v7.7 Release Notes for Websense® Web Security : New in Websense Web Security v7.7
|
Websense Web Filter, Web Security, Web Security Gateway, and Web Security Gateway Anywhere, v7.7
|
|
Risks shows information about blocked and permitted requests for URLs that fall into the Security Risk class. The amount of information depends on your subscription level. Web Security, Web Security Gateway, or Web Security Gateway Anywhere is required to see information about requests in some security-specific categories.
|
|
Usage shows information about traffic patterns in your network, including bandwidth information and filtering summaries.
|
|
System shows alert messages, status information, and graphical charts that show the current state of your Web Security solution, focusing on component health and Internet activity in your network.
|
|
Web Security Gateway or Web Security Gateway Anywhere is required to display information about outbound threats and to provide detailed forensic data about the threats.
|
|
Top Security Destinations shows the top 10 countries that are targets (destinations) for suspicious network traffic.
|
|
Security Events by Type shows the number of blocked requests for sites (destinations) in security categories associated with malware threats.
|
|
Suspicious Event Summary lists information about the severity, source IP address, user, host name (if available; requires Websense Content Gateway), category, time, direction, and destination of blocked and permitted requests associated with malware threats.
|
|
Each alert message includes a link to the Dashboard > Threats > Event Details page that you can use to investigate the associated incidents.
|
|
The option to create your own reports from scratch. In addition to working from existing (custom or predefined) reports, you can select one of 2 base templates to create a trend or top N report.
|
Base Templates > New Trend Report
|
Provide a name and title for the report, assign it to a report category, then define the basic elements of the report, including:
Click Save and Edit to further refine the report using the same report filters used for any predefined or custom report.
|
||||
Base Template > New Top N Report
|
Provide a name and title for the report, assign it to a report category, then define the basic elements of the report, including:
Click Save and Edit to further refine the report using the same report filters used for any predefined or custom report.
|
Trends > Social Networking Trends by Requests
|
Shows requests for URLs in Social Networking categories over a selected period of time. Summary information showing request totals for each data point in the period are provided below the chart.
|
Trends > Security Risk Trends by Requests
|
Shows requests for URLs in Security Risk categories over a selected period of time. Summary information showing requests totals for each data point in the period are provided below the chart.
|
|
A new User-Defined category in the Report Catalog for storing custom reports.
|
|
Combined request, browse time, and bandwidth information (when available) in many existing reports. Previously, all 3 measures could not be shown together.
|
|
Saving browse time detail information increases the size of the Log Database. Monitor Log Database Growth Rates and Sizing data on the Log Database page after enabling this feature in case the size difference warrants changes to your rollover settings.
|
|
Browse time information for detail reports is only available for dates subsequent to when the feature was enabled.
|
3.
|
If the file is not blocked by extension, Content Gateway or the hybrid service analyzes the file to determine its true file type.
|
File Type
|
Associated Extensions
|
.ace, .arc, .arj, .b64, .bhx, .cab, .gz, .gzip, .hqx, .iso, .jar, .lzh, .mim, .rar, tar, taz, .tgz, .tz, .uu, .uue, .xxe, .z, .zip
|
|
.ade, .adp, .asd, .cwk, .doc, .docx, .dot, .dotm, .dotx, .grv, .iaf, .lit, .lwp, .maf, .mam, .maq, .mar, .mat, .mda, .mdb, .mde, .mdt, .mdw, .mpd, .mpp, .mpt, .msg, .oab, .obi, .oft, .olm, .one, .ops, .ost, .pa, .pdf, .pip, .pot, .potm, .potx, .ppa, .ppam, .pps, .ppsm, .ppsx, .ppt, .pptm, .pptx, .prf, .pst, .pub, .puz, .sldm, .sldx, .snp, .svd, .thmx, .vdx, .vsd, .vss, .vst, .vsx, .vtx, .wbk, .wks, .wll, .wri, .xar, .xl, .xla, .xlb, .xlc, .xll, .xlm, .xls, .xlsb, .xlsm, .xlsx, .xlt, .xltm, .xltx, .xlw, .xsf, .xsn
|
|
.bmp, .cmu, .djvu, .emf, .fbm, .fits, .gif, .icb, .ico, .jpeg, .jpg, .mgr, .miff, .pbf, .pbm, .pcx, .pdd, .pds, .pix, .png, .psb, .psd, .psp, .rle, .sgi, .sir, .targa, .tga, .tif, .tiff, .tpic, .vda, .vst, .zif
|
|
.aif, .aifc, .aiff, .asf, .asx, .avi, .ivf, .m1v, .m3u, .mid, .midi, .mov, .mp2, .mp2v, .mp3, .mpa, .mpe, .mpg, .mpv2, .ogg, .qt, .ra, .ram, .rmi, .snd, .wav, .wax, .wm, .wma, .wmp, .wmv, .wmx, .wxv
|
|
|
The Real-time category, if any, assigned to the URL. This is the category returned by Content Gateway analysis of the site.
|
|
The Static category assigned to the URL in the Websense Master Database.
|
|
Which Web Security component provided the category that led the site to be blocked (Category set by).
|
|
Configure the method used to add log records to the database (ODBC or BCP), as well as where cache or BCP files are stored.
|
The enhanced logging feature, used to control how Log Server resumes logging after it has been stopped, can now be configured only via the logserver.ini file.
By default, this option is disabled, and Log Server begins processing at the beginning of the oldest log cache file after a stop. This can result in some duplicate entries in the Log Database, but speeds Log Server processing.
|
|
A new Growth Rates and Sizing chart plots the size of each Log Database logging partition.
|
|
Internet Browse Time options now include the option to calculate detailed browse time information for use in investigative detail reports.
|
|
To support trend reporting in the Web Security Dashboard and presentation reports, Trend Data Retention options let you choose whether to calculate and store trend data. You can also specify how long to store daily, weekly, monthly, and yearly trend data.
|
|
TRITON Unified Installer (select Encrypt connection)
|
|
Web Security module installer (select Use SSL to connect to the Log Database)
|
|
Settings > Reporting > Log Server page in TRITON - Web Security (select Use SSL to connect to the Log Database)
|
Configure encryption in Microsoft SQL Server before enabling this feature in either the installer or the TRITON console. See the Deployment and Installation Center for more information.
|
|
If you are running TRITON - Web Security on a Websense appliance, the connection from the console to the database cannot be encrypted. This means that if the Microsoft SQL Server Force Protocol Encryption option is set to Yes, no data appears in the Web Security Dashboard or other reporting tools.
|
|
Enable or disable automatic domain discovery (the process by which DC Agent automatically identifies the domains and domain controllers it can query).
|
|
All Filtering Service instances that communicate with the same State Server instance must share the same time zone, and the time on all machines must be in sync.
|
|
All Filtering Service instances associated with the same Policy Server must communicate with the same State Server.
|
|
On Websense appliances, use the Administration > Toolbox > Command Line Utility to enable state-service.
|
In Web Security Gateway and Gateway Anywhere software or appliance deployments, you can enable YouTube for Schools via Content Gateway, rather than via Filtering Service.
|
1.
|
In TRITON - Web Security, navigate to the Settings > General > Filtering page, and verify that Enable search filtering is selected at the bottom of the page.
|
2.
|
Make sure that the YouTube is permitted for the clients that will be granted YouTube in Schools access.
|
3.
|
Edit the eimserver.ini file for each Filtering Service instance in your network to include the following lines:
|
|
The monitor NIC (the network card used to monitor Internet activity) connects to the switch port with a 802.1Q protocol header.
|
|
The blocking NIC (used to send block pages or block messages) does not need to include the 802.1Q protocol header. As a result, it cannot be connected directly to access ports.
|
|
In software deployments, use the Custom installation option to install Websense Multiplexer on each Policy Server machine.
|
|
On Websense appliances, use the Administration > Toolbox > Command Line Utility to enable mux-service on the full policy source and each user directory and filtering machine.
|
|
Network Agent (standalone mode) or Content Gateway (Websense Web Security Gateway or Gateway Anywhere) is required to enable IPv6 filtering.
|
|
Source and destination IPv6 addresses are not recorded in the Log Database, with one exception. If no user name information is available for an IPv6 client, the IPv6 address is recorded in the user name field. As a result, dashboard charts, investigative reports, and presentation reports include only limited IPv6 address information.
|
|
DC Agent, eDirectory Agent, and RADIUS Agent do not support IPv6 addresses. (Logon Agent, however, does support IPv6.)
|
In version 7.7, Websense Directory Agent is installed but not enabled on Websense appliances.
To enable Directory Agent, go to the Administration > Toolbox > Command Line Utility in Appliance Manager and enable directory-agent-service.
|
|
Limit which directory contexts are synchronized with the hybrid service to save time and enhance performance.
|
|
Exclude contexts that might lead to synchronization problems (for example, contexts containing groups with duplicate email entries).
|
|
The Settings > Hybrid Configuration > Filtered Locations page has been enhanced to more clearly distinguish between locations filtered by on-premises components and locations filtered by the hybrid service.
|
|
The Settings > Hybrid Configuration > Hybrid User Identification page now includes the option to create or change the Web Endpoint anti-tampering password. There is still an option to create the password in the Unified Endpoint Package Builder when a Web Endpoint installation package is being configured.
|
|
The Settings > Hybrid Configuration > Hybrid User Identification page now includes an additional method for user identification and authentication. In addition to NTLM and basic authentication, secure form authentication can be used.
|
|
For sites that want to use the default PAC file, but have port 8082 or 8081 locked down, the Proxy Auto-Configuration File section of the Settings > Hybrid Configuration > User Access page now offers 2 options:
|
|
The hybrid service now supports SSL decryption bypass settings for IP address and range for both clients and destinations as defined on the Settings > Scanning > SSL Decryption Bypass page in TRITON - Web Security. There are 3 exceptions:
|
|
Bypass specifications for IPv6 addresses and ranges are not supported. Sync Service does not pass these addresses and ranges to the hybrid service.
|
|
Bypass specifications for client machine private IP addresses are not supported. Sync Service does send these IP addresses, but they are disregarded by the hybrid service.
|
|
Bypass specifications for client machine hostnames are not supported. Sync Service does not pass these hostnames to the hybrid service.
|
|
The Session Timeout period configured on the Settings > Hybrid Configuration > User Identification page in TRITON - Web Security determines how long user credentials are assumed valid by Websense Authentication Service and secure form authentication.
|
Provide us feedback on your experience with the Service Request portal.
provide feedback >
v7.7 Release Notes for Websense® Web Security : New in Websense Web Security v7.7
|