websense web security gateway anywhere...

web security | data security | email security © 2010 Websense, Inc. All rights reserved.

Support Webinars

Websense Web Security Gateway Anywhere v7.5

Webinar Presenter

Title: Tech Support SpecialistCisco Certified Network Associate

4 Years with Websense

Richard Guerrero

2

Goals and Objectives

Websense Web Security Gateway Anywhere

Overview (Features and Benefits)

Pre-installation Considerations (Upgrade Path,

Requirements)

Deployment Planning and Installation

3

What is it?

Websense Web Security

Websense Content Gateway

Web Data Loss Prevention (DLP)

TruHybrid™ Security

4

What is Hybrid Filtering?

Combines on premise Websense Web Security

Gateway functionality with the ability to filter remote

offices and mobile workers

5

What is Hybrid Filtering?

• Manage policies and configure Web Security behavior in

one place

• Reduce IT Support and Equipment Costs

• Select which user requests are filtered by on-premises

components and which are filtered in the cloud by

security-as-a-service components

• Use centralized reporting to review Internet activity for all

users, regardless of how they are filtered

6

What is Web-DLP?

Data Security is a comprehensive data loss

prevention (DLP) system that discovers, monitors,

and protects your critical information holdings,

whether that data is stored on your servers,

currently in use or located in off-network endpoints.

7

What is Web-DLP?

Monitored Destinations WEB-DLP Full DSS

Web

HTTP

HTTPS

FTP

FTP over HTTP

Chat

Plain Text

Email (SMTP)

Printing (Network, Endpoint)

Endpoint (App., Rem. Media, LAN)

Discovery (Network, Endpoint)

Remediation Scripts

Export Incidents to a File

8

Sample Hybrid Deployment

Hybrid Filtering

9

Head Office

Websense

Content

Gateway

Off-site Users

Branch

Internet

web security | data security | email security © 2010 Websense, Inc. All rights reserved.

Support Webinars

7.5 Features and Benefits

Client Proxy Ports

8080

8070

Websense Content Gateway

HTTP HTTPS

11

Client Proxy Ports

Example from IE

12

Tunneled Protocol Detection

Analyzes traffic to discover protocols that are

tunneled over HTTP and HTTPS

Scanning is performed on both inbound and

outbound traffic

Can be used to block instant messaging, peer-to-

peer, and proxy avoidance

13

Tunneled Protocol Detection

Tunneling occurs when applications that use

custom protocols for communication are wrapped

in HTTP and HTTPS

Example:

- Youtube.com

14

Tunneled Protocol Detection

Allows proxy to perform some network

agent functions

- Bandwidth Management

- Google Wave and Gmail Chat

Network Agent

Websense Content Gateway

15

Tunneled Protocol Detection

16

Sensitivity Levels

Content Categorization Sensitivity Level

- Allows you to tune the sensitivity of the methods used to

classify content and ultimately determine a category

Optimization

- Algorithms used to perform content categorization are tuned

by Websense Security Labs to provide optimal results

17

Sensitivity Levels

18

Sensitivity Levels

Five Levels

• Optimized

• Higher

• Highest

• Lower

• Lowest

19

Sensitivity Levels

20

URL Link Analysis

It is an optional additional element of content

categorization that proactively classifies unknown

content by categories of its links

Can provide more accurate categorization of

certain types of content

Can find malicious links embedded in hidden parts

of page

21

URL Link Analysis

Examples:

• Security

• Image Search

• Objectionable Content

• Powered by the ThreatSeeker™ Network

22

URL Link Analysis

23

Outbound Scanning

Scanning option that supports the scanning of

outbound Web content for bot and spyware phone

home traffic.

Can help identify machines that are infected with

bots and spyware

Scan infected files going outbound

24

Outbound Scanning

25

RIA Scanning

Rich Internet Application Scanning

• Adobe Flash (.swf)

• Microsoft Silverlight

26

RIA Scanning

27

SSL Category Bypass

Supports organizations using SSL Manager in

Content Gateway to manage encrypted traffic, and

who do not want to decrypt HTTPS sessions that

users establish with sensitive sites:

- Banking

- Government

- Business

- Education

28

SSL Category Bypass

29

Authentication Enhancements

Authentication Realms

- In networks with multiple authentication realms, rules can

be defined to direct sets of IP addresses to distinct

authentication servers (domain controllers)

Support for NTLM and LDAP

- Active Directory 2000, 2003, 2008

- Client side NTLMv1 and NTLMv2 (Active Directory 2003)

Authentication Profiles

- Set of authentication rules

30

Authentication Enhancements

31

Authentication Enhancements

32

TRITON Unified Security Center

Combines management

For:

• Web Security

• Data Security

• Email Security

Provides centralized policy

configuration for on-

premise and in-the-cloud

filtering

TRITON Unified Security Center

34

TRITON Unified Security Center

35

TRITON Unified Security Center

36

Reporting Features

History page

• New Top 5 Web 2.0 Categories by Requests

• New Top 5 Web 2.0 Sites by Bandwidth

37

Reporting Features

38

Reporting Features

Presentation Reports

• Now includes reports

on Web 2.0 sites

• Reports on URL link

analysis

39

Reporting Features

Full reporting now available on Linux

• Today and History page charts, as well as investigative

and presentation reports are available on Linux

installations of TRITON – Web Security

• Log Server Service must be on a Windows box

• Log Database must be hosted on supported version of

MS SQL Server or MSDE

40

web security | data security | email security © 2010 Websense, Inc. All rights reserved.

V-Series Appliance

V5000/V10000

V5000

- Geared towards small business organizations

V10000 G1

- High performance platform appliance

V10000 G2

- More CPU and RAM resources

42

On-Box Appliance Components

43

Appliance Manager

Clarification of Settings

NIC Enhancements

NIC Enhancements

NIC Teaming Example

Custom Block Pages

Upload/download function to custom directory

Command Line Utility

For security reasons, fixed command parameters can be ran

Safe and helpful in debugging

Can run Linux commands on different modules

- Appliance

- Websense Content Gateway

- Websense Web Security

- Network Agent

Command Line Utility

Network Agent Resources

• CPU • RAM

• CPU• RAM

Network AgentOther V10000 Modules

V10000

50

Full Backup and Restore

51

web security | data security | email security © 2010 Websense, Inc. All rights reserved.

Support Webinars

Pre-Installation Considerations

Web Security Platforms

Operating systems

• Windows Server 2003 and 2008

• Red Hat Enterprise Linux 4.3 and 5.3

• 32 bit

Database Management Systems

• Microsoft SQL Server 2008, 2005 SP 3, and MSDE

Browsers support for management UI

• Firefox 3.0.x – 3.5.x

• Internet Explorer 7 and 8

53

Content Gateway Platforms

Operating Systems

• Red Hat Enterprise Linux 5 Update 3 or Later, base or

Advanced Platform (32-bit only)

• PAE (Physical Address Extension) – enabled kernel

required

V10000

- Virtualized environment with Xen

54

Upgrade Options

Websense Web Security

• Supports direct upgrade from v7.0 or later

• v5.5 > v6.1 > v6.3 > v7.1 > v7.5

• Earlier than 5.5 should have a clean installation

Websense Content Gateway

• Upgrades require moving from RHEL 4.5 or 4.8 to RHEL 5.3

• Fresh install is needed

V10000

• Must be on patch 1.2.2

55

web security | data security | email security © 2010 Websense, Inc. All rights reserved.

Support Webinars

Deployment Planning & Installation

Deployment Options

Sync Service

- Communication is handled between the on-premises and

hybrid side

- Installed off-box with V10000

- Can be installed on same box as Web Filtering

Components if using software only solution

Linking Service

- Links Data Security software

Trition Unified Security Center

57

Deployment Options

Custom Install – True Hybrid Security

58

Deployment Options

59

Deployment Options

Full Policy Source

- All Websense Web Security services run locally

User Directory and Filtering

- Policy Server, User Service, Filtering Service point to an

off-box policy source (Policy Database, Policy Broker)

Filtering Only

- Filtering service point to an off-box policy source

60

Deployment Options

61

Deployment Options

V10K-A

V10K-E

V10K-C V10K-D

V10K-B

Support Online ResourcesKnowledge Base

– Search or browse the knowledge base for documentation, downloads, top

knowledge base articles, and solutions specific to your product.

Support Forums

– Share questions, offer solutions and suggestions with experienced Websense

Customers regarding product Best Practices, Deployment, Installation,

Configuration, and other product topics.

Tech Alerts

– Subscribe to receive product specific alerts that automatically notify you anytime

Websense issues new releases, critical hot-fixes, or other technical information.

• ask.websense.com

– Create and manage support service requests using our online portal.

63

Customer Training Options

To find Websense classes

offered by Authorized

Training Partners in your

area, visit:http://www.websense.com/findaclass

Websense Training Partners

also offer classes online and

onsite at your location.

For more information, please

send email to:

readiness@websense.com

64

Webinar Announcement

Title: Configuring Websense Web Security Gateway

v7.5

Date: June 16, 2010

Time: 8:30 A.M. PDT (GMT -7)

How to register:

http://www.websense.com/content/

SupportWebinars.aspx

Webinar

Update

65

Questions?

66