Google Web Security Instruction by Donie Tran

Google Web Security for Enterprise Administration Guide

Google, Inc. 1600 Amphitheatre Parkway Mountain View, CA 94043 www.google.com

Part number: WSCG_R6.29_20 June 21, 2010 © Copyright 2010 Google, Inc. All rights reserved. Google, the Google logo, Google Message Filtering, Google Message Security, Google Message Discovery, Postini, the Postini logo, Postini Perimeter Manager, Postini Threat Identification Network (PTIN), Postini Industry Heuristics, and PREEMPT are trademarks, registered trademarks, or service marks of Google, Inc. All other trademarks are the property of their respective owners. Use of any Google solution is governed by the license agreement included in your original contract. Any intellectual property rights relating to the Google services are and shall remain the exclusive property of Google, Inc. and/or its subsidiaries (“Google”). You may not attempt to decipher, decompile, or develop source code for any Google product or service offering, or knowingly allow others to do so. Google documentation may not be sold, resold, licensed or sublicensed and may not be transferred without the prior written consent of Google. Your right to copy this manual is limited by copyright law. Making copies, adaptations, or compilation works, without prior written authorization of Google. is prohibited by law and constitutes a punishable violation of the law. No part of this manual may be reproduced in whole or in part without the express written consent of Google. Copyright © by Google, Inc. Postini, Inc. provides this publication “as is” without warranty of any either express or implied, including but not limited to the implied warranties of merchantability or fitness for a particular purpose. Postini, Inc. may revise this publication from time to time without notice. Some jurisdictions do not allow disclaimer of express or implied warranties in certain transactions; therefore, this statement may not apply to you. GD Graphics Copyright Notice: Google uses GD graphics. Portions copyright 1994, 1995, 1996, 1997, 1998, 1999, 2000 by Cold Spring Harbor Laboratory. Funded under Grant P41RR02188 by the National Institutes of Health. Portions copyright 1996, 1997, 1998, 1999, 2000 by Boutell.Com, Inc. Portions relating to GD2 format copyright 19s99, 2000 Philip Warner. Portions relating to PNG copyright 1999, 2000 Greg Roelofs. Portions relating to libttf copyright 1999, 2000 John Ellson (ellson@lucent.com). Portions relating to JPEG copyright 2000, Doug Becker and copyright (C) 1994-1998, Thomas G. Lane. This software is based in part on the work of the Independent JPEG Group. Portions relating to WBMP copyright 2000 Maurice Szmurlo and Johan Van den Brande. Permission has been granted to copy, distribute and modify gd in any context without fee, including a commercial application, provided that this notice is present in user-accessible supporting documentation. This does not affect your ownership of the derived work itself, and the intent is to assure proper credit for the authors of gd, not to interfere with your productive use of gd. If you have questions, ask. “Derived works” includes all programs that utilize the library. Credit must be given in user-accessible documentation.

Google Web Security for Enterprise Administration Guide

This software is provided “AS IS.” The copyright holders disclaim all warranties, either express or implied, including but not limited to implied warranties of merchantability and fitness for a particular purpose, with respect to this code and accompanying documentation. Although their code does not appear in gd 1.8.4, the authors wish to thank David Koblas, David Rowley, and Hutchison Avenue Software Corporation for their prior contributions. Google Compliance Policies Notice: Google assumes no responsibility in connection with the Compliance Policies lexicon-filtering feature, including any failure to recognize credit card or social security numbers that do not follow an applicable pattern as established in Postini’s systems or any failure to encrypt a credit card or social security number. Portions of these materials are copyrighted by ScanSafe Limited: © 2010 ScanSafe. All Rights Reserved. These portions may not, in whole or in part, be copied, photocopied, reproduced, translated, or reduced to any electronic medium or machine-readable form without prior consent in writing from ScanSafe. Every effort has been made to ensure the accuracy of such portions of this manual. However, ScanSafe makes no warranties with respect to this documentation and disclaims any implied warranties of merchantability and fitness for a particular purpose. ScanSafe shall not be liable for any error or for incidental or consequential damages in connection with the furnishing, performance, or use of such portions of this manual or the examples herein. The information in this document is subject to change without notice.

Google Web Security for Enterprise Administration Guide

Contents

Chapter 1: Introduction 7 Welcome to Web Security for Enterprise Features 7 Service Components 8

Chapter 2: Activating Web Security 9 Overview 9 Preparing for Activation 9 Installing and Using the Connector 10 Activating and Deploying to Your Enterprise

Chapter 3: Administration Console 13 About the Administration Console 13 Login Page 13 Web Content Tab 14 Dashboard Page 15 Chapter 4: Web Virus 17 About the Web Virus Page 17 Web Virus Statistics Page 17 Web Virus Notifications 18 Chapter 5: Spyware 21 About the Spyware Page 21 Spyware Statistics Page 21 Spyware Management 22 Spyware Notifications 23 Chapter 6: Web Filtering 27 About the Web Filtering Page 27 Web Filtering Statistics Page 28 Web Filtering Management 29 Filtering Notifications 41 Chapter 7: Admin Page 45 About the Admin Page 45

Contents

Edit Your Account Details 45 Authentication Key Management Group Management 50 Installing the Connector 54 Chapter 8: Reports 55 About Web Security Reports 55 System Requirements for Reports Viewing Reports 56 Filtering Reports 61 Creating a Search 63 Creating Composite Reports 69 Report Scheduling 71

Appendix A: Website Attributes / Categories Introduction 75

Appendix B: Pre-defined Searches and Reports Introduction 81 Index

Google Web Security for Enterprise Administration Guide

Chapter 1

Introduction

Chapter 1

Welcome to Web Security for Enterprise The web security service is a managed service that provides protection from webbased security threats such as malware, spyware, adware, phishing, and browser-based viruses. Additionally, you can restrict access to “blacklisted” web sites or objectionable URLs, and set individual or group policies according to your corporate guidelines. Web security automatically scans all web traffic (HTTP, FTP-over-HTTP), and blocks viruses before they reach your network, including trojans, viruses, worms, diallers, and malware. The service provides real-time scanning with no delays to Internet access. Updates to the service are immediate.

Features The web security service includes the following features: •

Protection from web pages that deliver embedded viruses and worms.

•

Blocking of phishing, spyware, and adware attacks from web pages.

•

Ability to allow or disallow access to specific URLs. Prevents access to inappropriate web content.

•

Enforces web page access policies and provides usage reports to increase employee productivity. Includes a full set of reporting by user, department, or an entire organization.

•

Ease of configuration within the Administration Console allows you to create policies that suit your specific corporate and organizational needs. Enables you to set policies based on URL categories, content MIME-type, and file extensions, as well as time-of-day restrictions and bandwidth quotas.

•

Ability to send customized messages to users when access is denied.

Introduction

Service Components Web security includes two main components: Web Scanning and Web Filtering. You can choose from the following combinations of these components when purchasing the service: Web Scanning: Includes the Web Virus and Spyware features. The Web Virus feature blocks all web content that contains malicious programs and viruses before it enters the network. The Spyware feature blocks all web content for spyware, adware, and phishing attempts. Web Filtering: Includes the Filtering feature only. Filtering permits or blocks access to particular web sites based on URL categories, content, and file type. Complete: Includes the Web Scanning and Web Filtering components (in other words, the complete set of the Web Virus, Spyware, and Filtering features). Connector: An additional component that enables you to apply user- and groupbased filtering policies.

The web security service

Google Web Security for Enterprise Administration Guide

Chapter 2

Activating Web Security

Chapter 2

Overview When you first sign up for the web security service, an activation specialist will discuss planning your deployment and will walk you through the activation process. This process involves three phases: •

Preparing for activation: To set up your service, you must complete a few preliminary steps before you can begin. This includes some minor configuration changes to your internal setup to ensure that your external web traffic passes through the web security service. See “Preparing for Activation” on page 9.

•

Installing the Connector (optional): If you are using the Filtering feature, you may choose to install the Connector. See “Installing and Using the Connector” on page 10.

•

Activating and deploying to your enterprise: See “Activating and Deploying to Your Enterprise” on page 12.

Preparing for Activation Before activation begins, do the following: 1. Choose the web filtering scenario that best fits your company’s needs. Discuss the available options with your web security service account representative. See “Service Components” on page 8 for more information. 2. You must be a Email Security customer. If not, complete the activation and setup of your Email Security account (see the Email Security Service Activation Guide). 3. Be sure your account is enabled for web security. 4. Review this guide for an introduction to the service and to gain some familiarity with the user interface of the Web Content tab.

Activating Web Security

5. Discuss the following issues with your activation specialist: a. Verify that port 8080 is allowed through your corporate firewall. b. Be sure that port 80 is blocked or locked down on the firewall. This will ensure that all outgoing web traffic can only go through the web security service. c.

Identify your internal network subnets.

d. Gather your corporate NAT address or range and domain name. 6. After you are provisioned for web security by your web security service account representative, you will receive an activation email. This email includes a link to a web form with a list of pre-activation questions that you must answer before t he activation process begins. For example, use the form to provide the scanning IP ranges, your corporate NAT address or range and domain name, and other important details needed for the service (as mentioned above). The URL for the form will be in the email. Note: You must submit the web form before activation of your service can

begin. Activation will occur in five business days following the submission of the form. Consult your web security service activation specialist for more information about the web form. 7. Your activation specialist may assist you in activating web security for a pilot group of users in your company. This process allows you to gather data from a small set of users, so that you can then observe the results in the Web Content tab of the Administration Console.

Installing and Using the Connector You must install the Connector only if you are using the Web Filtering feature of the web security service. The Connector is used to gather user identification information that is normally only accessible internally to an organization (see “Installing the Connector” on page 54). This information includes: internal IP address, Windows Domain name, user name, and group name. These details are required so that web requests can be matched to individual users, enabling the web security service to apply user and group based access restrictions and to generate detailed reports and blocking alerts. Any information gathered by the Connector is encrypted before being sent over the Internet to the web security data center. The encrypted data is then stripped out of each request before it is then forwarded to the destination server. The Connector is available in multiple versions, each tailored to integrate with a specific infrastructure type. These include the Microsoft ISA 2000 Server, Microsoft ISA 2004 Server, Microsoft ISA 2006 Server, and a version for an ICAP capable gateway. Note that the Connector also supports ISA 2004 Enterprise, however you must ensure that the Connector installation is run on all array members. Additionally, you can choose the Virtual Connector during the installation process (see “Virtual Connector” on page 11).

Google Web Security for Enterprise Administration Guide

During installation, you can choose to install one of the following Connector types, depending on which type works best with your existing infrastructure: •

Enterprise Connector

•

Workgroup Connector

Enterprise Connector Select this option to integrate Connector with your enterprise's existing web traffic gateway server (for example; a Microsoft ISA Server or other ICAP capable gateway).

Workgroup Connector Select this option if your organization does not have an existing gateway. Connector will operate as your organization's web traffic gateway.

Virtual Connector The Virtual Connector provides customers with an easy way to protect remote workers by authenticating web traffic from outside the corporate environment. With Virtual Connector, remote clients can directly connect to the web security service, enabling web malware scanning and web filtering from remote locations. The Virtual Connector uses basic proxy authentication to access the scanning infrastructure. The username is the user’s email address and the password is a unique user authentication key which is generated at the web security service. Generating these keys can be done manually for individual users, and also in bulk by importing a CSV file. All transactions will then be logged under the username associated with this key. IMPORTANT: To ensure that your users can use the Virtual Connector, you must contact your account representative or activation specialist to learn which “tower” your users should connect to. When one of your users connects to the correct tower, that user will be prompted for a username and password. The username is the email address to which the Authentication Key notification was sent, and the password is the Authentication Key displayed within that notification (email).

Connector Documentation For detailed installation instructions and system requirements please consult with your account representative. See one of the following guides for information on the Connector: •

Web Security Connector Installation Guide (for the Enterprise Connector and Workgroup Connector only)

•

Web Security Virtual Connector User’s Guide (for the Virtual Connector only)

Activating Web Security

Activating and Deploying to Your Enterprise Your activation specialist will guide you through this process (see also â&#x20AC;&#x153;Preparing for Activationâ&#x20AC;? on page 9). Please contact your activation specialist for more information.

Google Web Security for Enterprise Administration Guide

Chapter 3

Administration Console

Chapter 3

About the Administration Console The Administration Console is a secure web-based interface for managing and configuring the email protection service. If your company is provisioned with web security, administrators can manage and configure this service by clicking the Web Content tab. For more information about using the Administration Console, see the Email Protection Service Administration Guide.

Login Page Use your Administration Console login and password to access the Web Content tab. To access the Web Content tab in the Administration Console:

1. Open a web browser and go to http://login.postini.com/exec/login

2. Enter your login address and password (although the title of the page refers to accessing the Message Center, you can also access the Administration Console). Note: If you incorrectly type your password, there is a five-second delay

before the Administration Console will accept another login attempt. 3. If you have administration privileges, the next page has links to the Administration Console and Message Center. Click the Administration Console link. You will see the Administration Console Home page. 4. To manage and configure your web security service, click the Web Content tab. This opens the Dashboard page for web content filtering.

Administration Console

5. Click Web Virus, Spyware, or Web Filtering. (For information about navigating within each of these pages, see “Web Virus” on page 17, “Spyware” on page 21, and “Web Filtering” on page 27).

Web Content Tab The Web Content tab in the Administration Console includes the following main pages: •

Web security dashboard

•

Web Virus

•

Spyware

•

Web Filtering

•

Web Admin page

•

Reports page

The Dashboard page is displayed when you click the Web Content tab. You can access the Web Virus, Spyware, and Web Filtering pages by clicking the links on the tab bar. Once you have selected one of these links, a statistics page appears that provides a real time “snapshot” of network activity relevant to the selected feature. In addition to these three pages, click the Web Admin link to manage groups, manage license keys, and download the Secure Connector.

Click the Web Content tab to open the web security dashboard.

Google Web Security for Enterprise Administration Guide

For each feature, a navigation menu will appear in the left-hand column. This menu includes links to the following pages: •

Reports: provides access to a number of custom management reports.

•

Management: enables the administrator to configure and deploy usage and security policies for each of the web security services (this link is not included with the Web Virus page).

•

Notifications: enables the administrator to set up user messages and email alerts.

Dashboard Page The Dashboard page appears when you click the Web Content tab in the Administration Console. In the “View summary for” drop-down lists near the top of the page, you can view graphs for different time periods and for different features, such as Web Virus, Spyware, or Web Filtering. The table below provides the graphs that are visible for each of options in the drop-down list: Drop-down list

Left-hand graph

Right-hand graph

All

All blocks: Bar graph that displays the number of blocks for all services (Web Virus, Spyware, and Web Filtering) for a given time period

HTTP hits: Line graph that displays the number of HTTP hits from your organization for a given time period

Web Virus

Web-Virus blocks: Line graph that displays the number of Web-Virus blocks for a given time period

Top 10 viruses by number of blocks: Bar graph that displays the number of blocks for each virus for a given time period (the virus name appears during scroll-over)

Spyware

Spyware blocks: Line graph that displays the number of Spyware blocks for a given time period

Top 10 spyware by number of blocks: Bar graph that displays the number of blocks for each spyware for a given time period (the spyware name appears during scroll-over)

Web Filtering

Web Filtering blocks: Line graph that displays the number of Web Filtering blocks for a given time period.

Top 10 categories by number of connections: Bar graph that displays the number of connections for each web-page category for a given time period (the category name appears during scroll-over)

Administration Console

Google Web Security for Enterprise Administration Guide

Chapter 4

Web Virus

Chapter 4

About the Web Virus Page The Web Virus page enables you to monitor and manage the web security Web Virus feature. If a web page or attachment is found to contain a virus, then access to that web page or attachment is denied, and an automatic virus alert web page is displayed to the user. A notification may also be sent by email to an administrator at your company. Web Virus scanning will scan the first 100Mb of each file transfer. The Web Virus feature includes the following: •

Statistics page

•

Notifications

Note: The Web Virus page is included with the Web Scanning component of the web security service. Web Scanning also includes the Spyware page.

See also “Reports” on page 55.

Web Virus Statistics Page The Web Virus statistics page enables administrators to view related real-time network activity at-a-glance. The administrator selects the required time scale from the top of the window: daily, weekly, monthly, or yearly. Web Viruses Blocked: Plots the number of web virus malware instances blocked during scanning operations. Top 10 Viruses: Plots the top viruses that have been downloaded in a given time period.

Web Virus

Viruses Blocked (table): This table displays all the malware (viruses, worms, Trojans, backdoors, etc.) caught by the web security service for the given time period. The table only shows 100 entries at a time and orders them by most recent. There are links at the bottom of the table to step back in lots of 100, until you reach the very first virus caught by the web security service for the given time period. For each malware caught, the table will display: •

Date and time the malware was blocked

•

Reason it was blocked

•

Internal IP address from within your organization that the request originated

•

External IP address from which the request left your organization

•

URL of the requested file

To view the Web Virus statistics page:

1. Click the Web Virus link. 2. The default time period for the statistics displayed is for the last 24 hours (Daily). You can switch this to display weekly, monthly, or yearly statistics by clicking the Weekly, Monthly and Yearly links located just below the main navigation bar at the top of the page. 3. Sort the Viruses Blocked table by clicking the column titles: Date, Reason Blocked, Internal IP, External IP, and URL.

Web Virus Notifications In the Notifications panel, there are two settings that require configuration: User Messages – specifies the message an end user will see when a request is blocked. Email Alerts – enables an administrator to receive an email alert when malware is blocked. Further information is given on these settings below.

User Messages The User Message is the page that your users will see in their web browser if a URL they request is blocked. To customize this page for your organization, you can append your own information to the Default Alert Page. For example, you may wish to add the Systems Administrator's contact details, or links to your organization's security policy. Note that the custom information must be submitted in HTML.s

Google Web Security for Enterprise Administration Guide

The web security service allows for fully customizable block pages, which means that you can define the entire HTML output of the block page up to and including the opening and closing <html> tags. This allows you to customize block pages with your own logo and text on the block page. To set User Messages:

1. Click the “Anti Virus” link. 2. Click the “User Messages” button in the Notifications sub-menu in the left hand column. This will bring up the “User Messages” screen. 3. Clear the "Include standard header template" box to remove the existing logo from the block page. 4. Enter the desired HTML into the "User Messages" field. Any images/css referenced needs to be a resolvable location. Typically you will be required to host your own images/css for this page. 5. You may insert #reason, #url, #category, or #username into the HTML and it will be parsed as the reason for the block event. For more information, see “Using Variables to Customize Block Page Text” on page 19. 6. Once you are happy with the Alert Page modifications you have made, click the “Save” button located at the bottom of the screen. 7. Click the preview button just beneath the text area to see how the additional information is rendered. You must save your changes before preview displays your new settings.

Using Variables to Customize Block Page Text You may insert #reason, #url, #category, or #username into the HTML in your custom block page and the block page will show the reason for the block event. An example below shows this more clearly: Default block message:

Custom HTML message written by user:

Web Virus

Custom message text will appear in end-user block page:

Email Alerts The Web Virus Email Alerts are emails that notify the administrator of incidents when a virus has been blocked by the web security service. The email will contain the following information: •

The IP address of the request that left your organization.

•

The reason the requested file was blocked (malware name).

•

The full URL of the web request

You can specify a maximum of 5 different email addresses where you wish to have alerts sent. If you require the alerts to be sent to any more addresses than this, we recommend that you set up a group mailing address and then enter it into the Administration Console. To set Email Alerts:

1. Click the Web Virus link on the Web Content tab. 2. Click the “Email Alerts” link in the Notifications panel in the left hand navigation. This will bring up the “E-mail Alerts” page. 3. Select whether or not you want to be notified when a virus is blocked by selecting “Yes” or “No” from the drop down box. 4. Enter the email address (or addresses) you want notifications to be sent to in the empty text fields provided. 5. If you wish to throttle the number of email alerts you receive, click the box next to the statement “Limit these alerts to”. Throttling will now be activated and you must then select the number of alerts you wish to receive for the given number of hours you specify. For example, you might decide that you only want to receive a maximum of 3 email alerts in a 2-hour period. 6. To save the settings and email addresses, click the “Save” button located at the bottom of the screen.

Google Web Security for Enterprise Administration Guide

Chapter 5

Spyware

Chapter 5

About the Spyware Page The Spyware page enables you to monitor and manage the spyware protection provided by the web security service. If a web page or attachment is found to contain spyware, then access to that web page or attachment is denied, and an automatic spyware alert web page is displayed to the user. A notification may also be sent by email to an administrator at your company. Spyware scanning scans the first 100Mb of each file transfer. The Spyware feature includes the following: •

Statistics page

•

Management

•

Notifications

Note: The Spyware page is included with the Web Scanning component of the web security service. Web Scanning also includes the Web Virus page.

See “Reports” on page 55.

Spyware Statistics Page The Spyware Statistics page enables an administrator to view related real time network activity, simply, and at-a-glance. The administrator selects the required time scale from the top of the window: daily, weekly, monthly, or yearly. Number of Spyware/Phishing/Adware Blocks: Plots the number of spyware, phishing and adware instances blocked during scanning operations. Top 10 Spyware blocks: Plots the top 10 spyware that has been blocked over a given period of time.

Spyware

Spyware/Adware/Phishing Blocked (table): This table displays all the spyware, adware and phishing incidents caught by the web security service for the given time period. The table shows 100 entries at a time and orders them by most recent. There are links at the bottom of the table to step back in lots of 100, until you reach the very first virus caught by the web security service for the given time period. For each spyware instance caught, the table will display: •

The date and time the spyware was blocked.

•

The reason it was blocked.

•

The internal IP address from within your organization that the request originated.

•

The external IP address from which the request left your organization.

•

The URL of the requested file.

To set the monitoring period:

1. Click the “Spyware” link. 2. By default, the time period for the statistics displayed on the page is for the last 24 hours. You can switch this to display weekly, monthly or yearly statistics by clicking the corresponding buttons located just below the main navigation bar at the top of the page. 3. You can also sort the Spyware/Adware/Phishing Blocked table by clicking the corresponding column title: Date, Reason Blocked, Internal IP, External IP and URL.

Spyware Management Spyware Management includes the Manage Approved List page.

Approved List By default, all incoming Spyware is automatically blocked by the web security service. If, for some reason, an administrator requires a specific spyware application to be permitted, the administrator can “check” the program within the list on the right side of the page. All adware is registered in this “Green List“ once the web security service receives a request for its download. Therefore, it should be noted that the Green List will expand with the scope of the organization’s web traffic.

Google Web Security for Enterprise Administration Guide

Note: All Spyware (truly malicious code, such as: viruses, worms, Trojans, back-

doors, key loggers, etc.) are automatically blocked by the web security Web Virus component. (Similarly, all known Phishing exploits are automatically blocked the Spyware component.) The Adware Green List applies for “greyware” which typically includes applications that do the following: hijack web surfing activities, redirect users to sponsored sites, monitor non-confidential surfing habits, or create un-requested pop-up ads, etc.

Spyware Notifications Under the Spyware Notifications panel, the following settings require configuration: •

User Messages – specifies the message which an end-user will see when a request is blocked.

•

Email Alerts – enables an administrator to receive an email alert when spyware is blocked.

Further information is given on these settings below.

Spyware User Messages The User Message is the page that your users will see in their web browser if a spyware infected URL they request is blocked. In order to customize it for your organization, you can append your own information to the Default Alert Page. For example, you may wish to add the Systems Administrator's contact details, or links to your organization's security policy. Note that the custom information must be submitted in HTML. The web security service allows for fully customizable block pages, which means that you can define the entire HTML output of the block page up to and including the opening and closing <html> tags. This allows you to customize block pages with your own logo and text on the block page. To set up User Messages:

1. Click the “Spyware” link at the top of the screen. 2. Click the “User Messages” button in the Notifications sub-menu in the left hand column. This will bring up the “User Messages” screen. 3. Clear the "Include standard header template" check box to remove the existing logo from the block page. 4. Enter the desired HTML into the "User Messages" field. Any images/css referenced needs to be a resolvable location. Typically you will be required to host your own images/css for this page. 5. You may insert "#r" into the HTML and it will be parsed as the reason for the block event. More detail available on this in the next section.

Spyware

6. Once you are happy with the Alert Page modifications you have made, click the “Save” button located at the bottom of the screen. 7. Click the preview button just beneath the text area to see how the additional information is rendered. You must save your changes before preview displays your new settings.

Using Variables to Customize Block Page Text You may insert #r into the HTML in your custom block page and the block page will show the reason for the block event. An example below shows this more clearly: Default block message:

Custom HTML message written by user:

Custom message text will appear in end-user block page:

Customizing Your Spyware Email Alerts The Spyware Email Alerts are emails that notify the administrator of incidents when a spyware application has been blocked by the web security service. The email will contain the following information: •

The IP address of the request that left your organization.

•

The reason the requested file was blocked (malware name).

•

The full URL of the web request

Google Web Security for Enterprise Administration Guide

To set up Spyware Email Alerts:

1. Click the “Spyware” link. 2. Click the “Email Alerts” link in the Spyware Notifications box in the left hand column. This will bring up the “Email Alerts” page. 3. Select whether or not you want to be notified when a spyware application is blocked by selecting “Yes” or “No” from the drop down box. 4. Enter the email address (or addresses) you want notifications to be sent to in the empty text fields provided. 5. If you wish to throttle the number of email alerts you receive, click in the box next to the statement “Limit these alerts to”. Throttling will now be activated and you must then select the number of alerts you wish to receive for the given number of hours you specify. For example: you might decide that you only want to receive a maximum of 3 email alerts in a 2-hour period. 6. To save the settings and email addresses, click the “Save” button located at the bottom of the screen.

Spyware

Google Web Security for Enterprise Administration Guide

Chapter 6

Web Filtering

Chapter 6

About the Web Filtering Page The Web Filtering page enables you to: •

Configure, enforce, and monitor web content filtering for your organization.

•

View comprehensive, filtering related information in the form of statistical reports, graphs, tables and exportable data files, based on your web traffic and the filtering blocks the web security service has made for your organization.

•

Customize the HTML block alert page.

•

Set up and manage email alerts for monitoring.

Note: The Web Filtering page is part of the Web Filtering component of the web

security service. The Web Scanning component includes the Web Virus and Spyware pages. Changes made to Web Filtering settings will be applied to your web security service within 60 seconds of submission within the Administration Console. If a user tries to access a web page or attachment where a filter applies, then access to that web page or attachment is denied, and an automatic alert web page is displayed to the user. A notification may also be sent by email to an administrator at your company. Spyware scanning will scan the first 100Mb of each file transfer. The Web Filtering page includes the following: •

Statistics page

•

Management

•

Schedules

•

Policies

•

Quotas

•

Notifications

Web Filtering

Each is described in the following sections. Note: To enable web filtering per user or group within your company, you will need to download the relevant Connector. For more information, contact your web security service account representative. See also “Installing and Using the Connector” on page 10.

Click the Web Filtering link to open the Web Filtering Statistics page.

Web Filtering Statistics Page This view gives you a live, ‘at-a-glance’ view of the filtering status. To access click ‘Web Filtering’ link at the top of the screen. The time scales for the data to be generated for viewing as a summary are the last day, 7 days, month or year, and this can be selected by choosing the corresponding option from the drop down at the top of the page. The graphs presented are as follows:

•

Filtering Blocked - plots the number of web requested blocked due to filtering rules for the given time period.

•

HTTP Hits - plots the number of HTTP hits for a given time period.

•

Top 10 Categories by Connection – bar chart lists the top requested filtering categories by number of connections.

•

Top 10 Users by Connection – bar chart lists the most active users (by directory username or IP address) by number of connections.

•

Pages Blocked (table): This table displays all the filtering events caught by the web security service for the given time period. The table shows 100 entries at a time and orders them by most recent. There are links at the bottom of the table to step back in lots of 100, until you reach the very first page filtered by the web security service for the given time period. For each page blocked instance caught, the table will display: •

The date and time the page was blocked.

•

The reason it was blocked.

•

The internal IP address from within your organization that the request originated.

•

The user group that the originator of request belongs to.

•

The URL of the requested page that triggered the block.

Google Web Security for Enterprise Administration Guide

Web Filtering Management The process of configuring Web Filtering policies requires the use of several “filtering objects.” Each of these objects is listed in the left hand column under the Management box. These objects are: •

Schedules

•

Policies

•

Quotas

•

Global Settings

Filters – Each filter consists of the following objects: •

Filtering Category

•

Domains/URL

•

Content Types

•

File Types

•

Exceptions

Schedules – This is a pre-defined period of time and days, based on a 7-day week and a 24-hour clock. Schedules are defined globally, but can be assigned and “re-used” within any Policy. Policies – A policy is a series of rules consisting of a ‘WHO’ filter, a ‘WHAT’ filter and a ‘WHEN’ filter, as well as the action to take if this rule is matched. Rules can be active or inactive and can be reordered within the policy. Groups – A group is a collection of users who share similar web access privileges. A group can be defined using directory information, such as directory group or username, or by network parameters such as IP address or subnet. Quotas – A quota is an administrator defined parameter that limits user web usage, typically by time spent “surfing” or by bytes downloaded. Quotas are defined “globally”, but are enforced by assigning them to specific Policies. Note that this functionality requires the Connector to be installed. Each of these objects is defined specifically for each filter; however, you can copy from the default filter into other filters if you so choose. Each of these objects will be discussed in further detail below.

Filters A ‘Filter’ is a set of user-defined web filtering components. These components will have an action associated with them in the Policy rule (e.g. either Allow or Block). These filters are broken down into five different components:

Web Filtering

Categories: These are presented as a selectable list of all the different categories that a website might fall under, for example Sports, Music, Pornography, Online Shopping etc. Through the use of categories you can quickly select a wide range of websites simply by clicking on a check box next to each category you wish to include in your rule. Domains/URL: this is a list of websites in relation to the particular policy rule which contains them. A common use for this is to create a global allowed list and a global blocked list. Content Types: These relate to the content that is specified in the header of the HTTP request. A normal Web page will usually have a content type of ‘text/html’; this is also known as a MIME type (Multipurpose Internet Mail Extension). Another example of the many different MIME types is ‘application/PDF’; when a Web browser sees this, it will try to start up a suitable application in order to display a PDF file. Common MIME types are listed in this section, and you can also add your own custom types. File Types: These relate to all the various types of files which a user might try to download via links in a Web page, each one distinguished by its file extension. For example, a file with the ‘.exe’ extension is a Microsoft Windows executable file, or a file with a ‘.mp3’ extension is an encoded sound file. So if you chose to block all files with an ‘.exe’ extension, then if a user tried to go to the following URL: http://www.games.com/arcade/invaders.exe they would receive a message saying that the requested file has been blocked. A further check is also made on the ‘Content Disposition’ header if this is present in the response. Common file extensions are listed in this section, and you can also add your own custom extensions. Exceptions: Any website on this list will cause the rule to fall through to the next rule on the list. To create a new Filter:

1. Click the ‘Web Filtering’ service tab on the main navigation bar at the top of the screen. 2. Under the Management sub-service dropdown, click the ‘Filter’. This will bring up the ‘Manage Filter’ screen. 3. The main ‘Manage Filters’ page presents you with a listing of all your current filters. To create a new filter, click the ‘Create a Filter’ tab. 4. Enter the name of the new filter in the box ‘Filter Name’ text field. 5. Edit each one of the Web filtering components, then click the ‘Save’ button at the lower right-hand corner. You will then see your new filter added to the ‘List of filters’. 6. The name of the new Filter will now appear in the Filters page. To edit or view a Filter:

1. Click the ‘Web Filtering’ service tab on the main navigation bar at the top of the screen.

Google Web Security for Enterprise Administration Guide

2. Under the Management sub-service dropdown, click the ‘Filter’. This will bring up the ‘Manage Filter’ screen. 3. The main ‘Manage Filters’ page presents you with a list of all your current filters. To review the settings for a particular filter, click the restriction name in question or click the ‘Edit’ button. The components of the requested Restriction will then appear. You can also click the ‘Edit a Filter’ tab and select the filter you wish to edit from the Name dropdown list. 4. You can now click the tabs for each of the components (Categories, Domains/ URL, Content Types, File Types, and Exceptions). It is recommended that you configure each component in series, starting at the top of the menu. If separate HTTP/HTTPS Filtering is enabled (see Global Settings in section 5.1), two tabs will appear here instead of ‘Categories’. Clicking on the HTTP tab will take you to the HTTP filters page; clicking on the HTTPS tab will take you to the HTTPS filters page. To configure the Web Categories you would like selected:

1. Make sure you have selected the required filter you wish to edit. You can verify the filter you are editing because its name is listed at the top of the page in the ‘Filter name’ box. 2. Click the Categories tab. This will bring up the ‘Select Categories’ page. 3. Click the boxes next to the corresponding categories which you want to select. 4. If you want to select all the available categories, you can click the ‘Select All’ button located at the bottom of the page. Conversely, you can click the ‘Deselect All’ box to remove all category selections. 5. Click the ‘Save’ button at the bottom of the screen to save your changes. 6. It is possible to have separate category selections for both HTTP (unencrypted) and HTTPS (encrypted) Web traffic. This would allow you, for instance, to allow access to unencrypted gambling sites, but block all encrypted gambling sites. To configure the Domain/URLs list:

1. Make sure you have selected the required filter you wish to edit. 2. Click the button ‘Domains/URL’ tab. This will bring up the ‘Define Domains/ URL’ page. 3. In the text area provided you may enter a Web site in two different ways: •

By entering the explicit URL minus the ‘http://’ (e.g. www.bbc.co.uk/news)

•

By entering a domain (e.g. bbc.co.uk).

4. Please note that each entry must be put on a new line and there should be no trailing slash ‘/’ at the end of the URL. Also, you should not include the ‘www.’ with the entry, otherwise related sub-domains will be excluded.

Web Filtering

5. To make viewing of your listed pages easier, you can click the ‘sort alphabetically’ button at the bottom of the text area. 6. To recall the Domains/URL entries from the Default Filter, click the ‘Set to Default’ link. This may be useful for quickly configuring new filters which are typically just modifications of the Default set of filters. 7. Once you are satisfied with the Domains/URL entries, click the ‘Save’ button located at the bottom of the page. 8. Clicking ‘Reset’ will reset the list back to the saved list. To configure the Content Types you would like to filter:

1. Verify that you have selected the particular Filter you wish to edit. 2. Click the ‘Content Types’ tab. This will bring up the ‘Content Types’ page. 3. Click the boxes corresponding to the content types which you want to filter on. A check mark indicates that the Content Type will be filtered. 4. If you wish to filter on all the available content types, then you can click the ‘Select All’ check box located in each section. This will place a check mark for every content type in that section. A second click the ‘Select All’ check box will allow all content types for that section. Alternatively, you can click the ‘Select All’ button at the bottom of the page to filter on all content in all sections. Clicking on the ‘Deselect All’ button at the bottom of the page will remove any filters in any sections of the Content Type page. 5. If you wish to enter your own custom content types, you can type these into the ‘Custom’ text area. The content types must be entered using the same syntax as the following example: application/msword. Please note that all entries must be on a separate line. 6. You can sort your list of custom content types alphabetically by clicking on the ‘Sort alphabetically’ option directly underneath the text area. 7. The ‘Set to Default’ button copies the settings from the Default Filter, making it easier and quicker to configure new filters. 8. Once you are satisfied with the content types you wish to filter on, click the ‘Save’ button located at the bottom of the screen. Clicking the ‘Cancel’ button will return you to the previous page without saving any of the current settings. To configure the File Types you would like to filter

1. Verify that you have selected the particular filter you wish to edit. 2. Click the ‘File Types’ tab on the left hand side. This will bring up the ‘File Types’ page. 3. Click in the boxes next to the corresponding file extensions to which you want to filter on. A check mark indicates that the File Type will be filtered.

Google Web Security for Enterprise Administration Guide

4. If you wish to filter all the available file extensions, then you can click the ‘Select All’ button located in the bottom of the page. This will place a check mark for every file extension. A second click the ‘Deselect All’ button will remove the filter on all content types. 5. If you wish to enter your own custom file extensions, you can type these into the ‘other file extensions’ text box area. The file extensions must be entered using the same syntax as the following example: tif aac psd

6. Please note that all entries must be on a separate line. File extensions must not have a ‘.’ (period) in front. 7. You can sort your list of custom content types alphabetically by clicking on the ‘Sort alphabetically’ option directly underneath the text area. 8. The ‘Set to Default’ button copies the settings from the Default Restriction, making it easier and quicker to configure new filters. 9. Once you are satisfied with the content types you wish to filter on, click the ‘Save’ button located at the bottom of the screen. Clicking the ‘Cancel’ button will return you to the previous page without saving any of the current settings. To delete a Filter:

1. Click the ‘Web Filtering’ service tab on the main navigation bar at the top of the screen. 2. On the Management sub-menu click the ‘Filters’. This will bring up the main ‘Filters’ page. 3. The main ‘Filters’ page presents you with a listing of all your current filters. In order to delete one of these, click the ‘Delete’ icon located to the right of the desired filter. 4. A dialog box will appear asking if you are sure you want to delete the filter. Click the ‘OK’ button to proceed with deletion. The deleted filter will no longer be displayed in the list on the main ‘Filters’ page.

Web Filtering

If the filter you have chosen to delete has one or more pairings associated with it in the Policy rules, then the web security service will not let you delete it. You must first delete the dependent policy rule, then delete the filter.

Schedules When implementing Web Filtering within an organization, you may wish to change the type of rules a group of users has based on the time of day and/or day of the week. For example, you might like to let your staff have access to Internet banking, online shopping and news sites only during their lunch hour. Schedules within the web security service facilitate this by enabling you to create a time period (called a Schedule) and then pair that ‘Schedule’ with a particular Group and ‘Filter’ within the ‘Policy’. In this way, a Group can have many different types of Web access depending on the time of day and day of the week.

How the Web Security Service Processes Schedules Within the web security service, a schedule takes precedence based on the position of the rule with the policy. For example, suppose that you have three schedules: •

Default (24x7)

•

Work Day (09:00 – 18:00)

•

Lunch (13:00 – 14:00)

If you were to add a rule which had the Work Day schedule with Group A above another rule with the Lunch schedule against Group A, the first rule will process and if the filter is matched the action will take place regardless of whether the Lunch schedule would have made a difference. To stop this from happening, you should therefore always place rules with shorter time periods in the schedules above those with longer schedules. To create a Schedule:

1. Click the ‘Web Filtering’ service tab on the main navigation bar at the top of the screen. 2. Click the ‘Schedules’ link in the ‘Management’ sub-service menu. This will bring up the main ‘Manage Schedules’ page. 3. The ‘Manage Schedules’ page presents you with a listing of all your current Schedules. To create a new Schedule, click the ‘Create a Schedule’ tab at the top of the page. 4. Type the name you wish to give to the new Schedule in the ‘Schedule name:’ text field located at the top of the page. 5. Select the ‘From’ and ‘To’ times that you would like the Schedule to encompass, by selecting the hour and or minutes from the respective dropdown boxes provided.

Google Web Security for Enterprise Administration Guide

Note: If you would like to create a 24-hour Schedule, then you must set both

the ‘From’ and ‘To’ times to 00hrs 00mins. 6. Select the time zone for which you would like to set up this Schedule. 7. Select the days of the week for which you would like the Schedule to be active. This is done by clicking on the check boxes located next to each day of the week. If you click the weekdays check box, Mon-Fri will be selected, if you click the Weekends check box, Sat-Sun will be selected and if you click the Everyday check box Mon-Sun will be selected. Note: You cannot create a Schedule without selecting at least one day of the

week. 8. Once you are happy with the settings for your new Schedule, click Save. To edit a Schedule:

1. Click the ‘Web Filtering’ link on the main navigation bar at the top of the screen. 2. Click the ‘Schedules’ link in the ‘Management’ sub-service menu. This will bring up the main ‘Manage Schedules’ page. 3. The main ‘Manage Schedules’ page presents you with a listing of all your current Schedules. There are three ways to edit an existing Schedule: •

Click the name of the Schedule.

•

Click the ‘Edit’ icon to the right of the Schedule details.

•

Click the ‘Edit a Schedule’ tab and select the Schedule from the dropdown list.

4. Modify the settings of the Schedule and click ‘Save’ to save the configuration. You will be returned to the Manage Schedules tab. Otherwise, click the ‘Cancel’ button to abort and to return to the Manage Schedules tab. To delete a Schedule:

1. Click the ‘Web Filtering’ service tab on the main navigation bar at the top of the screen. 2. Click the ‘Schedules’ link in the ‘Management’ sub-service menu. This will bring up the main ‘Manage Schedules’ page. 3. The main ‘Manage Schedules’ page presents you with a listing of all your current Schedules. To delete an existing Schedule, click the corresponding check box next to an existing Schedule and click the ‘Delete Schedules’ button. 4. The deleted Schedule will no longer be displayed in the list on the main ‘Schedules’ page. Note: If the Schedule you have chosen to delete has one or more pairings associated with it in the Policy rules, then the web security service will not let you delete it.

Web Filtering

Policies The Policy page provides you with a visual overview of the Filtering Rules you have configured for your organization and a means to add more in an ordered manner. The simple layout enables you to see all the User Groups and their applied filtering rules. Each combination of a Filter and a Schedule within the Policies page is referred to as a Pairing. Each Policy Rule must consist of at least one pairing. To create a typical, time-dependent policy, multiple pairings can be used. To add or edit a Policy Rule:

1. Click the ‘Web Filtering’ service on the main navigation bar at the top of the screen. 2. Click the ‘Policy’ link under the ‘Management’ sub-service menu. 3. Click the ‘Create a Rule’ tab located at the top of the page. You will then be taken to the ‘Create a Rule’ page. This page allows you create a new rule in the policy. 4. Give the rule a unique name in the ‘Name:’ field. 5. Choose which action is going to take place when this rule is matched. Currently you have the choice of three actions: •

Block: Prevents the filtered users from downloading this content, and the block page will be displayed.

•

Allow: Allows the filtered users to download this content and proceed normally.

•

Anonymize: Removes the user details from ALL Web filtering records (needed in some countries to comply with local law). Please note that all Anonymize rules will appear in their own section at the top of the Company Policy rule list, but these can be reordered within the anonymized rules

6. Define ‘WHO’ this rule is going to run against. Leaving this blank will cause this filter to be applied against anyone. You can add in individual groups by clicking the ‘Add Group’ button. This will cause the Select Group screen to become visible. 7. You can find the group you are looking for by entering the group name (or part of) in the search box and clicking the ‘Go’ button. You can also list all of the groups starting with a particular character by clicking on the # (for symbols or numbers) or the letters at the top of the Search Groups screen. 8. Once you can see the group you want, click the ‘Select’ button and then click the ‘Confirm Selection’ button to return to the rule with the group added to the rule. 9. Clicking on the ‘Go’ button with an empty search box will return a list of all groups registered against your company.

Google Web Security for Enterprise Administration Guide

10. Define ‘WHAT’ this rule will filter on. You can select any of your filters from the drop down box and click the Add button. Adding more than one filter will have the action of ‘ANDing’ the filters together. You can make the filter into a NOT action by clicking the ‘Set as an exception’ check box. (If you do this with only one filter, it becomes a ‘NOT’, if it is a second filter, then it becomes an ‘AND NOT’). 11. Define ‘WHEN’ this rule will be in effect. By default a new rule has the anytime schedule, but you can delete this and add in another by selecting it from the list. If you add in any more schedules these should be exceptioned as ‘AND NOTs’, as any schedules added after the first one will ‘AND’ the schedules together. 12. Click ‘Create Rule’ to save the pairings to return to the Manage Policy window. Unless you have checked the ‘Active’ checkbox, the rule will be inactive (grayed out). You can now move the rule into the correct position using the up and down arrows on the left hand side of the rule. Once it is in the correct position, you can click the active check box and apply the changes. To change the order of the rules:

Use the up and down arrows to reposition the rules. Note: The Company policy works in much the same way as a firewall. The

Anonymize rules will appear at the top of the list of rules and the anonymize action will be remembered for any user which matches these rules further down the list. All other rules can be ordered beneath these. We recommend that you put the rules that are in effect for the smallest time periods at the top of the rules. Active / Inactive Rules

It is now possible to make a rule active or inactive in the policy. All inactive rules will have no impact on the traffic and can be moved around within the policy without any changes to the way traffic is filtered. On the company rules list, each rule (except Default which is always active) has a check box to say if the rule is active. Inactive rules are also grayed out in the rules list. To make an active rule inactive, deselect the Active check box and then click ‘Apply Changes’. To make an inactive rule active, click the Active check box and then click ‘Apply Changes’. All new rules are added into the policy just above the default rule and are always inactive unless you clicked on the active check box when you created the rule. To delete a rule:

1. Click the ‘Web Filtering’ tab on the main navigation bar at the top of the screen.

Web Filtering

2. Click the ‘Policy’ link in the ‘Management’ sub-service menu. This will then bring up the main ‘Manage Policy’ page. 3. Find the Rule within the listed Policy that you want to delete, and then click the ‘Delete’ Button located to the right of the pairing. 4. You will then be presented with a pop-up dialog box asking you if you are sure you want to delete the rule. Click the ‘OK’ button to proceed. 5. You should now see that the rule is no longer listed in the ‘Company Policy’ listing. 1. Note: You cannot delete the default rule. 1. To create global white and black lists:

1. Create two new filters, one called Global White List and the other called Global Black List. 2. Go to Management>Filters and click the ‘Create a Filter’ tab. 3. Enter ‘Global White List’ into the name field. 4. Click the Domains/URLs tab and enter in the URLs you wish to white list. 5. Save this new filter by clicking on the ‘Save’ button. 6. Do the same for the Global Black list. 7. Once these filters have been created, you need to create two new rules in the policy. 8. To create the Global White List rule, you should add the Global White List filter only to a rule called ‘Global White List’. 9. To create the Global Black List rule you should add the Global Black List filter only to a rule called ‘Global Black List’ 10. These rules now need to be positioned correctly and activated. They will appear in the Company Policy list (inactive) just above the default rule. 11. The Global White list should be moved to the top of the rules and the Global Black list should be just under it. Both rules should be activated.

Google Web Security for Enterprise Administration Guide

Quotas The Quotas feature is available only when using the Connector. Quotas enable you to limit the amount of Web access a user can have on a daily or weekly basis. There are five ways by which you can control the access allowance for a user: •

Period: Time period to apply quota policy to

•

Bytes In: Amount downloaded in Megabytes or Gigabytes

•

Bytes Out: Amount uploaded in Megabytes or Gigabytes

•

Time: Amount of time spent browsing in Minutes or Hours

•

Connections: Amount of connections made to the Web

When creating a quota, you can specify amounts for any combination of the access allowance types listed above. For example, you may wish to specify ‘Bytes In’ and ‘Time’ allowances only, in which case you would select amounts for these two parameters and leave the other two set to ‘Unlimited’. If you have more than one allowance type set in a quota, then as soon as one of the allowance limits is reached, all further Web browsing will be blocked until the quota period expires. To create a Quota: 1. Click the ‘Web Filtering’ service tab on the main navigation bar at the top of the screen. 2. Under the Management sub-service dropdown, click the ‘Quota’. This will bring up the ‘Manage Quotas’ screen. 3. Click the ‘Create a Quota’ tab. You will then be presented with a screen in which you can enter the configuration for the new Quota. 4. Enter a name for the new Quota into the provided text field. 5. Select the group to which you want to apply the Quota. (If you want this Quota to apply to everyone, then leave the group blank). By clicking on the ‘Browse’ button you will see the group search selector. This selector will allow you to find a specific group (both custom and directory) from your list of groups. Click the ‘Select’ button next to the group and then click the ‘Confirm Selection’ button. The selector allows you to search for a group name (or part of), and you can also click a letter to choose all groups beginning with that letter. Once back to the ‘Create a quota’ screen, you will need to click the ‘Add’ button to add this to the Quota rule. 6. From the ‘Period’ drop down box, select the period of time in respect of which you would like the quota to apply (Daily or Weekly). 7. Select the limits you would like to set for ‘Bytes in’, ‘Bytes Out’, ‘Time’ and ‘Connections’, by choosing an amount from their corresponding drop down boxes. Note: If you do not wish to set a limit for a particular allowance type, just leave it set to ‘unlimited’. Clicking on the ‘Reset’ button will return all settings to ‘unlimited’.

Web Filtering

8. Click the ‘Save’ button to save your new Quota. To edit a Quota:

1. Click the ‘Web Filtering’ service tab on the main navigation bar at the top of the screen. 2. Under the Management sub-service dropdown, click the ‘Quota’. This will bring up the ‘Manage Quotas’ screen. 3. There are three ways to edit a Quota. •

Click the name of the Quota in the rules list.

•

Click the edit button in the same row as the quota you want to edit.

•

Click the ‘Edit a Quota’ tab and select the quota rule from the dropdown.

4. The window will switch to the ‘Edit a Quota’ tab. You may then proceed to make any configuration changes to the Quota. Click the ‘Save’ button to save the modified Quota. (c)Deleting a Quota 1. Click the ‘Web Filtering’ service tab on the main navigation bar at the top of the screen. 2. Under the Management sub-service dropdown, click the ‘Quota’. This will bring up the ‘Manage Quotas’ screen. 3. Click the ‘Delete’ button corresponding to the quota you wish to delete. The popup message opposite will appear. 4. Click OK to delete the quota. 5. The page will refresh and quota will no longer be shown in the list of existing quotas. Note: It is possible to inactivate a quota. To do this, remove the tick from the active column in the Quota list and click the apply changes button.

Global Settings You can adjust the following settings on the Global Settings page: •

Separate HTTP/HTTPS Filtering

•

Acceptable Usage Policy page

Separate HTTP/HTTPS Filtering

Enable this check box to display the following tabs: Categories (HTTP) tab: This opens a page to define the restrictions for HTTP only traffic.

Google Web Security for Enterprise Administration Guide

Categories (HTTPS) tab: This tab opens a page to define the restrictions for HTTPS-only traffic. If you later disable separate HTTP/HTTPS filtering, the system will default back to the HTTP restrictions for both HTTP and HTTPS websites. Acceptable Usage Policy Page

The Acceptable Usage Policy (AUP) page enables you to inform your users of company policy related to using the Internet usage To help our customers, the web security service provides a click-through Acceptable Usage Policy screen. Note: This is only available to customers using the Connector v2.5 or higher in

workgroup mode. To enable this screen, please do the following: 1. Click the Web Filtering tab. 2. Click the Global Settings option on the management menu. The screen opposite will appear. 3. To enable the AUP page, select the ‘Enable AUP for all users’ check box. The web security service provides a sample AUP page to use as a template if your organization currently does not have one; however we recommend you seek professional advice in creating your own. Care should be taken to include references to the latest Web 2.0 technologies. If you are locking down your enduser laptops to only use the Internet through the web security services (both internally and externally), any means to circumvent this should be strictly prohibited in the AUP. All AUP pages will have an ‘I Agree’ button at the bottom of the page. You should include in your AUP a statement that by clicking on the ‘I Agree’ button the user agrees to abide by your AUP. You have a choice as to how often the AUP page is displayed to the end user, namely either daily or once per week. Select the appropriate radio button which meets your requirements. The web security service allows for fully customizable AUP pages, which means that you can define the entire HTML output of the block page up to and including the opening and closing <html> tags. This allows you to customize AUP pages with your own logo and policy text on the AUP page. To customize your AUP page:

1. Uncheck the ‘Include standard HTML page template for AUP page’ box to remove the standard logo and default text from the AUP page. 2. Enter the desired HTML into the ‘AUP’ field. Any images/css referenced needs to be a resolvable location. Typically you will be required to host your own images/css for this page. 3. Once you are happy with the AUP Page modifications you have made, click the ‘Save’ button located at the bottom of the screen.

Web Filtering

4. Click the preview button just beneath the text area to see how the additional information is rendered. You must save your changes before preview displays your new settings. Note: The AUP screens rely on the Quota functionality of the Connector. If the

Connector is reset, the tallies will also reset to zero and the AUP screens will be displayed again to the end users.

Filtering Notifications In the Notifications box in the left-navigation menu of the Filtering page, the following settings require configuration: •

User Messages – specifies the message which an end-user will see when a request is blocked.

•

Email Alerts – enables an administrator to receive an email alert when for blocked activity.

Further information is given on these settings below.

Filtering User Messages The User Message is the page that your users will see in their web browser if their web request is blocked. You can append your own information to the Alert Page in order to customize it for your organization. For example, you may wish to add the System Administrator's contact details, or links to your organization's web filtering and security policy. Note that the custom information must be submitted in HTML. The web security service allows for fully customizable block pages, which means that you can define the entire HTML output of the block page up to and including the opening and closing <html> tags. This allows you to customize block pages with your own logo and text on the block page. To set up User Messages:

1. Click the “Filtering” link at the top of the screen. 2. Click the “User Messages” button in the Notifications sub-menu in the left hand column. This will bring up the “User Messages” screen. 3. Clear the "Include standard header template" check box to remove the existing logo from the block page. 4. Enter the desired HTML into the "User Messages" field. Any images/css referenced needs to be a resolvable location. Typically you will be required to host your own images/css for this page. 5. You may insert #reason, #url, #category or #username into the HTML and it will be parsed as the reason for the block event. More detail available on this in the next section.

Google Web Security for Enterprise Administration Guide

Using Variables to Customize Block Page Text You may insert #reason, #url, #category or #username into the HTML in your custom block page and the block page will show the reason for the block event. An example below shows this more clearly: Default block message:

Custom HTML message written by user:

Custom message text will appear in end-user block page:

Filtering Email Alerts The Filtering Email Alerts are emails that notify you of when the web security service has blocked a web page. The email will contain the following information: •

The IP address that the request left your organization on.

•

The Internal IP address and or the user/group

•

The reason the requested page was blocked

•

The full URL of the requested page

Web Filtering

Email Generation You can specify a maximum of 5 different email addresses that you wish to have these alerts sent to. If you require the alerts to be sent to any more addresses than this, we recommend that you set up a group mailing address and then enter it into Web Content tab. To set up email alerts:

1. Click the “Filtering” link. 2. Click the “Email Alerts” link in the left hand column. This will bring up the “Email Alerts” page. 3. Select whether or not you want to be notified when a web page is blocked by selecting “Yes” or “No” from the drop down box. 4. Enter the email address (or addresses) you want notifications to be sent to in the empty text fields provided. 5. If you wish to throttle the amount of email alerts you receive, click in the box next to the statement “Limit these alerts to”. Throttling will now be activated and you must then select the number of alerts you wish to receive, per the amount of hours you specify. For example you might decide that you only ever want to get a maximum of 3 email alerts in a 2-hour period. 6. Once you are happy with the Email Alert details you have entered, click the “Save” button located at the bottom of the screen.

Google Web Security for Enterprise Administration Guide

Chapter 7

Admin Page

Chapter 7

About the Admin Page The Admin page enables you to manage groups, manage authentication keys, and download the Secure Connector.

Edit Your Account Details Click the Admin link on the main navigation bar at the top of the screen to display the Account Details page. To edit your account details, fill in the relevant fields and then click the Save button at the bottom of the page.

Authentication Key Management Web security authentication keys are used in conjunction with an installation of a Connector. The Connectors identify end users by merging user details from Active Directory using LDAP or Windows Domain integration and the applied Authentication Key for the connector. Connectors enable users to connect to the web security service with either a static IP address (no authentication key required) or dynamic IP address by using a Company, Group, or User Authentication Key. Connectors can encrypt user information and the web security service can apply specific user or group policy information based on this information. Connectors pass end user web traffic requests through the web security service for filtering, scanning, and policy enforcement, before providing the cleansed web content back to the end user. You can find more information about Connector in the Web Security Connector Installation Guide.

Admin Page

Authentication Keys can be created using the Web Admin page. You can create a Company, Group, or User Authentication Key which will be used to identify and authenticate the user to the web security service. A User Authentication Key enables more detailed user behavior reporting and policy management, but requires administrators to manage more keys.

Connector and Authentication Key Deployment Scenarios Here are three examples of the most popular deployment scenarios for Connectors using Company, Group, and User Authentication Keys. Case 1: Company Authentication Key and Active Directory (Most Popular Scenario)

•

Scenario Setup •

Two AD groups created in the web security service: WinNT://…/Marketing WinNT://…/Engineering

•

Company Authentication Key and Connector installed on Domain Controller.

•

Policy1 applied to Marketing and Policy2 applied to Engineering

Scenario Questions & Answers •

What policy will apply to Dan, Bob, and Steve? Policy1 is applied to Dan and Bob, and Policy2 is applied to Steve

•

If a policy causes a block, what group will be registered against the block? Blocks for Dan and Bob are registered against group WinNT://…/ Marketing with user information for Dan and Bob. Blocks for Steve are registered against group WinNT://…//Engineering with user information for Steve.

Google Web Security for Enterprise Administration Guide

Case 2: Group Authentication Key

•

Scenario Setup •

There are three branch offices and they do NOT currently use Active Directory groups. A connector is installed at each branch office, with a group authentication key installed for each workgroup connector coordinating to each office.

•

Group Authentication Keys: SFGROUP, LONDONGROUP, SYDNEYGROUP

•

Policy1 applied to SFGROUP, Policy2 applied to LONDONGROUP, Policy3 applied to SYDNEYGROUP

Scenario Questions & Answers •

What policy will apply to Dan, Bob, Jim, and Joe? Policy1 is applied to Dan and Bob Policy2 is applied to Jim Policy3 is applied to Joe

•

If a policy causes a block, what group will be registered against the block? Blocks will be registered against the group SFGROUP for Dan and Bob Blocks will be registered against the group LONDONGROUP for Jim Blocks will be registered against the group SYDNEYGROUP for Joe

Admin Page

Note: If you are using Active Directory, you are advised to use Case 1

(Company Authentication Key) to appropriately apply group policy. Case 3: User Authentication Key

•

Scenario Setup •

There are three mobile laptop users that you want to apply web security protection to while the user is surfing the web remotely at home or traveling (away from the corporate network). The Connector is installed on each of these laptops, and the User Authentication Key for each laptop identifying each user.

•

Custom Groups: New York and San Francisco

•

User Authentication Keys: Jim, Joe, Bob

Scenario Questions & Answers •

What policy will apply to Jim, Joe, and Bob? Policy1 will be applied to Jim and Joe in the New York Custom Group Policy2 will be applied to Bob in the San Francisco Custom Group

•

If a policy causes a block, what group will be registered against the block? Blocks registered against New York custom group and as user Jim and Joe Blocks registered against San Francisco custom group and as user Bob

Google Web Security for Enterprise Administration Guide

Note: User Authentication Key overrides all user information reported, so only use ONE user authentication key per ONE connector on ONE system.

Summary •

If you want to use Active Directory for granular policy and user reporting - you should use the Company key installed the Domain Controller with an Enterprise or Workgroup Connector.

•

If you have satellite offices where you want to apply a group policy to everyone in that office, use the Group Authentication Key.

•

If you have mobile laptops or systems, then use the User Authentication Key on a 1-1 basis.

Create and Delete Authentication Keys In most cases, the Company Authentication Key is the only key you need to create. If you want to use Active Directory for granular policy and user reporting you should use the Company key installed the Domain Controller with an Enterprise or Workgroup Connector. There can be only one Company Authentication Key. If you wish to create a Group or User Authentication Key, you MUST create your group and user structure using the Groups Sub-Service Link first BEFORE you create the group or user authentication keys. Your definition of your group and users are used to populate the available types of authentication keys you may create. When you begin to create Authentication Keys, the screen will show all available Authentication Keys you may create. If, for example, the Company Authentication Key is not available in this screen, this means that the Company Authentication Key has already been generated. To create an Authentication Key:

1. From the Web Content tab, click the Web Admin link. 2. Click the type of authentication key (Company, Group, or User) you would like to create in the Authentication box in the left-navigation menu. 3. Click “Create Key” by the Company/Group/User you want to have one created for. 4. Copy and paste the entire Authentication Key text into a text file application such as notepad.exe and save the file for safekeeping. You will need to copy and paste this key into the Connector configuration when you are installing the Connector. 5. Email the authentication key information to a select email address by clicking the Send button. NOTE: If you click send, you will not be able to return to this screen – so ensure you save the Authentication Key information BEFORE you click Send. If you fail to do this, you will need to revoke the key you just created and go through these steps again.

Admin Page

To deactivate an Authentication Key:

1. Click the Web Admin link, and click ‘Authentication Keys’ under Authentication. 2. Look for the Authentication Key you wish to deactivate and click the corresponding ‘Deactivate’ button, which will not delete the Authentication Key, but sets the Authentication Key state to ‘Inactive’. Note: If you are having Forbidden 403 HTML errors in your web browser while

trying to connect to the Internet through the Connector, you should check your Authentication Key activation status, it should state ‘Active’ to operate properly. To revoke an Authentication Key:

Some users may want to remove an Authentication Key for security purposes or for administration needs. Revoking an existing Authentication Key will delete it permanently, and existing Connectors will require re-configuration with a new and Active Authentication Key to operate properly. 1. Click the Web Admin link on the Web Content tab, and click ‘Authentication Keys’ under Authentication. 2. Select the Authentication Keys you wish to delete by checking the appropriate check boxes and clicking the ‘Delete’ button at the bottom of the screen. IMPORTANT: A validation message will appear to ensure you wish to delete the key. Revoking the key is an irreversible action; ensure you are prepared to delete the key before clicking ‘OK’. A less severe way of managing Authentication Keys would be to deactivate the key for a period of time, and then revoking the Authentication Keys at a later point. 3. If you wish to revoke the selected Authentication Keys, click ‘OK’.

Group Management The “Groups” link in the Management sub-service tab, located in the left hand column, is used to create and define Custom Groups and Directory Groups. Groups are used to segment an organization’s user base so that more granular, or role specific, web usage policies can be enforced. The web security service uses two types of Groups to achieve this functionality:

•

Directory Groups – As the name implies, a Directory Group represents a group of users as defined by a WinNT domain or by Active Directory. Typically, a Directory Group will represent a group of users with similar roles (hence access privileges) within the organization.

•

Custom Groups – are defined by either (or both) usernames and IP addresses and subnets. Usernames are specified according to the WinNT or Active Directory schema. IP addresses can private (publicly non-routable) or public.

Google Web Security for Enterprise Administration Guide

Each of these groups will be discussed in further detail. For either of these groupbased web access controls to function, you must have a Connector installed within your infrastructure. If the Connector is not installed, all web requests will be managed by Alert page that is displayed to users within your organization when web content is blocked by the default policy. How the web security service Evaluates / Prioritizes Groups

The web security service evaluates groups using a fast, multi-stage selection process, which accommodates variations in customer infrastructure and the Connector configuration. •

If the Secure Connector has been configured to send internal group details, then a check will first be made to see if the supplied group name matches any groups configured within the web security service. If such a match exists, the matched group will be selected.

•

If the group name is absent or unmatched, but user name details are present, then a further check is made to see if the username has been configured within an existing group.

•

If the group is still unmatched, and the internal IP address is present, then a further attempt is made to match the internal IP address with a group IP Expression.

•

If the group is still unmatched, then a further attempt is made to match the external IP address with a group IP Expression.

•

Finally, if no match has been made, then the “default” group is selected.

To create or edit a Directory Group:

4. Click the “Admin” link on the main navigation bar at the top of the screen. 5. Click the “Groups” button in the “Authentication” sub-service tab in the left hand column. This will bring up the “Groups” screen. 6. Click the “Add Directory Group” button at the bottom of the screen. You will then be presented with a screen in which you can enter in a new “Directory Group Name”. 7. Type the name of the group into the provided text field. You must use the following syntax when specifying a WinNT or Active Directory group: WinNT://DOMAIN_NAME\GROUP_NAME WinNT://ACTIVE_DIRECTORY_REALM\GROUP_NAME

8. The syntax is case insensitive and there may be spaces in the names, however the names should be spelled exactly as they appear within your Windows Domain or Active Directory. 9. To create the new Directory group, click the “Save” button. You will then be taken back to the main “Manage Groups” page where you will see your new Directory Group in the Groups list.

Admin Page

Note: The Directory Group name, itself, is functional and therefore no further

parameters are required to configure the Directory Group. To edit a Directory Group Name:

1. Click the “Admin” service tab on the main navigation bar at the top of the screen. 2. Click the “Group” button in the “Authentication” sub-service tab in the left hand column. This will bring up the “Groups” screen. 3. Click the group button which corresponds to the Directory Group which name you want to change. 4. Edit the name of the Directory Group in the text field. You must use the following syntax when specifying a Windows NT or Active Directory group: WinNT://DOMAIN_NAME\GROUP_NAME WinNT://ACTIVE_DIRECTORY_REALM\GROUP_NAME

5. The syntax is case insensitive and there may be spaces in the names, however the names should be spelled exactly as they appear within your Windows Domain or Active Directory. 6. To save the new Directory group, click the “Save” button. You will then be taken back to the main “Manage Groups” page where you will see your new Directory Group in the Groups list. Clicking on the “Cancel” button will abort any changes and return you to the previous Groups page. To create a Custom Group:

1. Click the “Group” button in the “Authentication” sub-service tab in the left hand column. This will bring up the “Groups” screen. 2. Click “Add Custom Group”. 3. Enter the name of the Custom Group you wish to create into the “Custom Group” text field. 4. To register the new Custom Group, click the “Save” button. You will then be taken back to the main “Manage Groups” page where you will see the new Custom Group name in the groups list. If you hit “Cancel”, the operation will be aborted and you will return to the groups list. 5. You should now add either (or both) IP Addresses or User Names to the Custom Group. Each of these procedures is detailed below. To add or edit Usernames for a Custom Group:

1. Click the corresponding button for the group you have already created on the Group listing page. 2. Enter the user names of all the users you would like in the group, putting each on a separate line within the text area provided. You must use the following syntax when specifying a Windows NT or Active Directory user: WinNT://DOMAIN_NAME\USER_NAME

Google Web Security for Enterprise Administration Guide

WinNT://ACTIVE_DIRECTORY_REALM\USER_NAME

3. The syntax is case insensitive and there may be spaces in the names, however the names should be spelled exactly as they appear within your Windows Domain or Active Directory. 4. To save the entered usernames, click the “Save” button. Otherwise click “Cancel” to abort the entries and to return to the Manage Groups page. To create a Group using IP Addresses:

1. Click the corresponding existing group button on the Group listing page. 2. Enter the IP expressions, into the text area, that are required to identify the users you want in the group. The expressions you can use are as follows: •

Individual IP addresses, each on a new line (e.g. 192.168.0.25)

•

Network Masks, each on a new line (e.g. 192.168.0.0/255.255.255.0)

3. To save the entered IP Addresses (and subnets), click the “Save” button. Otherwise click “Cancel” to abort the entries and to return to the Manage Groups page. To delete a Group:

1. Click the “Admin” service tab on the main navigation bar at the top of the screen. 2. Click the “Groups” button in the “Authentication” sub-service tab in the left hand column. This will bring up the “Manage Groups” page listing all the existing groups. 3. Click the checkbox next to the selected existing group you wish to remove in the Delete Column, then click the “Delete Groups” button. 4. A dialog box will appear, asking if you are sure you want to delete the user group. Click the “OK” button to proceed with deletion. The deleted group will no longer be displayed on the main Manage Groups page. Note: If the user group you have chosen to delete has one or more pairings

associated with it in the Policies listing then the web security service will not let you delete it. The Default Group

If a user has not been assigned to a specific group, the user will automatically become a member of the Default group. The Default group cannot be deleted and you cannot add “Users” or “IP Expressions”. Duplicate Users or IP Addresses

The administrator should avoid duplicating Domain/Active Directory usernames or IP addresses across different Custom Groups. If you do duplicate any of these parameters, then the first group found will determine web access policy for that user.

Admin Page

Installing the Connector To install the Secure Connector:

1. Log in to the Administration Console. 2. Select the Web Admin link on the Web Content tab. 3. Click Secure Connector. 4. Click Download. During installation, the Secure Connector provides the following configuration options: •

Enterprise Connector

•

Workgroup Connector

•

Mobile Connector (coming soon)

For more information on the Secure Connector, see the Web Security Connector Installation Guide.

Google Web Security for Enterprise Administration Guide

Chapter 8

Reports

Chapter 8

About Web Security Reports Google Web Security reports are accessible via the Reports link on the Web Content tab. Use both Custom reports and Predefined reports to analyze the following criteria: •

Applications

•

Bandwidth

•

Blocks

•

Browse Time

•

Categories

•

Groups

•

Hosts

•

Legal Liability

•

Malware

•

Security

•

Users

There are three report types: •

Standard reports use conditions, and up to two attributes to provide more detailed information for a chosen time period.

•

Time Analysis reports provide similar information to standard reports but for a single attribute over a chosen time period.

•

Detailed Search reports use conditions and multiple attributes to provide a higher level of detail than standard reports for a chosen time period.

Reports are generated by running searches. Google provides several pre-defined searches. See “Pre-defined Searches and Reports” on page 81. You can also use these as the starting point for creating custom searches.

Reports

To run a search, do the following: 1. Choose a time period for the search, from the last hour to the last year. 2. Choose a pre-defined search or create a new search. 3. Add filters based on reporting attributes or metrics. 4. Choose the number of results to view, from 10 to 1000. 5. Choose a reporting attribute to group the results by. 6. Choose to sort the results by name, bandwidth, browse time, bytes sent, bytes received or hits. 7. Choose to view the top or bottom results. 8. Optionally, add a second reporting attribute to group the results by. 9. Choose to view the report as a grid, bar, column, pie or line chart. 10. Save the search for future use. There are 80 attributes to choose from so we recommend that you start by using pre-defined searches. See “Website Attributes / Categories” on page 75. In addition to creating and modifying searches, from the Reports page you can: •

Create and manage sets of filters

•

Combine searches into composite reports

•

View reports online and print or export them

•

Download reports to view offline or import into a spreadsheet or word processor

•

Schedule reports for delivery by email to groups of recipients

System Requirements for Reports To view Web Security reports, you need the following: •

Adobe Flash 10 (or higher)

•

Chrome, Mozilla Firefox 3 or 3.5, or Microsoft Internet Explorer 6, 7 or 8 (in Compatibility View only)

Viewing Reports Reports are generated from predefined or previously saved searches. They can be viewed online or downloaded as a PDF. When a report has been generated you can refine the search by adding filters or changing the conditions of the search. You can save your changes as a new search or replace a previously saved search, and filters can be saved separately as a filter set.

Google Web Security for Enterprise Administration Guide

To view reports from a predefined or saved search:

1. Click the Reports links to display the Reports pane, or click Reports from the Reports left-navigation menu. The available searches are displayed in two tables: •

Custom reports

•

Predefined reports

See “Pre-defined Searches and Reports” on page 81. 2. In the Time zone list, click a time zone. The default is UTC. Searches do not include time-period information so you must provide this each time you generate a report. 3. In the Time period list, click a pre-defined time period. The pre-defined time periods are: •

Previous hour

•

Previous day - yesterday

•

Previous week - the last full week

•

Last n hours (12, 24, 48 or 72)

•

Last week - the previous seven days

•

Last n weeks (2 or 3)

•

Last month

•

Last n months (2, 3, 4, 5, 6, 9 or 12)

Alternatively, click Custom and enter the required start and end dates and times: a. Enter a start date in the box or click the Calendar icon to choose a date. b. Choose a start time using the hour and minute lists. The time is shown using the24-hour clock. c.

Enter an end date in the box or click the Calendar icon to choose a date.

d. Choose an end time using the hour and minute lists. 4. Select the Auto Run Report check box to run the search as soon as the report is opened. Alternatively, clear the check box to prevent the search from running automatically. 5. Click a folder to show or hide the searches for that folder. 6. In the View as list, click a chart type. The available charts depend on the type of report and may include: •

Grid

•

Bars

•

Pie

•

Columns

•

Line

Reports

7. Click the search to generate and view a report (see “Viewing Reports” on page 56). Alternatively, click the Download icon to download the report in PDF format. See “Downloading Reports” on page 60.

Viewing Reports Online Once the report has been generated you can click one of the following icons to change the way the report is displayed: •

Grid

•

Bar

•

Column

•

Pie

•

Line

The availability of icons depends on the type of report that you view.

Grid Chart The grid chart is the default way of viewing reports. From here you can change the data that is displayed in the other charts.

Viewing Grid Data Choose the number of results to display per page from the Show drop-down box. The available options are: •

•

100

Navigate through the pages using the first, prev, next and last buttons. You can refine your search by clicking entries in the primary attribute column. Click an entry, and then click is equal to to include only that entry in the report. Alternatively, click is not equal to to exclude the entry. When you have made your changes, click Launch search to display the refined report.

Google Web Security for Enterprise Administration Guide

Adding and Removing Metrics To add or remove columns from the display: 1. Click the +|- button to display the Choose which columns you would like to see dialog. 2. For each list entry click hide or show, as required. The following metrics are available: •

Host

•

Bandwidth - the sum of bytes sent and received

•

Bandwidth (% Tot)

•

Browse Time - distinct minutes spent browsing

•

Browse Time (% Tot)

•

Bytes Received

•

Bytes Received (% Tot)

•

Bytes Sent

•

Bytes Sent (% Tot)

•

Hits

•

Hits (% Tot)

3. Click Close.

Sorting Grid Data To sort by a column, click the column heading. The first column displays the primary and secondary attributes. Click the primary attribute name to sort by the primary attribute. As an alternative, click the secondary attribute name to sort by the secondary attribute within the primary attribute sort order.

Graphical Charts There are four types of graphical chart: •

bar

•

column

•

pie

•

line

Reports

Click the hyperlink at the top of the chart to change the sort metric: Right-click the chart to print or save the chart. Choose Print Chart to print the chart. Choose Save as JPEG Image to export to a JPEG image. Choose Save as PNG Image to export to a PNG image. Choose Save as PDF to export to Adobe PDF.

Bart Chart The bar chart displays the data as horizontal bars.

Column Chart The column chart displays the data as vertical bars.

Pie Chart The pie chart displays the data as a 2D or 3D pie chart. Additional commands are available when you right-click the pie chart: Click Enable Rotation to enable the chart to be rotated by clicking and dragging the chart. You cannot move slices while you are rotating the chart. Click Enable Slicing Movement to enable the chart's slices to be moved by clicking them. You cannot rotate the chart while you are moving slices. Click View 2D to view a two-dimensional representation of the chart. Click View 3D to view a three-dimensional representation of the chart.

Line Chart The line chart displays time analysis data.

Downloading Reports In addition to exporting reports in JPEG, PDF and PNG format, you can also download reports directly.

Google Web Security for Enterprise Administration Guide

Downloading PDF Reports To download a report in PDF format without viewing the report on-screen: 1. Click the Reports tab to display the Reports pane. Alternatively, on the Reports menu, click Reports. 2. Click a folder to show or hide the reports for that folder. 3. In the View as list, click a chart type. The available charts depend on the type of report and may include: Grid Bars Pie Columns Line 4. Click the Download icon to download the report. Alternatively, view the report on-screen as normal and then click the PDF icon to download the report.

Downloading CSV Reports Downloading a report in CSV (comma separated value) format enables you to open the report in a spreadsheet. To download a report in CSV format: 1. View the report as a grid. (See “Viewing Reports” on page 56.) 2. Click the CSV icon to download the report.

Filtering Reports Filters enable you to refine searches by reporting attributes, metrics, or a combination of both. They can be used to narrow a predefined or saved search or applied when you are creating a search. (See “Creating a Search” on page 63.) You can have up to 20 active filters at any one time. Activating and deactivating filters enables you to experiment to find the best set of filters to get the information you want, but only the active filters will be saved.

Adding Filters to a Search A search will include only the results returned where all filter conditions are met. However, only one exact match from the list of values provided with the "in list" operators is required to return a result.

Reports

To add a filter:

1. Click the Add link. 2. In the attribute list, click the required attribute (see â&#x20AC;&#x153;Website Attributes / Categoriesâ&#x20AC;? on page 75). 3. Enter a value in the box. 4. Click Add. To activate filters:

1. Select the check box for each filter you want to activate. 2. Click the Activate hyperlink. Activated filters are shown with a green triangle. To deactivate filters:

1. Select the check box for each filter you want to deactivate. 2. Click the Deactivate link. Deactivated filters are dimmed. To remove one or more filters:

1. Select the check box for each filter you want to remove. 2. Click the Remove hyperlink.

Managing Filter Sets To manage filter sets: 1. Click the Reports tab to display the Reports menu. 2. In the Reports menu, click Filter Sets.

Adding a Filter Set To add a filter set:

1. Click Add. 2. Enter a unique name for the filter set in the box.

Google Web Security for Enterprise Administration Guide

3. For each filter you want to add to the set: a. Click Add Filter. b. In the Select filter type list, click a filter type. You can add attribute or metric filters, or existing filter sets (see “Adding Filters to a Search” on page 61). c.

Click Add.

Copying a Filter Set To copy a filter set:

1. Click the filter set. 2. Enter a unique name for the copy in the box and press Enter.

Renaming a Filter Set To rename a filter set:

1. Click the filter set. 2. Enter a unique name in the box and press Enter.

Deleting a Filter Set To delete a filter set:

1. Click the filter set. 2. Click Delete to permanently remove the filter set. You will not be asked to confirm your action.

Creating a Search Reports are generated by running one of the three available search types. Searches are refined by time period and filters (see “Viewing Reports” on page 56). To create a search:

1. Click the Reports tab to display the Reports menu. 2. On the Reports menu, click Search.

Reports

3. Click the tab for the type of search you want to create. The tabs are: Search Time Analysis Detailed Search Alternatively: 1. Click the Reports tab to display the Reports pane. 2. Click the Create a new report hyperlink. 3. Click the tab for the type of search you want to create.

Creating a Standard Search To create a standard search:

1. Select a time period. 2. Add any required filters (see “Adding Filters to a Search” on page 61). 3. In the View list, click the number of primary attributes to display. The available options are: 10 20 50 100 150 250 500 1000 4. In the primary attribute list, click the required primary attribute (see “Website Attributes / Categories” on page 75). 5. In the primary sort metric list, click the required primary sort metric.

Google Web Security for Enterprise Administration Guide

The available metrics are: name bandwidth browse time bytes received bytes sent hits 6. Click the hyperlink to change the primary sort order. The hyperlink indicates the current order to ascending or descending. 7. Clear the check box to exclude secondary attribute criteria. Alternatively select the check box to enable additional criteria, then do the following: a. Choose the number of secondary attributes to display from and their dropdown box. The available options are first: 1 2 3 4 5 10 20 b. In the secondary attribute list, click the required attribute. (The available attributes are the same as for the primary attribute. c.

In the secondary sort metric list, click the required sort metric. The available metrics are the same as for the primary sort metric.

d. Click the hyperlink to change the secondary sort order. The hyperlink indicates the current order, ascending or descending. 8. Click Launch search. When the report has been generated it is displayed below the button. 9. Click Save to save the search (see “Saving a Search” on page 68).

Creating a Time Analysis Search To create a time analysis search:

1. Select a time period (see “Viewing Reports” on page 56). 2. Add any required filters (see “Adding Filters to a Search” on page 61).

Reports

3. In the View list, click the number of attributes to display. 4. In the attribute list, click the required attribute. See “Website Attributes / Categories” on page 75. 5. In the sort metric list, click the required sort metric. The available metrics are: name bandwidth browse time bytes received bytes sent hits 6. In the sort metric list, click the required sort metric. 7. Click Launch search. When the report has been generated it is displayed below the button. 8. Click Save to save the search (see “Saving a Search” on page 68).

Creating a Detailed Search To create a detailed search:

1. Select a time period. (see “Viewing Reports” on page 56.) 2. Add any required filters (see “Adding Filters to a Search” on page 61). 3. Choose between one and 15 reporting attributes to include in the report (see “Website Attributes / Categories” on page 75). The default attributes are Timestamp, Category, Group, Host, Internal IP, Path, Query, Rule Action, and User. To add one or more attributes: a. Click the Add/Remove columns hyperlink. b. In the attribute list, click the required attribute or attributes. To remove an attribute, hover over the attribute and click the Remove icon. Alternatively, Click the Add/Remove columns hyperlink, then click the attribute or attributes you wish to remove. You cannot remove the Timestamp attribute. 4. Click the attribute you want to sort by. Clicking the selected attribute changes the sort order, which is indicated by a triangle. 5. Drag and drop the attributes to change the order of the columns in the report. 6. Click Launch search. When the report has been generated it is displayed below the button.

Google Web Security for Enterprise Administration Guide

Allowed Traffic You can also create a detailed report from an allowed traffic report. The allowed traffic report shows all of the allowed traffic by category for a single day. To view an allowed traffic report:

1. Click the Reports tab to display the Reports menu. 2. In the Reports menu, click Allowed Traffic. 3. In the Type list, click a filter type. The available types are: User Group Internal IP 4. Enter a Date in the box or click the Calendar icon to choose a date. 5. Enter a user name, group name or internal IP address in the User/Group/IP box, for example default. 6. Click Search to view the report. Security risks are shown as a colored icon in the hour column for the various filter categories with the following meanings: •

Red - high security risk

•

Yellow - medium security risk

•

Green - low security risk

Click the icon to display a detailed report of the risk.

Creating a Search from a Pre-defined Search To create a search from a pre-defined search:

1. Click the Reports tab to display the Reports pane. 2. View the report (see “Viewing Reports” on page 56). 3. Edit the report criteria (see “Creating a Search” on page 63). 4. Save the new report (see “Saving a Search” on page 68).

Reports

Saving a Search To save a search:

1. Click Save. Alternatively, click "Save as" to save a copy of the report. Then use current settings to create a new Report dialog is displayed. 2. Enter a name for the search (up to 256 characters) in the Choose a report title box. Alternatively, select the use the default name check box to use the name adjacent to the check box. 3. In the Choose an existing folder from the list list, click a folder. Alternatively, select the Create a new folder check box and enter a Folder name (up to 256 characters). 4. Click SUBMIT to save the search. Alternatively, click Close window to return to the previous screen without saving.

Editing a Search To edit a search:

1. View the report as normal (see “Viewing Reports” on page 56). 2. Edit the search criteria (see “Creating a Search” on page 63). 3. Click "Save". Alternatively, click Save as to save a copy of the report. Note: You can only save a copy of a pre-defined search or a search that is part of

a composite report.

Renaming a Search To rename a search:

1. Click the Reports tab to display the Reports pane. Alternatively, on the Reports menu, click Reports. 2. If the search you wish to rename is contained within a folder, click the folder to display the search. 3. Click the Rename icon. 4. Enter a new name in the Enter new name box and press Enter. Alternatively, click the X icon to abandon renaming the search.

Google Web Security for Enterprise Administration Guide

Deleting a Search To delete a search:

1. Click the Reports tab to display the Reports pane. Alternatively, on the Reports menu, click Reports. 2. If the search you wish to delete is contained within a folder, click the folder to display the search. 3. Click the Delete icon. You will be prompted to confirm your action. 4. In the dialog click OK to delete the search. Alternatively, click Cancel to abandon deleting the search. Note: You cannot delete a search that is part of a composite report. You must first

remove the search from the composite report.

Deleting an Empty Folder To delete an empty folder:

1. Click the Reports tab to display the Reports pane. Alternatively, on the Reports menu, click Reports. 2. Click the Delete icon. You will be prompted to confirm your action. 3. In the dialog click OK to delete the folder. Alternatively, click Cancel to abandon deleting the search. Note: You cannot delete a folder that is not empty. You must first remove any

saved searches from the folder.

Creating Composite Reports Composite reports enable you to combine the contents of two or more existing searches into a single report. You can even combine pre-defined searches with searches you have created yourself. To create a composite report:

1. Click the Reports tab to display the Reports menu. 2. On the Reports menu, click Composite Reports. 3. Click the Create composite reports tab. 4. Enter a name for the report in the Composite report name box.

Reports

5. For each search you wish to include: •

In the Report(s) to include in composite list, click the required search, and then click add.

To change the order in which the searches will be displayed: •

In the Report table, click the required search, and use the move up and move down icons to change the position of the search.

To remove a search from the composite report, click the Delete icon 6. Add any required filters (see “Adding Filters to a Search” on page 61). 7. Click Save changes to save the composite report.

Downloading Composite Reports To download a composite report:

1. Click the Reports tab to display the Reports menu. 2. On the Reports menu, click Composite Reports. 3. Click the Manage composite reports tab. 4. Select a time period. 5. Click the Download icon to download the composite report in PDF format.

Editing Composite Reports To edit a composite report:

1. Click the Reports tab to display the Reports menu. 2. On the Reports menu, click Composite Reports. 3. Click the Manage composite reports tab. 4. Click the Edit icon next to the composite report you wish to edit. Alternatively:

1. Click the Reports tab to display the Reports menu. 2. On the Reports menu, click Composite Reports. 3. Click the Edit composite reports tab. 4. In the Composite report name list, click the report you wish to edit. When you have finished editing the report, click Save changes to save your changes. See “Creating Composite Reports” on page 69.

Google Web Security for Enterprise Administration Guide

Deleting Composite Reports To delete a composite report:

1. Click the Reports tab to display the Reports menu. 2. On the Reports menu, click Composite Reports. 3. Click the Manage composite reports tab. 4. Click the Delete icon next to the composite report you wish to delete. You will be asked to confirm that you want to delete the report.

Report Scheduling Report scheduling enables you send reports via email to specific recipients. Before scheduling a report you must have created at least one email group with at least one recipient.

Email Groups Email groups enable you to send scheduled reports to groups of recipients.

Creating an Email Group To create an email group:

1. Click the Reports tab to display the Reports menu. 2. On the Reports menu, click Recipients. 3. Enter a group name in the Groups box. 4. Click Create new group.

Deleting an Email Group To delete an email group:

1. Click the Reports tab to display the Reports menu. 2. On the Reports menu, click Recipients. 3. Click the Delete group icon next to the group you wish to delete. Warning: You will not be asked to confirm your action. Deleted groups cannot be recovered.

Reports

Email Recipients Scheduled reports are sent to groups of email recipients. If you want to send a report to a single recipient then you will need to create a group with only one recipient.

Creating an Email Recipient To add recipients to an email group:

1. Click the Reports tab to display the Reports menu. 2. On the Reports menu, click Recipients. 3. Click the group you want to add recipients to. 4. Enter the first part of the email address in the Recipients for box. 5. In the @ list, click the last part of the email address. 6. Click Add recipient.

Deleting an Email Recipient To delete an email recipient:

1. Click the Reports tab to display the Reports menu. 2. On the Reports menu, click Recipients. 3. Click the group containing the recipients you want to delete. 4. Click the Remove a recipient icon next to the email recipient you wish to delete. Warning: You will not be asked to confirm your action. Deleted recipients cannot be recovered.

Creating a Scheduled Report To create a scheduled report:

1. Click the Reports tab to display the Reports menu. 2. On the Reports menu, click Scheduled Reports. 3. Click the Create scheduled reports tab. 4. In the Create Report Schedule area, enter a name for the scheduled report in the Report schedule name box.

Google Web Security for Enterprise Administration Guide

5. In the Delivery schedule area, click one of the following to set when the report will run: Daily - every day Weekly - every week on the day specified Monthly - every month on the first day of the month Four weekly - every four weeks on the day specified Reports contain data for the period up to midnight on the day before the report is run: Daily contains the previous 24 hours Weekly contains the previous seven days Monthly contains the previous month Four weekly contains the previous 28 days 6. If you chose weekly or four-weekly reports you must choose a day on which they will run. In the Report runs on list, click a day. 7. In the To (recipient group) list, click a group. If you have not created a group yet, you can click the Manage recipient groups hyperlink to do so. 8. In the Email content area, enter the Subject for the generated email, e.g. Monthly bandwidth report. 9. Enter the Message for the email, e.g. Report attached. 10. In the Report list, click a pre-defined or saved report. If you want to combine reports into a single report you can click the Manage composite reports hyperlink to do so. 11. Click PDF to attach the report to the generated email as a PDF file. Alternatively, click RTF to attach an RTF file that can be opened with a wordprocessor. ScanSafe recommends using password protected PDFs. 12. To password protect attached PDFs, enter a password in the Enter a password and Confirm password boxes. 13. Click Save changes to save the scheduled report. Caution: Clicking the Manage recipient groups or Manage composite reports hyperlink abandons any unsaved changes made to the scheduled report.

Editing a Scheduled Report To edit a scheduled report:

1. Click the Reports tab to display the Reports menu. 2. On the Reports menu, click Scheduled Reports. 3. Click the Manage scheduled reports tab.

Reports

4. Click the Edit icon next to the composite report you wish to edit. Alternatively:

1. Click the Reports tab to display the Reports menu. 2. On the Reports menu, click Schedule. 3. Click the Edit composite reports tab. 4. In the Report schedule name list, click the report you wish to edit. When you have finished editing the report, click Save changes to save your changes. See â&#x20AC;&#x153;Creating a Scheduled Reportâ&#x20AC;? on page 72.

Deleting a Scheduled Report To delete a scheduled report:

1. Click the Reports tab to display the Reports menu. 2. On the Reports menu, click Scheduled Reports. 3. Click the Manage scheduled reports tab. 4. Click the Delete icon next to the scheduled report you wish to delete. You will be asked to confirm that you want to delete the scheduled report. Note: Deleting a scheduled report does not delete the original report or email

group.

Google Web Security for Enterprise Administration Guide

Appendix A

Website Attributes / Categories

Appendix A

Introduction The web security service enables you to filter for website categories when setting up your filtering service. The following list includes the names and definitions of these categories. Note: This list is subject to change. If a category was removed from the list, it is now included in a different, related category. For example, the category “Sects” is no longer listed, and is now included in the category “Religion.” Adult: Includes websites containing nude photography and erotic material, as can be found on television or obtained free of charge from magazines. Includes erotic collections of celebrity pictures as well. (Note: Sexually explicit activities are listed in the Pornography category.) Advertisements (Promo / Advertising): This category contains Web sites for product promotion and advertising issues with a short term durability e.g. advertisement resources received by email. Alcohol: Includes websites about alcohol (wine, beer, liquor, breweries) and Web sites of alcohol distributors. Arts (Art / Museums): Includes Web sites from the area of theatre, museums, exhibitions, photography, graffiti, etc. Astrology: Includes Web sites with astrology-related topics. Auctions (Auctions / Classified Ads): Includes Web sites with online/offline auction sites, auctions houses and online/offline classified advertisements. Business and Industry (Building / Residence / Furniture): This category contains Web sites such as property markets, furniture markets, ads, equipment, design, building industry and handcraft. Chat and Instant Message (Chat): This category contains Web sites that allow users to have a direct exchange of information with another user from place to place. Also listed are chat room providers and offerings about Instant Messaging.

Website Attributes / Categories

Cinema: Includes Web sites in the area of cinema, television, program information, video-streaming, Web sites about celebrities and other entertainment sites as well. Computer Crime: Includes Web sites containing information about the illegal manipulation of electronic devices, data networks and password encryption, as well as about credit card misuse and other methods of Internet fraud. Includes spyware and phishing sites, as well as sites providing manuals for virus and Trojan horses programming, malicious adware applications and malicious Web code. Computer Games: Includes Web sites of computer games, computer game producers, cheat sites, online gaming zones, gaming clans and others gambling sites without chances of profit. Dating / Relationships: This category contains Web sites that promote interpersonal relationships and escort services. Digital Postcards: Includes Web sites that allow people to send digital postcards via the Internet, and also the providers of these services. Education: Includes the Web sites of universities, colleges, public schools, schools, kindergartens, adult education, course offerings, history, law, dictionaries, encyclopaedias and any topic hosted on universities servers. Extreme: Includes Web sites that are normally assigned to other categories, but are particularly extreme in their content (e.g. violence). Fashion / Cosmetics / Jewelry: This category contains Web sites about of fashion (clothing, accessories), cosmetics, jewelry, perfume, modelling agencies and other Web sites of the beauty area. Filter Avoidance (Anonymous Proxies): Includes Web sites that allow users to anonymously view Web sites. Finance (Banking): This category contains Web sites such as banks, credit unions, credit cards and online bank accounts. Gambling: Includes lottery organizations, casinos, betting agencies and other gambling sites with chances of profit. Governmental Organizations: Includes Web sites with content for which governmental organizations are responsible (e.g. government branches or agencies, police departments, fire departments, hospitals, military, civil defence, counterterrorism organizations) and large government organizations such as the United Nations or the European Community. Hate and Discrimination: Includes Web sites with extreme right and left wing groups, sexism, racism, religious hate, the suppression of minorities, and the belittlement of various organizations. Health / Recreation / Nutrition: This category contains Web sites about medicine and medical care such as hospitals, doctors, drugstores, psychology, nursing, pharmaceuticals, health food stores and diet. Humor: This category contains sites with jokes, sketches, comics and sites with other humorous content.

Google Web Security for Enterprise Administration Guide

Illegal Activities: Includes activities that are illegal according to German and European law such as instructions for murder, manuals for bomb building, instructions for illegal activity, child pornography, sodomy, instructions for cheating, etc. Illegal Drugs: This category contains Web sites about LSD, heroine, cocaine, XTC, pot, amphetamines, hemp, stimulant drugs and the utilities for drug use (e.g. water pipes) Illegal Software: This category contains sites with software cracks, license key lists and illegal license key generators. Information Security: This category contains Web sites that inform people about security, privacy and data protection in the Internet and in other bandwidth services such as telecommunications. Job Searches: Includes Web sites within the area of job offerings, job searches, job agencies, labour exchanges, temporary work, career planning, applications for employment (CV), etc. Music: Includes Web sites for radio, Web radio, sound files (MP3, Wav, etc.), Real Audio, homepages of singers and bands, entertainer, record labels and music vendors. News: This category contains Web sites that inform about general news, including magazines, newspapers, and magazines targeted also at younger audiences. Newsgroups / Bulletin Boards: This category contains Web sites that enable the sharing of information such as on a bulletin board. Includes blogging and visitorsâ&#x20AC;&#x2122; book servers as well. Non-Governmental Organizations: Includes the Web sites of nongovernmental organizations such as clubs, lobbies, communities, non-profit organizations and labour unions. Online Shopping: Includes Web sites with online shops, where there is the possibility to select from a product range and order online. Includes shopping consulting, pricing and other shopping services as well. Pharmacy / Drugs: This category contains Web sites from the pharma branch, as well as drugstores and information about pharmaceuticals. Political Parties: This category contains Web sites of political parties and those sites that provide information about a particular political party and different political topics (election, democracy, etc.) Pornography: Includes Web sites containing the depiction of sexually explicit activities and erotic content unsuitable to persons under the age of 18. Private Homepages: This category contains Web sites about and from private individuals. Includes personal homepage servers and other sites with personal contents and activities. Recreational Facilities: This category contains organizations for recreational activities, for example public swimming pools, zoos, fairs and amusement parks.

Website Attributes / Categories

Religions: Includes Web sites with religious content, information about the five main religions, and religious communities that have emerged out of these religions. Restaurants / Bars: This category contains Web sites about bars, restaurants, discos and fast food restaurants. SMS / Ring Tones / Logos: Includes Web sites that enable a user to send short messages via SMS through the Internet to a mobile phone. It also includes providers and services for mobile phone accessories such as games, ring tones and covers. Search Engines / Web Catalogues / Portals: This category contains search engines, web catalogues and Web portals. Shares / Stocks: Includes Web sites that handle stock exchanges rates, and deal exclusively with the main stocks like finance, brokerage and online trading. Includes Web sites about bonds, foreign currency and precious metals as well. Software and Hardware Vendors / Distributors: This category contains the complete software and hardware area. It includes the producers of hardware within the area of information, measurements and controls, as well as producers of electronic equipment. The software area includes vendors of software, freeware and shareware and software distributors. Also includes offerings concerning scripts, tolls, drivers, tutorials and other contents in the software/ hardware area. Sports: This category contains Web sites such as resort sports, fan clubs, events (e.g. Olympic Games, World Championships), sport results, clubs, teams and sporting federations, magazines and fan sites. Swimwear / Lingerie / Nudity: Includes Web sites containing nudity, but with no sexual references. Includes illustration of swimwear and lingerie as well. Tobacco: Includes Web sites dealing with tobacco and smoking (cigarettes, cigars, pipes), and Web sites from tobacco vendors. Translation: This category contains Web sites that enable the translation of parts or the entire content of a Web site into another language. Dictionaries and â&#x20AC;&#x153;languageâ&#x20AC;? topics are not listed here. Travel: Includes Web sites about destinations, monuments, buildings, sights, travel agencies, hotels, resorts, motels, airlines, trains, car rental agencies and general tourist and travel information. Unclassified: This category is the default category for any site that is pending classification. Weapons: This category deals with firearms and accessory, weapons such as knives, ammunition and tear gas, other weapons and Web sites of military/ paintball topics. Web Hosting and Bandwidth Services: Includes offerings and services for publication of Internet sites (such as Web hosting, Web design, advertising and marketing companies), domain registration and Internet Service Providers as well as providers of broadband services and others related topics.

Google Web Security for Enterprise Administration Guide

Web Mail: This category contains Web sites that enable Internet users to send or receive emails through the Internet. All providers of web mail services are categorized here as well.

Website Attributes / Categories

Google Web Security for Enterprise Administration Guide

Appendix B

Pre-defined Searches and Reports

Appendix B

Introduction Google Web Security provides a set of pre-defined searches and reports. To view these reports, do the following: 1. Click the Web Content tab in the message security Administration Console. 2. Click the Reports link on the blue bar. 3. From the left-navigation menu, click Reports. 4. Click any of the analytical categories shown in the Predefined reports section of this page -- for example, Bandwidth Analysis. 5. Click a predefined report -- for example, Who were the Top Users of Streaming Media? 6. Click Launch search. The following pre-defined searches are available:

Application Analysis What were the Top 10 Browsers being used? What were the Top 10 User Agent strings by Hits by External IP? What were the Top 10 User Agent strings by Hits by Groups? What were the Top 10 User Agents being used?

Bandwidth Analysis What was the Bandwidth consumed by Major Content Type? What was the Bandwidth consumption by Category?

Pre-defined Searches and Reports

What were the Top 10 Categories that consumed the most Bandwidth? What were the Top 10 Sites by Bandwidth for Social Networking Sites? What were the Top 10 Sites by Hits for Media Sites? Which groups are consuming the most bandwidth in streaming media? Which Groups were consuming the most Bandwidth? Which Hosts were consuming the most Bandwidth for the Top 10 Users? Which of the company's offices had the highest Bandwidth usage broken down by Internal Subnets? Which of the company's offices had the highest Bandwidth usage? Which Users were consuming the most Bandwidth? Who were the Top 10 Users by number of Hits? Who were the Top Users of Streaming Media?

Block Analysis Adware Blocks All Malware Blocks Spyware Blocks Virus Blocks What were the Top 10 blocked Sites by Hits? What were the Top 10 Categories which were being blocked? Which Hosts were blocked the most for the Top 10 Users? Which Users were blocked the most by which Rules? Which Users were blocked the most? Which web filtering rules generated the most blocks and who were the Top Users for those blocks? Which Web Filtering Rules generated the most blocks?

Browse Time Analysis What was the Browse Time for the most popular Hosts? Which Users spent the most time on Possible Business Usage Sites? Which Users spent the most time on Possible Productivity Reduction Sites?

Google Web Security for Enterprise Administration Guide

Which Users spent the most time online?

Category Analysis What was the total number of Hits for all Categories? What were the Top 10 Categories visited by each Internal Subnet?

Group Analysis What were the Top 10 Groups by Hits? What were the Top 10 Groups consuming the most Bandwidth? Who were the Top 10 Users with the highest Browse Time for the Top 10 Groups?

Host Analysis What was the number of Hits for each of the most popular Hosts? What were the Top 10 Hosts by Hits? What were the Top 10 Hosts visited for each Category?

Legal Liability Analysis What is the Legal Liability risk by Category? Who were the Top 10 Users browsing for illegal downloads? Who were the Top 10 Users browsing in adult categories?

Malware Analysis How many blocks were there for Phishing over time? How many blocks were there for Threats over time? What were the Top 10 Groups with the highest number of Spyware blocks? What were the Top 10 most blocked Adware Hosts? What were the Top 10 most blocked Phishing Hosts? What were the Top 10 most blocked Spyware Hosts? What were the Top 10 Threats blocked over HTTPS?

Pre-defined Searches and Reports

What were the Top 10 Threats blocked per protocol? Who were the Top 10 Users browsing Spyware Hosts? Who were the Top 10 Users making outbound Spyware requests? Who were the Top 10 Users that had the highest number of Virus blocks?

Security Analysis What were the Top 10 Categories that were blocked? What were the Top Categories where Users were blocked for Spyware? Who were the Top 10 Users blocked by Outbound Content Control? Who were the Top 10 users per risk category?

User Analysis Where were the Top 10 Users browsing in the Categories Shopping, Music, Cinema/TV and Sport? Who were the Top 10 Users by Hits? Who were the Top 10 Users that browsed the most?

Google Web Security for Enterprise Administration Guide

Index

A activation 9 activation email 10 activation specialist 10 Admin page 45 Administration Console 7, 13 Adware 7, 21 Anti-Virus 14, 17 attachment 27 available options 9 B bandwidth quotas 7

creating a directory group 51 creating or editing 51 default group 53 deleting a group 52, 53 evaluating and prioritizing 51 I internal IP address 10 IP ranges 10 L license keys 45 login page 13

C Categories 75 company license key 46 configuration 9 Connector 8, 10, 45, 54 downloading 54 corporate NAT address 10 custom groups 50 customized messages 7

M Management 21, 22 Microsoft ISA 2000 Server 10 Microsoft ISA 2004 Server 10 Microsoft ISA 2006 Server 10 monitoring period 22

D Dashboard 14 directory groups 50

P Phishing 7, 21 policies 7, 29 port 80 10 port 8080 10 pre-activation questions 10

E Email Alerts 20, 24, 27, 41, 43 email protection service 13 Email Security 9 encrypted data 10 F file extensions 7 Filtering 14, 27 G group license key 47 group management 50 groups 29 creating a custom group 51, 52

N Notifications 17, 18, 21, 23

R restrictions 7, 10 S service components 8 Spyware 14, 21, 22 statistics page 17, 21, 28 subnets 10 T throttle 25

Index

U user license key 48 User Messages 23, 41 V viruses 7 W Web Admin page 14 Web Content tab 9, 13, 14 Web Filtering 8 web filtering scenario 9 web form 10 Web Scanning 8 Web Scanning component 17 website categories 75 Windows Domain name 10

Google Web Security for Enterprise Administration Guide