cWatch Web Security Administrator Guide - Comodo...Comodo cWatch Web Security – Website...

rat

Comodo cWatch Web Security

Software Version 3.0

Website Administrator GuideGuide Version 3.0.050918

Comodo Security Solutions

1255 Broad StreetClifton, NJ 07013

Comodo cWatch Web Security – Website Administrator Guide

Table of Contents

1 Introduction to Comodo cWatch Web Security....................................................................................................... 3

1.1 Purchase a License...................................................................................................................................... 4

1.2 License Types.............................................................................................................................................. 7

1.3 Login to the Admin Console.......................................................................................................................... 9

1.4 Add Websites............................................................................................................................................. 10

2 The Main Interface.............................................................................................................................................. 14

3 The Dashboard................................................................................................................................................... 17

4 Website Data and Settings.................................................................................................................................. 22

4.1 View Alerts.................................................................................................................................................. 23

4.2 Website Overview....................................................................................................................................... 24

4.3 Comodo Vulnerability Scans ...................................................................................................................... 27

4.3.1 OWASP Top 10 Vulnerability Scan...................................................................................................... 28

4.3.2 WordPress Vulnerabilities Scan.......................................................................................................... 32

4.4 Malware Scans .......................................................................................................................................... 36

4.5 Cyber Security Operation Center Results.................................................................................................... 43

4.6 Content Delivery Network Metrics............................................................................................................... 46

4.7 Configure Firewall Rules ............................................................................................................................ 52

4.8 Run Executive Scans ................................................................................................................................. 55

4.9 Website Configuration................................................................................................................................. 59

4.9.1 Configure FTP Settings ..................................................................................................................... 60

4.9.2 Configure a Website Manually for cWatch Scans................................................................................ 62

4.9.3 Domain Configuration Instructions ..................................................................................................... 64

4.9.4 SSL Configuration ............................................................................................................................. 70

4.9.5 Configure CDN Settings..................................................................................................................... 75

4.9.6 Configure WAF Settings .................................................................................................................... 79

5 The Settings Interface......................................................................................................................................... 82

6 Upgrade Licenses for Domains........................................................................................................................... 88

7 Manage Your Profile............................................................................................................................................ 90

8 Get Support........................................................................................................................................................ 93

About Comodo Security Solutions........................................................................................................................... 97

Comodo cWatch Web Security – Website Administrator Guide | © 2018 Comodo Security Solutions Inc. | All rights reserved. 2


1 Introduction to Comodo cWatch Web Security

cWatch Web Security is a cloud–based security intelligence service built for website and domain administrators to monitor and secure their web applications from various types of attacks and threats. The console allows administrators to view statistics about attacks and security related incidents which have been monitored and blockedon protected domains

• cWatch runs regular malware scans on your domains and automatically removes identified malware. The Content Delivery Network (CDN) service accelerates site performance by delivering your web content from the data center closest to your visitor.

• The service will analyze event logs from your domains in real–time to identify and block attacks based on rules managed by Comodo Cyber Security Operations Center (CSOC). It will also identify and block vulnerabilities found in the Open Web Application Security Project (OWASP) top ten list.

• You can also have log files manually analyzed by qualified technicians in the Comodo SOC team.

cWatch Web Security is available in three different service levels. More details are available in License Types.

This guide explains how to purchase cWatch licenses, how to set up the service and how to use the cWatch web console.

Guide Structure:



• Introduction to Comodo cWatch Web Security

• Purchasing a License

• License Types

• Logging–in to the Administrative Console

• Add Websites

• The Main Interface

• The Dashboard

• Website Data and Settings

• View Alerts

• Website Overview

• Comodo Vulnerability Scan Results

• Malware Scans

• Cyber Security Operation Center Results

• Content Delivery Network Metrics

• Configure Firewall Rules

• Run Executive Scans

• Website Configuration

• Configure FTP Settings

• Configure a Website Manually for cWatch Scanning

• SSL Configuration

• Configure CDN Settings

• Configure WAF Settings

• The Settings Interface

• Upgrading Licenses for Domains

• Manage Your Profile

• Getting Support

1.1 Purchase a LicenseThree types of cWatch license are available:

• Basic

• Pro

• Premium

For more details on the services offered with each, see License Types.

• You can purchase licenses at https://cwatch.comodo.com/plans.php, or from the cWatch management console after logging in at https://login.cwatch.comodo.com/login.

• Licenses are charged per–website. Sub–domains are not covered if you buy a license for a primary domain like example.com. Each sub–domain must be purchased as a separate license.

• You can add multiple license types to your account if you wish to implement different protection levels on different websites.

• You can associate websites with licenses in the cWatch interface. See Add Websites for more details.

To purchase a license:

• Choose a license type at https://cwatch.comodo.com/plans.php.. See License Types for more details about the features of each license.


https://cwatch.comodo.com/plans.php

https://login.cwatch.comodo.com/login

https://cwatch.comodo.com/plans.php


• Select the license period and enter the number of websites (domains) you want to cover with the license.



• Next, enter your details:

• If you already have a Comodo account, select 'Existing Comodo User' and enter your username and password.

• If you don't have a Comodo account, select 'New Comodo User'. Enter your email address and a password to create a new account.

• Complete the payment details section.

• Read the 'End User License/Subscriber Agreement' and tick the checkbox to agree.

• Click 'Continue'. After your order has been successfully processed, you will see the following order confirmation screen:

• Your licenses are now active. You will also receive a confirmation email with your order details.

• Existing customers should next login to their cWatch account and start registering their domains.

• New users will first need to activate their Comodo account by following the link in the account verification email.

• Register your domains:

• Login at https://login.cwatch.comodo.com/login

• Click the 'Add Site' button at top–right to get started

• See Add Websites for more help with adding and configuring websites.




1.2 License TypescWatch offers different levels of monitoring, protection, management and CDN services to websites depending on the type of license. Three license types are available:

• Basic

• Pro

• Premium

You can purchase different license types for specific websites depending on the level of protection you require for each. For more details on associating websites with respective license subscriptions, see Add Websites.

The following table shows the features and services that are available with each license type:

Feature/Service Premium Pro Basic

Malware Detection and Removal

Hack repair and restoration One time

Complete blacklist site removal

Spam and website filtering Daily vulnerability (OWASP) detection scan Trojan detection and protection Vulnerability repair and restoration One time

Brand reputation monitoring Traffic hijacking recovery One time

SEO poisoning recovery One time

Automatic advanced threat discovery Automated malware removal One time

Command and control server comm detection Security Information and Event Management

Real time threat and breach protection

Advanced persistent threat identification

Incident management and remediation

Anomaly search and detection

24/7 Cyber Security Operations Center

Dedicated c.s.o.c. analyst

Expert tuning and configuration mgmt.

Reverse malware and suspect engineering

Threat investigation and analysis



Correlations over multiple incidents

Integration with threat intelligence Alerting and incident escalations Managed Web Application Firewall (WAF)

Managed updates

Fine grained control

Bot protection

Scraping protection

Enterprise control

SQL injection prevention

XSS injection - cross site scripting protection

XMLRPC protection

Bruteforce protection

Block access via backdoor files

Illegal resource access protection

Blacklisting of clients, countries and lps

Information reveal prevention

OWASP top 10 protection

WAF Rule update with customer request

Content Delivery Network (CDN)

Layer 7 DDoS protection Layer 3, 4, 5, 6 DDoS protection Instant purge Advanced website acceleration Asset preloading Cache / header settings Anycast DNS Uptime SLA Speed Scale Load Balancing HTTPS - SSL unique certificates



Performance Optimization Technical Support

24 / 7 chat Planning

Installation Training

Troubleshooting Maintenance

Upgrades Removal One Time

1.3 Login to the Admin ConsoleYou can login into the cWatch console at https://login.cwatch.comodo.com/login using any browser:

• If you are logging–in for the first time, use the username and password given in the cWatch account creation email. We strongly recommend you change your password after first login for security reasons.




1.4 Add Websites• The cWatch console lets you add and configure websites for cWatch protection and for acceleration via the

content delivery network (CDN).

• The number of sites that can be added to your account depends on your license. See Purchase a License for details about license types.

• After enrollment, you can configure threat monitoring and CDN settings for each website. See Website Configuration for more details.

To add a new domain

• Login to cWatch at https://login.cwatch.comodo.com/login with your username and password.

The dashboard will appear by default

• Click 'Add Site' at top–right to start the 'Add Websites' wizard:

The wizard contains three steps:

• Step 1 – Register your website

• Step 2 – Select License

• Step 3 – Finalization

Step 1 – Register your website

• Enter the name of the website you wish to register. Do not include 'www' at the start.

• Click 'Continue Setup' to move to the next step.




Step 2 – Select License

Next, choose the license type you wish to activate on the site.

• cWatch features and CDN traffic limits vary according to license type. See License Types for more details. Alternatively, click Click 'Learn more' in the 'Select License' screen.

• The drop–down displays all licenses that you have purchased.

• Choose the type of license you wish to associate with the domain you entered in step 1

• Click 'Finish' to proceed

• See Purchase a License if you need help to buy more licenses



Step 3 – Finalization

The final step allows you to configure your DNS settings.

• cWatch will generate a CNAME DNS record for the website you just enrolled

• You need to add this record to the DNS entry for your domain to route your site traffic through the CDN.

• To view the CNAME details:

• Click the website name in the main menu on the left

• Click 'Settings' > 'Domain'

• Your web host may be able to help you with this step. Guidance is also available at https://support.google.com/a/topic/1615038?hl=en.


https://support.google.com/a/topic/1615038?hl=en


Tip: You can skip this step for now and can add the CNAME entry to the DNS records later. The CNAME entry will be available in the 'CDN Settings' area of the website. See Domain Configuration Instructions for more details.



• Click 'Get Started'.

Your new website will be added to your account. All features will be activated as per the license chosen for the site.

• Repeat the process to add more websites.

2 The Main Interface• The cWatch dashboard contains an at–a–glance summary of the security of your monitored websites.

• Links to all major areas of the interface are shown on the left. The right–hand pane displays data for the selected item.

• Settings, profile options and the logout button are shown at the top–left:



Lists all domains which you have added to cWatch.

• Manage Settings – configure malware scans, FTP, CDN and more. See The Settings Interface formore details.

• Manage DNS – Add DNS records in order to route traffic through the content delivery network. See Manage DNS Settings for more details.

Your profile. Change your contact details, alert settings and password. See Manage Your Profile for more details.

Logout of cWatch.

The left–hand menu contains a link to the dashboard and shows all domains added to your account. Click a domain name to reveal domain options:



• Dashboard – Overall statistics on all domains that are protected and managed.

• Click a domain name to open the following menu items:

• Alert – Shows all notifications about malware and vulnerabilities discovered on the website. See ViewAlerts for more details.

• Overview – Summary of security status and CDN performance. See Website Overview for more details.

• Vulnerabilities – All threats in the OWASP top ten that have been blocked by cWatch. You can run on–demand vulnerability scans on the website at anytime. See Comodo Vulnerability Scan results for more details.

• Malware – Run virus scans, view scan results and monitor malware cleanup progress. You need to upload our .php file to the server to enable malware scans. See Malware Scans for more details.

• COSC – Real–time analysis of attack patterns on your website from the Comodo Security OperationsCenter. See Cyber Security Operation Center Results for more details.

• CDN Metrics – Data about your content delivery network traffic. This includes total usage, data throughput and the locations from which your trafficoriginated. See Content Delivery Network Metrics to find out more.

• Firewall Rules – Create your own custom Firewall rule. See Configure Firewall Rules for more information.

• Executive Scan – Run a scan on your sites to check and fix security vulnerabilities. See Run Executive Scans for more details.

• Settings – View and configure cWatch protection settings for your website. See Website Configuration to learn more.

Help and Support:

The footer contains copyright information, terms and conditions and support links.

• Click the 'Terms and Conditions' link to view the cWatch EULA.

• Click 'Help' to view the cWatch guide at https://help.comodo.com/topic–285–1–848–11000–Introduction–to–Comodo–cWatch–Web–Security.html.

• Click the 'Chat with us' button for instant support from technicians at Comodo. See Get Support for more details.


https://help.comodo.com/topic-285-1-848-11000-Introduction-to-Comodo-cWatch-Web-Security.html





3 The DashboardThe dashboard shows a top–level summary of the security of all protected websites and sub–domains on your account. This allows you to quickly identify issues and effectively track the risks associated with your sites. Further details on each domain are listed underneath the main graphics.

• Click 'Dashboard' on the left to open the dashboard.

• Click 'Simple View' or 'Advanced View' at top–right to change the level of detail shown on the dashboard.

Attacks Blocked – Shows the number of attacks prevented by cWatch on registered websites.

• Place your mouse over a sector to view the quantity of attacks blocked on a particular domain as a percentage of overall attacks.

• Click on a sector to view the attack details page for that website. See Cyber Security Operation Center Results for more info.



Malware – Shows how many pieces of malware have been identified by cWatch on registered websites.

• Place your mouse over a sector to view the quantity of malware found on a particular website as a percentage of overall discovered malware.

• Click on a sector to view the Malware Scan page for that website. See Malware Scans for more info.

Vulnerabilities – Shows the number of vulnerabilities identified by cWatch onregistered websites.

• Place your mouse over a sector to view the quantity of vulnerabilities identified on a particular website as a percentage of overall discovered vulnerabilities.

• Click on a sector to open the 'Vulnerabilities' page for that website. See Comodo Vulnerability Scan Results for more details.

There are two ways to view the dashboard:

Simple View

Displays overall statistics on all domains in terms of 'License Type' , 'License Expiry' and their 'Latest Scans'.



Dashboard – Simple View

Column Header Description

Site Name of the website.

• Click the '+' icon beside a site name to view a summary of the site's security status. Security features are arranged by license type. See 'View Security Status of a Website' for more details

License Type The type of license on the domain. See License Types for more details on the features of each license.

Expiration Date The expiry date of the currently active license.

Last Vulnerability Scan Date and time of the most recent vulnerability scan on the site.

• cWatch regularly scans your websites to protect them against the types of vulnerabilities published in the Open Web Application Security Project (OWASP) top ten list.

• Any threats discovered will be automatically blocked. You can also run on–demand scans on the website as required.



• Scan results are shown in the 'Vulnerabilities' page for the site (click the domain name on the left and select 'Vulnerabilities' from the menu).

See Comodo Vulnerability Scan Results for more details.

Last Malware Scan Date and time of the most recent virus scan on the site.

• cWatch scans all files on websites enabled for malware scanning.

• You can set a schedule for these scans and can also run on–demand scans when required.

• The results of the scans are displayed in the 'Malware' page. See Malware Scans for more details.

View Security Status of a Website

• Click the '+' icon beside a website name to open its security status details pane.

Each tile shows the security status of features covered by the various license types. The number of tiles you see depends on the website's active license type.

License Type Tiles Displayed

Basic Basic

Pro Basic and Pro

Premium Basic, Pro and Premium

Advanced View



The 'Advanced View' shows security statistics according to your license type. The higher the license type you have, the more security components you will see.

For example:

• 'Basic' license - 'Advanced View' only shows security components included with a basic license.

• 'Pro' license - 'Advanced View' shows components from both basic and pro security license types.

• 'Premium' license - 'Advanced View' shows the full complement of security components.

Similar to the 'Simple' view, you can view more information on each website by clicking the plus symbol beside the domain name.



Add Site

Allows you to add a new domain to your website. See Add Websites for more details.

4 Website Data and Settings• cWatch displays panoramic data about all events occurring on your website.

• These include attacks monitored and blocked, the results of malware and vulnerability scans, and attacks identified from logs based on correlation rules.

Click a website on the left to open the following options:



• Alert – View any alerts generated after a cWatch scan on the site. You can schedule a malware scan if one has not been set. See View Alerts for more details.

• Overview – Summary of security status and CDN performance. See Website Overview for more details.

• Vulnerabilities –

• Scan your site for OWASP top–ten threats. You can also enable or disable automatic weekly scans.

• Run a WordPress scan to identify vulnerabilities in your WordPress site, plugins, themes and more.

• You can run on–demand vulnerability/WordPress scans on the site at anytime.

• See Comodo Vulnerability Scan results for more details.

• Malware – Run virus scans, view scan results and monitor malware cleanup progress. You need to uploadour .php file to the server to enable malware scans. See Malware Scans for more details.

• CSOC – Granular details about attacks identified on your website. This includes their origin, the trend of attacks over time, attacks blocked by cWatch and top ten target URLs. See Cyber Security Operation Center Results for more details.

• CDN Metrics – Information about your traffic usage over the Content Delivery Network (CDN). See ContentDelivery Network Metrics for more details.

• Firewall Rules – Create your own custom firewall rule. See Configure Firewall Rules for more information.

• Executive Scan – Run a scan on your sites to check and fix security vulnerabilities. See Run Executive Scans for more details.

• Settings – View and configure cWatch protection settings for your website. See Website Configuration toknow more.

4.1 View AlertscWatch alerts are generated when malware or vulnerabilities are detected on your domains. You might also receive notifications that advise you to upgrade your license if appropriate.

To view alert messages:

• Click on a website name in the left–hand menu then click 'Alert'.



Alerts are sorted into various categories, including 'Vulnerabilities', 'Malware found' ,'Attacks' and 'Upgrade License'.

For example:

• 'Malware scan is not scheduled yet' – Shown if you have not yet run a scan on the site.

4.2 Website OverviewThe 'Overview' page summarizes security, traffic and visitor activity on your website.

To open the page

• Select a website on the left and choose 'Overview'



• Page Views Count – Displays the number of times your web–pages were viewed by your visitors.

• You can choose the time period using the slider at top–right. • Select a portion of the graph to zoom–in

• Place your mouse on the graph to view the number of views at that point in time.

Cyber Security Operation Center

• Shows key information from cWatch security modules. Modules and information include 'Web Application Firewall', 'Malware Analysis & Removal', 'Blacklist Removal' and 'Virtual Patching'.

• The number of tiles you see depends on your cWatch license.



– The website is safe. No actions need be taken at this point.

– The website is at risk.

• Click the '!' icon to open the malware details page. The details page lets you submit a request for Comodo to remove the malware, and/or start a new malware scan. See 'Malware Scans' for more information.

– The website has not yet been scanned.

Malware Scan

The results of malware scans on your domain in four tiles: 'Trojware & Backdoor', 'Potentially Unwanted Application', 'Defacement & Exploit' and 'Others'. The number of tiles you see depends on your cWatch license.

– No malware detected. No actions need be taken at this point.

– Malware found on the site.

• Click the '!' icon to open the malware details page. The details page lets you submit a request for Comodo to remove the malware, and/or start a new malware scan. See 'Malware Scans' for more information.


Vulnerabilities

The results of scans on your domain for the top 10 OWASP threats. Cwatch automatically blocks any OWASP threats it finds. The number of threats found in each category is shown in a separate tile:



– The site is clear of vulnerabilities. No actions need be taken at this point.

– The site has vulnerabilities.

• Click the '!' icon to open the OWASP Top 10 vulnerabilities page. You can also run on-demand scans and schedule weekly scans.


Content Delivery Network

Live data about your CDN service usage. You can configure your website to use the CDN service by adding a CNAME to your DNS record.

• If you have not yet configured the CNAME record then no data will be shown here. Click the yellow

information icon to start the configuration process.

• The CNAME record for your website is generated by cWatch and can be found in 'Settings' > 'CDN Settings'. See Configure CDN Settings for more details.

• See Content Delivery Network Metrics for more details about CDN statistics.

4.3 Comodo Vulnerability Scans • Click on a website in the left–hand menu

• Select 'Vulnerabilities' from the expanded menu

CWatch is designed to perform two types of vulnerability scans:

• OWASP Top Ten threats



• WordPress vulnerabilities

OWASP Top Ten Threat

cWatch periodically scans your websites for the vulnerabilities published in the Open Web Application Security Project (OWASP) top ten list. It automatically blocks any of these threats that it discovers.

• The 'OWASP Top 10' tab shows the last ten scheduled and manual scans run on the website. Each row shows the number of vulnerabilities blocked and their security risk levels.

• The scan results also show the number of threats in each OWASP category that were blocked by cWatch. You can view descriptions on each vulnerability category

• You can also enable weekly scans and run an on–demand scan on the domain.

Background. OWASP is an online community that audits critical domain security issues and publishes the ten most widespread vulnerability categories. These categories help admins protect websites against the most serious security flaws. cWatch checks whether your registered domains are vulnerable to the tests in the OWASP top ten and allows you to take remedial actions on those that fail.

WordPress Vulnerabilities

A dedicated scan that searches for specific vulnerabilities in WordPress websites. It scans the core site, plugins, themes and more, identifying the vulnerabilities in the current version that you are using. Based on the scan results, you can update your WordPress website accordingly.

• The 'WordPress Scan' tab shows the results of the last run scan.

• Scan your website on a daily basis and / or

• Schedule a weekly scan

See the sections below for more details:

• OWASP Top 10 Vulnerability Scan

• WordPress Vulnerabilities Scan

4.3.1 OWASP Top 10 Vulnerability Scan• You can view 'OWASP Top 10' scan results from the last ten scans run on the website. Each row shows the

number of vulnerabilities blocked and their security risk levels.

• You can also run an on–demand scan or schedule a weekly scan from here.

To open the OWASP Top 10 page

• Click on a registered domain on the left and choose 'Vulnerabilities'

• By default, the 'OWASP Top 10' tab will open:



OWASP Top 10 Vulnerability Scans – Column Descriptions


Scan Date Date and time at which the scan was run.

High, Medium, Low and Information

Number of vulnerabilities found in each risk level.

OWASP Score The number of OWASP top-10 categories passed by your site.

To start an on–demand scan

• Click 'Start Scan'



The vulnerability scan on the domain will start. Alerts will be generated if any vulnerabilities are found. You can view details about detected vulnerabilities in the 'OWASP Top 10 Vulnerabilities' interface.

To configure schedule scans

By default, the scheduled weekly scan is switched off.

• Click the switch to turn the weekly scan on or off.

• Weekly scans will start the next day then at same time and day every week thereafter.

• For example, if you switch on the scheduled scan on Friday at 6:00 PM, the weekly scans will run on all Saturdays at 6:00 PM until you reconfigure the schedule.

Viewing Detailed Scan Results of a Selected Scan

• Click a row from the table of scans to view its investigation details



• The pie chart shows a breakdown of vulnerabilities of different risk levels and overall security status.

• The list below the pie chart shows the total number of threats identified and blocked in each of the top ten OWASP vulnerability categories.

• Select an attack category to view the description of it.



Note: Manual vulnerability removal feature is only available for domains with a premium license.

4.3.2 WordPress Vulnerabilities Scan• Click on a website in the left–hand menu

• Select 'Vulnerabilities' from the expanded menu

• Open the 'WordPress Scan' tab

WordPress scans audit your website for threats known to affect WordPress sites, plugins and themes.

• The results of the last twenty scheduled and manual scans are shown. Each scan row shows the number ofvulnerabilities found and their risk level.

• You can also run an on-demand scan and / or schedule a weekly scan

To open the WordPress Scan page

• Click on a registered domain on the left and choose 'Vulnerabilities'

• Click 'WordPress Scan'



WordPress Vulnerability Scans – Column Descriptions


Scan Date Date and time at which the scan was run.

Word Press Version The version of WordPress that was scanned. This is the version of WordPress that your site runs on.

Status Indicates whether the website has vulnerabilities or not.

• Secure – No vulnerabilities detected.

• Vulnerable – Detected vulnerabilities. Click on the row to view the vulnerabilities details.

• Failed – Scan did not run for some reason.

'WordPress not found' – This message is shown if the site doesn't run on WordPress, orcWatch couldn't detect WordPress for other reasons.

To start an on–demand scan




• cWatch will begin scanning the domain for WordPress vulnerabilities.

• Alerts will be generated if any vulnerabilities are found. Click anywhere in a row to view details about detected vulnerabilities.

To configure schedule scans

By default, the scheduled weekly scan is switched off.

• Click the button to toggle between 'On' and 'Off' states

Weekly scans will start the next day and will run at the same day/time every week after that. For example, if you enable the weekly scan at 6:00 PM on Friday, the scans will run on Saturdays at 6:00 PM.

View Detailed Scan Results of a Selected Scan

• Click a scan row in the table to view its results:



Vulnerability results are available for the following WordPress components:

• WordPress Core

• WordPress Plugins

• WordPress Theme

Click on a vulnerability to view further details:



• The details panel contains information about the version affected by the vulnerability along with links to a version which fixes the issue.

4.4 Malware Scans • Click on a website in the left–hand menu

• Select 'Malware' from the expanded menu

To run malware scans on your site, you need to:

• Download a .php configuration file from the cWatch console

• Upload it to each registered website that you wish to protect

There are two ways to save the .php file on your site:

1. Manually download the .php file and save it on your website.

• Click the website name on the left and choose 'Settings'

• Click the 'Malware Scan Settings' tab

• See Configure a Website Manually for cWatch Scans if you need more help with this.

2. Automatically upload the .php file to your website by providing your FTP details. Click here to find out how to automate the process.

One done, cWatch will run scheduled scans on all files hosted on the website.

• cWatch uses a range of malware detection mechanisms to identify threats on your website:

• Comodo Cloud – Identifies malware using our cloud based file lookup system (FLS)

• CWW – Uses heuristic technologies to identify malware

• Dynamic – Uses signature based malware detection

• The 'Malware Scan' page shows the last ten scheduled and manual scans run on the site. Each scan row show the number of malicious files found, date and time the scan was initiated and request ID for malware removal. See 'View malware scan results' for more details.

• The page also allows you to run a manual scan on the site and submit a ticket for malware removal.

From this interface you can:

• Upload the .php file automatically to your website

• Start a manual malware scan

• Start a manual scan and request malware cleanup

• View malware scan results

To upload the .php file automatically

• Click on a website on the left and choose 'Malware' to open the 'Malware Scan' page.



• Click 'Enable Scanner' at the top-right

• Enable Scanner Manually – Allows you to upload the .php file manually. See 'Configure a Website Manuallyfor cWatch Scans' for more details.

• Provide the FTP details to upload the .php file automatically

s/FTP Settings – Table of Parameters

Parameter Description

Hostname Enter the hostname of your FTP server

Port Enter the port through which the website can be securely accessed by cWatch.



Username Enter the username of the FTP account

Password Enter the password of the FTP account to be used by cWatch to access the FTP server

FTP Directory Enter the path to the location of the website in the FTP server in the last row

Note – If you have already provided the FTP details in the Settings interface, then these fields will be auto-populated with the configuration details. See 'Configure FTP Settings' for more details.

• Click 'Enable Scanner'

On successful FTP access authentication:

1. cWatch will automatically upload the malware monitoring .php file to your website and the malware scanner will be activated.

2. If you have not provided FTP details in 'Settings' > 'FTP' tab, then the FTP configuration parameters will be automatically saved in this screen. See 'Configure FTP Settings' for more information.

You can now initiate manual malware scan process.

Start a manual scan

• Clean 'Start Scan' at top-right

The scanning process will start:

The results are shown at the end of the scan:



• Click the '+' symbol to view malware details and file location.

• Click 'Request Malware Cleanup' to instruct Comodo technicians to remove the malware:

• Read the information and click 'Submit Request'.

• A request ID will be created and you can view the malware cleanup progress



You will see the following screen when the cleanup is complete:

• See 'View malware scan results' for more information.

Start a manual scan and request malware cleanup

• You can start a manual scan and request malware cleanup in a single step

• Click 'Request Malware Cleanup'



• Read the information and click 'Submit Request'. This will start a manual scan *and* create a ticket to remove any malware found by the scan

• You will see the following screen when the scan, and any malware removal, is complete:

• If you enable automatic malware removal in 'Settings' > 'Malware Scan', then the scan and cleanup will automatically take place according to your schedule. The frequency of the scans depends on your license type:

• Basic - Once per day

• Pro - Twice per day



• Premium - Four times per day

• The frequencies above cover both scheduled and manual scans. So, for example, if you have a premium license and perform two manual scans, then only two scheduled scans will be run that day.

• The scan results of both scheduled and manual are shown in this screen. See 'View malware scan results' for more information.

View malware scan results

• The scan results will be displayed in the same interface. The results includes both scheduled and manual scans.

• Scan Date and Time - Start time of the scan and cleanup process

• Malware Found - Number of threats found by the scan

• Malware Cleanup Request Progress – The % completion rate of the cleanup process.

• Request ID - Auto-generated malware removal request (MRR) ID for the scan

You can view the results of the scans by clicking the '+' symbol beside a result



Malware Scans – Column Descriptions


File Verdict The name of the malware

File Path The location where the malware was detected

SHA1 The Secure Hash Algorithm 1 (SHA1) of the malware file

Status Indicates the action taken on the malware file

4.5 Cyber Security Operation Center Results• The Cyber Security Operation Center (CSOC) is a team of dedicated analysts at Comodo who monitor and

remediate threats discovered by Comodo's enterprise security solutions.

• The CSOC team monitors the event logs of registered websites and constantly updates security rules to deliver unrivaled, real–time protection to our users.

• CSOC generates alerts whenever it identifies and blocks an attack. These can be viewed in the 'Alerts' section of a site. See View Alerts for more details.

The CSOC interface contains a range of charts which show detailed statistics about attacks that were identified and blocked on your site.

• Click the name of a website on the left then choose 'CSOC' to open the results interface.

• The slider at top–right lets you choose the time period for which you want to view statistics.

WAF Blocked

This chart shows a timeline of attacks blocked by the Web Application Firewall (WAF). The WAF is constantly updated with new firewall rules to ensure your sites are protected from the very latest threats.



• Place your mouse on the chart line to see the exact number of attacks blocked at that point in time.

• Click and drag on a point on the line to zoom in on a particular time range. Click 'Reset Zoom' to return to the original view.

DDOS Blocked

This chart shows a timeline of Distributed Denial–of–Service (DDoS) attacks blocked by cWatch, allowing you to easily track threat activity over time.

• Place your mouse on the chart line to see the exact number of attacks blocked at that point in time.

• Click and drag on a point on the line to zoom in on a particular time range. Click 'Reset Zoom' to return to the original view.



Threat Source

The 'Threat Source' chart shows a breakdown of blocked threats by source type. For example, this chart may show blocked traffic from blacklisted IPs and threats blocked by firewall rules.

• Place your mouse over a sector to see the total number of attacks from a particular source type.

Threat Category



The 'Threat Category' chart shows blocked threats by threat category. For example, this chart might show categoriessuch as cross site request forging, form submission validation errors and threats identified by heuristic rules.

• Place your mouse over a sector to see the total number of attacks from a particular source type.

4.6 Content Delivery Network Metrics• Your cWatch license includes a content delivery network (CDN) service for your websites. The service will

improve page load–times for your customers and improve the reliability/uptime of your site.

• You can configure your websites to use the service by changing your domain's authoritative DNS to Comodo or adding a CNAME entry to your DNS records.

• Comodo Authoritative DNS name server (NS) details are provided in 'Settings' > 'Domain'. The CNAME entry is generated by cWatch. See Add Websites and Website Configuration for more details.

Once configured, the CDN service will:

• Accelerate performance by delivering your website content to your visitors from data centers closest to theirlocation. The amount of CDN traffic available for a website depends on the cWatch license active on it. See License Types for more details.

• Forward event logs to the Comodo CSOC team who will monitor the traffic to identify anomalous behavior and threats.

• Provide Comodo web application firewall protection for your domains. The CSOC team constantly improvesthe Mod Security rules in Comodo web application firewall to provide cutting edge protection for our customers.

The Content Delivery Network (CDN) Metrics page for a website displays statistics on your CDN usage and traffic throughput.

• Click a website name on the left then choose 'CDN Metrics' .

• The slider at the top right allows you to choose the time period for which you want to view the statistics.



The page contains the following charts:

CDN Usage

The 'CDN Usage' pie chart shows how much CDN data your website has used of your plan quota.

• Place your mouse on a sector to view the precise amount of dataused/remaining.

Request and Bandwidth by Edge Location

The 'Request and Bandwidth by Edge Location' map shows the regions from which your traffic originated. You can also view the number of access requests from each region.

• Click on an regional hot–spot to view the traffic and number of access requests from that region.



Request and Bandwidth by Region

This graph shows the number of website requests and the amount of data used by each continent.


• The yellow line graph shows the number of requests from different continents

• Place your mouse on the line to view the number of requests from the respective continent

• The green bar graph shows the bandwidth usage from different continents

• Place your mouse on a bar to view the precise traffic bandwidth from the respective continent

Status Codes by Types

Shows the different HTTP status codes sent to your visitors in response to their page requests.



• 2xx = Success

• 3xx = Redirection

• 4xx = Client errors

• 5xx = Server errors


• Place your mouse on the graph to view the number of responses of that type returned at that time point

Status Code Distribution by Percentage

Shows the percentage of HTTP response status codes generated by your site within the set time period. HTTP status codes are as follows:

• 1xx Informational responses.

• 2xx Success.

• 3xx Redirection.

• 4xx Client errors.

• 5xx Server errors.



• You can choose the time period using the slider at top–right.

• Place your mouse on a sector the to view the number of responses of that type

Status Code Details

The 'Status Code Details' pane displays the precise HTTP response status codes returned within the selected time period.

A detailed explanation of each code is available at https://en.wikipedia.org/wiki/List_of_HTTP_status_codes.

• You can choose the time period using the slider at top–right. • Use the search box at the right to search for a particular status code

• Click any column header to sort the items in alphabetical ascending/descending order of entries in that column.


https://en.wikipedia.org/wiki/List_of_HTTP_status_codes


Top File Types by Requests

The 'Top File Types by Requests' graph shows the numbers of different file types requested by your website visitors over the set time period.


• Place your mouse on a bar to view the exact number of files of that type served to your visitors.

• Select a portion of the graph to zoom–in

File Size Distribution by Percentage

The 'File Size Distribution by Percentage' graph shows the numbers of files of different file sizes requested by and served to your visitors from your website.




• Place your mouse on a bar to view the exact number of files of that size range delivered to your visitors.

• Select a portion of the graph to zoom–inAll File Types

The 'All File Types' pane displays the exact numbers of different types of files delivered to your visitors from your website within the selected time period.

• You can choose the time period using the slider at top–right. • Use the search box at the right to search for a particular file type.

• Click any column header to sort the items in alphabetical ascending/descending order of entries in that column.

4.7 Configure Firewall Rules CWatch allows you to define your own custom Web Application Firewall (WAF) rules according to your requirements.These are in addition to the firewall rules built–in to cWatch. Please note WAF status should be enabled for the custom firewall rules to work. See Configure WAF Settings for more information.

• Custom firewall rules can be configured for conditions such as IP, IP range and so on

• You can configure the rule to take various actions based on your conditions. For example, block traffic if originating from Afghanistan.

• You can add multiple conditions to a rule. For example you can configure a rule to block traffic from a specific IP originating from a specific country.

• Messages will be displayed to site visitors for actions such as block, captcha.

• Rules are prioritized based on the action in the rule. The priorities are:

• 1. Monitor

• 2. Allow

• 3. Block

• 4. Captcha



To open the Firewall Rules interface

• Click a website name on the left then choose 'Firewall Rules' .

Custom WAF Rules – Column Descriptions


Rule ID An auto–generated number for each rule

Rule Name The label provided when creating the rule.

Type The condition type. For example IP, IP Range, Country

Details The parameter of the condition. For example, if 'Country' is condition, this column will show the two letter country code of the country covered by the rule.

Action The selected action for the rule.

Buttons

– Edit the firewall rule

– Remove the rule

– Enable / disable the rule



To add a new WAF rule

• Click 'Add New Rule' at the top right

• Rule Name – Provide an appropriate name for the rule.

• Condition 'If' – The drop–down lists the built–in conditions:

• IP – Enter a specific IP

• IP Range – Enter an IP range, for example, 192.168.2.1,192.168.255

• URL – Provide the originating URL. If 'Exact Match' is enabled, the originating URL should fully match the parameter for the selected action to be executed.

• User Agent – Enter the 'User Agent' details in string format. If 'Exact Match' is enabled, the originating User Agent should fully match the parameter for the selected action to be executed.

• Header – The HTTP header field. Enter the header field value. If 'Exact Match' is enabled, the originating header value should fully match the parameter for the selected action to be executed.

• HTTP Method – Available options are: Post, Get, Head, Put, Delete, Patch and Options. Select the HTTP method from the options.

• File Type / Extension – Enter the file type / extension parameter. For example – pdf

• Content Type – Enter the content type, for example: application/json

• Country – Select the country from the drop–down

• Organization – Name of the organization with whom the IP was registered. For example, Google, Amazon, Facebook and so on. For example, if you enter Amazon, all IPs registered by Amazon will apply for the condition.

• Click the icon beside a condition to add another condition below. The same condition will be copied and listed below. Change the condition appropriately.

• Click 'Add Condition' to configure another condition for the rule. Note – the conditions are always 'And' meaning all the added conditions should be satisfied for the selected action to be executed.

• Action – 'Then the action is' field allows you to select the action that should be taken for the configured condition(s). The options available are:

• Monitor – The traffic originating from the source provided in the condition will be monitored. This action is particularly useful for testing out potential 'Captcha' and 'Block' rules. You can check what specific traffic will be affected before setting up a rule that might negatively impact customers.

• Allow – All traffic for bots and users are allowed.



• Block – All traffic for bots and user will be blocked. A blocked message will be displayed to the users.

• Captcha – Captcha rules requires an image based challenge question to be passed to allow a user to access the URL in the rule. The captcha images are generated randomly by cWatch secure server.

• Click 'Save' to add the new rule

Example 1

To allow for WordPress administration page:

• In the 'If' condition, select URL and enter the WP admin page

• Click 'Add Condition' and select IP then enter your IP address

• Click 'Save'

Example 2

To block a specific IP from a specific country:

• In the 'If' condition, select IP, then specify the IP that you want to block

• Click 'Add Condition' and select 'Country' then select the country that you want to block.

• Click 'Save'

Please note the order of rule priority is dependent on the action configured and not on the order of rule in the interface. The WAF action priorities is given below:

• 1. Monitor

• 2. Allow

• 3. Block

• 4. Captcha

For example, if rule at the top blocks traffic from a particular IP and a rule below allows it, then the traffic will be allowed.

Please note WAF status should be enabled for the custom firewall rules to work. See Configure WAF Settings for more information.

4.8 Run Executive Scans cWatch provides businesses who handle credit cards online with a simple and automated way to stay compliant with the PCI DSS (Payment Card Industry Data Security Standard). PCI's meticulous network and application scans ensure cardholder information is kept secure from possible security breaches.

You need a separate license to use this feature. If you do not have a license, the interface will prompt you to buy one.

To open the Executive Scan interface

• Click a website name on the left then choose 'Executive Scan'.



• Click 'Use Executive Scan Option'

• If you do not have a license, then you can buy a license by clicking the 'Click to buy' button

You will be taken to the license purchase page. After purchase, the new license will automatically be added to your cWatch account.

• Click the license details below 'Use Executive Scan Option'



• The license will be updated in the cWatch interface and its details will be displayed.

From this interface you can:

• Run a on demand scan

• Schedule a scan

• Download scan results

• Renew Executive scan license

Run a on demand scan


• Make sure 'Only on Demand' is selected under 'Frequency'. If not, select it and click 'Update' below.

• If you schedule a scan then on–demand scan will not be available.


• The 'Executive Scan' will start. Once complete, the results will be available for download. See 'Download scan results' for more information.

Schedule a scan


• Select the scan frequency option in the 'Schedule Scan' section.



The available schedule options are:

• Daily – The scan will start every day from the next day same time.

• Monthly – The scan will start next day and then every month on the same day / time.

• Quarterly – The scan will start next day and then every quarter on the same day / time

• Click 'Update' when done.

• Please note the on–demand scan will not be available if you schedule a scan.

Download scan results

• The results will be listed in the same screen once the scan is complete:

Executive Scan Results – Column Descriptions


Scan Date The scan date and time

Status Indicates the status of the scan whether completed or removed from the list

Scan Type Indicates the type of scan that was executed

Action Allows you to download or remove the result from the list.



• Click 'Download' under 'Action ' to view the results

The scan result will be downloaded in PDF to your default download location.

Renew 'Executive Scan License'

• When the current 'Executive Scan' license is expired or nearing its expiry period, you can renew the license.

• Click 'Extend Executive Scan License' then 'Click to buy!'

You will be taken to the license purchase page. After a license is successfully subscribed, it will be automatically added to your cWatch account.

4.9 Website Configuration• Click a website name on the left

• Click 'Settings'

The 'Settings' interface allows you to:

• Configure vulnerability and malware scanning on a website

• Configure FTP access so cWatch technicians can resolve issues on your site

• Register your website with the content delivery network

• Upload the SSL certificate used to secure the site if you are using HTTPS

• Configure CDN cache management settings for your website

• Configure custom Web Application Firewall (WAF) rules



The interface contains six tabs:

• FTP Settings - Configure FTP settings to allow Comodo technicians to connect to your site to remove malware. See Configure FTP Settings for more information.

• Malware Scan Settings - Configure the domain for malware scanning. See Configure a Website Manually for cWatch Scans for more details.

• Domain - View details on how to configure your DNS and nameservers (NS) in order to enable cWatch protection. See View Domain Configuration Instructions for more information.

• SSL Configuration – Specify whether your site uses HTTP or HTTPS. A complimentary SSL certificate is offered by Comodo if you choose HTTPS. Alternatively, you can upload the existing certificate that you use to secure the site. See SSL Configuration for more details.

• CDN Settings – Configure CDN cache and CDN edge settings. See Configure CDN Settings for more details.

• WAF Settings – Configure Web Application Firewall policies. See Configure WAF Settings for more information.

4.9.1 Configure FTP Settings • cWatch includes a white–glove service whereby Comodo technicians will connect to your site and expertly

remove any infections or malware.

• In order for our technicians to access your site, you need to configure FTP settings in the cWatch interface.

• If you have already enabled malware scans by providing FTP details in the Malware screen, then the FTP settings will be configured already. See 'Malware Scans' for more details.

• If not, please follow the instructions below. Once saved, these details will be auto-populated in the 'Malware' > 'Enable Scanner' form.

To configure FTP settings:




OR

• Click the settings icon above the navigation menu to open the 'Settings' interface, then 'Manage Settings' link in the website row

The 'Settings' interface for the selected website will be displayed.

• By default, the FTP tab will be open:

s/FTP Settings – Table of Parameters


s/FTP Hostname Enter the hostname of your FTP server

s/FTP Username/ FTP Password

Enter the username and password of the account to be used by cWatch to access the FTP server

s/FTP Directory Enter the path to the location of the website in the FTP server.

s/FTP Port Enter the port through which the website can be securely accessed.

• Click 'Connect and Save'

After successful validation, our technicians will be able to access your site if you request them to remove malware.

Once saved, the FTP details will be auto-populated in the 'Malware' > 'Enable Scanner' form.



4.9.2 Configure a Website Manually for cWatch Scans• You need to upload a .php file to your website to enable automatic malware scans.

• cWatch will verify the file at the location you specify and commence scanning.

• You can opt for automatic removal of malware threats identified at the end of every scan.

There are two ways to save the .php file on your site:

1. Automatic - Upload the .php file to your website by providing your FTP details.

• Click the website name on the left and choose 'Malware'

• Click 'Enable Scanner' and provide the FTP details.

• See 'Malware Scans' if you need more help with this.

2. Manual - Download the .php file and save it on your website. This section explains about manual download method. Click here to find out how.

You also have the option to request Comodo technicians access your site to:

• Investigate threats identified by each scan and remove any malware.

• Remove any vulnerabilities identified by scans.

Note: You need to provide your FTP server details for our technicians to access your website. See Configure FTP Settings for help with this.

To configure your website for scanning and malware removal


OR

• Click the settings icon above the left–menu then 'Manage Settings' link in the website row

The 'Settings' interface for the selected website will open:



• Click the 'Malware Scan Settings' tab

Scan Settings:

• Download the PHP file in step 1.)

• Upload the file to the root folder of your website. The file should be publicly accessible.

• Enter the URL of the uploaded file in the text field.

• Click 'Save and Verify' to run the check.

Malware Removal Settings:

• 'Switch On for automatic malware removal' – Enable if you want malware discovered by scheduled scans tobe removed by Comodo technicians.

• Click 'Save and Verify'

You need to provide your FTP server details for our technicians to access your website. See Configure FTP Settings for help with this.

Note –You can also request malware removal when you run an on-demand scan.



• The frequency of the scans depends on your license type:

• Basic - Once per day

• Pro - Twice per day

• Premium - Four times per day

• The frequencies above cover both scheduled and manual scans. So, for example, if you have a premium license and perform two manual scans, then only two scheduled scans will be run that day.

• The scan results of both scheduled and manual are shown in this screen. See 'View malware scan results' for more information.

4.9.3 Domain Configuration Instructions

Important Note – If you are using an SSL certificate on your website, you must configure SSL settings in cWatch to avoid interruptions to HTTPS traffic. See SSL Configuration for more details.

After adding a website to cWatch, you next have to configure DNS settings. You need to do this in order to enable cWatch protection, the content delivery network and the Web Application Firewall (WAF). There are two ways this can be done:

• Change your domain's authoritative DNS servers to Comodo

• Enter DNS records explicitly

Option A – Change your domain's authoritative DNS servers to Comodo

Important Note – After changing your domain's authoritative DNS servers to Comodo, you have to use cWatch to manage your DNS. For example, changes to your MX records must be done in cWatch and can no longer be done in your web host's DNS management page. See 'Manage DNS Records' in 'The Settings Interface' for more information.

• Click the settings icon above the navigation menu

The main settings page will open:



• Click 'Manage DNS' under Settings in the row of the added website

For the first time the DNS registration alert will be displayed:

After few minutes the registration process will be complete.

• Open the main settings page again and click 'Manage DNS' under 'Settings' in the row of the added website

You can find the nameservers details that should be configured for the website.

• Note the nameservers details

• Go to your website's DNS management page and enter the nameservers that you noted



• See https://support.google.com/domains/answer/3290309?hl=en if you need more help regarding changing nameservers

• Once the nameservers have been updated successfully in your DNS management page, you can view the status in the cWatch interface.

• To view the nameserver update status, open the main settings page and click 'Manage DNS' under the settings column in the website row

OR

• Click the website name on the left menu, then 'Settings' > 'Domain' tab


https://support.google.com/domains/answer/3290309?hl=en


You can view the nameservers update status under option A.

• It may take up to 24 hours for the DNS changes to be processed globally.

• Please note there will no downtime on your website when you switch your name servers.

Important Note – After pointing your name servers to Comodo, you have to use cWatch to manage your DNS records. For example, changes to your MX records must be done in cWatch and can no longer be done in your webhost's DNS management page. See 'Manage DNS Records' in 'The Settings Interface' for more information.

Option B – Enter DNS records explicitly

Important Note – If you are using an SSL certificate on your website, you must configure SSL settings in cWatch to avoid interruptions to HTTPS traffic. See SSL Configuration for more details.

In order to enter DNS records explicitly, you should first note the 'CNAME' and 'A' records from the cWatch interface. After adding a website, these details are auto–generated and available in the 'Settings' > 'Domain' tab.

• Click the settings icon above the navigation menu to open the main settings page and click 'Manage Settings' in the website row that you want to configure the DNS settings

OR

• Click the website name on the left menu, then 'Settings'



The settings page for the selected website will open:

• Click the 'Domain' tab and scroll down to option B – Enter DNS Records Explicitly



• Note down the 'CNAME' and 'A' records

• Go to your website's DNS management page and enter the 'CNAME' and 'A' records

• If you need more help regarding adding 'CNAME' and 'A' records, visit https://support.google.com/a/topic/1615038?hl=en

• DNS propagation may take around 30 minutes depending on your hosting.

• Please note there will be no downtime on your site during these changes

Once the records have been updated successfully, you can view the status in the cWatch interface.

• Click the settings icon above the navigation menu to open the main settings page and click 'Manage Settings' in the website row that you want to configure the DNS settings

OR


The settings page for the selected website will open:


https://support.google.com/a/topic/1615038?hl=en


• Click the 'Domain' tab and scroll down to option B – Enter DNS Records Explicitly

• You can view the confirmation under the 'Status' column.

4.9.4 SSL Configuration • An SSL/TLS certificate is placed on a website to authenticate the domain owner and encrypt all data that

passes between the user's browser and the web server.

• Sites that use an SSL certificate have a URL that begins with HTTPS. For example, https://www.example.com

• Comodo strongly recommends you use an SSL certificate on your site.

There are two ways to enable HTTPS security with cWatch Web.


https://www.example.com/


• Complimentary SSL

• Bring Your Own SSL (Recommended)

Option A – Complimentary SSL

• In order to obtain your free SSL certificate, you must first change your domain's authoritative DNS servers to Comodo. Click here to find out how.

• Note. The complimentary certificate will not secure the connection between your server (where your site is hosted) and the cWatch Web CDN (where your website will be cached).

• Click here to find out how to install the complementary SSL certificate

Option B – Bring your Own SSL

• Recommended for customers

• Ensures complete protection and security of traffic between your origin server and the cWatch CDN edge servers

• Eliminates privacy risks & vulnerabilities such as eavesdropping and Man–in–the–Middle attacks

• Click here to find out how to upload your own SSL certificate to cWatch

Install Complementary SSL Certificate

• Click the settings icon above the navigation menu to open the main settings page and click 'Manage Settings' in the website row that you want to configure the SSL settings

OR


In the settings page, click the 'SSL' tab:

• Choose 'Enable HTTPS' under 'Choose Your Protocol' and click 'Update protocol'

• Scroll down to 'Option A: Complimentary' section.



• Click 'Active Basic SSL Now'

• You will see the following alert to indicate certificate provisioning has started:

• The process will take a few minutes to complete.



• The certificate will be installed on the CDN edge servers and will encrypt traffic between the CDN and end–user clients.

• Please note that the traffic between your web–server and the CDN will not be encrypted. You need to upload your own certificate to encrypt this traffic. See 'Upload your own SSL Certificate' for more details.

Upload your own SSL Certificate

• Click the settings icon above the navigation menu to open the main settings page and click 'Manage Settings' in the website row that you want to configure the SSL settings

OR


In the settings page, click the 'SSL' tab:



• Choose 'Enable HTTPS' under 'Choose Your Protocol' and click 'Update protocol'

• Scroll down to 'Option B: Bring Your Own SSL' section.

The form for adding your SSL certificate will appear.

SSL Protection Settings – Table of Parameters


Name Enter a descriptive name for the certificate. This will be used to identify it in cWatch.

Certificate Paste the content of your certificate. For example, the content you are looking for will look something like this:

–––––BEGIN CERTIFICATE–––––MIICUTCCAfugAwIBAgIBADANBgkqhkiG9w0BAQQFADBXMQswCQYDVQQGEwJDTjELMAkGA1UECBMCUE4xCzAJBgNVBAcTAkNOMQswCQYDVQQKEwJPTjELMAkGA1UECxMCVU4xFDASBgNVBAMTC0hlcm9uZyBZYW5nMB4XDTA1MDcxNTIxMTk0N1oXDT



A1MDgxNDIxMTk0N1owVzELMAkGA1UEBhMCQ04xCzAJBgNVBAgTAlBOMQswCQYDVQQHEwJDTjELMAkGA1UEChMCT04xCzAJBgNVBAsTAlVOMRQwEgYDVQQDEwtIZXJvbmcgWWFuZzBcMA0GCSqGSIb3DQEBAQUAA0sAMEgCQQCp5hnG7ogBhtlynpOS21cBewKE/B7jV14qeyslnr26xZUsSVko36ZnhiaO/zbMOoRcKK9vEcgMtcLFuQTWDl3RAgMBAAGjgbEwga4wHQYDVR0OBBYEFFXI70krXeQDxZgbaCQoR4jUDncEMH8GA1UdIwR4MHaAFFXI70krXeQDxZgbaCQoR4jUDncEoVukWTBXMQswCQYDVQQGEwJDTjELMAkGA1UECBMCUE4xCzAJBgNVBAcTAkNOMQswCQYDVQQKEwJPTjELMAkGA1UECxMCVU4xFDASBgNVBAMTC0hlcm9uZyBZYW5nggEAMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEEBQADQQA/ugzBrjjK9jcWnDVfGHlk3icNRq0oV7Ri32z/+HQX67aRfgZu7KWdI+JuWm7DCfrPNGVwFWUQOmsPue9rZBgO

–––––END CERTIFICATE–––––

SSL Chain Certificate If your certificate contains an intermediate certificate then paste it here. If not, leave this field blank.

Certificate Key Paste the private key of your certificate

• Click 'Upload your SSL Certificate'

The SSL certificate will be uploaded on 'Edge Servers' of CDN. Once done the traffic between CDN and the client(s) will be encrypted. Since the SSL is already installed on the customer's website, the communication between origin and CDN is also encrypted.

4.9.5 Configure CDN Settings• The Cyber–Secure Content Delivery Network (CDN) accelerates site performance and adds security to

your websites.

• Make sure you have configured the DNS settings of your website to use the CDN. See 'Domain Configuration Instructions' for more information.

• The amount of CDN traffic available for a domain depends on the cWatch license active on the domain. SeeLicense Types for more details.

• You should also select the SSL certificate used on your site if it uses HTTPS. See 'SSL Configuration' for more details.

Once configured, the CDN service will:

• Accelerate performance by delivering your website content to your visitors from data centers closest to theirlocation.

• Forward event logs to the Comodo CSOC team who will monitor your traffic to identify anomalous behavior and threats.

• Provide Comodo web application firewall (CWAF) protection for your domains. The CSOC team constantly improves the Mod Security rules in the firewall to provide cutting edge protection for our customers.

To open the CDN Settings page

• Click the 'Settings' cog icon underneath your username

• Click 'Manage Settings' in the row of the site whose DNS settings you want to configure.



• Open the 'CDN' tab

OR

• Click on the website you wish to configure in the left–hand menu then choose 'Settings'


Cache Settings

Cache Settings – Table of Parameters


Set Default Cache Time Define how long content fetched from your web servers by the CDN should remain in the CDN cache.

This is useful if your website's cache control headers (CCH) are not used or ignored by the browser on your visitors computer.

Background Note: Cache Control Headers are used to specify how long content fetched from site should remain in the browser's cache. The local cache is used by the browser torender the site when it is re–visited by the user, avoiding the need to fetch the content again from the server.

Cache Control Header The validity period of the CCH on the end–user's web browser.

This defines how long cached content in the web browser can be reused without checkingthe web server for updates.

Use State Select 'Serve expired content' if you want the CDN to deliver cached content when:

• The CDN is currently checking the website for updated content

• Your website is down.

Query String Treat as separate cachable item' – web–pages with query string parameters (e.g. '?



q=something') will be cached as separate files.

This will instruct the CDN to update cached files whenever the original pages are updated.

Ignore Cache 'Ignore max age set by the origin' – Visitor's browsers will ignore the time to live (TTL) and header expiry settings of your web–pages.

Web browsers will use the 'Set default cache time' setting for the cache time.

• Click 'Update Cache Settings' for your changes to take effect.

Purge Files

Purge CDN Cache on Edge Servers

Purge Individual Files Allows you to remove specific files from the cache so that the CDN is forced to check your website the next time the files are requested.

• Enter the URI of the file in the text box and click the green '+' button

• Repeat the process to add more files

• Click 'Purge'

Purge All Files Allows you to remove all files from the cache so that the CDN is forced to check your website the next time the files are requested.

• Click 'Purge'

Site Settings

• Origin IP Resolution – Choose whether or not the CDN should use DNS servers to resolve the IP address of your web server. This depends on whether your server uses a static or dynamic IP address.



• If your server uses a static IP address, enable 'Origin IP Resolution'. The CDN will fetch your IP address by domain look–up, save it and display it in the 'Origin IP' field. The CDN will use this IP address to fetch the files from your web server. This will save time for content delivery to your website visitors.

• If your server uses dynamic IP address, disable this option. The CDN will use DNS services to resolve your IP address.

• Custom Host Header – If the host header for your site is different to the domain name, enter the custom host header in this field.

• Click 'Update' for your settings to take effect.

Edge Settings

Edge Settings – Table of Parameters


Gzip Compression – Server compressed files with GZip

Reduces the size of files for faster network transfers. Optimizes bandwidth usage and increases transfer speeds to browsers.

Content Disposition – Force Files to download

Forces the files to download instead of showing the content in the browser

Remove Cookies – Ignore cookies in requests

CDN ignores header cookies

Pseudo Streaming – Enable pseudo stream seeking

Allows your site to play media files (FLV and MP4 files only with H. 264 encoding)

Add XFF Header – Add X–Forwarded for HTTP Header

Identifies the actual client source IP address.

Add CORS Header – Allow Cross Origin Resource Sharing

Adds 'Access–Control–Allow–Origin' header to responses

Enable WebP – Allow Currently being developed by Google, WebP is an image format that provides both lossy



separate caching for WebP files

and lossless compression. If enabled, cWatch will have separate cache for these files.

• Click 'Update' for your settings to take effect.

4.9.6 Configure WAF Settings • cWatch ships with built–in rules for the web application firewall (WAF) which provide the highest levels of

protection for your website.

• Firewall tasks include preventing SQL injections, preventing bot traffic and more.

• There are several types of WAF policy, each with a set of constituent rules. You can enable or disable rules as required.

To open the WAF settings page


• Click 'Manage Settings' in the row of the site whose DNS settings you want to configure.

• Open the 'WAF' tab

OR

• Click on the website you wish to configure in the left–hand menu then choose 'Settings'




WAF Status

• Switch WAF protection on or off:

Note – if you disable WAF protection then no firewall policies will be applied. Any custom firewall rules will also be disabled. See 'Configure Firewall Rules' for more information.



WAF Polices

• This section lists all WAF policies and rules.

• Click the '+' symbol to view specific rules in a policy. You can enable / disable rules as required.

• Name – Label of the built–in WAF policy.

• Status – Indicates whether the firewall is enabled or not. 'Passive' indicates the firewall is disabled.

To enable / disable firewall rule(s)

• Click on a firewall category to expand / collapse its subcategories:



• Use the check–boxes to enable or disable particular rules.

• Any changes will be deployed in approximately a minute.

5 The Settings Interface• The 'Settings' interface lists all registered websites along with their license details, CNAME record.

• You can also quickly configure a particular website, remove a website and manage DNS records for your sites.

To open the 'Settings' interface:




Settings Interface – Column Interface


Site The name of the registered website

License The type of license associated with the website.

Protection features and CDN traffic quotas vary according to license type. See License Types for a license comparison.

Settings • Manage Settings – Allows you to configure FTP, Malware Scan, Domain, SSL, CDN and WAF for your website(s). See Website Configuration more details.

• Manage DNS – Allows you to add and manage your DNS records. See Manage DNS Records for more information.

Manage DNS Records

You can add multiple DNS records in the cWatch interface to route traffic through the CDN service. Adding and managing DNS records is similar to what you do in your webhost's DNS management page.

• You can only manage DNS records in cWatch if your nameservers are pointed to Comodo. See 'Option A – Change your domain's authoritative DNS servers to Comodo' for more information. Please note – this option means you will only be able to manage DNS settings in cWatch. You will not be able to manage themfrom your host's DNS manager.

• If you have selected 'Option B – Enter DNS records explicitly' then you must use your webhost's DNS management page to manage your DNS records. Any updates to DNS records that you make in the cWatchinterface will have no effect.

To manage your DNS records


• Click the 'Manage DNS' link in the website row that you want to update the DNS records



The 'Settings – DNS' page of the selected website will open. Scroll down the page to the 'DNS Records' section:

DNS Records – Table of Parameters


Type DNS record type

Name Entered name for the record

Value Configured value for the record



TTL Time–To–Live value for the record

Status Indicates whether the website is protected or not. Status icon in green indicates, the siteis added for protection. Please note protection is available for websites (if not enrolled already to cWatch) added for CNAME and A records.

Trash can icon Allows you to remove a record from the list

To add a DNS record

The procedure to add a DNS record in cWatch is similar to what you do in your regular DNS management page.

• Type – Select the DNS record type from the drop–down

• Name – Enter an appropriate name for the record

• Value – Enter an appropriate value for the record. For example if CNAME is selected, then enter the alias domain name

• TTL – Time–To–Live value for the record. Select the TTL period from the drop–down.

• Click 'Add Record' after entering the required parameters

The record will be added and displayed:

After adding a DNS record for a site which is already not added on cWatch Web, you can enable protection for this site also. See below for the procedure to add protection for new sites.

To configure cWatch protection for an added site

• Click the beside the DNS record

The 'Add Websites' dialog will open prompting you to select a license:



• Select the license from the drop–down and click 'Finish'

cWatch will validate the parameters, such as IP resolution.

After successful validation, a message will be displayed:

• Click 'Get Started ' to complete the process.



• The status of the site will display as protected –

To remove cWatch protection for a website

• Click the icon in the status column beside the record

A success message will be displayed:

To remove a DNS record

• Please note you can remove a record that is not cWatch protected

• Click the trash can icon beside a record

• A success message will be displayed:



To remove a website from cWatch protection

• Click the gear icon on the left to open the 'Settings' interface

• Click the trash can icon in the row of the website you want to delete:

• Enter the website name in the field for confirmation and click 'Remove Site'

Note:• Removing a website will remove its data from cWatch and revert the DNS settings. Its traffic will no longer

be routed through the CDN.

• The license used for the website will become available for adding a new website.

6 Upgrade Licenses for DomainsYou may want to upgrade a cWatch license if:

• You wish to enable the superior protection features afforded by a Pro or Premium license, then you need to configure your Domain to use CDN and WAF

• You want to add sub-domains for a website

To upgrade your license:



• Click 'Dashboard' then click on the website you wish to upgrade. Click the 'Upgrade to Pro License' or 'Upgrade to Premium License' link

Any available licenses you own will be displayed in a drop-down.

• Choose the license you want to associate with the domain. A confirmation dialog will be displayed.

If you do not have any licenses available then you will be presented with the option to a buy new license:



• Choose 'Click to Buy'

You will be taken to the cWatch license purchase page.

• Complete the purchase process. See Purchasing a License for more details.

• The license will be added to your account.

• Restart the process of upgrading the license for the domain as explained above.

• Repeat the process to associate licenses with domain

7 Manage Your Profile• The 'Profile' interface allows you to view and edit personal information and communication preferences for

notifications and alerts.

• Admins can also change the password they use login to cWatch and Comodo Account Manager (https://accounts.comodo.com ).

• To open the 'Profile' interface, click the icon on the left.

The following sections contain more information:

• Edit your profile

• Change your password


https://accounts.comodo.com/


To edit your profile

• Click 'Edit Profile'

The 'Edit Profile' dialog will open.

Edit Profile Dialog – Form Parameters

Form Element Description

Full Name Your username/email address as entered during sign–up. This field cannot be edited.

Mobile (call) The phone number at which you wish to receive notifications and alerts as calls.

• Select your country from the first drop–down

• Enter the phone number with the country code prefix

Mobile (sms) The phone number at which you wish to receive notifications and alerts as texts.

• Select your country from the first drop–down

• Enter the phone number with the country code prefix

Subscription Email(s) Primary email address entered during sign–up. You can add alternative email address(es) if required.



• To add an alternative email address, click 'Add new e–mail address'

• Enter the alternative email address in the text box and click the + button at the right.

• Repeat the process to add more addresses.

Subscribe Choose the reports you want to subscribe for. The reports will be sent to you at the emailaddress(es) specified in the 'Subscription Email(s)' field.

• Click 'Save' for your changes to take effect.

To change your password

• Click 'Change Password' from the 'Profile' interface

• The 'Change Password' screen will open:

• Enter your old password, new password and re–enter your new password for confirmation in the respective fields



• Click 'Change Password'

Your password will be changed. You can use the password to login to cWatch and Comodo Accounts Manager at next logon.

8 Get Support• cWatch live chat support is the fastest way to get help to configure your domains

• Click the 'Online – Chat with us' button to launch a session with a qualified support technician at Comodo.

• The technician will offer advice on domain configuration. You can even have your chat history emailed to you for future reference.

To launch a chat session

• Click the 'Chat with us button' at the bottom right of the cWatch interface.

A chat window will open.

• Enter your name, email address in the respective fields

• Enter your message in the message field

• Click 'Start chat'

Within seconds, a Comodo Support Technician from the selected department will respond in a chat window and ask you to describe the problem.



• Start chatting! Use the chat window to explain any problems you are having with configuring your domain.

• The technician will offer advice accordingly.

• To end the session, click the hamburger icon at bottom right and choose 'End Chat'



You will be given an option to save the chat history for your future reference.

• To save the chat history, click 'Send Transcript'



• Enter the email address to which the chat history needs to be sent and click 'Send Email'.

You will receive the chat history at the specified email address.



About Comodo Security SolutionsComodo Security Solutions is a global innovator of cybersecurity solutions, protecting critical information across the digital landscape. Comodo provides complete, end–to–end security solutions across the boundary, internal network and endpoint with innovative technologies solving the most advanced malware threats. With over 80 million installations of its threat prevention products, Comodo provides an extensive suite of endpoint, website and network security products for MSPs, enterprises and consumers.

The Comodo Threat Research Labs is a global team of IT security professionals, ethical hackers, computer scientists and engineers analyzing and filtering input from across the globe. The team analyzes millions of potential pieces of malware, phishing, spam or other malicious/unwanted files and emails every day, using the insights and findings to secure and protect its current customer base and the at–large public, enterprise and internet community.

Continual innovation and a commitment to reversing the growth of zero–day malware, ransomware, data–breaches and internet–crime distinguish Comodo Security Solutions as a vital player in today’s enterprise and home security markets. With offices in the US, China, Turkey, India, Romania and Ukraine, Comodo secures the online and offline eco–systems of thousands of clients worldwide.

Comodo Security Solutions, Inc

1255 Broad Street

Clifton, NJ 07013

United States Tel : +1.888.266.6361

Tel : +1.703.581.6361

Email: [email protected]

For additional information on Comodo – visit https://www.comodo.com


https://www.comodo.com/

mailto:[email protected]

cWatch Web Security Administrator Guide - Comodo...Comodo cWatch Web Security – Website...

Documents

Transcript of cWatch Web Security Administrator Guide - Comodo...Comodo cWatch Web Security – Website...