2 Installation and Deployment Part 1.ppt

2,491 views
2,411 views

Published on

0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
2,491
On SlideShare
0
From Embeds
0
Number of Embeds
2
Actions
Shares
0
Downloads
25
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide
  • Topic 2: Installation and Deployment Part 1 Module Topics: Pre-installation
  • Topic 2: Installation and Deployment Part 1 Module Topics: Deployment Part 1
  • Topic 2: Installation and Deployment Part 1 Module Topics: Reporting Tools NOTE: iLab 2-3 Purpose: To facilitate SQL machine name changes post SQL server installation
  • Topic 2: Installation and Deployment Part 1 Installing Websense Web Security Suite
  • Steps for a Successful Websense Deployment (Standalone) The following sequence is recommended for installing Websense Enterprise or Web Security Suite and configuring it to filter internet traffic with Network Agent: 1. Plan the Websense deployment: Websense components can be deployed in various combinations, depending upon the size and architecture of your network. Deciding which Websense components to install and where to put them is your first task. The information required to make this decision can be found in the Deployment Guide for Websense Enterprise and Web Security Suite. For an overview of basic deployment in a small network (< 500 users), see Chapter 2: Network Configuration. 2. Install Websense filtering components: Once you have decided how to deploy Websense software in your network, install the selected web filtering components. See Chapter 4: Installing Websense Enterprise or Web Security Suite for installation procedures. 3. Perform initial setup tasks: Perform the post-installation setup tasks in Chapter 5: Initial Setup. 4. Once you have completed the previous tasks to set up default global web filtering, you can customize your filtering policies, configure user- and group-based filtering, and learn to use more advanced Websense features by following the instructions in the Administrator’s Guide for Websense Enterprise and Web Security Suite.
  • http://www.websense.com/docs/support/documentation/checklists/WSInstall_Checklist.pdf On your Participant Guide CD is a checklist you can use to enter installation and setup information for Websense Enterprise or Websense Web Security Suite, and to verify that your network is properly prepared for an installation. The PDF Install Checklist has sections on: Network Prerequisites System Requirements Installation Information Initial Setup
  • Refer to the Deployment Guide for more information: http://www.websense.com/global/en/SupportAndKB/ProductDocumentation/
  • Topic 2: Installation and Deployment Part 1 Preinstall Questions Does your site meet the Hardware Recommendations?
  • Topic 2: Installation and Deployment Part 1 Preinstall Questions Necessary Software Installed? NOTE: SQL 2005 Agent is not always running, so check, and if necessary, start agent before installing reporting components.
  • Topic 2: Installation and Deployment Part 1 Make sure you have local and domain controller administrative privileges before installing Websense software If you anticipate having to add a second NIC to a machine on which you plan to install the Network Agent, install the second NIC before installing the Network Agent or you may have to correct the binding order. Dynamic IP addresses: Websense Software will not install on a machine that uses DHCP to assign IP addresses. You must set the machine to have a static IP address, ensuring Websense Software components have correct locations for each other.
  • Topic 2: Installation and Deployment Part 1 Typical or Custom Install Choosing ‘Typical’ installs all Websense components including Real-Time Analyzer, Network Agent, Filtering Service, User Service, Policy Service, and Websense Manager on the same machine. If you are installing an instance of Network Agent for a different area of your network, you can install simply that. Custom can be used when you are distributing components across multiple computers and will be used in the hands-on lab so your instructor can discuss various Websense components.
  • Topic 2: Installation and Deployment Part 1 Stand-alone vs. Integrated mode In Integrated mode – all http URL requests are directed to Websense by a third-party proxy, firewall or cache such as Cisco PIX, ASA, Check Point or SonicWALL, etc. In Stand-Alone mode – The Websense Network Agent acts as the Integration by reading requests off the network. For this deployment to work, the Websense software needs visibility to network traffic via either a Hub or Switch with port mirroring. NOTE: Stand-Alone installations can be upgraded/converted to Integrated (and you can select the integration partner you want to use) but an integrated install cannot be converted to stand-alone
  • Topic 2: Installation and Deployment Part 1 Filter Immediately or Monitor Only If you choose Filter Immediately the Websense software will provide basic web filtering for all users with the default global Websense policy If you choose Monitor Only you can configure filtering later in the Websense Manager
  • Transparent User Identification Transparent ID Agents allow Websense to apply filtering policy by user or group name without prompting the user to log on Transparent User Identification agents allow you to select how Websense Software will identify users: eDirectory Agent: Select this option to install and configure eDirectory to authenticate users transparently with Novell eDirectory Service. DC Agent: Select this option to install and configure DC Agent to authenticate users transparently with a Windows-based directory service. Logon Agent: Select this option to install the Logon Agent to authenticate users transparently when they log on DC Agent and Logo Agent: Select this option to install and configure DC Agent and the Logon Agent to authenticate users transparently. NOTE: This can increase the accuracy of user identification None: This option allows you to configure Websense software to add a transparent identification agent to authenticate users later.
  • Topic 2: Installation and Deployment Part 1 Database Download If you provided the installer with a valid subscription key when prompted, setup asks if you want to download the Websense Master Database now or at a later time using the Websense Manager.
  • Topic 2: Installation and Deployment Part 1 Our Scenario: Single Machine, Custom Installation, Stand-Alone Edition
  • Topic 2: Installation and Deployment Part 1 Core Components
  • Topic 2: Installation and Deployment Part 1 For an instance of Websense software to be considered a full installation, certain components must be present: Filtering Service – core of the product for Web filtering operations It holds policy information and parts of the Websense Master Database in memory during operation Policy Server – maintains policy lists and configuration information, distributing them to other Websense services as needed It also maintains a listing of the location of all Websense Enterprise components as a service to the system Websense Manager – interface for adding/changing configuration settings, creating policies, and establishing system working options Also used by Client Policy Manager (CPM) Websense Master Database - The Websense Master Database has the industry's most accurate classification of URLs , protocols , and applications . Websense uses a variety of proprietary classification software and human inspection techniques to maintain the Master Database User Service – provides user/group/organizational unit information to other Websense components and communicates with the directory service to apply filtering based on users, groups, domains and organizational units. The directory service is not an element of Websense, but can be either a Windows-based, or LDAP-based directory service. Network Agent is not a required Websense component but is necessary for a single machine, stand-alone edition Websense software installation The Network Agent monitors network activity for protocol and bandwidth filtering, and provides enhanced logging information. It is also used as a “universal” integration for evaluation purposes.
  • Topic 2: Installation and Deployment Part 1 The Filtering Service has core functions while offloading configuration storage/distribution and user identification to other Core Components Filtering Service (formerly EIM Server) holds the Master Database. The Filtering Service receives internet requests, determines the appropriate filtering policy, and either permits the request or sends the appropriate block message. The Filtering Service is typically installed on the same machine as the Policy Server
  • Topic 2: Installation and Deployment Part 1 Core Component: Filtering Service
  • Topic 2: Installation and Deployment Part 1 Core Component: Filtering Service Filtering Service Functions
  • Topic 2: Installation and Deployment Part 1 Core Component: Filtering Service Filtering Service Deployment Filtering Service Component Requirements • Red Hat Linux 9 • Red Hat Enterprise Linux 3 or 4: AS, ES, and WS • Solaris 9 or 10, with current patches • Windows 2000 Server SP3 or later • Windows Server 2003 (Standard or Enterprise) • Windows Server 2003, SP1 (Standard or Enterprise) NOTE The Samba client (v2.2.8a or later) is required on the machine running the User Service in order to enable Windows workstations to display protocol block messages, if the Network Agent is used for protocol filtering and the User Service is installed on a Linux or Solaris machine.
  • Topic 2: Installation and Deployment Part 1 Core Component: Filtering Service Filtering Service Architecture Filtering Service: Typically installed on the same machine as Policy Server and may be installed on the same machine as Websense Manager. The Filtering Service can be installed on a different operating system than the Policy Server, as long as they are properly configured to communicate with each other. This is an unusual deployment. Filtering Service installs on Windows, Solaris™, and Linux®. You can install a maximum of 10 Filtering Services for each Policy Server if they employ quality network connections. For additional information, see the Deployment Guide for Websense Enterprise and Web Security Suite.
  • Topic 2: Installation and Deployment Part 1 Core Component: Filtering Service Filtering Service and Web Traffic
  • Topic 2: Installation and Deployment Part 1 Core Component: Filtering Service Filtering Service Tech Note
  • Topic 2: Installation and Deployment Part 1 Core Component: Filtering Service Filtering Service Tech Note
  • Topic 2: Installation and Deployment Part 1 Core Component: Policy Server
  • Topic 2: Installation and Deployment Part 1 Core Component: Policy Server Policy Server Overview The Policy Server is the Websense Web Security Suite component that stores all Websense configuration information. The Policy Server communicates this data to the Filtering Service, which filters Internet requests. The Policy Server can be configured from the Websense user interface component, Websense Manager. In addition to the Filtering Service, all other components in Websense Web Security Suite must be able to communicate with the Policy Server. After installation of the Websense Web Security Suite, the Policy Server automatically identifies all other Websense components. It continually tracks the location and status of all other Websense services, and is the definitive source of configuration information within the Websense environment. One Policy Server can distribute settings and policies to multiple Websense Filtering Services, regardless of how they are deployed. If a network is large (10,000+ users), it is possible to install and run multiple Policy Servers. Websense central policy distribution feature can be used to replicate configuration settings from one Policy Server in the network to another.
  • Topic 2: Installation and Deployment Part 1 Core Component: Policy Server Policy Server Overview
  • Topic 2: Installation and Deployment Part 1 Core Component: Policy Server Policy Server Deployment NOTE: If necessary, you can install Filtering Service and Policy Server on separate machines, though this will be an uncommon integration. The Filtering Service can be installed on a different operating system than the Policy Server, as long as they are properly configured to communicate with each other.
  • 2- Topic 2: Installation and Deployment Part 1 Core Component: Policy Server Policy Server Architecture Though they are architected as separate components, Filtering Service is typically installed on the same machine as the Policy Server. This strategy allows the Filtering Service and Policy Server to work most efficiently. If performance issues indicate separating the two, Policy Server may be on separate machine. You can implement multiple Filtering Services with a single Policy Server. As it is the central repository of configuration and policy settings, only one Policy Server is installed for each logical installation of the Websense software. If you need to de-centralize your installation of Websense Enterprise, you can install multiple Policy Servers, but you will need to install the other required components, as well. With central policy distribution (described in a later module), you will be able to share policy settings among multiple logical installations of Websense Enterprise. Example: One Policy Server delivers policies/categories to each machine in a segment. A different Policy Server handles traffic on a different segment. For configuration purposes, these installations are separate Websense software environments. Both Policy Servers will be installed with separate Filtering Services, which will handle filtering for each segment, but share policies.
  • Topic 2: Installation and Deployment Part 1 Core Component: Websense Manager
  • Topic 2: Installation and Deployment Part 1 Core Component: Websense Manager Once Websense Web Security Suite has been installed, the Policy Server must be configured to communicate with Websense Manager. Websense Manager can manage multiple Filtering Services from a single console. It can also be installed on multiple servers, allowing flexible administration.
  • Once the Administrator is authenticated, and a valid license key added, the Master Database is downloaded automatically.
  • The Websense Manager The Websense Manager is the primary access and configuration point for all Websense components The Websense Manager consists of: Menu Bar Displays function and feature options Navigation Tree Lists topics for viewing Content Pane Displays information associated with the selected topic In a first-time installation, Websense automatically filters all users according to the ‘Initial Filtering selection’ made during installation. If ‘Filter Internet traffic based on a predefined policy’, was selected, Websense employs the Global policy by default for all users. If ‘Monitor Internet traffic only’ was selected (the default selection), Websense monitors and logs Internet traffic, but permits all requests. Monitor Internet traffic only allows a company’s Internet usage to be monitored before a more restrictive policy is imposed. After logging on to the Manager, pull-down menus can be used to make changes to the default settings configured during installation. After a Policy Server has been added, the navigation tree lists the Policy Servers available for configuration from this instance of Websense Manager. And, once you log on to a Policy Server and enter the password, the navigation tree displays the topics for that server.
  • Topic 2: Installation and Deployment Part 1 Core Component: Websense Manager
  • 2- Topic 2: Installation and Deployment Part 1 Core Component: Websense Manager The Websense Manager is the interface you use to make configuration, policy, and system operation settings. The Websense Manager may be on the same machine as Filtering Service, or another server in the network. Also, there may be reasons for installing multiple Websense Manager instances, usually on multiple machines. An example of this might be an environment set up for remote configuration of Filtering Service. The Websense Manager may be used on a different operating system from the Filtering Service. For example, you may choose to run Filtering Service on a Linux machine, while you place Websense Manager on a MS Windows machine for configuration.
  • Topic 2: Installation and Deployment Part 1 Core Component: Websense Manager Websense Manager Tech Note
  • Topic 2: Installation and Deployment Part 1 Core Component: Websense Master Database
  • Websense Master Database The Websense Master Database houses the category and protocol definitions that provide the basis for filtering internet content. The database is continually updated. The Websense Master Database contains over 18 million websites, published in more than 50 languages and organized into more than 90 categories. The organization into categories, and subcategories of related internet sites with specific content focus give organizations a high degree of specificity in designing internet use policies. For example, the Information Technology category includes the subcategories Computer Security, Hacking, Proxy Avoidance, Search Engines and Portals, URL Translation Sites, and Web Hosting. Before entering the subscription key, category names are not displayed in Websense Manager. Once the key has been entered, the list of categories appears, but some categories may be marked [monitor only]. This indicates that these categories must be purchased separately. Websense records access to these sites for reporting purposes, but the filtering option is always set to permit and cannot be changed until the categories are purchased. Note: If Security PG is not activated, none of it’s categories will be displayed.
  • Topic 2: Installation and Deployment Part 1 Core Component: Websense Master Database Overview
  • Websense Master Database The Websense Master Database is organized into general categories, many of which contain subcategories of related internet sites with specific content focus. For example, the Information Technology category includes the subcategories Computer Security, Hacking, Proxy Avoidance, Search Engines and Portals, URL Translation Sites, and Web Hosting. As you saw in the Installation and Deployment Part 1 Module, before you enter a subscription key, category names are not displayed in Websense Manager. Once the key has been entered, the list of categories appears, but some categories may be marked [monitor only]. This indicates that these categories must be purchased separately. Websense records access to these sites for reporting purposes, but the filtering option is always set to permit and cannot be changed until the categories are purchased.
  • Websense Master Database Websense Web Security Suites version 6.3.1 and higher allows customers to use the Websense ThreatSeeker technology’s content-aware web reputation capabilities to flexibly manage websites with high potential to become a security threat. This easy to use extended protection is built upon years of experience in web reputation based on both website content and a proprietary combination of attributes.
  • Websense Master Database Websense Security Labs have developed a new technique to block potentially malicious websites based on "reputation" - beyond traditional filtering techniques. Websites with a high probability of being used for malicious purposes can be classified separately, even though there may exist as yet no concrete information for categorizing them as malicious. So, Websense Security Suite software now has the ability to protect users from sites that are potentially harmful while having the flexibility to reduce false positives. In addition, vulnerable sites can be blocked during attack outbreaks while a more ‘tolerant’ policy can be implemented in normal times.
  • Websense Master Database Reputation Filtering adds three additional categories to the Websense Filter: Potentially Damaging Content Elevated Exposure Emerging Exploits These categories will increase user security by categorizing data previously not classified, including malicious content, fraud, phishing, and exploit code, and also help manage unwanted traffic. RTSU will be the delivery method, and so frequent updates and use of RegExs are supported. Strengths of Websense Content-Aware Web Reputation: Experience Rooted in years of experience in the web and backed by ThreatSeeker technology. Content Aware Able to determine reputation based on actual content of the page as well as other attributes Ease of Use Able to easily manage URLs with questionable reputation -- no guessing, for example, whether +7 or +101 is the correct number to filter Lets Websense do the work on customer’s behalf -- no tuning or tweaking Search Reputation Uses reputation information obtained from search engines to augment reputation analysis
  • Websense Master Database URL Matching Websense analyzes the full URL entered by the user, including the protocol, domain and path to a specific page within the site.
  • Websense Master Database Complete URL matching analysis prevents Websense from filtering sites incorrectly when a web server hosts pages that fall into multiple categories. Above is an example of two URLs that share the same domain but fall into different categories: http://www.cnn.com/WORLD (News and Media) http://www.cnn.com/SHOWBIZ (Entertainment) If Websense is set to block only sites in the News and Media category, it blocks the first URL but not the second, even though they share the same domain name.
  • Websense Master Database CGI Requests CGI (Common Gateway Interface) scripts are common in interactive web sites. Uses for CGI scripts include search engine request forms and image maps that contain links to other internet sites. When a user enters a search engine request or clicks on an image map, the CGI script automatically generates a new URL request. The following example shows a URL generated by a search engine when the term ‘Websense’ was entered as the search request. CGI request : http://search.yahoo.com/bin/search?p=Websense CGI-generated site requests contain a question mark in the URL indicating to the web server where the search parameters begin. Following the question mark is the search query making the results unique. This query, called the CGI string, typically includes the text of the user’s search request, the URL of a linked site, or a combination of templates, names and values. Because the result of each search engine request may be unique, Websense disregards the “?” and everything beyond it when comparing a CGI-requested site to the Websense Master Database. When filtering the previous example, Websense matches the requested URL to the Websense Master Database listing even though the requested site has a CGI string ("?p=Websense") appended to it.
  • Websense Master Database URL Pattern Matching Websense supports the use of regular expressions in matching URLs. When setting up custom URLs, yes lists or keywords, pattern strings can optionally be used in place of absolute character strings. This adds flexibility to site filtering, allowing specific general patterns for Websense to match, as opposed to specific URLs or strings.
  • Websense Master Database IP Address Matching An IP address is the unique numerical identifier for a particular machine. For example, the following IP address and URL request the same web site: 204.15.67.11 - http://www.websense.com When comparing sites to the Websense Master Database, Websense uses exclusive technology to recognize sites requested with text-based URLs or with the numerical IP addresses of the servers hosting the sites. This ensures accurate filtering regardless of how a site is requested. IP addresses assigned to domain names are subject to change -- this can occur if the host server for the site represented by the domain name is changed (as the new server will have a different IP address), or if the original server is reassigned a new IP address.
  • Topic 2: Installation and Deployment Part 1 Core Component: Websense Master Database
  • Topic 2: Installation and Deployment Part 1 Core Component: User Service
  • Topic 2: Installation and Deployment Part 1 Core Component: User Service User Service Overview The User Service communicates with an organization’s directory service to convey user-related information to the Filtering Service, used in applying filtering policies. This user information includes user-to-group and user-to-domain relationships. If Websense Web Security Suite DC Agent has been installed and activated transparent identification of users, the User Service obtains user logon information from the DC Agent and sends it to the Filtering Service. When directory objects are added via Websense Manager, the User Service provides the list of objects to Websense Manager, for use in configuring filtering policies.
  • Topic 2: Installation and Deployment Part 1 Core Component: User Service User Service Supported Directory Services
  • Topic 2: Installation and Deployment Part 1 Core Component: User Service User Service Deployment
  • 2- Topic 2: Installation and Deployment Part 1 Core Component: User Service User Service Interaction with Directory Services
  • Topic 2: Installation and Deployment Part 1 Core Component: Network Agent
  • Topic 2: Installation and Deployment Part 1 Core Component: Network Agent Network Agent Overview
  • Topic 2: Installation and Deployment Part 1 Core Component: Network Agent Network Agent Overview
  • Topic 2: Installation and Deployment Part 1 Core Component: Network Agent Network Agent and Bandwidth Optimizer
  • 2- Topic 2: Installation and Deployment Part 1 Core Component: Network Agent Network Agent Example Image above shows MSN Messenger attachments Allowed AOL Instant Messenger or ICQ attachments Blocked and Yahoo Messenger attachments Blocked by Bandwidth (this will be covered in a later module)
  • Topic 2: Installation and Deployment Part 1 Secondary Components
  • Topic 2: Installation and Deployment Part 1 Secondary Components In addition to the required components, Websense Software also has optional components you can choose to install for additional capability: Real-Time Analyzer (RTA) – an adjunct to established reporting capabilities, RTA adds near real-time reporting functions and trend reports. DC Agent/eDirectory Agent/RADIUS Agent– gather directory login information to support transparent ID in Microsoft Windows, eDirectory, or RADIUS-compliant directory systems The Usage Monitor is a behind-the-scenes service that enables alerting based on internet usage – it tracks URL category and protocol visits made by clients, and generates alert messages according to the alerting behavior you have configured Websense Reporting Components are covered later in this module Remote Filtering is an additional module option, for remote clients (client machines outside the firewall) and it filters HTTP traffic
  • Topic 2: Installation and Deployment Part 1 Secondary Components
  • Topic 2: Installation and Deployment Part 1 Secondary Component: Real-Time Analyzer (RTA)
  • Topic 2: Installation and Deployment Part 1 Secondary Component: Real-Time Analyzer (RTA)
  • Topic 2: Installation and Deployment Part 1 Secondary Component: Transparent ID (XID) Agents
  • Topic 2: Installation and Deployment Part 1 Secondary Component: Transparent ID (XID) Agents Transparent Identification Agents enable Websense software to filter based on policies assigned to users or groups housed in a directory service. In all cases, Websense software must be configured appropriately. These optional components can be used alone, or combined, with certain limitations. Limitations are noted later in this section. Websense software can be configured to prompt users to manually authenticate if it cannot obtain the user information it needs from a transparent identification agent. This can occur if more than one user is assigned to the same machine, or if a user is an anonymous user/guest, or for various other reasons. In this situation, Websense may be configured to prompt users for identification so that they can be filtered by their individual object policies. If a user cannot be identified transparently, and manual authentication is not enabled, Websense filters requests based on workstation or network policies, or the Global policy, depending on your configuration settings.
  • Topic 2: Installation and Deployment Part 1 Secondary Component: Transparent ID (XID) Agents DC Agent Can install multiple DC Agents on the same network, for scalability and redundancy DC Agent and RADIUS Agent can be on same machine or different machines in the same network
  • Topic 2: Installation and Deployment Part 1 Secondary Component: Transparent ID (XID) Agents DC Agent Tech Note
  • Topic 2: Installation and Deployment Part 1 Secondary Component: Transparent ID (XID) Agents Logon Agent
  • Topic 2: Installation and Deployment Part 1 Secondary Component: Transparent ID (XID) Agents eDirectory Agent Can install multiple eDirectory Agents on the same network, for scalability and redundancy eDirectory Agent and RADIUS Agent can be on same machine or different machines in the same network
  • Topic 2: Installation and Deployment Part 1 Secondary Component: Transparent ID (XID) Agents eDirectory Agent Tech Note
  • Topic 2: Installation and Deployment Part 1 Secondary Component: Transparent ID (XID) Agents RADIUS Agent Can install multiple RADIUS Agents on the same network, each configured to communicate with the Filtering Service RADIUS Agent can be used in conjunction with either Windows- or LDAP-based directory services RADIUS Agent and eDirectory Agent can be on same machine or different machines in the same network
  • Topic 2: Installation and Deployment Part 1 Secondary Component: Usage Monitor
  • Topic 2: Installation and Deployment Part 1 Secondary Component: Usage Monitor
  • Topic 2: Installation and Deployment Part 1 Additional Deployment Notes
  • Topic 2: Installation and Deployment Part 1 Additional Deployment Notes
  • 2- Topic 2: Installation and Deployment Part 1 Additional Deployment Notes While there are vast numbers of installation scenarios for Websense software and the installation choices break down essentially into two approaches: Segment Topology Central Security Topology In a segment topology, the bulk of Websense Software components are placed inside the organization’s network, possibly on the backbone or on a main network segment. Though Websense Software can be distributed across many machines, the simplest layout can involve one or two systems. The Filtering Service interacts with a firewall, proxy, network agent, or content appliance to control access to Internet and is administered through the Websense Manager which sends activity data to a Websense Log Server. The filtering server can communicate (via the User Service) with a Windows or LDAP directory service to track user activity based on login name. This allows different policies to be applied to policies to different users. Websense Filtering Service is the Websense Web Security Suite component that interacts with an integration product to provide internet filtering. When a user requests a site, the integration product sends the request to the Filtering Service. The exception is with the Websense Enterprise Stand-Alone Edition. For each request it receives, the Filtering Service determines which policy applies. Once the active policy is determined, Websense filters the site according to the policy’s restrictions. Attributes of the Filtering Service can be altered via the Websense Manager.
  • Topic 2: Installation and Deployment Part 1 Additional Deployment Notes
  • Topic 2: Installation and Deployment Part 1 Additional Deployment Notes
  • Topic 2: Installation and Deployment Part 1 iLab Websense Help and Documentation
  • Topic 2: Installation and Deployment Part 1 Installing Websense Reporting Tools
  • 2- Topic 2: Installation and Deployment Part 1 Installing Websense Reporting Tools Reporting Components In addition to the required components, Websense Software also has optional components you can choose to install for additional capability: Real-Time Analyzer (RTA) – an adjunct to established reporting capabilities, RTA adds near real-time reporting functions and trend reports. Reporting components – logs Internet request activity throughout the network and creates reports on that activity Log Server – logging component that gathers logs and stores them in the Log Database WebCatcher – detects new or uncategorized Web sites from user requests and forwards them to Websense Inc. for analysis Enterprise Explorer – An interface for HR managers, business managers and IT administrators to drill-down into historical Internet access data and analyze potential employee issues Database Administration Tool – Manage the Log Database by choosing rollover, database partition, maintenance options and more Reporter – Legacy application which uses Crystal Reports, and can schedule and email jobs and save in several different formats
  • Topic 2: Installation and Deployment Part 1 Installing Websense Reporting Tools Reporting Component Dependencies
  • Topic 2: Installation and Deployment Part 1 Installing Websense Reporting Tools Log Server The Websense Log Server, running as a Windows service, is the link between the Filtering Service and the database. While Websense software uses a proprietary protocol to communicate with the Filtering Service, the database connection employs the Bulk Copy Program (BCP) or a standard ODBC driver if BCP is not available
  • Topic 2: Installation and Deployment Part 1 Installing Websense Reporting Tools WebCatcher
  • 2- Topic 2: Installation and Deployment Part 1 Installing Websense Reporting Tools WebCatcher
  • Topic 2: Installation and Deployment Part 1 Installing Websense Reporting Tools Enterprise Explorer
  • Topic 2: Installation and Deployment Part 1 Installing Websense Reporting Tools Enterprise Explorer Websense Explorer allows forensic analysis of data through a simple Web-based interface. Using Websense Explorer, you can quickly browse all log data, from general usage trends to specific sites accessed by a specific user at a specific time. Websense Explorer can run with Microsoft IIS (recommended) or an included Apache server. Websense Explorer also uses a Windows service to gather information from the log database.
  • Topic 2: Installation and Deployment Part 1 Installing Websense Reporting Tools Database Administration
  • Topic 2: Installation and Deployment Part 1 Installing Websense Reporting Tools Websense Reporter Websense Reporter is a client-based application that generates and schedules reports using the Crystal Reports engine to generate current and historical reports that are exportable to numerous formats, including Microsoft Excel, Adobe PDF, and HTML. There are over 40 predefined reports, both graphical (such as “Top Users by Bandwidth”) and text-based choices (such as “Detail of User Activity by Destination”). Websense Reporter is also capable of automatically e-mailing reports based on an administrator-defined schedule.
  • Topic 2: Installation and Deployment Part 1 Installing Websense Reporting Tools Hands-On Lab Our Scenario: Single Machine, Custom Installation, Stand-Alone Edition Install Log Server (Send Internet Activity, categories, protocols and risk class names to the Log Database) Install Reporter (Client-based application that generates and schedules reports) Install Enterprise Explorer (View information and drill down to details in internet usage) Database Administration (Manage the Log Database by choosing rollover, database partition and maintenance options)
  • 2- Topic 2: Installation and Deployment Part 1
  • 2 Installation and Deployment Part 1.ppt

    1. 1. Installation and Deployment Part 1 Topic 2 Version 6.3.1 www.websense.com Copyright © 2006-2007 . All rights reserved.
    2. 2. Module 2 Topics – Pre-installation <ul><li>Installation Part 1 </li></ul><ul><ul><li>Preinstall Questions </li></ul></ul><ul><li>Hands-On Lab 2-1 </li></ul><ul><ul><li>Installing Websense Web Security Suite </li></ul></ul>Websense Web Security Suite - Installation
    3. 3. Module 2 Topics – Deployment Part 1 <ul><li>Websense Core Components </li></ul><ul><li>Websense Secondary Components </li></ul><ul><li>Additional Deployment Notes </li></ul><ul><li>Instructor-Led Lab (iLab) 2-2 </li></ul><ul><ul><li>Websense Help and Documentation </li></ul></ul>Websense Web Security Suite - Deployment
    4. 4. Module 2 Topics – Reporting Tools <ul><li>Installing Websense Reporting Tools and Components </li></ul><ul><ul><li>Log Server </li></ul></ul><ul><ul><li>Reporter </li></ul></ul><ul><ul><li>Enterprise Explorer </li></ul></ul><ul><ul><li>Database Administration </li></ul></ul><ul><li>Hands-On Lab 2-3 </li></ul><ul><ul><li>Installing Reporting Components </li></ul></ul>Websense Web Security Suite - Installation
    5. 5. Preinstall Questions Installing Websense Web Security Suite
    6. 6. Steps for a Successful Deployment <ul><li>Plan the Websense deployment </li></ul><ul><li>Install Websense filtering and reporting components </li></ul><ul><li>Perform initial setup tasks </li></ul><ul><li>Customize filtering policies, configure user and group based filtering, and learn to use more advanced Websense features </li></ul>Websense Web Security Suite - Standalone
    7. 7. Preinstall Questions <ul><li>Our Scenario </li></ul><ul><ul><li>Single Machine, Custom Installation, Stand-Alone Edition </li></ul></ul><ul><li>Preinstall Questions: </li></ul><ul><ul><li>Supported Operating System? </li></ul></ul><ul><ul><li>Meet Hardware Recommendations? </li></ul></ul><ul><ul><ul><li>Server? </li></ul></ul></ul><ul><ul><ul><li>Free Disk Space? </li></ul></ul></ul><ul><ul><ul><li>Installed RAM? </li></ul></ul></ul><ul><ul><li>Necessary Software Installed? </li></ul></ul><ul><ul><li>Installation Preparation and Answers </li></ul></ul>Verify Before Installing Websense Software
    8. 8. Preinstall Questions <ul><li>Our Scenario: Single Machine, Custom Installation, Stand-Alone Edition </li></ul><ul><li>Supported Operating Systems </li></ul><ul><ul><li>Windows 2000 Server SP3 or higher – or – </li></ul></ul><ul><ul><li>Windows Server 2003 </li></ul></ul><ul><ul><ul><li>Standard or Enterprise </li></ul></ul></ul><ul><ul><ul><ul><li>With or without SP1 – or – </li></ul></ul></ul></ul><ul><ul><li>Red Hat Enterprise Linux 3 or 4 </li></ul></ul><ul><ul><ul><li>AS, ES, or WS – or – </li></ul></ul></ul><ul><ul><li>Solaris 9 or 10 </li></ul></ul>Supported Operating System?
    9. 9. Preinstall Questions <ul><li>Our Scenario: Single Machine, Custom Installation, Stand-Alone Edition </li></ul><ul><li>Machine Recommendations </li></ul><ul><ul><li>Pentium 4, 3 GHz processor or greater </li></ul></ul><ul><ul><li>UltraSPARC IIIi or greater </li></ul></ul><ul><li>Free Disk Space </li></ul><ul><ul><li>10 GB of free disk space </li></ul></ul><ul><li>Installed RAM </li></ul><ul><ul><li>2 GB RAM </li></ul></ul>Meet Hardware Recommendations?
    10. 10. Preinstall Questions <ul><li>Our Scenario: Single Machine, Custom Installation, Stand-Alone Edition </li></ul><ul><li>Web Server Installed? </li></ul><ul><ul><li>Microsoft Internet Information Server (IIS) – or – </li></ul></ul><ul><ul><li>Apache Web Server </li></ul></ul><ul><li>And, if Installing Reporting Components </li></ul><ul><ul><li>Database Engine Installed? (Must be installed before you install reporting components) </li></ul></ul><ul><ul><ul><li>MSDE: Microsoft SQL Server Desktop Engine 2000 –or- </li></ul></ul></ul><ul><ul><ul><li>SQL Server: Microsoft SQL Server 2000/2005 </li></ul></ul></ul><ul><ul><ul><ul><li>Not SQL Server Express – SQL Server Express does not have SQL Server Agent jobs </li></ul></ul></ul></ul>Necessary Software Installed?
    11. 11. Preinstall Questions <ul><li>Our Scenario: Single Machine, Custom Installation, Stand-Alone Edition </li></ul><ul><li>Make sure you have Administrator privileges before installation </li></ul><ul><li>If you plan to have multiple NICs, install them before installing the Network Agent </li></ul><ul><li>Make sure you are not using DHCP to assign IP addresses </li></ul>Installation Preparation
    12. 12. Preinstall Questions <ul><li>Our Scenario: Single Machine, Custom Installation, Stand-Alone Edition </li></ul><ul><li>Typical or Custom Install? </li></ul><ul><ul><li>We will install as Custom </li></ul></ul>Installation Answers
    13. 13. Preinstall Questions <ul><li>Our Scenario: Single Machine, Custom Installation, Stand-Alone Edition </li></ul><ul><li>Install as Stand-Alone or Integrated? </li></ul><ul><ul><li>We will install as Stand-Alone </li></ul></ul>Installation Answers
    14. 14. Preinstall Questions <ul><li>Our Scenario: Single Machine, Custom Installation, Stand-Alone Edition </li></ul><ul><li>Will Users be filtered immediately after installation? </li></ul><ul><ul><li>We will install as ‘Monitor Internet traffic only (configure filtering later)’ </li></ul></ul>Installation Answers
    15. 15. Preinstall Questions <ul><li>Our Scenario: Single Machine, Custom Installation, Stand-Alone Edition </li></ul><ul><li>Install Transparent User Identification Agents? </li></ul><ul><ul><li>We will install DC Agent and Logon Agent </li></ul></ul>Installation Answers
    16. 16. Preinstall Questions <ul><li>Our Scenario: Single Machine, Custom Installation, Stand-Alone Edition </li></ul><ul><li>Download Websense Master Database Now or Later? </li></ul><ul><ul><li>We will Download Later </li></ul></ul>Installation Answers
    17. 17. Hands-On Lab 2-1 <ul><li>Hands-on Lab 2-1 </li></ul><ul><ul><li>Installing Websense Web Security Suite </li></ul></ul><ul><ul><ul><li>Single Machine, Custom Installation, Stand-Alone Edition </li></ul></ul></ul>
    18. 18. Core Components Websense Enterprise / Websense Web Security Suite
    19. 19. Websense Software Core Components <ul><li>Filtering Service * </li></ul><ul><li>Policy Server * </li></ul><ul><li>Websense Manager * </li></ul><ul><li>Websense Master Database * </li></ul><ul><li>User Service </li></ul><ul><li>Network Agent </li></ul>* Required Components
    20. 20. Core Component: Filtering Service <ul><li>The Filtering Service is the core of the Websense software and is responsible for most aspects of URL filtering </li></ul><ul><li>Filtering Service communications are necessary for the core filtering and policy execution functionality of other Websense Components </li></ul>
    21. 21. Core Component: Filtering Service <ul><li>The Filtering Service performs or initiates four major functions: </li></ul><ul><ul><li>URL filtering based on defined policies </li></ul></ul><ul><ul><li>Identifying requestors </li></ul></ul><ul><ul><li>Block page display </li></ul></ul><ul><ul><li>Websense Master Database Download </li></ul></ul><ul><li>The Filtering Service also interacts heavily with other Websense services and communicates with firewall/router/proxy/caching device (integration) </li></ul>
    22. 22. Core Component: Filtering Service <ul><li>Enforces policy defined with Websense Manager </li></ul><ul><li>Provides the following filtering services: </li></ul><ul><ul><li>Receives configurations executed through Websense Manager </li></ul></ul><ul><ul><li>Communicates with integration partner to allow or block URL access </li></ul></ul><ul><ul><li>Sends activity data to a Log Server </li></ul></ul><ul><ul><li>Sends activity data to Websense Real Time Analyzer </li></ul></ul><ul><ul><li>Sends Policy data to and receives protocol information and disposition status from Network Agent </li></ul></ul>Filtering Service Functions
    23. 23. Core Component: Filtering Service <ul><li>Typically installed on same machine as the Policy Server </li></ul><ul><ul><li>May be installed on the same machine as Websense Manager </li></ul></ul><ul><ul><li>Recommended maximum of 10 Filtering Services for each Policy Server (if they employ quality network connections) </li></ul></ul>Filtering Service Deployment
    24. 24. Filtering Service Architecture
    25. 25. Core Component: Filtering Service <ul><li>The Filtering Service can receive Web traffic from a variety of integrations including: </li></ul><ul><ul><li>Microsoft ISA Server </li></ul></ul><ul><ul><li>Cisco PIX Firewall and Content Engine </li></ul></ul><ul><ul><li>Check Point FireWall-1 </li></ul></ul><ul><ul><li>Network Appliance NetCache </li></ul></ul><ul><ul><li>Stand-Alone installation, using the Network Agent component </li></ul></ul>Filtering Service and Web Traffic
    26. 26. Core Component: Filtering Service TechNote on Filtering Service and Web Traffic Websense Filtering Service receives traffic, by default, on TCP 15868 and listens on this port for requests coming from the integration partner. If the port is blocked, you will not be able to filter user traffic. Websense Filtering Service will use this port for communications with Network Agent, if Network Agent is installed. This can be modified at any time after installation if required. Tech Note
    27. 27. Core Component: Filtering Service Filtering Service TechNote <ul><li>The Filtering Service runs as </li></ul><ul><ul><li>A service on Windows or as </li></ul></ul><ul><ul><li>A daemon on Solaris or Linux </li></ul></ul>Tech Note
    28. 28. Core Component Policy Server
    29. 29. Core Component: Policy Server <ul><li>Stores all Websense configuration information </li></ul><ul><li>Configured from Websense Manager </li></ul><ul><li>Communicates configuration data to Filtering Service </li></ul><ul><ul><li>All other components must communicate with Policy Server </li></ul></ul><ul><ul><li>Automatically identifies all other Websense components </li></ul></ul><ul><ul><li>Continually tracks location/status of all Websense services </li></ul></ul><ul><ul><li>Definitive source of configuration information </li></ul></ul>Policy Server Overview
    30. 30. Core Component: Policy Server <ul><li>One Policy Server can communicate settings to a large number of Websense services, including multiple filtering services when necessary </li></ul><ul><ul><li>In most environments, only a single Policy Server is necessary </li></ul></ul><ul><ul><li>In large environments (10,000+ nodes), multiple Policy Servers may be necessary </li></ul></ul><ul><ul><ul><li>When using multiple Policy Servers, it is possible to configure a single source of policy distribution </li></ul></ul></ul>Policy Server Overview
    31. 31. Core Component: Policy Server <ul><li>Typically installed on the same machine as the Filtering Service </li></ul><ul><ul><li>May be installed on a separate machine </li></ul></ul><ul><ul><ul><li>Depends on the configuration of your network </li></ul></ul></ul><ul><ul><li>Only one Policy Server installed for each logical installation </li></ul></ul><ul><ul><ul><li>An example would be a Policy Server that delivers the same policies and categories to each machine in a subnet </li></ul></ul></ul>Policy Server Deployment
    32. 32. Core Component: Policy Server Policy Server Architecture User Service
    33. 33. Core Component Websense Manager
    34. 34. Core Component: Websense Manager <ul><li>The Websense Manager is a Java-based Graphical User Interface (GUI) interface </li></ul><ul><ul><li>It serves as the administrative interface and is used to </li></ul></ul><ul><ul><ul><li>Define and customize internet access policies </li></ul></ul></ul><ul><ul><ul><li>Add or remove clients </li></ul></ul></ul><ul><ul><ul><li>Configure the Policy Server </li></ul></ul></ul><ul><ul><ul><li>Add and change other configuration settings </li></ul></ul></ul>Websense Manager Overview
    35. 35. Websense Manager Websense Manager – Before Logon
    36. 36. Websense Manager <ul><li>Websense Manager access requires a User Name and Password </li></ul><ul><ul><li>You set the Websense administrator password when running the Websense Manger for the first time </li></ul></ul>Websense Manger: Logon
    37. 37. Websense Manager – Overview Navigation Tree Menu Bar Content Pane
    38. 38. Core Component: Websense Manager <ul><li>The Websense Manager is also the configuration front-end for the gateway and network as well as Client Policy Manager (CPM) </li></ul><ul><ul><li>More information in the [Optional CPM Module] </li></ul></ul>Websense Manager Overview
    39. 39. Core Component: Websense Manager <ul><li>May be on any Windows XP / 2000 / 2003 machine as well as supported Linux and Solaris machines </li></ul><ul><li>Typically installed on the same machine as the Policy Server </li></ul><ul><ul><li>May be installed on one or more machines in your network </li></ul></ul><ul><ul><ul><li>Machine needs network access to the Policy Server machine on port 55806 </li></ul></ul></ul>Websense Manager Deployment
    40. 40. Core Component: Websense Manager Websense Manager TechNote A policy server can only have one concurrent session with a Websense Manager Tech Note
    41. 41. Core Component Websense Master Database
    42. 42. Core Component: Master Database <ul><li>The Websense Master Database provides the basis for filtering internet content </li></ul><ul><ul><li>Websense Master Database </li></ul></ul><ul><ul><ul><li>Continually Updated </li></ul></ul></ul><ul><ul><ul><li>Published in more than 50 Languages </li></ul></ul></ul><ul><li>Organized into general categories and subcategories </li></ul>Category and Protocol Definitions
    43. 43. Core Component: Master Database <ul><li>The Websense Master Database has the industry's most accurate and up-to-date classification of: </li></ul><ul><ul><li>URLs </li></ul></ul><ul><ul><ul><li>More Than 22 Million Websites in 90+ Categories </li></ul></ul></ul><ul><ul><li>Protocols </li></ul></ul><ul><ul><ul><li>~95 Protocols in 50 Categories </li></ul></ul></ul><ul><ul><li>Applications </li></ul></ul><ul><ul><ul><li>More Than 2.2 Million Applications and Executables in 50+ Categories </li></ul></ul></ul><ul><li>Websense uses a variety of proprietary classification software and human inspection techniques to maintain the Master Database </li></ul>Websense Master Database Overview
    44. 44. Core Component: Master Database <ul><li>For example, the Information Technology category includes the subcategories: </li></ul><ul><ul><ul><li>Computer Security </li></ul></ul></ul><ul><ul><ul><li>Hacking </li></ul></ul></ul><ul><ul><ul><li>Proxy Avoidance </li></ul></ul></ul><ul><ul><ul><li>Search Engines and Portals </li></ul></ul></ul><ul><ul><ul><li>URL Translation Sites </li></ul></ul></ul><ul><ul><ul><li>Web Hosting </li></ul></ul></ul><ul><li>NOTE: Without a valid subscription key, category names are not displayed in the Websense Manager </li></ul>Categories and Subcategories
    45. 45. Core Component: Master Database <ul><li>From Websense Security Labs </li></ul><ul><ul><li>The Websense ThreatSeeker technology leverages years of experience to provide content-aware web reputation intelligence allowing customers to easily extend their protection by managing suspicious websites </li></ul></ul>Reputation Filtering
    46. 46. Core Component: Master Database <ul><li>New Extended Protection </li></ul><ul><ul><li>Websense Web Security Suite v 6.3.1’s parent category contains three categories: </li></ul></ul><ul><ul><ul><li>Elevated Exposure </li></ul></ul></ul><ul><ul><ul><li>Emerging Exploits </li></ul></ul></ul><ul><ul><ul><li>Potentially Damaging Content </li></ul></ul></ul>Reputation Filtering
    47. 47. Core Component: Master Database <ul><li>New Database Categories </li></ul><ul><ul><li>Potentially Damaging Content </li></ul></ul><ul><ul><ul><li>Sites likely to contain little or no useful content, with potentially harmful elements </li></ul></ul></ul><ul><ul><li>Elevated Exposure </li></ul></ul><ul><ul><ul><li>Sites that camouflage their true nature or identity, or that include elements suggesting latent malign intent </li></ul></ul></ul><ul><ul><li>Emerging Exploits </li></ul></ul><ul><ul><ul><li>Sites found to be hosting known and potential exploit code </li></ul></ul></ul>Reputation Filtering
    48. 48. Core Component: Master Database <ul><li>New Category Defaults </li></ul><ul><ul><li>The default category dispositions will be as follows: </li></ul></ul><ul><ul><ul><li>Potentially Damaging Content: Allow </li></ul></ul></ul><ul><ul><ul><li>Elevated Exposure: Block </li></ul></ul></ul><ul><ul><ul><li>Emerging Exploits: Block </li></ul></ul></ul>Reputation Filtering
    49. 49. URL Matching <ul><li>Analyzes Full URL Entered by User </li></ul><ul><ul><li>Includes protocol, domain, and path to a specific page </li></ul></ul><ul><ul><li>Prevents filtering sites incorrectly if pages in multiple categories </li></ul></ul>
    50. 50. URL Matching <ul><li>Example </li></ul><ul><ul><li>Two URLs on the same domain but in different categories http://www.cnn.com/WORLD (News and Media category) http://www.cnn.com/SHOWBIZ (Entertainment category) </li></ul></ul><ul><li>Pages on the same site may be filtered differently </li></ul>
    51. 51. CGI Requests <ul><li>CGI (Common Gateway Interface) scripts common in interactive web sites </li></ul><ul><ul><li>Includes search engine request forms or image maps </li></ul></ul><ul><ul><li>CGI script automatically generates new URL request </li></ul></ul><ul><ul><li>Example: </li></ul></ul><ul><li>By default, disregards CGI-query in requested site </li></ul><ul><ul><li>Can be added as Custom Keyword search </li></ul></ul>http://search.yahoo.com/bin/search?p=CGI query string CGI String
    52. 52. URL Pattern Matching <ul><li>Supports regular expressions in matching URLs </li></ul><ul><ul><li>Custom URLs </li></ul></ul><ul><ul><li>Yes lists </li></ul></ul><ul><ul><li>Keywords </li></ul></ul><ul><li>Pattern strings replace absolute character strings </li></ul><ul><ul><li>Adds flexibility to site filtering </li></ul></ul><ul><ul><li>Allows specific general patterns for matching </li></ul></ul>
    53. 53. Websense Master Database TechNote: URL Pattern Matching <ul><ul><li>Using regular expressions as filtering criteria may result in increased CPU usage </li></ul></ul><ul><ul><li>Tests have shown that with 100 regular expressions, the average CPU usage on the machine running the Websense Filtering Server increased by 20% </li></ul></ul>Tech Note
    54. 54. IP Address Matching <ul><li>Exclusive technology recognizing sites with text-based URLs or with the numerical IP addresses of host servers </li></ul><ul><li>Analyzes numeric IP address </li></ul><ul><ul><li>204.15.67.11 = http://www.websense.com </li></ul></ul><ul><li>Ensures accurate filtering however a site is requested </li></ul>
    55. 55. Core Component: Master Database Click in Black Window to Start Movie <spacebar> to skip movie
    56. 56. Core Component User Service
    57. 57. Core Component: User Service <ul><li>The User Service supports user identification for user-based policy execution </li></ul><ul><ul><li>Installation of the User Service is required before any identification can take place </li></ul></ul><ul><li>The User Service is responsible for: </li></ul><ul><ul><li>Directory browsing </li></ul></ul><ul><ul><li>Group membership discovery </li></ul></ul><ul><ul><li>Manual authentication </li></ul></ul><ul><ul><li>User verification </li></ul></ul><ul><ul><li>Communication with transparent identification agents (DC Agent and Logon Agent) </li></ul></ul>User Service Overview
    58. 58. Core Component: User Service <ul><li>You can use any of the following directory services with Websense User Service: </li></ul><ul><ul><li>Windows NTLM-based directories </li></ul></ul><ul><ul><li>Windows Active Directory </li></ul></ul><ul><ul><li>Novell Directory Services / Novell eDirectory v8.51 and later </li></ul></ul><ul><ul><li>Sun Java System Directory Server v4.2 or v5.2 </li></ul></ul>Supported Directory Services
    59. 59. Core Component: User Service <ul><li>Installed in networks using a directory service for authentication </li></ul><ul><ul><li>User Service is necessary for filtering and logging internet requests even if only IP filtering is being used </li></ul></ul><ul><ul><li>Typically installed on the same machine as the Policy Server </li></ul></ul><ul><ul><li>Only one User Service per Policy Server </li></ul></ul>User Service Deployment
    60. 60. Core Component: User Service User Service Interaction with Directory Services
    61. 61. Core Component Network Agent
    62. 62. Core Component: Network Agent <ul><li>Network Agent uses protocol analyzing technology to monitor all of the internet traffic on the network machines assigned to it </li></ul><ul><ul><li>Can filter HTTP traffic </li></ul></ul><ul><ul><li>Filters ~90 other popular internet protocols </li></ul></ul><ul><ul><li>Captures data about bandwidth usage </li></ul></ul><ul><li>The Network Agent is typically used as a means for evaluating Websense software </li></ul><ul><li>Must have bi-directional visibility into the network in order to function properly </li></ul>Network Agent Overview
    63. 63. Core Component: Network Agent <ul><li>Network Agent integrates well with proxy servers, network caches, and firewalls </li></ul><ul><ul><li>The Network Agent is the component that is responsible for the filtering of non-HTTP protocols </li></ul></ul><ul><ul><li>Since most integrations (firewalls, proxies, etc.) can't send information about these protocols to the Filtering Service, Network Agent acts as a protocol analyzer in order to inform the Filtering Service of this traffic </li></ul></ul><ul><li>Network Agent detects malicious peer-to-peer applications and spyware, even when tunneled over well-known ports such as 80, 8080 etc. </li></ul>Network Agent Overview
    64. 64. Core Component: Network Agent <ul><li>The Network Agent is also responsible for monitoring bandwidth usage for use with Bandwidth Optimizer (BWO) component </li></ul><ul><li>It is also used for enhanced logging with integrations </li></ul><ul><ul><li>NOTE: Websense software can filter and log HTTP traffic without using Network Agent </li></ul></ul><ul><ul><ul><ul><li>Depending on the integration (such as Cisco PIX) bandwidth information may not be available without the Network Agent </li></ul></ul></ul></ul>Network Agent
    65. 65. Core Component: Network Agent
    66. 66. Secondary Components
    67. 67. Secondary Components <ul><li>Real Time Analyzer </li></ul><ul><li>Transparent ID Agents </li></ul><ul><ul><li>DC Agent / RADIUS Agent / eDirectory Agent / Logon Agent </li></ul></ul><ul><li>Usage Monitor </li></ul><ul><li>Websense Reporting Components </li></ul><ul><ul><li>Covered later in this module </li></ul></ul><ul><li>Remote Filtering </li></ul><ul><ul><li>Covered in a later module </li></ul></ul>
    68. 68. Websense Secondary Components
    69. 69. Secondary Component: Real-Time Analyzer (RTA) <ul><li>A web-based reporting tool for IT administrators which provides a real-time view of network activity </li></ul><ul><ul><li>RTA is usually installed on the same machine as the reporting components </li></ul></ul><ul><ul><li>RTA can be memory and CPU demanding, depending on system settings and network load conditions </li></ul></ul><ul><ul><ul><li>RTA should not be installed on real-time critical machines </li></ul></ul></ul>Real-Time Analyzer (RTA)
    70. 70. Secondary Component: Real-Time Analyzer (RTA) <ul><li>Supported only on Windows </li></ul><ul><li>Installation of the RTA requires a machine with web server software installed: </li></ul><ul><ul><ul><li>Apache Web Server </li></ul></ul></ul><ul><ul><ul><li>Microsoft IIS </li></ul></ul></ul><ul><ul><li>If no installed web server is detected, the Websense software installer will offer to install the included Apache Web Server </li></ul></ul><ul><li>NOTE: Only one installation of RTA per Policy Server </li></ul>Real-Time Analyzer (RTA)
    71. 71. Secondary Component Transparent ID (XID) Agents DC Agent Logon Agent eDirectory Agent RADIUS Agent
    72. 72. Secondary Component: (XID) Agents <ul><li>Enable Websense software to filter based on policies assigned to users or groups housed in a directory service </li></ul><ul><li>Optional components </li></ul><ul><ul><li>Can be used alone, or combined, with certain limitations, covered in the User Identification and Authentication module </li></ul></ul>
    73. 73. Secondary Component: DC Agent <ul><li>Installed in networks using a Windows directory service (NTLM-based or Active Directory) </li></ul><ul><li>Can be installed on the same machine as Websense Web Security Suite or installed on a separate machine </li></ul>DC Agent
    74. 74. Secondary Component: DC Agent TechNote <ul><ul><li>Installing DC Agent on the domain controller machine or firewall DMZ is not recommended </li></ul></ul><ul><ul><li>DC Agent can be installed on any network segment as long as NetBIOS is allowed between the DC Agent and the domain controllers </li></ul></ul>Tech Note
    75. 75. Secondary Component: Logon Agent <ul><li>Installed in networks using a Windows directory service (NTLM-based or Active Directory) </li></ul><ul><li>Can be installed on the same machine as Websense Web Security Suite or on a separate machine </li></ul><ul><ul><li>May be installed with DC Agent to improve accuracy of user authentication </li></ul></ul>Logon Agent
    76. 76. Secondary Component: eDirectory Agent <ul><li>Installed in networks using a Novell eDirectory directory structure </li></ul><ul><li>Can be installed on the same machine as Websense Web Security Suite or installed on a separate machine </li></ul>eDirectory Agent
    77. 77. Secondary Component: eDirectory Agent Tech Note <ul><ul><li>eDirectory Agent can be installed in the same network as DC Agent or Logon Agent, but cannot be active at the same time. </li></ul></ul><ul><ul><li>Websense does not support communication with Windows and Novell directory services simultaneously </li></ul></ul>Tech Note
    78. 78. Secondary Component: RADIUS Agent <ul><li>Installed in networks using a RADIUS authentication server </li></ul><ul><li>Can be installed on the same machine as Websense Web Security Suite or a separate machine </li></ul>RADIUS Agent
    79. 79. Secondary Component Usage Monitor
    80. 80. Secondary Component: Usage Monitor <ul><li>A “behind-the-scenes” service enabling alerting based on internet usage </li></ul><ul><ul><li>Tracks URL category and protocol visits made by clients </li></ul></ul><ul><ul><li>Generates alert messages according to behaviour configured </li></ul></ul><ul><ul><ul><li>Email / Onscreen / SNMP </li></ul></ul></ul><ul><ul><li>Typically installed on the same machine as the Policy Server </li></ul></ul><ul><ul><li>Only one installation of Usage Monitor per Policy Server </li></ul></ul>Usage Monitor
    81. 81. Additional Deployment Notes
    82. 82. Web Browser and Web Server <ul><li>Web Browser and Web Server </li></ul><ul><ul><li>Microsoft Internet Explorer v5.5 or higher </li></ul></ul><ul><ul><li>Microsoft IIS (Internet Information Services) v5.0 or v6.0, or Apache HTTP Server v2.0.50 </li></ul></ul>
    83. 83. Basic Deployment: <1,000 Users Internet
    84. 84. Deployment Dependencies <ul><li>One Log Server per Policy Server </li></ul><ul><li>One User Service per Policy Server </li></ul><ul><li>One Real-Time Analyzer (RTA) per Policy Server </li></ul><ul><li>One Usage Monitor per Policy Server </li></ul><ul><li>Recommended: Up to 10 (ten) Filtering Services per Policy Server </li></ul>
    85. 85. Additional Deployment Considerations <ul><li>Our Scenario: Single Machine, Custom Installation, Stand-Alone Edition </li></ul><ul><li>For additional stand-alone deployment considerations, refer to the documentation: </li></ul>Relevant Documentation
    86. 86. (iLab) Instructor-Led Lab 2-2 <ul><li>In this iLab, the instructor will take you on an electronic field trip to the Websense website to find KnowledgeBase Articles, Support Tutorials and Documentation! </li></ul><ul><ul><li>iLab 2-2: Websense Help and Documentation </li></ul></ul><ul><ul><ul><li>http://www.websense.com/global/en/SupportAndKB/ </li></ul></ul></ul><ul><ul><ul><li>http://www.websense.com/global/en/SupportAndKB/VideoTutorials/ </li></ul></ul></ul><ul><ul><ul><li>http://www.websense.com/global/en/SupportAndKB/ProductDocumentation/ </li></ul></ul></ul>
    87. 87. Installing Websense Reporting Components
    88. 88. Reporting Components <ul><li>Log Server </li></ul><ul><ul><li>WebCatcher </li></ul></ul><ul><li>Enterprise Explorer </li></ul><ul><li>Database Administration Tool </li></ul><ul><li>Reporter </li></ul>
    89. 89. Reporting Components Dependencies <ul><li>All Reporting Tools rely on the Websense Software </li></ul><ul><ul><li>Reporting Components are installed after Websense Enterprise or the Websense Web Security Suite </li></ul></ul><ul><ul><li>Websense Reporting Tools must be installed with the same version as Websense Web Security Suite </li></ul></ul><ul><li>Reporting Tools require an installed database engine </li></ul><ul><ul><li>Microsoft SQL Server 2000 / 2005 or MSDE 2000 </li></ul></ul><ul><ul><ul><li>Not SQL Server Express – SQL Server Express does not have SQL Server Agent jobs </li></ul></ul></ul><ul><ul><li>For Linux/Solaris, MySQL 5.0 is the supported database engine </li></ul></ul>
    90. 90. Websense Reporting Component <ul><li>Log Server </li></ul><ul><ul><li>Required for all Websense Reporting Tools </li></ul></ul><ul><ul><ul><li>The installation of the Log Server creates the Log Database </li></ul></ul></ul><ul><ul><li>The Log Server sends the following to the Log Database: </li></ul></ul><ul><ul><ul><li>Internet activity </li></ul></ul></ul><ul><ul><ul><li>Categories and protocols </li></ul></ul></ul><ul><ul><ul><li>Risk class names </li></ul></ul></ul>Log Server
    91. 91. Websense Reporting Component <ul><li>Websense obtains WebCatcher data from customers to analyze </li></ul><ul><ul><li>Unrecognized URLs </li></ul></ul><ul><ul><li>Security URLs </li></ul></ul><ul><li>for </li></ul><ul><ul><li>Categorization </li></ul></ul><ul><ul><li>Tracking potential for security and liability risks </li></ul></ul><ul><li>NOTE: Subsequent downloads of the Websense Master Database may include URL revisions from data sent to Websense </li></ul>WebCatcher
    92. 92. Websense Reporting Component <ul><li>It’s about quantity and relevance </li></ul><ul><li>WebCatcher </li></ul><ul><ul><li>Culls uncategorized web sites and network protocols from our customer sites </li></ul></ul><ul><li>Global Benefit </li></ul><ul><ul><li>Newly categorized web sites and network protocols are distributed to all Websense customers </li></ul></ul>“ Digital fingerprint” assists in categorizing a site found using WebCatcher WebCatcher
    93. 93. Websense Reporting Component <ul><li>A web-based tool which allows an administrator to report from the log database quickly and easily without waiting for canned report generation </li></ul><ul><ul><li>Simple </li></ul></ul><ul><ul><li>Intuitive </li></ul></ul><ul><ul><li>Ability to focus reports using drill down capabilities </li></ul></ul><ul><li>Produces reports… </li></ul><ul><ul><li>Generated automatically </li></ul></ul><ul><ul><li>Sent via email </li></ul></ul><ul><ul><li>Exported to PDF / XLS </li></ul></ul>Enterprise Explorer
    94. 94. Websense Reporting Component <ul><li>Runs via HTTP / HTTPS </li></ul><ul><li>The web server can be installed on any machine that can connect to the Log Database via ODBC </li></ul>Enterprise Explorer
    95. 95. Websense Reporting Component <ul><li>Manage the Log Database by choosing rollover, database partition and maintenance options </li></ul>Database Administration
    96. 96. Websense Reporting Component <ul><li>A Client-based application </li></ul><ul><ul><li>Can be installed on any machine that can connect to the Log Database via ODBC </li></ul></ul><ul><ul><li>Produces reports… </li></ul></ul><ul><ul><ul><li>Generated automatically </li></ul></ul></ul><ul><ul><ul><li>Sent via email </li></ul></ul></ul><ul><ul><ul><li>Printed </li></ul></ul></ul>Websense Reporter
    97. 97. Hands-On Lab 2-3 <ul><li>Re-start the Websense Web Security Suite Install Process to install the Websense Reporting Components </li></ul><ul><ul><li>Lab 2-3: Installing Reporting Components </li></ul></ul>
    98. 98. Any Questions

    ×