barracuda web filter demo guide version 3.3 getting started what

Created by: Barracuda Networks, Inc. Last Updated: June 2, 2008 of 15

Barracuda Web Filter Demo Guide Version 3.3 GETTING STARTED What is the Web Filter?

• Integrated content filtering and application blocking • Best-of-breed spyware protection • Integrated gateway antivirus • Desktop spyware protection

Firmware Version 3.3 Highlights

1. Custom content categories: Useful for custom content filtering. 2. NTLM support: Useful in Terminal Services/CITRIX environments 3. HTTPS filtering: SSL filtering 4. Enhanced reporting: More than 30 different types of reports

Qualifying questions

1. How many computers do you have? 2. How many concurrent users do you have? 3. What kind of Internet connection do you have? (DSL, T1, etc.) 4. How many Web sites or external Internet connections do you have? Are multiple sites aggregated at a

central connection? 5. What are you looking to accomplish with the Barracuda Web Filter?

a. If customer says: “Protect my users from spyware/virus/malware” Respond: “The Barracuda Web Filter provides complete spyware, virus and malware protection for your network gateway. This includes protection against drive-by installs, downloads as well as access to known spyware Web sites. It also detects and blocks spyware activity from client computers and provides a spyware removal tool without the need for any client software.”

b. If customer says: “Block access to certain Web sites or applications like media, IM, peer-to-peer “ (or anything to do with content filtering and applications),

Respond: “Part of our Barracuda Web Filter’s strength is its ability to block a wide variety of content, applications with a fine level of control. You can apply global content and application filters, and create custom policies for each user or group. If you have a quick second, let me tap you into a live Barracuda Web Filter and show you how it works.”

c. If customer says: “Detailed reporting of what users are doing.” Respond: “We have a variety of reports supported in our latest release. Unlike other solutions, our reporting engine is native to the appliance and does not require additional database or software management. If you have a quick second, let me tap you into a live Barracuda Web Filter and show you how it works.”

Additional Qualifying Information The Barracuda Web Filter can be integrated with Active Directory or LDAP. The Barracuda Web Filter also supports NTLM. You can give different users different privileges. For example, if you only wanted your sales team to have access to ESPN.com during lunch, you can do that with the Barracuda Web Filter. If you want to give the marketing department access to only work-related Web sites, you can do that as well.

Barracuda Web Filter Demo Guide


ONLINE DEMO

http://webfilter.barracuda.com

Username: guest Password: spyware

“This will bring you to a live Barracuda Web Filter. Before we begin, we are logging into the Barracuda Web Filter as a guest. Feel free to explore the interface further when we are done. If you are exploring on your own and want to know exactly what you are looking at, simply hit the ‘question mark’ icon on the right-hand side of the page and a popup window will appear with a detailed explanation of the tab.”

Introduction: Let’s begin by getting an overview of how the Barracuda Web Filter protects your network. Basic Tab Status: This gives you a snapshot of the traffic flowing through a Barracuda Web Filter from within your network.

• Upper lefthand corner summarizes statistics on traffic to the Barracuda Web Filter. • Upper righthand corner gives you the enviromental conditions, data that engineers might appreciate. • In the middle of the page, you will see infection activity detected and user requests blocked by the

Barracuda Web Filter. • At the bottom of the page, you will see lists and graphs that show trends from traffic passing through the

Barracuda Web Filter. This includes:

Lists Graphs - Top Blocked Domains - Top Requested Domains - Top Domains by Bandwidth - Top Blocked Categories - Top Categories by Request - Top Categories by Bandwidth

- Blocked Requests - Requests - Bandwidth



Infection Activity: This page displays all the infected clients and the threats detected on each computer.

Filtering and Policy Control: The Barracuda Web Filter includes a powerful malware protection and policy management engine that allows for flexible and granular content and application filtering. Let us review this: Block/Accept Tab Content Filter: We have 58 different categories that you can either block, warn, monitor or allow. Different policies can be created for unauthenticated or authenticated users. Blocking will block access to the Web sites, Warn will issue a user configurable warning message when the site is accessed, Monitor will allow users to monitor requests and Allow will allow unrestricted access to the Web site. We support both http and https filtering. The policy control mechanisms are the same for https and http. Https filtering is available in both inline form and proxy configurations. We use DNS lookups and do not apply “man-in-the-middle” certificate spoofing methods. This reduces your security risk and data liability.



Additional Information: At the bottom of this page, you will see a “Content Filter Lookup” area. Let’s say that there is a brand new Web site that just came out and you want to see if the Barracuda Web Filter is blocking that Web site. For our example, let’s use www.espn.com. Type that in and hit the “Lookup” button to the right. You will see that it is categorized under the ‘Sports’ category. If it’s not categorized, you can do one of two things or both. One, you can simply go to the domains tab and blocked list www.espn.com or, two, you could submit the Web site to Barracuda Central. If you submit it to Barracuda Central, we will look at that Web site and assign it to the appropriate category.

Applications: This is an important page for a majority of our customers. Here you can block public IMs, streaming media and tools like Weatherbug. If there is an application that we currently do not block, simply send it to Barracuda Central and we will add it to our database.



Custom Categories: This is a very popular feature. This allows users flexibility to extend pre-defined categorization of URLs by creating custom categories and applying exceptions and other policies to these new categories. For example, URLs from two different pre-defined categories can be combined under a single custom category enabling easier policy administration.



Domains: Here the administrator can determine which domains to block or allow. If you have a specific domain that you would like to always allow or block, you would enter that information here in a allowed list or blocked list.

Patterns: The Patterns page lets you create filters that block or allow access to URLs that contain specific patterns. For example, if you want to block all Web sites that contain CNN in the URL (Say… www.cnn/world or www.cnn/sports), then enter CNN as a blocked pattern. You can also set up different rules based on either unauthenticated or authenticated users.

MIME Blocking: The Barracuda Web Filter allows you to enter standard MIME types for blocking. Many organizations choose to block Internet radio and streaming media because they load the internal network. Executable files are also commonly blocked because they can install viruses and other malware. Web sites that are whitelisted are not subject to the MIME blocking rules you create. An extensive list of common MIME types are included to better help you identify data you would like to block.

Exceptions page: This page lets you create exception policies for specific users and groups so they can override the filters that block access to applications and Web sites.

For example, by default the Barracuda Web Filter applies a content filter to block access to gaming Web sites. However, if you want to allow users or groups of users to access gaming sites during non-business hours you can create an “allow” exception policy for the hours of 6 p.m. (18:00) to 8 a.m. (8:00) for the category “Content Filter” and subcategory “Game Playing.”

Alternatively, by setting an exception policy by users, you can block everyone except the HR department from accessing “Job Search” and “Career Development” Web sites such as Monster.com or careerbuilder.com.



Browse Test page: This page is used to test any changes you make to your content filter and exception policies. Simply type in a URL and check whether the access or catergory matches your policy. (Give 2 examples to customer)

Example 1

Let me show you how it works…let’s start with our Web site, www.barracuda.com…as we can see this site is allowed.

Example 2 Now let’s try www.playboy.com …in this case we can see it was blocked. We can also see the customized message that your users will see. In case this block was made by mistake, this also gives the user the chance to log in (using their corporate login) and then their Web access will change to reflect their privilege level.



Additional Information (If Necessary): Block Messages: This page is used to set up the messages you want to send to your users when they are blocked from accessing a Web site. A different message can be created for each reason (i.e. spyware, viruses, content or blocked list). This page is also used to set the virus infection threshold for your users. When a computer reaches the stated threshold the user will be will prompted to use the Barracuda Spyware Removal Tool. The removal tool will only allow the user to delay running the removal once, if it is not run immediately then it will force the user to clean the computer the next time they log in.

IP Block/Exempt:

Exempt: On this page you can exempt certain networks or clients from content filtering, IM blocking, and all types of download blocking. You can also exempt traffic between the specified servers from being proxied and scanned. For example this can be used to exempt traffic to internal servers. Another common use is to exempt servers that require authentication because they may not allow proxied requests.

Block: If you suspect that certain users are abusing their access to the Internet or to specific applications, you can use this screen to deny Internet access to those users or to block their access to the applications. For applications based on layer3 rules (hosts/ports), users can exempt/block applications by specifying the IP ranges. For example If you to stop users from playing World of War Craft (WOW) and you know the port used to access this game, then you can simply block Internet access to that port.



User Authentication: The Barracuda Web Filter allows you to create local accounts or integrates with your existing Authentication Servers through LDAP or NTLM. Users/ Group Tab Account View: This displays all the user accounts known to the Barracuda Web Filter. This page lets you view details about each account and make changes to any locally created accounts. Including user and group accounts gives you a finer level of control over your blocking policies. New users : Here you can create new users that the Barracuda Web Filter will authenticate locally from it’s database. You would only need to create users if you weren’t using external authentication services. User Authentication Services can be configured on the Authentication Services page.

Local Groups : This page lets you create new groups that your locally created users can join. Again you would only need to create these groups if you weren’t using external authentication services. Once created you can use these groups to apply exception policies by group.

IP Subnets/Group : You can also build groups by specific IPs or IP ranges.

Authentication Services : This page lets you specify the location of your LDAP/NTLM server so your Barracuda Web Filter can:

• Authenticate users using LDAP/NTLM • Associate user group membership using LDAP/NTLM • Allow you to assign exception policies to LDAP/NTLM users. The exceptions are created in the

Block/Accept – Exceptions tab NTLM Authentication is particularly useful in Terminal Services, CITRIX or NAT environments where multiple users share IP addresses. This allows users to be distinguished on credentials besides IP address. Configuration : Here you can set up session limits to disable a user’s authentication based on either session length or idle time. Additional Information (If Necessary): DC Agent: Also on this page is the DC agent. It’s an optional component in addition to your LDAP integration. The DC agent tracks users within your network and based on their network log-in, it extends the user Web browsing priveleges as stated in your LDAP directory. In practical terms it means that if the CEO decides to spend a week sitting in with the sales department, when he logs into a computer located in the sales department, the DC agent will map his log in with the LDAP and provide him Web access based on his priveleges and not the priveleges of the sales department.

Reporting: Finally, you can generate snapshot, trends and detailed reports of user activity. The Barracuda Web Filter supports more than 30 report types that can be scheduled for automatic delivery. This includes reports that will be useful to IT, HR and other departments. Log: This screen allows you to monitor, in real-time, the Web and spyware traffic that passes through the Barracuda Web Filter and the action that was taken by the Barracuda Web Filter – whether it was allowed or blocked. You can



apply filters to examine the log entries tracked by the Barracuda Web Filter. For each filter you can also apply the following sub-filters: Source IP, URL containing a specific expression, or User/Group Name.

Application Log: This screen allows you to monitor any blocked applications (streaming media, IM, peer-to-peer etc.) blocked by the Barracuda Web Filter. Again, you can apply filters and sub-filters to examine the log entries.

Reporting: This page allows you to create detailed reports based on requests, bandwidth, blocked content, spyware prevented and virus prevented. For example, you can find the Top 10 Users by Bandwidth and then drill down to see the websites visited by these users. Alternately, you can get detailed activity reports for ndividual user ids. Also, you can either run a one off report or schedule daily reports via email. Click on the help icon to see full details of report types. Report Types (If Necessary): Top Users By Requests Top Users By Bandwidth Top Websites By Requests Top Websites By Bandwidth Top Blocked Users Top Blocked Domains Top Blocked Categories Top Warned Users Top Warned Domains Top Warned Categories Top Monitored Users By Requests Top Monitored Users By Bandwidth Top Monitored Domains By Requests Top Monitored Domains By Bandwidth Top Infected Users Top Spyware Hits Top Blocked Spyware Infection Top Categories By Requests Top Categories By Bandwidth Requests By Hour Bandwidth By Hour Actions By Hour Requests By Time of Day Bandwidth By Time of Day Actions By Time of Day Top Websites By Time Spent Category Usage By Time Requests by User



Additional Information (If Necessary): Advanced Tab

Backup: This allows you to back-up your configuration details and save to a text-based .bak file.

Energize Updates: The Barracuda Energize Update service is the yearly subscription, that you pay for at the time of the Barracuda Web Filter’s original purchase. The Barracuda Energize Update service provides you with hourly updates to the latest virus, spyware & content filter updates. Also included is access to our 24/7 technical phone support and access to all new firmware updates as they are released. Unlike most of our competitors, we charge a flat rate for the Barracuda Energize Update service meaning you can add additional users to the Barracuda Web Filter without increasing your annual cost. You can use this page to ensure that you are using the latest Barracuda Energize Update release, to revert back to an older version, or to change the frequency of your updates from hourly to daily or off.



Furthermore, by clicking on the release notes under the virus definitions you will find an alphabetical list of all viruses currrently covered by the Barracuda Web Filter. Let’s say you hear of a new virus that has just been released to the wild. If you want to know if the Barracuda Web Filter is protecting against it, simply open the release notes and you’ll find a list of every single virus that is covered at any given time.

Firmware Update page: Firmware updates enable us to continue to improve the performance and features of the Barracuda Web Filter even after you have purchased it. On this page you can apply new firmware releases or revert to a previous version. Additionally you can open the “View release notes” and see a complete history of every fix, patch and enhancement that has been made to the product since it was first released.

Linked Management: This feature allows you to cluster multiple Barracuda Web Filters together and synchronize configuration. You can setup the units in active-active or active-standby mode for redundancy.

Spyware Removal Tool:

As part of our award-winning approach to providing customers with a complete spyware solution, the Barracuda Web Filter also includes a desktop spyware removal tool. The spyware removal tool is accessible to users in two ways:

Hosted domain: Once installed, Barracuda Web Filter users can go to http://172.27.72.27 and run the tool. Alternatively, the admistrator can create their own domain for users to access (i.e. www.customerdomain.removaltool.com).



Exceeding the spyware thresold: Alternatively, under the Block/Accept Tab/Blocked messages page, the administrator can set a spyware thresold that, once exceeded, will prompt the removal tool to run. When the removal to is run, the user will be forced to either clean their computer immeditaley or within 24 hours. If the tool is not run within the 24-hour window, Internet access will be terminated to that computer until it has been cleaned.

Screenshot of the Barracuda Spyware Removal Tool

If you have any questions about the Barracuda Web Filter please contact the Barracuda Networks Sales Department at 408-342-5400 or via email at [email protected]. Other Sales FAQs: “Why not get a software based solution?” • Software solutions involve dedicated hardware, separate databases, operating system licenses, software installations and

patches and pay per-user license charges over the life of the product. • The Barracuda Web Filter combines hardware, software and subscription services with global technical support. It is easy to

deploy, administer and is virtually maintenance free. • It comes at a fixed price with no per-user charges.



“Am I getting best-of-breed protection?” • Barracuda Networks offer comprehensive spyware protection by blocking access to spyware sites, spyware downloads,

phone home threats and drive-by installs. • Barracuda Central, a team of security experts, continuously monitors trends in spyware and virus attacks and updates the

system automatically. • Along with the fully integrated desktop spyware removal tool, the Barracuda Web Filter provides complete network

protection in a single appliance. “What if I have more than 4500 users?” • The model 910 can support a maximum of 4500 users. Multiple Barracuda Web Filters can be easily combined using WCCP

or Load Balancing. This also provides fault tolerance. “Do you filter open proxy sites?” • Yes. Our strength in email spam filtering and installed base of more than 50000 customers helps us identify the newest open

proxy sites and P2P proxy nodes. • We combine this with web crawling and other technologies to protect against known and unknown open proxy threats. “Do you support delegated administration?” • This is usually for on demand reporting or to override administrative policies. Most users actually need customized reports.

The Barracuda Web Filter lets you customize and schedule delivery of reports. Also, most administrators are uncomfortable with constantly changing policy. If necessary, it can be done through Barracuda API.

barracuda web filter demo guide version 3.3 getting started what

Documents