The new Websense Control Service handles component activation and configuration. It continues to run once installation is complete in order to facilitate adding or removing components.
The TRITON Unified Security Center is the new configuration and management interface for Websense Web and data security solutions. In this release, the TRITON console includes a Web Security module that replaces Websense Manager, as well as a Data Security module that replaces DSS Manager.
In Websense Web Security Gateway Anywhere environments, and other environments that combine Websense Web and data security solutions, you can configure the TRITON console to give specific administrators access to both modules via a single logon account.
Shared administration of the Web Security and Data Security modules of the TRITON Unified Security Center requires linking your Websense Web and data security solutions. Linking Service, the component that enables linking, provides the added benefit of giving data security software access to Master Database URL categorization and user information collected by User Service.
Once a connection is established, use the Settings > Linking page in TRITON - Web Security to configure the notification email messages sent to new administrators. You can then start creating administrator accounts on the Main > Policy Management > Delegated Administration page. (The accounts must also be added to TRITON - Data Security to allow joint access.)
Full reporting, including the Today and History page charts, investigative reports, and presentation reports, is now available when TRITON - Web Security is installed on Linux. This requires that Log Server be installed on a Windows machine, with the Log Database hosted on a supported version of Microsoft SQL Server or MSDE.
Previously, custom categorization always determined how a URL was filtered. In other words, if a URL was recategorized in a permitted category, added to the Unfiltered URLs list, or added to a limited access filter, that custom categorization always took precedence over the Master Database or security scanning categorization. Therefore, a legitimate site that was compromised might be permitted due to custom categorization, even if the Master Database or security scanning placed the site in a Security category (like Malicious Websites, Spyware, or Keylogging).
You now have the option to configure Websense software to prioritize Security Risk categorization over custom categorization. After the configuration change, if the Master Database or Websense Web Security Gateway scanning places a site in a Security Risk class category, and the category is blocked, the site is blocked.
|
1.
|
Navigate to the Websense bin directory on the Filtering Service machine (C:\Program Files\Websense\bin or /opt/Websense/bin/, by default) and open the eimserver.ini file in a text editor.
|
|
|
Windows: Use the Services dialog box (Start > Administrative Tools > Services) to restart Websense Filtering Service.
|
|
|
Linux: Use the /opt/Websense/WebsenseDaemonControl command to stop and then start Filtering Service.
|
|
1.
|
Navigate to the Websense bin directory on the Sync Service machine (C:\Program Files\Websense\bin, by default) and open the syncservice.ini file in a text editor.
|
|
1.
|
Go to the Settings > Network Agent > Local Settings page.
|
|
2.
|
Expand Advanced Network Agent Settings.
|
|
4.
|
Enter the ports that you want Network Agent to ignore.
|
|
5.
|
Click OK to cache your changes, and then click Save All to save and implement them.
|
Note that because this functionality has been moved to the TRITON console, the IgnorePorts parameter in the
natuning.ini file is no longer used. Even if you have previously modified your natuning.ini file, you must now enter the port information in TRITON - Web Security.
|
|
Embedded URL link analysis can optionally be performed during content categorization for more accurate categorization of certain types of pages. For example, a page that otherwise has little or no undesirable content, but that links to sites known to be undesirable, can be more accurately categorized. URL link analysis can find malicious links embedded in hidden parts of a page, and can detect pages returned by image servers that link thumbnails to undesirable sites.
|
|
|
A content categorization sensitivity control allows you to tune the sensitivity of the methods (classifiers) used to classify content and ultimately determine a category. It is important to understand that categorization results from content analysis that applies several methods (classifiers). The effect of changing the sensitivity level, with respect to resultant category, cannot be predicted. The sensitivity level is optimized (tuned) by Websense Security Labs using a very large URL test set, to provide accurate results across that test set.
|
|
|
A new security threat content scanning option supports the scanning of outbound Web content for bot and spyware phone home traffic. When phone home traffic is detected, it is forwarded to the scanning log database and categorized, so that you can run a report to obtain a list of the computers in your system that are infected with bot and spyware.
|
|
|
New presentation reports and History page charts highlight the effectiveness and value of real-time scanning of Web 2.0 sites. On the Presentation Reports page, the Scanning Activity group includes reports on Web 2.0 browsing and scanning activity, including recategorization that results from content categorization. There are also reports that track page blocks that result from link analysis.
|
To support organizations using SSL Manager in Content Gateway to manage encrypted traffic, and who do not want to decrypt HTTPS sessions that users establish with sensitive sites (such as personal banking or health provider sites), administrators can now specify categories of sites that will bypass SSL decryption.
For convenience, a predefined Privacy Category group includes categories that may be subject to regulatory requirements, such as education, financial data services, health care, and others. Administrators can also specify a list of hostnames or IP addresses for which SSL decryption is not performed.
Tunneled protocol detection analyzes traffic as it transits Content Gateway to discover protocols that are tunneled over HTTP and HTTPS. Such traffic is reported to Filtering Service for protocol filtering enforcement. Scanning is performed on both inbound and outbound traffic.
HTTP tunneling occurs when applications that use custom protocols for communication are wrapped in HTTP (meaning that standard HTTP request/response formatting is present) in order to use the ports designated for HTTP/HTTPS traffic. These ports are open to allow traffic to and from the Web. HTTP tunneling allows these applications to bypass firewalls and proxies, leaving a system vulnerable. This feature can be used to block protocols used for instant messaging, peer-to-peer applications, and proxy avoidance.
A new presentation reports feature offers improved performance of reports generated on the fly while making it easier to schedule and access very large reports. Administrators can either:
To support the ability to use a single logon to access both the Web Security and Data Security modules of the TRITON Unified Security Center, there have been changes to delegated administration. The following changes affect all deployments that use delegated administration, regardless of whether they include a data security solution:
|
|
On the Policy Management > Delegated Administration page, the Manage Websense User Accounts button has been replaced with a Manage Administrator Accounts button.
|
When Websense Web Security is linked to a data security solution, Super Administrators are given the option to send an email notification to each new delegated administrator that includes instructions for accessing both modules of the TRITON Unified Security Center. Administrators who receive email notification are prompted to change their password the next time they log on to TRITON - Web Security. Linking must first be configured to enable these options.
