failure.

As SMTP is considered an unreliable transport, the possibility of a failure delivery attempt is built into the specification. As such, if given an appropriate failure code (for example, 451 code or temporary failure), any well-behaved message transfer agent (MTA) should attempt to redeliver the message after a certain period of time. Spammers, on the other hand, do not normally resend spam to addresses from which they receive failure code.

Figure 25 Greylisting Page

To configure the greylist1 On the menu, click Anti-Spam > Greylist.

2 Select the Enable Greylist check box.

3 Configure the following greylist settings:

■ Initial delay for untrusted senders (in minutes) - If CSG processes a mail from an unknown or untrusted source, it will temporarily block


the mail for the number of minutes you specify here and send a 451 error notification (temporary failure) to the sending mail server. If the message is coming from a valid mail source, the message transfer agent (MTA) of the sending mail server will attempt to resend the same mail message. The next time CSG receives the same mail from the same mail server, it will deliver the mail to its destination and temporarily add the sending mail server to its trusted list.Use Initial delay for untrusted senders and Length of time during which resend attempts will be accepted to define the start and end times (respectively) during which CSG will accept resend attempts from the same mail server.

■ Length of time during which resend attempts will be accepted (in hours) – Maximum number of hours during which CSG will accept resend attempts for a mail that was temporarily blocked. For example, if you set this to 25 hours and the sending mail server resends a mail (that was initially blocked) after 4 hours, CSG will accept the mail and deliver it to its destination inbox. However, if the sending mail server resends the mail after 28 hours, CSG will reapply the ‘initial delay rule’ and resend a 451 error notification (temporary failure) to the sending mail server.

■ Length of time to remember trusted senders (in days) – Maximum number of days during which a sending mail server will be retained in the trusted list. During this period, mails from a sending mail server in the trusted list will be accepted. After this period, CSG will reapply the ‘initial delay’ rule and temporarily block mails from the sending mail server again.

4 To turn off the greylist during peak hours, select the Automatically turn off greylist for peak hours check box, and then define the peak hours for the network.


Configuring Heuristic Scanning When heuristic scanning is enabled, CSG automatically analyzes keywords in the mail content and assigns a spam score. The spam score defines whether or not a message will be tagged as spam. Any email that exceeds the specified spam score threshold will be tagged as spam


and CSG will either quarantine the mail or append a spam tag (customizable) in the mail subject.

Figure 26 Heuristic Scanning Page

To configure heuristic scanning1 On the menu, click Anti-Spam > Heuristic Scanning.

2 Select the Enable Heuristic Spam Detection check box.

3 In Spam, set the score threshold that needs to be exceeded for mail to be considered spam. Score threshold can range between 0.01 to 100 (default is 5). Note that setting the threshold to a low value could result in false positives (legitimate mails that are tagged as spam). Setting it to a high value, on the other hand, could result in spam not being correctly filtered.

4 In Action, select an action that you want CSG to perform on mails that exceed the spam threshold. You can either:

■ Quarantine spam mail■ Tag email subjectIf you select Tag email subject, you accept or customize the spam tag that is appended in the email subject (default is [SPAM]).

5 Click Save Changes. The message Configuration saved appears.

You have completed configuring heuristic scanning.


Configuring SMTP Outbound ScanIf you want to enforce a different set of policies on all outgoing emails, you can enable SMTP outbound scan on the Services page (see Enabling Scanning of Services on page 40).

SMTP Outbound Scan SettingsInstead of applying the same policy for both inbound and outbound mail, you can set up a different policy to accelerate outbound mail delivery. By doing this, you also ensure that mails sent out from the network are malware-free.

To configure the SMTP outbound scan settings, click SMTP Outbound Scan > Settings. Be sure to select the Use Different Policy for Outbound Email check box to activate this feature.

Figure 27 SMTP Outbound Scan Settings Page

Scan ActionBy assigning an action here, CSG is able to quarantine, block, delete, or log the infected mail/attachment. If you set the primary action to Clean, make sure you set a secondary action to ensure proper handling of infected files, in case they cannot be cleaned.

Insert Warning in Email Subject (SMTP)This allows you to insert a tag at the beginning of the email subject line for notification purposes. The tag is customizable, for example, [Malware Infected].

Configuring SMTP Outbound Scan 51

Send Warning Email When Malware is FoundIn addition to adding an alert to the message, the CSG may send out an email either to the sender, recipient, or to both as notification. The subject and message body are customizable. Make sure to keep the %VIRUSINFO% tag so that the malware info will be inserted automatically.

DisclaimerA disclaimer is a statement to protect the person/entity sending the email from any legal liability in the event of any mishaps due to using the object or information the object is attached to.

When selected, the disclaimer appears at the end of any mail delivered. The message is customizable.

SMTP Outbound Content FilteringContent filtering for SMTP outbound mail can be implemented using a variety of filtering options. You can filter:

■ Keywords in subject■ Password-protected attachments■ File type■ File nameTo access the page where you can configure the SMTP outbound content filtering settings, click SMTP Outbound Scan > Content Filtering.

Figure 28 SMTP Outbound Content Filtering Settings Page

52 Configuring SMTP Outbound Scan

To filter keywords in subjectEnter the keywords to filter when they appear in the email subject line. Use commas to separate different keywords. Select the action that CSG will perform on mails that contain the specified keywords. You can select any of the following actions:

■ Quarantine email■ Block email■ No action (default)

To filter password-protected attachmentsSelect the action to take when a password-protected file is attached to an email. You can select any of the following actions:

■ Block attachment■ Quarantine attachment■ Block email■ Quarantine email■ No action (default)

To filter by file typeEnter the file extensions for the CSG to filter. Use commas to separate multiple entries. For SMTP, you can select any of the following actions:


To filter by file nameEnter the file names that you want CSG to filter. To block the Netsky worm (which normally arrives as netsky.exe) for example, enter netsky.exe. Use commas to separate multiple entries.

And then, select an action that you want CSG to perform. For SMTP, you can select any of the following actions:


Configuring SMTP Outbound Scan 53

Configuring Web ScanCSG can also scan Web or HTTP traffic for malicious content and perform the specified action, including Quarantine File, Delete File, Clean or Audit. If you select Clean as the primary scan action, select a secondary action to ensure proper handling of the file, in case cleaning fails.

You can enable Web scan from the services page and set the primary and secondary actions. For instructions on how to enable scanning of services, refer to Enabling Scanning of Services on page 40.

To configure additional Web scan settings, click Web Scan > Web Filter.

Configuring Web FilteringTo configure Web filtering, click Web Scan > Web Filtering.

Figure 29 Web Filtering Settings

Bypass Scanning of HTML FilesWhen the Bypass Scanning of HTML Files check box is selected, the CSG will not scan the content in the HTML file, which will speed up data delivery. When this option is checked, images, Javascript and other files linked by the HTML document will still be scanned.

Block File by ExtensionSelect this check box to block certain file extensions (for example, .exe, .com, etc.) Enter the file extension in the box, and use commas to separate different file extensions. Alternatively, select file types from the drop-down

54 Configuring Web Scan

menu, and then click Add Now to block certain categories of file formats.

Enable URL BlockingCSG will block access to the sites listed here. To add URLs to the URL Access Control List:

1 Select the Enable URL Blocking check box to enable the block list.

2 Enter the URL of the site into the Add URL field, and then click Add. Remember to save changes after completion.

In addition to manually entering URLs one at a time, you may import and export the list. Please note that the file to be imported should be in .txt format, and should be in the format shown below. List only one URL per line. Use Notepad or any other text viewer to open the exported file.

Replace the Content of Blocked Pages with the Following TextWhen the CSG detects a malware, rather than getting a standard access forbidden prompt, you have an option to customize the warning text. The malware name will be included between the two % marks. Make sure you keep the %VIRUSINFO% tag while composing the message to automatically include information about the detected malware.

Filtering Network Traffic Using Websense EnterpriseThe Websense Enterprise software application filters network traffic to the Internet to enhance Web security and Internet browsing efficiency. Based on an extensive URL database and an established security lab, Websense Enterprise allows users to block connections to selected Web sites and deter exposure to Web-based threats.

Filtering Network Traffic Using Websense Enterprise 55

How Websense Enterprise Works with the CSGIn addition to the existing Web filtering feature, Websense Enterprise complements the CSG for a comprehensive Web security solution. The following steps illustrate how Websense Enterprise works with the CSG:

1 The CSG receives an HTTP request.

2 The CSG analyzes the URL. If the URL is already listed in the CSG blacklist, the CSG blocks the request.

■ If the URL is not listed in the CSG blacklist, the CSG sends a request to Websense Enterprise based on the analysis results and IP address.

■ If Websense Enterprise returns a positive result, the CSG sends the HTTP request to the target server.

■ If the Web site is blocked in Websense Enterprise, the CSG sends a redirect link received from Websense Enterprise to the request host.

Installing Websense EnterpriseWebsense Enterprise version 6.1.x operates on Windows 2000/2003 Server, Solaris 9 and 10, Red Hat Linux 9, and Red Hat Enterprise 3 and 4. See the Websense Enterprise Deployment Guide for more details.

You can download the installation files from the Websense Web site or launch it from the Websense Installation CD.

To install Websense Enterprise1 Configure the server where Websense will be installed. You will need a

subscription key from Websense to download the Websense Master Database. This database can be added later, after all other Websense Enterprise components are fully installed.

2 Insert the Windows Enterprise Installation CD and run Websense61Setup or visit http://www.websense.com and navigate to the Downloads page.

If you are downloading the product, select Websense Enterprise and Client Policy Manager. When you are prompted to select an integration, choose the CP Secure Edition.

3 Accept the default location to unzip the installation files, or browse to a different location.

4 Click Extract to unzip the installation files. Websense Setup opens automatically. Follow the prompts.

56 Filtering Network Traffic Using Websense Enterprise

5 When prompted, choose Integrated, and then choose Universal Websense Installation.

For more information, refer to the Websense Enterprise Installation Guide for use with Universal Integrations and the Websense Enterprise Deployment Guide.

6 Reboot when the installation is complete.

Enabling URL Filtering Using Websense Enterprise

To enable Websense1 Log on to the CSG Web interface, and then go to Web Protection >

Websense. The Websense page appears, as shown in Figure 30.

Figure 30 Websense Page

2 Select the Enable URL filtering using Websense Enterprise check box.

3 In Websense Enterprise server IP address, type the IP address of the server on which Websense Enterprise is installed.

4 In Websense Enterprise server port, type the Websense communication port that you specified during installation. If you installed Websense Enterprise with the default communication port, type 15868 for the port number.

5 Under If Websense Enterprise server is unavailable, select one filtering option for use when the Websense server is unavailable. You can select either:

Filtering Network Traffic Using Websense Enterprise 57

■ Allow Web traffic without filtering, or ■ Block all Web traffic until it is available again

If you select Block all Web traffic until it is available again, users on your network will be unable to reach any HTTP site whenever the Websense Enterprise server is unavailable. CSG's default setting is Allow Web traffic without filtering.

6 Specify a time interval at which the CSG should attempt to reconnect to the Websense server.


Websense Logs and ReportsWebsense Enterprise has its own log system that is separate from CSG logs. Websense Enterprise reporting tools are required for creating and viewing the Websense logs.

Websense reporting tools should be installed after Websense Enterprise, on a different Windows machine. Either Microsoft SQL Server 2000 or Microsoft SQL Server Desktop Engine 2000 must already be installed on the network. For high-volume sites, Microsoft SQL Server is typically installed on a machine that is different from the machine where the reporting tools are located.

One component, Websense Enterprise Explorer for UNIX, can be run on Solaris and Linux systems and requires MySQL version 4.0.1 or 4.1. Refer to the following Websense documents for more information about setting up and using the Websense reporting tools:

■ Websense Enterprise Deployment Guide■ Websense Enterprise Reporting Installation Guide■ Websense Enterprise Reporting User Guide■ Websense Enterprise Reporting Administrator's Guide

Configuring HTTPS ScanHTTPS is a secure version of HTTP used by Web sites for handling secure transactions. Please refer to Appendix A for more information about HTTPS's features and functionality.

58 Configuring HTTPS Scan

When a CSG (with HTTPS scanning enabled) is located between the client and the server, the CSG breaks the SSL connection into two parts.

1 Client <-> CSG

2 CSG <-> Server

When the client makes a request, the CSG will communicate with the server on its behalf. The server then returns a certificate to the CSG for authentication. Next the CSG will pass a certificate of its own to the client in place of the server's certificate, which means the client will see the CSG certificate rather than the one from the server. The client also has the option to decide whether or not to accept the CSG certificate.

Due to the nature of HTTPS scanning and how the certificates are handled, the end user will see Security Alerts in their web browser as shown in the following figure. This is because the client (browser) will get a certificate from the CSG instead of directly from the server.

During SSL authentication, the client authenticates three items:

■ Is the certificate trusted?■ Is the certificate expired?■ Does the name on the certificate match that of the Web site?If any of these is NOT satisfied, a security alert prompts in the browser window.

If HTTPS scan is enabled, an alert message appears when a user connected to CSG visits an HTTPS site. Note that this is not a bug in the CSG; it is a result of HTTPS scanning and the way SSL works.

If client authentication is required, the CSG might not be able to scan the HTTPS traffic in some cases due to the nature of SSL. SSL has two parts, client and server authentication. Server authentication occurs with every HTTPS request, but Client authentication is NOT mandatory, and rarely occurs. As a result, whether the request is from the CSG or the real client is of less importance.

However, certain HTTPS servers do require client certificate authentication for every HTTPS request. By the design of SSL, the client needs to present its own certificate rather than using the one from the CSG. The HTTPS scanning process will be affected due to this reason.

Configuring HTTPS Scan 59

HTTPS Scan SettingsTo configure the HTTPS scan settings, click HTTPS Scan > Settings.

Figure 31 HTTPS Settings Page

Allow the Following Security Exceptions for Trusted CertificatesIn addition to the trusted certificates, you have an option to grant access to the certificates that do not meet the three main criteria of SSL. Normally if the certificate does not satisfy all three points required, the connection will be rejected with an alert message in the browser window.

Show This Message When an SSL Connection Attempt FailsA notification will be sent when connection to a Web site failed. This message can be customized. Be sure to keep the %URL% (URL of the rejected site) and %REASON% (explanation about the connection failure) strings in the message.

Bypass Scanning of the Following HostsThe CSG will bypass the scanning and certificate authentication of the sites listed in the Bypass Scanning of the Following Hosts section. The certificate will be sent directly to the client for authentication, which means that the user will not get a security alert for sites listed.

Please note that certain sites contain elements from different HTTPS hosts. For example, if https://example.com contains HTTPS elements from:

■ secureserver1.example.com■ secureserver2.example.com


■ imageserver.example.com You must add the above-mentioned sites to the hostlist in order to completely bypass the scanning of https://example.com. This is because different files from these three hosts are also downloaded when the user attempts to access the HTTPS page “My Page”.

To add hosts to the Host Access Control List1 Check the box that says Bypass scanning of the following Hosts to

enable the bypass list.

2 Enter the host name (not the URL) of the server into the Add Host field, and then click Add. Remember to save your changes after you are finished adding hosts.

In addition to manually entering host names and IP addresses one at a time, you may import and export the list. Please note that the files to be imported should be in .txt format, and both of the IP addresses and host names are required. Use Notepad to open the exported file.

Using an HTTPS CertificateBefore enabling HTTPS scanning, you may specify which certificate to be used by the CSG to handle HTTPS requests. By default, a certificate issued by CP Secure is used. Click Import to import certificates of your choice. A password is required for some certificates.

Please note that the newly imported certificate will overwrite the existing certificate.

Managing CertificatesTo manage the security certificates that you use with CSG, click

Configuring HTTPS Scan 61

Figure 32

Import New CertificateTo import a new certificate, click Browse, select the certificate file, and then click Open. The certificate appears in the list of trusted certificates.

Trusted CertificatesTo avoid receiving a warning prompt when visiting a site whose certificate is not trusted, you may add the certificate issuer or root CA to the trusted list.

Exceptions - Untrusted Certificates But Granted AccessWhen visiting a certificate-not-validated site and proceeding to download the Web page, the site will be automatically listed in the Exceptions section under the Certificates Management page of the CSG Web UI. After they are added to the Exception list, you will have an option to add it to the CSG's trusted list.

Trusted Hosts

Trusted CertificatesTo avoid receiving a warning prompt when visiting a site whose certificate is not trusted, you may add the certificate issuer or root CA to the trusted list.


ExceptionsWhen visiting a certificate-not-validated site and proceeding to download the Web page, the site will be automatically listed in the Exceptions section under the Certificates Management page of the CSG Web UI. After they are added to the Exception list, you will have an option to add it to the CSG's trusted list.

Configuring FTP Scan

Malware ActionBy assigning an action here, the CSG is able to Quarantine, Delete, Clean or Audit the infected file. If you select Clean as the primary action, choose a secondary action to ensure proper malware handling in case cleaning fails.

Block File by ExtensionEnable this feature to block certain file extensions, for example .exe, .com, etc. Enter the file extension in the box, and use comma to separate different file extensions.

Managing Quarantined Files

Query TypeSelect the type of quarantined file you want to review from the drop-down menu. Next, enter your search criteria under the Search Criteria section. The more data entered, the easier it is for the CSG to locate the file desired. If no information is provided, CSG will display all of the queries.

MalwareQuarantined malware are kept here. Information such as time of mail recipient, malware name, source and destination IP, and file size are displayed. For emails, it is possible to have either the entire email or just the infected attachment quarantined.

Configuring FTP Scan 63

SpamSpam detected by the CSG is kept under this area. There is a column to show the spam score so that the administrator knows why the mail is defined as a spam. The score number can be modified at Anti-Spam > Heuristic Scanning.

Configuring UpdatesThe CSG has three main components, which include pattern file, scan engine, and software. To ensure up-to-date protection against malware, CP Secure recommends performing updates regularly.

Figure 33 Update Settings Page

Configuring Scheduled UpdatesEnabling scheduled updates ensures that your CSG device automatically gets the latest components from the CP Secure update server.

To configure schedule updates1 On the menu, click Update/Registration > Update Settings.

2 In Update From, select an update source. The default update source is CP Secure’s update server. If CP Secure or its authorized reseller provided you with an alternative update source, or if you have set up an update source on the intranet, you can also specify this source by selecting Connect to another update server, and then entering the IP address or host name.

64 Configuring Updates

3 In Update Frequency, specify how often you want CSG to check for and download updates from the update source. You can choose Weekly, Daily, or Hourly.

4 If computers on the network connect to the Internet via a proxy server, select the Use HTTPS Proxy Server check box, and then enter the proxy server information and, if applicable, a user name and password.

If a firewall is installed on the local network, make sure port 443 can access the Internet.


Performing an Offline UpdateFor those with online update security concerns, offline update is another option. First, download the update files from the CP Secure Web site, and then save them to a removable storage device. In the Offline Update section, click Browse to choose the update files, and then click Update.

Performing a Manual UpdateIf you want to immediately check for and download available updates, you can perform a manual update. To do this, click Update Now on the Update Settings page.

Configuring Updates 65

66 Configuring Updates

5
CONFIGURING THE SYSTEM SETTINGS
This chapter provides information on how to configure CSG’s system settings, including its network settings, time configuration, etc. Topics include:

■ Configuring Network Settings■ Defining Internal Domains■ Defining Trusted Sites■ Managing User Accounts

To configure these settings, click Global Settings on the menu, and then click the related submenu.

Configuring Network SettingsIn production environments, separating traffic ensures that critical administration operations (like starting and stopping servers, changing a server's configuration, and deploying applications) do not compete with high-volume application traffic on the same network connection.

NIC GroupingCP Secure provides two options to set up Network Interface Card (NIC):

■ All bridged: Any port can access client connection, which means you may access the web console when you plug in any port on the CSG appliance.

■ Use the LAN/DMZ port as administration port: Select this option to assign a dedicated port as the only port from which the CSG Web interface can be accessed. Please note that once this is set, the admin port can only be used for management and this port will act as an end node on the network rather than a transparent bridge. Please use the remaining ports on the CSG to scan regular traffic for malware.

NIC Operation ModeFor other devices connected to the CSG (such as a firewall or a switch), you now have an option to manually change the duplex settings. This feature will allow CSG to integrate with other devices seamlessly. CSG's default setting is Auto.

For example, if the firewall is connected to LAN-1 on the CSG with the 10M/s connection setting, you may go to CSG Web interface and make the changes. Go to Global Settings > Network Settings. Under NIC Operating Mode, change the duplex setting for LAN-1.

Customized MTU SettingsThe maximum transmission unit (MTU) is the largest physical packet size that a network can transmit. Packets that are larger than the MTU value will be divided into smaller packets before they are sent, an action that will prolong the transmission process.

Most networks have an MTU value of 1500. CP Secure recommends synchronizing CSG's MTU setting with that of your network to prevent delays in transmission.

Defining Internal DomainsYou can apply different scan policies for incoming and outgoing mails. CSG will take emails sent to the IP addresses listed here as Inbound.

To define the internal domains1 On the menu, click Global Settings > Internal Domains.

2 In LAN IP Ranges or Addresses, enter an IP address range or specific addresses. Use commas to separate multiple entries.

Examples

IP address range: 10.1.1.2-11.2.3.4

Specific addresses: 210.1.2.3, 210.13.22.123

3 In Domains, enter domain name (for example, cpsecure.com) here. Use commas to separate multiple entries.


68 Defining Internal Domains

Setting the System TimeSetting the correct system time and time zone ensures that the date and time recorded in the CSG logs are accurate.

You need to reboot CSG for the updated system time settings to take effect.

To set the system time1 On the menu, click Global Settings > System Time.

2 Set the system time either by:

■ Entering a Network Time Protocol (NTP) server. A list of public NTP server is available at http://ntp.isc.org/bin/view/Servers/WebHome.

■ Manually entering the date and time

3 In Time Zone, select the time zone for the country where CSG is installed.

4 Click Save Changes. A reboot confirmation appears.

5 Click OK.

Defining Trusted SitesTo enhance system performance, you may add trusted hosts or connections to this list. CSG will no longer scan these connections based on the specified hosts or ports.

To define trusted sites1 On the menu, click Global Settings > Trusted Sites.

2 On the Trusted Sites page, add the source IP address, target IP address, and port number from which traffic will be trusted.

3 Click Add. To add another trusted site, repeat Step 2.


Managing User AccountsThe CSG allows multiple administrators to manage the system; you may manage the administrator account under this section. The CSG specifies an administrator by default and cannot be deleted.

Defining Trusted Sites 69

Individuals with different user ID and password must provide such combinations at the system login prompt.

If you want to change password only, modification can be made under this section.

To create a new account1 On the menu, click Global Settings > User Management.

2 Click Create New Account. The Create New Account page appears.

3 In User Name, assign a name to the account.

4 In Password, type a password for the account, and then retype that password in Confirm password.

5 In Privilege, assign a privilege to the user account by clicking either Administrator or Power User.

6 Click Create Now. The message New account created successfully appears on the User Management page.

7 Check the table on the page and verify that the user account that you created appears in the list.

To edit an account1 On the User Management page, click the Edit link that is on the same row

as the account that you want to edit.

2 Change either the alias or password. To change the password, you need to enter the current password, enter the new password, and then confirm.


To delete an accountOn the User Management page, click the Delete link that is on the same row as the account that you want to delete. The page refreshes and the account that you deleted disappears from the users list.

70 Managing User Accounts

6
PERFORMING ADMINISTRATIVE TASKS
This chapter provides information on other tasks that you can perform after setting up and configuring CSG. It also discusses how to register your CSG and how to obtain technical support. Topics include:

■ Registering CSG■ Backing Up and Restoring Configuration■ Restoring to Factory Defaults■ Rebooting CSG■ Running Diagnostics■ Sending Suspicious Files to CP Secure for Analysis■ Using the Online Support Facility

Registering CSGTo receive component updates and technical support, you need to register your CSG appliance. Two registration methods are available – online registration and offline registration.

Registering OnlineIf your CSG appliance has an active connection to the Internet, you can use register CSG online. You will need the registration key that is provided with your CSG appliance to register online.

To register, you need a CP Secure product registration key. You can obtain this from the reseller from which you acquired CSG.

1 On the menu, click Update/Registration > Registration.

2 In Registration key, enter the registration key that you received from your CP Secure reseller.

3 Fill out the customer information boxes. Fields marked with an asterisk (*) are required.

4 Click Register Now.

Registering OfflineOffline registration is provided as an option to customers that have set up CSG on a network that is disconnected from the Internet.

1 Contact the reseller from which you purchased CSG and request for a CP Secure product registration key.

2 Enter the information required in the Registration form, and click Export Register File. CSG will create a new file with the registration information to your local machine.

3 Attach the registration file that you exported from CSG to an email message and email to [email protected]. When CP Secure receives the registration file, the support team will generate a registration license and mail it back to you.

4 Go to the Offline Registration section, and then upload the registration license that you received.

Backing Up and Restoring Configuration

Backing Up the CSG ConfigurationClick the backup button allows CSG to make a copy of the current system configuration.

Restoring Configuration

CAUTION: Only restore settings that were backed up from the same software version. Restoring settings from a different software version can corrupt your backup file or the CSG system software.

1 Copy the backup file to the admin computer.

2 In Restore CSG Configuration, click Browse, and then select the backup file.

3 Click Restore Now.

72 Backing Up and Restoring Configuration

Restoring to Factory DefaultsYou may find options to quickly revert to the factory default settings under this page. You have to reboot the system in order to activate the new settings.

Restoring to factory defaults erases all your CSG settings. You may need to reconfigure CSG.

To restore CSG to its factory settings1 On the LCD screen on the front panel, press the Up button three times.

The prompt to enter the action mode appears.

2 Press Enter. The Reboot prompt appears.

3 Press the Up or Down button to skip the Reboot screen. The Reset Default (restore to factory defaults) screen appears.

4 Press Enter again to confirm that you want to reboot CSG.

Rebooting CSGIf you do not have the optional bypass card installed on CSG, rebooting CSG will temporarily terminate all network connections that pass through CSG. Network connection is restored as soon as the reboot and startup processes are completed, usually within a minute or two.

To reboot CSG1 On the LCD screen on the front panel, press the Up button three times.

The prompt to enter the action mode appears.

2 Press Enter. The Reboot prompt appears.

3 Press Enter again to confirm that you want to reboot CSG.

Running DiagnosticsCSG provides diagnostic tools that help you analyze traffic conditions and the status of the network. Two sets of tools are available – network diagnostic tools and traffic diagnostic tools. Network diagnostic tools provide PING and DNS lookup, while traffic diagnostic tools allow you to perform real-time, per-protocol traffic analysis between specific source and destination addresses.

Restoring to Factory Defaults 73

Using the Network Diagnostic Tools■ Use PING to check the connection between CSG and a specific IP

address. Enter the IP address or host name, and then click PING. The PING results appear at the bottom of the page.

■ To perform DNS lookup, enter the domain name, and then click DNS Lookup. The page refreshes, and then the DNS lookup results (domain name and IP addresses) appear at the bottom of the page.

Using the Traffic Diagnostic Tools1 In Protocol, select the protocols that you want to analyze. You can select a

single or a combination of protocols.

2 In Source IP address, enter the origin of traffic that you want to analyze.

3 In Destination IP address, enter the target host for which the traffic is intended.

4 Click Start.

The page refreshes, and then the traffic analysis results appear at the bottom of the page.

Sending Suspicious Files to CP Secure for AnalysisFor any undetected malware file or malicious email, you have an option to report them to CP Secure online for analysis. The file will be compressed and password protected before sending.

1 On the menu, click Support > Malware Analysis.

2 In Email address, type your email address.

3 In File location, click Browse, and then select the infected file or mail that you want to send to CP Secure for analysis.

4 In File origin or product used to quarantine, indicate where the file originated (for example, an email address if received via email) or which product or scan feature (for example, CSG or Web Scan) detected the file, if known.

5 In Description (optional), type a description for the file that you are sending (if any).

74 Sending Suspicious Files to CP Secure for Analysis

Click Submit.

Using the Online Support FacilityOne of the advanced features that CSG provides is online support through the support tunnel. With this feature, CP Secure support staff is able to analyze any difficulty you are experiencing from a remote location. Make sure that port 2222 is turned on, and you have the support key on hand.

Copy and paste the support key given to you by CP Secure into the Support key field, and then click the Connect Now button. If the status shows the tunnel status is on, CP Secure's support staff will be able to access your CSG and perform advanced diagnostics.

Using the Online Support Facility 75

76 Using the Online Support Facility

INDEX

Aabout this guide 3anti-spam 44

Bblacklist 45bypass card 37bypass HTML file scan 54

CCSG

capabilities 2choosing a location 35connections 3overview 1

Ddefault settings 39deployment scenarios 9document conventions 3documentation feedback 4

Eemail content filtering 43email disclaimer 52email notification settings 42email scan 41enabling scanning 40

Ggreylist 47

Hheuristic scanning 49HTTPS certificate 61HTTPS scan 58HyperTerminal 23

Iinfected attachment 42

LLCD screen 19

Mmanaging certificates 61manual update 65Minicom 24

Ooffline update 65online help 4online registration 71online support 75

Ppackage contents 6preconfiguration 19

LCD screen 19serial interface 22Web interface 26

Rrack mounting 36real-time blacklist 46rebooting 73registering offline 72registering online 71related documentation 4release notes 4restoring to factory defaults 73running diagnostics 73

Sscheduled updates 64serial interface 22setup wizard 30SMTP outbound scan 51stream-based scanning 1system settings

changing 20viewing 21

Ttesting connectivity 34testing HTTP scan 35

U

URL blocking 55user accounts 69

Vverifying installation 34

WWeb filtering 54Web interface 26

logging on 30setup wizard 30

Websense 55whitelist 45

78 Index

1500 with Websense Enterprise® Administrator’s Guide · with Websense Enterprise ... Table 1 and...

Documents

Transcript of 1500 with Websense Enterprise® Administrator’s Guide · with Websense Enterprise ... Table 1 and...