Domain Administrator Guide - Comodo cWatch

Page 1

rat

Comodo cWatch Web Security Software Version 1.6

Website Administrator Guide Guide Version 1.6.103017

Comodo Security Solutions

1255 Broad Street Clifton, NJ 07013


Comodo cWatch Web Security - Website Administrator Guide Table of Contents 1 Introduction to Comodo cWatch Web Security....................................................................................................... 3 1.1 Purchasing a License................................................................................................................................... 4 1.2 License Types.............................................................................................................................................. 7 1.3 Add Websites............................................................................................................................................... 8 1.4 Logging-in to the Administrative Console.................................................................................................... 15 2 The Main Interface.............................................................................................................................................. 16 3 The Dashboard................................................................................................................................................... 18 4 Website Data and Settings.................................................................................................................................. 23 4.1 View Alerts.................................................................................................................................................. 24 4.2 Website Overview....................................................................................................................................... 24 4.3 Comodo Vulnerability Scan Results ........................................................................................................... 28 4.4 Comodo Malware Scan Results.................................................................................................................. 35 4.5 Cyber Security Operation Center Results.................................................................................................... 38 4.6 Content Delivery Network Metrics............................................................................................................... 41 4.7 Viewing and Managing Support Tickets....................................................................................................... 47 4.8 Website Configuration................................................................................................................................. 52 4.8.1 Configure the Website for cWatch Scanning....................................................................................... 53 4.8.2 Configure CDN Settings..................................................................................................................... 57 4.8.3 Configure Cache Settings................................................................................................................... 62 5 The Settings Interface......................................................................................................................................... 64 6 Upgrading Licenses for Domains......................................................................................................................... 66 7 Managing Your Profile......................................................................................................................................... 67 8 Getting Support................................................................................................................................................... 70 About Comodo........................................................................................................................................................ 75

Comodo cWatch Web Security - Website Administrator Guide | Š 2017 Comodo Security Solutions Inc. | All rights reserved.

2


Comodo cWatch Web Security - Website Administrator Guide

1

Introduction to Comodo cWatch Web Security

cWatch Web Security is a cloud-based security intelligence service built for website and domain administrators to monitor and secure their web applications from various types of attacks and threats. The console allows administrators to view statistics about attacks and security related incidents which have been monitored and blocked on protected domains The cWatch service will analyze event logs from your domains in real-time to identify and block attacks based on rules managed by Comodo Cyber Security Operations Center (CSOC). It will also identify vulnerabilities in your domains based on the Open Web Application Security Project (OWASP) top ten list and blocks them automatically. Log files can also undergo expert analysis by qualified technicians in the Comodo SOC team. You can raise support tickets to attend to security related incidents, malware removal, blacklisting/whitelisting IPs and create custom rules for Attack and Incident reporting. cWatch runs periodical malware scans on your domains, automatically removes identified malware. The Content Delivery Network (CDN) service accelerates the performance of your website by delivering your website content from a data center closest to the location of a visitor. cWatch Web Security is available in three different service levels. More details are available in License Types.

This guide explains how to purchase cWatch licenses, set up the service and use the cWatch web console.

Guide Structure: •

Introduction to Comodo cWatch Web Security

Comodo cWatch Web Security - Website Administrator Guide | Š 2017 Comodo Security Solutions Inc. | All rights reserved.

3


Comodo cWatch Web Security - Website Administrator Guide

Purchasing a License • License Types • Add Websites • Logging-in to the Administrative Console The Main Interface

The Dashboard

Website Data and Settings

View Alerts • Website Overview • Comodo Vulnerability Scan Results • Comodo Malware Scan Results • Cyber Security Operation Center Results • Content Delivery Network Metrics • Viewing and Managing Support Tickets • Website Configuration • Configure the Website for cWatch Scanning • Configure CDN Settings • Configure Cache Settings The Settings Interface

Upgrading Licenses for Domains

Managing Your Profile

Getting Support

1.1

Purchasing a License

Four types of cWatch license are available: •

Starter

Pro

Premium

Enterprise

For more details on the services offered with each, see License Types. •

You can purchase licenses at https://cwatch.comodo.com/plans.php, or from the cWatch management console after logging in at https://login.cwatch.comodo.com/login.

Licenses are charged per-website. An enterprise license covers one primary domain and up to 10 subdomains of the primary domain.

You can add multiple license types to your account if you wish to implement different protection levels on different websites.

You can associate websites with licenses in the cWatch interface. See Add Websites for more details.

To purchase a license: •

Choose a license type at https://cwatch.comodo.com/plans.php.. See License Types for more details about the features of each license.

Comodo cWatch Web Security - Website Administrator Guide | © 2017 Comodo Security Solutions Inc. | All rights reserved.

4


Comodo cWatch Web Security - Website Administrator Guide

Select the license period and enter the number of websites (domains) you want to cover with the license.

Next, enter your details:

Comodo cWatch Web Security - Website Administrator Guide | © 2017 Comodo Security Solutions Inc. | All rights reserved.

5


Comodo cWatch Web Security - Website Administrator Guide

If you already have a Comodo account, select 'Existing Comodo User' and enter your username and password. • If you don't have a Comodo account, select 'New Comodo User'. Enter your email address and a password to create a new account. Complete the payment details section.

Read the 'End User License/Subscriber Agreement' and tick the checkbox to agree.

Click 'Continue'. After your order has been successfully processed, you will see the following order confirmation screen:

Your licenses are now active. You will also receive a confirmation email with your order details.

Existing customers should next login to their cWatch account and start registering their domains.

New users will first need to activate their Comodo account by following the link in the account verification email.

Register your domains:

• • •

Login at https://login.cwatch.comodo.com/login Click the 'Add Site' button at top-right to get started See Add Websites for more help with adding and configuring websites.

Comodo cWatch Web Security - Website Administrator Guide | © 2017 Comodo Security Solutions Inc. | All rights reserved.

6


Comodo cWatch Web Security - Website Administrator Guide

1.2

License Types

cWatch offers different levels of monitoring, protection, management and CDN services to websites depending on the type of license. Four license types are available: •

Starter

Pro

Premium

Enterprise

You can purchase different license types for specific websites depending on the level of protection you require for each. For more details on associating websites with respective license subscriptions, see Add Websites. The following table shows the features and services that are available with each license type: Feature/Service Number of Websites (Unlimited Web Pages)

Starter

Pro

Premium

Enterprise

1 domain

1 domain

1 domain

1 domain and up to 10 sub-domains

Detection & Removal of Known & Unknown Malware 24 hrs Stand-alone File | Embedded in Script | Database response

12 hrs response

6 hrs response

2 hrs response

Security Information and Event Management (SIEM) and 24/7 Cyber Security Operations Center (CSOC)

CSOC Analyst

CSOC backed

CSOC backed

Malware Scan Detection / Block

Spam & Website Filtering

 

Malware Detection Scan

24 hrs

12 hrs

6 hrs

2 hrs response

Vulnerability (OWASP) Detection Scan

24 hrs

12 hrs

6 hrs

2 hrs response

Managed (Updates)

24 hrs

12 hrs

6 hrs

2 hrs response for incidents

Fine Grained Control

 CSOC backed

2 hrs response for incidents

   

   

Web Application Firewall (WAF)

Bot Protection

Scraping Protection

Enterprise Control

Content Delivery Network (CDN)

   

plus Analyst backed

Comodo cWatch Web Security - Website Administrator Guide | © 2017 Comodo Security Solutions Inc. | All rights reserved.

plus Analyst backed

7


Comodo cWatch Web Security - Website Administrator Guide Bandwidth and Domains

50 GB/mo

200 GB/mo

500 GB/mo

1000 GB/mo

99.99%

100%

100%

100%

Speed

40/100 Gbps

10/40/100 Gbps

10/40/100 Gbps

10/40/100 Gbps

Scale

10 Tbps

96 Tbps

96 Tbps

96 Tbps

 CSOC

 CSOC

backed

backed

 CSOC

 CSOC

backed

backed

Uptime SLA

Layer 7 DDoS Protection Layer 3, 4, 5 & 6 DDoS Protection 30 Days Money Back Guarantee

1.3

 

Add Websites

The cWatch console lets you add and configure websites for cWatch protection and for acceleration via the content delivery network (CDN).

The number of sites that can be added to your account depends on your license. See Purchasing a License for details about license types.

After enrollment, you can configure threat monitoring and CDN settings for each website. See Website Configuration for more details.

To add a new domain •

Login to cWatch at https://login.cwatch.comodo.com/login with your username and password.

The dashboard will appear by default •

Click 'Add Site' at top-right to start the 'Add Websites' wizard:

Comodo cWatch Web Security - Website Administrator Guide | © 2017 Comodo Security Solutions Inc. | All rights reserved.

8


Comodo cWatch Web Security - Website Administrator Guide

The wizard contains four steps: •

Step 1 - Register your website

Step 2 - Select License

Step 3 - HTTP Protocol Settings

Step 4 -Finalization

Step 1 - Register your website •

Enter the name of the website you wish to register. Do not include 'www' at the start.

Click 'Continue Setup' to continue

Comodo cWatch Web Security - Website Administrator Guide | © 2017 Comodo Security Solutions Inc. | All rights reserved.

9


Comodo cWatch Web Security - Website Administrator Guide

Step 2 - Select License Next, choose the license type you wish to apply to the site. •

cWatch features and CDN traffic limits vary according to the license type. See License Types for more details.

• •

The drop-down displays all licenses that you have purchased. Choose the type of license you wish to associate with the domain you entered in step 1

Click 'Continue Setup' to proceed

See Purchasing a License if you need help to purchase more licenses

Each 'Enterprise' license covers up to ten sub domains of a primary domain.

Comodo cWatch Web Security - Website Administrator Guide | © 2017 Comodo Security Solutions Inc. | All rights reserved.

10


Comodo cWatch Web Security - Website Administrator Guide

You have to specify each sub-domain after registering the primary domain.

You should select 'Enterprise' as the license type for each sub-domain for it to be covered under the license of the primary domain.

Each sub-domain has to be configured separately for malware scanning and the CDN service. See Website Configuration for more details.

Step 3 - HTTP Protocol Settings Specify whether your website uses the HTTP or HTTPS protocol. If it uses HTTPS, you can also select the SSL certificate used to secure the site.

Select the protocol from the drop-down. The available options are: • •

HTTP - Choose HTTP and click 'Finish'. The wizard will move to Step 4 -Finalization. HTTPS - Choose HTTPS and enter the details of the certificate to be used.

Comodo cWatch Web Security - Website Administrator Guide | © 2017 Comodo Security Solutions Inc. | All rights reserved.

11


Comodo cWatch Web Security - Website Administrator Guide

You need to upload the SSL certificate of the website and its private key. You should also upload any intermediary certificates. SSL Protection Settings - Table of Parameters Parameter

Description

Name

Enter a descriptive name for the certificate. This will be used to identify it in cWatch.

Certificate

Paste the content of your certificate. For example, the content you are looking for will look something like this:

Comodo cWatch Web Security - Website Administrator Guide | Š 2017 Comodo Security Solutions Inc. | All rights reserved.

12


Comodo cWatch Web Security - Website Administrator Guide -----BEGIN CERTIFICATE----MIICUTCCAfugAwIBAgIBADANBgkqhkiG9w0BAQQFADBXMQswCQYDVQQGEw JDTjEL MAkGA1UECBMCUE4xCzAJBgNVBAcTAkNOMQswCQYDVQQKEwJPTjELMAkGA1 UECxMC VU4xFDASBgNVBAMTC0hlcm9uZyBZYW5nMB4XDTA1MDcxNTIxMTk0N1oXDT A1MDgx NDIxMTk0N1owVzELMAkGA1UEBhMCQ04xCzAJBgNVBAgTAlBOMQswCQYDVQ QHEwJD TjELMAkGA1UEChMCT04xCzAJBgNVBAsTAlVOMRQwEgYDVQQDEwtIZXJvbm cgWWFu ZzBcMA0GCSqGSIb3DQEBAQUAA0sAMEgCQQCp5hnG7ogBhtlynpOS21cBew KE/B7j V14qeyslnr26xZUsSVko36ZnhiaO/zbMOoRcKK9vEcgMtcLFuQTWDl3RAg MBAAGj gbEwga4wHQYDVR0OBBYEFFXI70krXeQDxZgbaCQoR4jUDncEMH8GA1UdIw R4MHaA FFXI70krXeQDxZgbaCQoR4jUDncEoVukWTBXMQswCQYDVQQGEwJDTjELMA kGA1UE CBMCUE4xCzAJBgNVBAcTAkNOMQswCQYDVQQKEwJPTjELMAkGA1UECxMCVU 4xFDAS BgNVBAMTC0hlcm9uZyBZYW5nggEAMAwGA1UdEwQFMAMBAf8wDQYJKoZIhv cNAQEE BQADQQA/ugzBrjjK9jcWnDVfGHlk3icNRq0oV7Ri32z/ +HQX67aRfgZu7KWdI+Ju Wm7DCfrPNGVwFWUQOmsPue9rZBgO -----END CERTIFICATE-----

SSL Chain Certificate

If your certificate contains an intermediate certificate then paste it here. If not, leave this field blank.

Certificate Key

Paste the private key of your certificate

Tip: You can skip uploading the SSL certificate at this time by selecting HTTP from the drop-down. You can switch the protocol to HTTPS and select the certificate at anytime in the Malware Scan Settings interface of the website. See Configure the Website for cWatch Scanning for more details. •

Click 'Add Certificate and Finish'.

The wizard will move to Step 4 -Finalization.

Step 4 - Finalization The final step indicates configuration is complete. • • •

cWatch will generate a CNAME DNS record for the website you have just enrolled You need to add this record to the DNS entry for your domain to route your site traffic through the CDN. Your web host may be able to help you with this step. Guidance is also available at https://support.google.com/a/topic/1615038?hl=en.

Comodo cWatch Web Security - Website Administrator Guide | © 2017 Comodo Security Solutions Inc. | All rights reserved.

13


Comodo cWatch Web Security - Website Administrator Guide

Tip: You can skip this step at this moment and can add the CNAME entry to the DNS records at anytime. The CNAME entry will be available in the 'CDN Settings' area of the website. See Configure CDN Settings for more details. •

Click 'Get Started'.

Your new website will be added to your account. All features will be activated as per the license chosen for the site.

Comodo cWatch Web Security - Website Administrator Guide | Š 2017 Comodo Security Solutions Inc. | All rights reserved.

14


Comodo cWatch Web Security - Website Administrator Guide

•

1.4

Repeat the process to add more websites.

Logging-in to the Administrative Console

You can login into the cWatch admin console at https://login.cwatch.comodo.com/login using any browser:

Comodo cWatch Web Security - Website Administrator Guide | Š 2017 Comodo Security Solutions Inc. | All rights reserved.

15


Comodo cWatch Web Security - Website Administrator Guide

•

2

If you are logging-in for the first time, use the username and password given in the cWatch account creation email. After your first login we strongly recommend you change your password for security reasons.

The Main Interface

The cWatch dashboard contains an at-a-glance summary of the security of your monitored websites. Links to all major areas of the interface are shown on the left. The right hand pane displays data for the selected item. Settings, profile options and the logout button are shown at the top-left.

Displays all domains which you have added to cWatch. 'Manage Settings' allows you to configure scan, FTP, CDN and SSL settings. Refer to The Settings Interface for more details.

Comodo cWatch Web Security - Website Administrator Guide | Š 2017 Comodo Security Solutions Inc. | All rights reserved.

16


Comodo cWatch Web Security - Website Administrator Guide Displays your profile screen. From here you can change your contact details, alert settings and password. Refer to Managing Your Profile for more details. Allows you to logout of cWatch. The left hand menu contains a link to the dashboard and lists all domains added to your account. Click on a domain name to reveal domain options: •

Dashboard - Overall statistics on all domains that are protected and managed.

Clicking on a Domain name opens the following sub tabs:

Alert - Shows all notifications about malware and vulnerabilities discovered on the website. See View Alerts for more details. • Overview - At-a-glance summary of security status and CDN performance. See Website Overview for more details. • Vulnerabilities - List all threats in the OWASP top ten that have been blocked by cWatch. You have options to run on-demand vulnerability scans on the website at anytime. Refer to Comodo Vulnerability Scan results for more details. • Malware - Summary of the number of files scanned so far and their trust levels. You have options to run on-demand malware scan at anytime on the website and submit tickets to remove any identified malicious files. See Comodo Malware Scan Results for more details. • COSC - Shows a real-time analysis of attack patterns on your website from the Comodo Security Operations Center. See Cyber Security Operation Center Results for more details. • CDN Metrics - Show data about your content delivery network traffic. This includes total usage, data throughput and the locations from which your traffic originated. See Content Delivery Network Metrics to find out more. Ticket - Allows you to view, open and manage your support requests for the website. You can create tickets to request Comodo to whitelist or blacklist items or to clean malware from your website. See Viewing and Managing Support Tickets to learn more. Settings - Allows you to view and configure cWatch protection settings for your website. See Website Configuration to know more. •

Help and Support: The footer bar contains the copyright details and links and options to get help and support.

Click the 'Terms and Conditions' link to view the End User License Agreement for cWatch Web Security.

Click the 'Help' link to view the online help guide for Comodo cWatch at https://help.comodo.com/topic-285-

Comodo cWatch Web Security - Website Administrator Guide | © 2017 Comodo Security Solutions Inc. | All rights reserved.

17


Comodo cWatch Web Security - Website Administrator Guide 1-848-11000-Introduction-to-Comodo-cWatch-Web-Security.html. •

3

Click the 'Live Chat' button to get instant chat support from technicians at Comodo. See Getting Support for more details.

The Dashboard

The dashboard shows a top-level summary of the security of all protected websites and sub-domains on your account. This allows you to quickly identify issues and effectively track the risks associated with your websites. Further details on each domain are listed underneath the main graphics. •

Click 'Dashboard' on the left to open the dashboard.

Click 'Simple View' or 'Advanced View' at top-right to change the level of detail shown on the dashboard.

Comodo cWatch Web Security - Website Administrator Guide | © 2017 Comodo Security Solutions Inc. | All rights reserved.

18


Comodo cWatch Web Security - Website Administrator Guide Site Risk Levels - Shows the combined risk level of all websites registered with cWatch. The risk level will change as threats are identified and/or mitigated. The possible risk levels are: Critical (C) • Very High (VH) • High (H) • Low (L) • Safe (S) • Unknown (U) Place your mouse over a sector to see the percentage of domains in that risk category. •

Attacks Blocked - Shows attacks identified and blocked by cWatch on registered websites. •

Place your mouse over a sector to view the quantity of attacks blocked on a particular domain as a percentage of overall attacks.

Click on a sector to view the attack details page for that website. See Cyber Security Operation Center Results for more info.

Malware - Shows malware identified by cWatch on registered websites. •

Place your mouse over a sector to view the quantity of malware found on a particular website as a percentage of overall discovered malware.

Click on a sector to view the Malware Scan Results page for that website. See Comodo Malware Scan Results for more info.

Vulnerabilities - Shows vulnerabilities identified by cWatch on registered websites. •

Place your mouse over a sector to view the quantity of vulnerabilities identified on a particular website as a percentage of overall discovered vulnerabilities.

Click on a sector to open the 'Vulnerabilities' page for that website. See Comodo Vulnerability Scan Results for more details.

There are two ways to view the dashboard:

Simple View Displays overall statistics on all domains in terms of 'Risk level', 'License Type' , 'License Expiry' and their 'Latest Scans'.

Comodo cWatch Web Security - Website Administrator Guide | © 2017 Comodo Security Solutions Inc. | All rights reserved.

19


Comodo cWatch Web Security - Website Administrator Guide

Dashboard - Simple View Column Header Site

Description Name of the website. •

Risk Level

Click the '+' icon beside the site name to view the security status of the website with respect to features covered by the license type active on the website. See 'View Security Status of a Website' for more details

The threat exposure level of the website. The possible values are: • • • • • •

Critical (C) Very High (VH) High (H) Low (L) Safe (S) Unknown (U)

License Type

The type of license the domain. For more details on the features and CDN traffic limits covered by different license types, see License Types.

Expiration Date

The expiry date of the currently active license.

Last Vulnerability Scan

Date and time of the most recent vulnerability scan on the site.

Last Malware Scan

cWatch regularly scans your websites to protect them against the types of vulnerabilities published in the Open Web Application Security Project (OWASP) top ten list.

Any threats discovered will be automatically blocked. You can also run ondemand scans on the website as and when required.

The results of the scans are displayed in the 'Vulnerabilities' page for the website. See Comodo Vulnerability Scan Results for more details.

Date and time of the most recent virus scan on the site. •

cWatch scans all files on websites configured for malware scanning.

You can set a schedule for these scans and can also run on-demand scans when required.

The results of the scans are displayed in the 'Malware Scan' page. See Comodo Malware Scan Results for more details.

View Security Status of a Website •

Click the '+' icon beside a website name to open its security status details pane.

Comodo cWatch Web Security - Website Administrator Guide | © 2017 Comodo Security Solutions Inc. | All rights reserved.

20


Comodo cWatch Web Security - Website Administrator Guide

Each tile shows the security status of features covered by the various license types. The number of tiles you see depends on the website's active license type. License Type

Tiles Displayed

Starter

Starter

Pro

Starter and Pro

Premium

Starter, Pro and Premium

Enterprise

Starter, Pro, Premium and Enterprise

Advanced View The 'Advanced View' shows security statistics according to your license type. The higher the license type you have, the more security components you will see. For example: •

If your domain has a 'Starter' license, then 'Advanced View' will only show details of starter license security components.

If your domain has the 'Pro' license type, then you will see the status of both starter and pro security components.

'Enterprise' licenses contain the full complement of security components.

Comodo cWatch Web Security - Website Administrator Guide | © 2017 Comodo Security Solutions Inc. | All rights reserved.

21


Comodo cWatch Web Security - Website Administrator Guide

Similar to the Simple view, you can view more information on each website by clicking the plus symbol beside the domain name.

Register New Domain: Allows you to add a new domain to your website. Refer to section Add Websites for more details. Comodo cWatch Web Security - Website Administrator Guide | Š 2017 Comodo Security Solutions Inc. | All rights reserved.

22


Comodo cWatch Web Security - Website Administrator Guide

4

Website Data and Settings

cWatch displays panoramic data about all events occurring on your website. These include attacks monitored and blocked, the results of malware and vulnerability scans and attacks identified from event logs based on pre-defined correlation rules. You can also create support tickets to have Comodo support technicians analyze attacks and add IP addresses/files to the whitelist or blacklist. The support team at Comodo will create rules as per your request and apply to your account. Click a website on the left to open the following options: •

Alerts - View any alerts generated after cWatch scans on your website. Refer to View Alerts for more details.

Overview - Displays statistics about your protected website and your cWatch environment. This includes tickets, service summary, vulnerability/malware scans, CSOC and CDN Metrics . See Website Overview for more details.

Vulnerabilities - Displays a list of vulnerabilities discovered on the website by vulnerability scans. You can also run new scans from this area. You have the option to submit a ticket to Comodo to request removal of the vulnerabilities. Refer to Comodo Vulnerability Scan results for more details.

Malware - Displays the results of malware scans on the website. You can also run new scans from this area. Before you can run a malware scan you first need to download a PHP file from settings. If required, you can submit a ticket to Comodo to remove malware. Refer to Comodo Malware Scan Results for more details.

CSOC - Displays granular details about attacks identified on your website. This includes their origin, the trend of attacks over time, attacks blocked by cWatch and top ten target URLs. Refer to Cyber Security Operation Center Results for more details.

CDN Metrics - Displays information about your traffic usage over CDN (content delivery network). See Content Delivery Network Metrics for more details.

Tickets - Displays a list of tickets generated for the website and allows you to create new tickets. Refer to Viewing and Managing Support Tickets for more details.

Settings - Allows you to view and configure cWatch protection settings for the website. See Website Configuration to know more.

Comodo cWatch Web Security - Website Administrator Guide | © 2017 Comodo Security Solutions Inc. | All rights reserved.

23


Comodo cWatch Web Security - Website Administrator Guide

4.1

View Alerts

cWatch alerts will be generated when malware or vulnerabilities are detected on your domains. You have the option to submit a ticket to Comodo to resolve any issues identified in an alert. To view alert messages: •

Click the name of the website on the left side of the interface and then 'Alert'.

Alerts are sorted into various categories, including 'Vulnerabilities', 'Malware found', 'Attacks' and 'Ticket details'. •

4.2

'Open a ticket to request this malware is removed.' - Allows you to create and submit a request to have the malware removed by Comodo technicians.

Website Overview

The 'Overview' page summarizes security, traffic and visitor activity on your website. To open the page •

Select a website on the left and choose 'Overview'

Comodo cWatch Web Security - Website Administrator Guide | © 2017 Comodo Security Solutions Inc. | All rights reserved.

24


Comodo cWatch Web Security - Website Administrator Guide

Page Views Count - Displays the number of times your webpages were viewed by your visitors. • • •

You can choose the time period using the slider at top-right. Select a portion of the graph to zoom-in Place your mouse on the graph to view the number of views at that point in time.

Comodo cWatch Web Security - Website Administrator Guide | © 2017 Comodo Security Solutions Inc. | All rights reserved.

25


Comodo cWatch Web Security - Website Administrator Guide •

Security Operation Center Tickets - Displays the number of support tickets created for the website. Tickets are broken down by status.

Service Summary - Displays the following key statistics from your cWatch environment: •

• • • • •

Risk Level - Indicates the overall risk level of the website. This is derived from identified attacks, vulnerabilities and malware found by website scans. The possible values are: • Critical • Very High • High • Low • Safe Escalated Alerts - Number of tickets which were assigned to higher ranking technicians by a support team member. Managed WAF Operations - Number of tasks in progress by Comodo security technicians working on the web application firewall. Tasks can include updating or optimizing the firewall rules. Malware Analysis & Removal - The results of behavior analysis run on unknown files which were placed in the sandbox. Virtual Patching - Displays the number of immediate and preventive measures taken to restore the vulnerabilities. Reputation Retrieval (Blacklist Removal) - cWatch checks whether your website is present on a range of website blacklists. If it is listed on such a blacklist, cWatch removes any malware or vulnerabilities that may be causing the listing. The 'Reputation Retrieval' field indicates the number of blacklists from which the website was released by cWatch.

Cyber Security Operation Center The 'Cyber Security Operation Center' pane displays key information from cWatch security modules, including 'Web Application Firewall', 'Malware Removal', 'Blacklist Removal' and 'Virtual Patching'. The number of tiles you see depends on your cWatch license.

- The website is safe. - The website is at risk. You can open a Security Operations Center ticket to remediate the threat. - The website has not yet been scanned.

Click a red alert icon to view detailed results and open the ticket creation interface. See 'Cyber Security Operation Center Results' for more details.

Malware Scan The 'Malware Scan' tiles show the results of malware scans on your domain in four tiles: 'Shell & Backdoor', Comodo cWatch Web Security - Website Administrator Guide | © 2017 Comodo Security Solutions Inc. | All rights reserved.

26


Comodo cWatch Web Security - Website Administrator Guide 'Injection and Bot', 'Defacement & Spam SEO' and 'Malware'. The number of tiles you see depends on your cWatch license.

- The website is safe. - The website is at risk. You can open a Security Operations Center ticket to remediate the threat. - The website has not yet been scanned.

Click a red alert icon to view detailed results and open the ticket creation interface. See 'Comodo Malware Scan Results' for more details.

Vulnerabilities The 'Vulnerabilities' tiles show the results of scans on your domain for the top 10 OWASP threats. Cwatch automatically blocks any OWASP threats it finds. The number of threats found in each category is shown in a separate tile:

- The website is safe. - The website is at risk. You can open a Security Operations Center ticket to remediate the threat. - The website has not yet been scanned.

Click a red alert icon to view detailed results and open the ticket creation interface. See 'Comodo Malware Scan Results' for more details.

Content Delivery Network Comodo cWatch Web Security - Website Administrator Guide | © 2017 Comodo Security Solutions Inc. | All rights reserved.

27


Comodo cWatch Web Security - Website Administrator Guide The 'Content Delivery Network' pane show live data about your service usage. You can configure your website to use the CDN service by adding a CNAME to your DNS record. •

If you have not yet configured the CNAME record then no data will be shown here. Click the yellow information icon

to start the configuration process.

The CNAME record for your website is generated by cWatch and can be found in 'Settings' > 'CDN Settings'. See Configure CDN Settings for more details.

See Content Delivery Network Metrics for more details about CDN statistics.

4.3

Comodo Vulnerability Scan Results

cWatch periodically scans your website s against the types of vulnerabilities published in the Open Web Application Security Project (OWASP) top ten list. It automatically blocks any of these threats that it discovers. •

The 'Vulnerabilities' page shows the last ten scheduled and manual scans run on the website. Each scan row show the number of vulnerabilities blocked and their security risk levels.

The interface also allows you to view the number of threats in each OWASP category that were blocked by cWatch on each scan. You can view descriptions on each vulnerability category

You can also view the pages on which the vulnerabilities were found and can submit support tickets to have the offending malware removed (Premium license required).

The page also allows you to run on-demand vulnerability scans on the domain.

Background. OWASP is an online community that collects critical domain security issues worldwide and periodically publishes the top ten vulnerability categories. These categories help to protect websites against against serious web-app security flaws. cWatch checks whether your registered domains are vulnerable to the tests in the OWASP top ten and allows you to take remedial actions on those that fail. •

Click on a registered domain on the left and choose 'Vulnerabilities' to open the 'Vulnerabilities' page.

Comodo cWatch Web Security - Website Administrator Guide | © 2017 Comodo Security Solutions Inc. | All rights reserved.

28


Comodo cWatch Web Security - Website Administrator Guide

Vulnerability Scans - Column Descriptions Coulmn Header

Description

Scan Date

Date and time at which the scan was run.

High, Medium, Low and Information

Number of vulnerabilities found in each risk level.

OWASP Score

The number of OWASP top-10 threat categories passed by your site.

Viewing Detailed Scan Results of a Selected Scan •

Click a row from the table of scans to view its investigation details

Comodo cWatch Web Security - Website Administrator Guide | Š 2017 Comodo Security Solutions Inc. | All rights reserved.

29


Comodo cWatch Web Security - Website Administrator Guide

The pie chart shows the breakup of vulnerabilities of different risk levels and overall security status.

The list below the pie chart shows the total number of threats identified and blocked in each of the top ten OWASP vulnerability categories. •

Select an attack category to view the description of it.

Comodo cWatch Web Security - Website Administrator Guide | © 2017 Comodo Security Solutions Inc. | All rights reserved.

30


Comodo cWatch Web Security - Website Administrator Guide

You can also view the webpages and URIs associated with those vulnerabilities and create support tickets for CSOC staff to remove them. See the description of Viewing Vulnerability Details and Creating Support Tickets below, for more details.

Viewing Vulnerability Details and Creating Support Tickets •

Click an attack category to view its details.

Comodo cWatch Web Security - Website Administrator Guide | © 2017 Comodo Security Solutions Inc. | All rights reserved.

31


Comodo cWatch Web Security - Website Administrator Guide

The 'Vulnerability Details' pane will display a list of threats identified under the chosen category along with the number of webpages and URIs infected by the threat. •

Click on a threat name to expand the pane.

Comodo cWatch Web Security - Website Administrator Guide | Š 2017 Comodo Security Solutions Inc. | All rights reserved.

32


Comodo cWatch Web Security - Website Administrator Guide

The view the list of infected webpages and URIs will be displayed with their severity levels. Also, you can view a detailed description of the vulnerability and guidance to prevent the attacks. •

Select the webpages/URIs from which the vulnerability has to be removed and click 'Add Ticket'

Comodo cWatch Web Security - Website Administrator Guide | Š 2017 Comodo Security Solutions Inc. | All rights reserved.

33


Comodo cWatch Web Security - Website Administrator Guide

A confirmation dialog will ask you to confirm the request. •

Click 'OK'

A new ticket will be created and submitted. You can track your submitted tickets from the 'Tickets' interface. See Viewing and Managing Support Tickets for more details. Note: Manual vulnerability removal feature is only available for domains with a premium license.

Configure Scheduled Scans By default, cWatch automatically runs weekly vulnerability scans on your website. Switch the scans 'Off' if you don't want cWatch to run automatic scans.

Comodo cWatch Web Security - Website Administrator Guide | Š 2017 Comodo Security Solutions Inc. | All rights reserved.

34


Comodo cWatch Web Security - Website Administrator Guide

On-demand Vulnerability Scans •

To start an on-demand click the 'Start Scan'

The vulnerability scan on the domain will start. Alerts will be generated if any vulnerabilities are found. You can view the details about detected vulnerabilities in the 'Vulnerabilities' interface.

4.4

Comodo Malware Scan Results

To configure your website for cWatch scans, you need to: •

Download a .php configuration file from the cWatch console

Save it on each registered website that you wish to protect

See Configure the Website for cWatch Scanning for more details. •

CWatch will then run scheduled scans all files hosted on the website.

cWatch Web Security uses a range of malware detection mechanisms to identify threats on your website: •

Comodo Cloud - Identifies malware using cloud based Comodo File Lookup System (FLS)

Comodo cWatch Web Security - Website Administrator Guide | © 2017 Comodo Security Solutions Inc. | All rights reserved.

35


Comodo cWatch Web Security - Website Administrator Guide CWW - Uses heuristic technologies to identify malware • Dynamic - Uses signature based malware detection The 'Malware Scan' page shows the last ten scheduled and manual scans run on the website. Each scan row show the number of files scanned, the number of malicious files found and the number of those files which were automatically deleted. The last column show the overall infection status of the site. •

You have the option to submit a support ticket to Comodo to request the manual removal of the malware. You may also request that files are added the blacklist or whitelist.

The page also allows you to run on-demand malware scans on the website. Note: The manual malware removal feature is available only for websites with 'Pro' and 'Premium' license types. •

Click on a registered website on the left and choose 'Malware' to open the 'Malware Scan' page.

Malware Scans - Column Descriptions Coulmn Header

Description

Scan Date

Date and time at which the scan was run.

Total Files Scanned

The number of files scanned during that malware scan session.

Malware Found

The number of malware files identified during that malware scan session.

Removed Automatically

The number of malware files that were automatically removed by cWatch. cWatch automatically removes malicious items for which a dis-infection routine exists. Items that could not be removed by cWatch should be manually removed from your website. If required, you can create a CSOC ticket to get certified technicians from Comodo to remove those items. See Viewing and Managing Support Tickets for more details

Status

Indicates the infection status of the domain. - The domain is safe. - The domain is infected. You can create SoC tickets to remove identified malware.

Comodo cWatch Web Security - Website Administrator Guide | © 2017 Comodo Security Solutions Inc. | All rights reserved.

36


Comodo cWatch Web Security - Website Administrator Guide - The domain is not yet scanned.

Click a row in the table of scans to view malware identified during the scan

Malware Found - Column Descriptions Coulmn Header

Description

Detection

Indicates whether the item is identified as Malware or Suspicious

Malware Name

Displays the name of the item

Path

Indicates file path in the web server at which the item was found

Automatic Removal

Indicates whether the malware was deleted automatically by cWatch.

Action

Allows you to take a remedial action on the item. Refer to the explanation below for more details.

To take a remedial action on an item click the hamburger icon in the 'Action' column.

Comodo cWatch Web Security - Website Administrator Guide | © 2017 Comodo Security Solutions Inc. | All rights reserved.

37


Comodo cWatch Web Security - Website Administrator Guide

Add to Whitelist - If you think an item is a false positive and can be trusted, choose 'Add to Whitelist'. An 'Add Ticket' dialog will appear, enabling you create a support ticket to add the item to whitelist. Once accepted, the item will be skipped in future scans on the domain.

Remove Malware - If you want the item to be removed from the domain, choose 'Remove Malware'. An 'Add Ticket' dialog will appear, enabling you to create a ticket to remove the item. cWatch technicians will attend to the issue and remove the malware item manually.

You can track your submitted tickets from the 'Tickets' interface. Refer to Viewing and Managing Support Tickets for more details.

4.5

Cyber Security Operation Center Results

The Cyber Security Operation Center (CSOC) is a team of dedicated analysts at Comodo who monitor and remediate threats discovered by Comodo's enterprise security solutions. The CSOC team monitors the event logs of registered websites and constantly updates security rules to deliver unrivaled, real-time protection for our users. CSOC generates alerts whenever it identifies and blocks an attack. These can be viewed in the 'Alerts' section. See View Alerts for more details. The CSOC interface contains a range of charts which show detailed statistics about attacks that were identified and blocked on your website. •

Click the name of a website on the left then choose 'CSOC' to open the results interface.

The slider at the top right allows you to choose the time period for which you want to view the statistics.

WAF Blocked The 'WAF Blocked' chart shows a timeline of attacks blocked by the Web Application Firewall based on constantly updated firewall rules.

Comodo cWatch Web Security - Website Administrator Guide | © 2017 Comodo Security Solutions Inc. | All rights reserved.

38


Comodo cWatch Web Security - Website Administrator Guide

Place your mouse on the chart line to see the exact number of attacks blocked at that point in time.

Click and drag on a point on the line to zoom in on a particular time range. Click 'Reset Zoom' to return to the original view.

DDOS Blocked This chart shows a timeline of Distributed Denial-of-Service (DDoS) attacks blocked by cWatch, allowing you to easily track threat activity over time.

Place your mouse on the chart line to see the exact number of attacks blocked at that point in time.

Click and drag on a point on the line to zoom in on a particular time range. Click 'Reset Zoom' to return to the original view.

Comodo cWatch Web Security - Website Administrator Guide | © 2017 Comodo Security Solutions Inc. | All rights reserved.

39


Comodo cWatch Web Security - Website Administrator Guide Threat Source

The 'Threat Source' pie-chart shows the breakdown of blocked threats based on their source type. For example, this chart may show blocked traffic from blacklisted IPs and threats blocked by firewall rules. •

Place your mouse over a sector to see the total number of attacks from a particular source type.

Threat Category

Comodo cWatch Web Security - Website Administrator Guide | Š 2017 Comodo Security Solutions Inc. | All rights reserved.

40


Comodo cWatch Web Security - Website Administrator Guide

The 'Threat Category' pie-chart shows a breakdown of blocked threats by threat category. For example, this chart might show category such as cross site request forging, form submission validation errors and threats identified by heuristic rules. •

4.6

Place your mouse over a sector to see the total number of attacks from a particular source type.

Content Delivery Network Metrics

Your cWatch license includes a content delivery network (CDN) service for your websites. The service will improve page load-times for your customers and improve the reliability/uptime of your site.

You can configure your websites to use the service by adding a CNAME entry to your DNS records.

The CNAME entry is generated by cWatch. See Add Websites and Website Configuration for more details.

Once configured, the CDN service will: •

Accelerate performance by delivering your website content to your visitors from data centers closest to their location. The amount of CDN traffic available for a website depends on the cWatch license active on it. See License Types for more details.

Forward event logs to the Comodo CSOC team who will monitor the traffic to identify anomalous behavior and threats.

Provide Comodo web application firewall protection for your domains. The CSOC team constantly improves the Mod Security rules in Comodo web application firewall to provide cutting edge protection for our customers.

The Content Delivery Network (CDN) Metrics page for a website displays statistics on your CDN usage and traffic throughput. •

Click a website name on the left then choose 'CDN Metrics' .

The slider at the top right allows you to choose the time period for which you want to view the statistics.

Comodo cWatch Web Security - Website Administrator Guide | © 2017 Comodo Security Solutions Inc. | All rights reserved.

41


Comodo cWatch Web Security - Website Administrator Guide

The page contains the following charts:

CDN Usage The 'CDN Usage' pie chart shows how much CDN data your website has used of your plan quota. •

Place your mouse on a sector to view the precise amount of data used/remaining.

Request and Bandwidth by Edge Location The 'Request and Bandwidth by Edge Location' map shows the regions from which your traffic originated. You can also view the number of access requests from each region.

Click on an regional hot-spot to view the traffic and number of access requests from that region.

Comodo cWatch Web Security - Website Administrator Guide | © 2017 Comodo Security Solutions Inc. | All rights reserved.

42


Comodo cWatch Web Security - Website Administrator Guide

Request and Bandwidth by Region The 'Request and Bandwidth by Region' graph shows the number of website requests and the amount of data used by each continent.

You can choose the time period using the slider at top-right. Select a portion of the graph to zoom-in The yellow line graph shows the number of requests from different continents

Place your mouse on the line to view the number of requests from the respective continent The green bar graph shows the bandwidth usage from different continents

• •

Place your mouse on a bar to view the precise traffic bandwidth from the respective continent

Status Codes by Types The 'Status Codes by Types' graph shows the numbers of Hypertext Transfer Protocol (HTTP) response status codes of different types returned for requests from your website visitors.

Comodo cWatch Web Security - Website Administrator Guide | © 2017 Comodo Security Solutions Inc. | All rights reserved.

43


Comodo cWatch Web Security - Website Administrator Guide

• • •

You can choose the time period using the slider at top-right. Select a portion of the graph to zoom-in Place your mouse on the graph to view the number of responses of that type returned at that time point

Status Code Distribution by Percentage Shows the percentage of HTTP response status codes generated by your site within the set time period. HTTP status codes are as follows: •

1xx Informational responses.

2xx Success.

3xx Redirection.

4xx Client errors.

5xx Server errors.

You can choose the time period using the slider at top-right.

Comodo cWatch Web Security - Website Administrator Guide | © 2017 Comodo Security Solutions Inc. | All rights reserved.

44


Comodo cWatch Web Security - Website Administrator Guide •

Place your mouse on a sector the to view the number of responses of that type

Status Code Details The 'Status Code Details' pane displays the precise HTTP response status codes returned within the selected time period. A detailed explanation of each code is available at https://en.wikipedia.org/wiki/List_of_HTTP_status_codes.

• • •

You can choose the time period using the slider at top-right. Use the search box at the right to search for a particular status code Click any column header to sort the items in alphabetical ascending/descending order of entries in that column.

Top File Types by Requests The 'Top File Types by Requests' graph shows the numbers of different file types requested by your website visitors over the set time period.

Comodo cWatch Web Security - Website Administrator Guide | © 2017 Comodo Security Solutions Inc. | All rights reserved.

45


Comodo cWatch Web Security - Website Administrator Guide

• • •

You can choose the time period using the slider at top-right. Place your mouse on a bar to view the exact number of files of that type served to your visitors. Select a portion of the graph to zoom-in

File Size Distribution by Percentage The 'File Size Distribution by Percentage' graph shows the numbers of files of different file sizes requested by and served to your visitors from your website.

• • •

You can choose the time period using the slider at top-right. Place your mouse on a bar to view the exact number of files of that size range delivered to your visitors. Select a portion of the graph to zoom-in

All File Types The 'All File Types' pane displays the exact numbers of different types of files delivered to your visitors from your Comodo cWatch Web Security - Website Administrator Guide | © 2017 Comodo Security Solutions Inc. | All rights reserved.

46


Comodo cWatch Web Security - Website Administrator Guide website within the selected time period.

• • •

4.7

You can choose the time period using the slider at top-right. Use the search box at the right to search for a particular file type. Click any column header to sort the items in alphabetical ascending/descending order of entries in that column.

Viewing and Managing Support Tickets

cWatch allows web administrators to create support tickets for various requests like removal of malware and vulnerabilities from websites, whitelisting/blacklisting IP addresses, whitelisting of items so they are excluded from website scans and more. cWatch technicians from Comodo will attend the requests to resolve the issues. Tickets can be created in the following ways: •

Request for removal of malware or false positive item identified by malware scanning to Whitelist, from the Malware interface. Refer to Comodo Malware Scan Results for more details.

Request for removal of vulnerabilities identified by vulnerability scans, from the 'Vulnerabilities' interface. Refer to Comodo Vulnerability Scan Results for more details.

Manually adding a support ticket for various activities like Phishing removal, DNS configuration, Vulnerability Removal and more. Refer to the explanation of creating a new ticket.

Once a ticket is added, certified cWatch technicians will resolve your requests and issues. You can track your submitted tickets from the 'Tickets' interface for a domain. The Tickets interface for a domain displays a list of support tickets generated for the domain with their status, and allows you to manually create new tickets provide additional information, if needed in order to resolve the issues. •

To open the 'Tickets' page for a domain, click the website name at the left and choose 'Tickets' from the options.

Comodo cWatch Web Security - Website Administrator Guide | © 2017 Comodo Security Solutions Inc. | All rights reserved.

47


Comodo cWatch Web Security - Website Administrator Guide

The Filter Options at the top right allow you to filter the tickets based on their status.

The pie-chart on the provides a breakdown of tickets by status. Placing the mouse on a sector displays the percentage of items in each category. The table on the right displays the list of tickets generated for that domain. Open Tickets - Column Descriptions Coulmn Header

Status

Description Indicates the status of the ticket. The possible values are: •

In Progress - The ticket is being attended by a technician

Open - The ticket is yet to be attended.

Awaiting Input - The technician needs some information from you in order to resolve the issue.

Reported

The date at which the ticket was generated.

Type

Displays the type of the request as per the ticket.

Name

The name to identify the ticket.

Value

Displays the IP address or file name of the item to be blacklisted/whitelisted as per the ticket.

Description

The description of the issue.

To generate a new ticket •

Click 'Add Ticket' at the top right of the 'Tickets' page.

Comodo cWatch Web Security - Website Administrator Guide | © 2017 Comodo Security Solutions Inc. | All rights reserved.

48


Comodo cWatch Web Security - Website Administrator Guide

The 'Add Ticket' dialog will open. Add Ticket Dialog - Form Parameters Form Element Type

Description Select the type of request from the drop-down:

Comodo cWatch Web Security - Website Administrator Guide | Š 2017 Comodo Security Solutions Inc. | All rights reserved.

49


Comodo cWatch Web Security - Website Administrator Guide

Whitelist IP - Creates a request for adding an IP address to whitelist for the domain, so that traffic from that IP will not be intercepted. Enter the IP address to be added in the 'Value' field. Blacklist IP - Creates a request for adding an IP address to blacklist for the domain, so that traffic from that IP will be blocked. Enter the IP address to be added in the 'Value' field. Whitelist File - Creates a request for adding an item, like an executable file to the whitelist for the domain, so that the item will be excluded from the future website scans. Enter the full file name of the item in the 'Value' field. Malware Removal - Creates a request for removing an item identified as malware based on your analysis. Enter the full file name of the item in the 'Value' field. Blacklist Removal - Creates a request for removing the domain for which the ticket is raised, from Comodo Blacklist. The domain name will be auto-populated in the 'Value' field. Phishing Removal - Creates a request for removing the domain for which the ticket is raised, from list of global phishing websites. The domain name will be auto-populated in the 'Value' field. Other - Creates request for other needs like creating new correlation rules or Mod Security rules, attend to incidents and more. You can enter your request in the description field. DNS Configuration - Creates a request for adding and managing the DNS records for the domain registered with the DNS service provider/webhost. Enter the record to be registered in the 'Value' field and your request in the description field. Block IP - Creates a request for blocking any traffic from a specified IP address to the domain for which the ticket is created. Enter the IP Address to be blocked in the 'Value' field. Block IP Country - Creates a request for blocking any traffic from the whole country to which a specified IP address belongs, to the domain for which the ticket is created. Enter the IP Address in the 'Value' field. Vulnerability Removal - Creates a request for removing vulnerability of a specified category from the domain. Enter the name of the vulnerability/attack category in the 'Value' field.

Comodo cWatch Web Security - Website Administrator Guide | Š 2017 Comodo Security Solutions Inc. | All rights reserved.

50


Comodo cWatch Web Security - Website Administrator Guide Value

Enter the parameters like IP address, File name, as per the option chosen from the Type drop-down.

Name

Enter a name with a short description of the issue, to identify the ticket.

Description

Enter a detailed description of your request

Enter the details on the 'Add Ticket 'dialog and click 'Save'

A new ticket will be created with the status 'Open'. A cWatch technician will attend to the ticket shortly to resolve your request. Once attended, the ticket status will change to 'In Progress'. If the technician requires any additional information in order to help resolve the issue, the ticket status will change to 'Awaiting Input'. You can edit the ticket to provide the required details. See the explanation under Viewing and Editing a Ticket for more details. On completion, the ticket will be closed and removed.

Viewing and Editing a Ticket •

To view a ticket, click the status button in the 'Status' column.

The 'Ticket Detail' interface displays the details of the ticket, its status and comments by the technician. If the ticket is Comodo cWatch Web Security - Website Administrator Guide | © 2017 Comodo Security Solutions Inc. | All rights reserved.

51


Comodo cWatch Web Security - Website Administrator Guide in 'Awaiting Input' status, you can provide your input as requested by the technician and save the ticket.

4.8 •

Website Configuration Click a website name on the left and choose 'Settings' to open the interface.

The 'Settings' interface allows you to: •

Configure vulnerability and malware scanning on a website

Configure FTP access so cWatch technicians can resolve issues on your website

Register your website with the content delivery network

Upload the SSL certificate used to secure the site if you are using HTTPS

Configure cache management settings for your website

The interface contains three tabs: •

Malware Scan Settings - Allows you to configure the domain for vulnerability and malware scanning and to provide FTP access details for your server. See Configure the Website for cWatch Scanning for more

Comodo cWatch Web Security - Website Administrator Guide | © 2017 Comodo Security Solutions Inc. | All rights reserved.

52


Comodo cWatch Web Security - Website Administrator Guide details. •

CDN Settings - Allows you to register the website with the content delivery network. You can also specify whether your site uses HTTP or HTTPS. If HTTPS, you can also upload the SSL certificate that you use to secure your site. See Configure CDN Settings for more details.

Manage Cache - Allows you to configure the life time of content saved in cache of CDN and visitors' browsers and rendering the cached data. See Configure Cache Settings for more details.

4.8.1

Configure the Website for cWatch Scanning

You need to upload a .php file to your website in order to configure malware scanning.

cWatch will access the file at the location you specify and commence scanning.

You can opt for automatic removal of malware threats identified at the end of every scan.

Technicians from Comodo Cyber Security Operation Center (CSOC) will analyze your website to: •

Investigate threats identified by each scan and remove any malware.

Remove any vulnerabilities identified by scans.

Remove any malware or vulnerabilities you reported in a support ticket. See Viewing and Managing Support Tickets if you need more details on this.

You need to provide your FTP server details for our technicians to access your website. To configure your website for scanning and malware removal •

Click the website name on the left and choose 'Settings'

Click the 'Malware Scan Settings' tab

Comodo cWatch Web Security - Website Administrator Guide | © 2017 Comodo Security Solutions Inc. | All rights reserved.

53


Comodo cWatch Web Security - Website Administrator Guide

Scan Settings: •

Download the PHP file in step 1.)

Upload the file to the root folder of your website. The file should be publicly accessible.

Enter the URL of the uploaded file in the text field.

Click 'Save and Verify' to run the check.

Malware Removal Settings: •

Enable 'Switch On for automatic malware removal' if you want discovered malware to be removed by Comodo technicians.

Comodo cWatch Web Security - Website Administrator Guide | © 2017 Comodo Security Solutions Inc. | All rights reserved.

54


Comodo cWatch Web Security - Website Administrator Guide

The fields for specifying your secure FTP server details will appear. s/FTP Settings - Table of Parameters Parameter

Description

s/FTP Hostname

Enter the hostname of your FTP server

s/FTP Username/ FTP Password

Enter the username and password of the account to be used by cWatch to access the FTP server

s/FTP Directory

Enter the path to the location of the website in the FTP server.

s/FTP Port

Enter the port through which the website can be securely accessed.

•

Click 'Save and verify'

cWatch will access the .php file and begin scanning your website according to a schedule.

Comodo cWatch Web Security - Website Administrator Guide | Š 2017 Comodo Security Solutions Inc. | All rights reserved.

55


Comodo cWatch Web Security - Website Administrator Guide

Your domain will be scanned in 12 hour intervals and the results will be displayed in the 'Malware' page of the domain. See Comodo Malware Scan Results for more details. Comodo cWatch Web Security - Website Administrator Guide | Š 2017 Comodo Security Solutions Inc. | All rights reserved.

56


Comodo cWatch Web Security - Website Administrator Guide 4.8.2

Configure CDN Settings

You must configure your website to use the CDN service in order to monitor traffic, identify threats and accelerate web-site performance.

To configure the service, you need to add a CNAME entry to your website's DNS record. The CNAME entry is listed in the 'CDN Settings' area.

The amount of CDN traffic available for a domain depends on the cWatch license active on the domain. See License Types for more details.

You should also select the SSL certificate used on your website if it uses HTTPS.

Once configured, the CDN service will: •

Accelerate performance by delivering your website content to your visitors from data centers closest to their location.

Forward event logs to the Comodo CSOC team who will monitor your traffic to identify anomalous behavior and threats.

Provide Comodo web application firewall protection for your domains. The CSOC team constantly improves the Mod Security rules in Comodo web application firewall to provide cutting edge protection for our customers.

To open the CDN Settings page •

Click the website name on the left and choose 'Settings'

Click the 'CDN Settings' tab

Comodo cWatch Web Security - Website Administrator Guide | © 2017 Comodo Security Solutions Inc. | All rights reserved.

57


Comodo cWatch Web Security - Website Administrator Guide

Comodo cWatch Web Security - Website Administrator Guide | Š 2017 Comodo Security Solutions Inc. | All rights reserved.

58


Comodo cWatch Web Security - Website Administrator Guide SSL Configuration: If you choose HTTPS when adding your site, the SSL configuration area shows details of the certificate that is installed on your website. See Add Websites for more details.

If you chose HTTP when adding your site, you can upgrade it to HTTPS and specify the SSL certificate to secure the communication to/from your website. •

Choose HTTPS from the drop-down or click the 'Click to update protocol button'

Comodo cWatch Web Security - Website Administrator Guide | Š 2017 Comodo Security Solutions Inc. | All rights reserved.

59


Comodo cWatch Web Security - Website Administrator Guide

The form for adding your SSL certificate will appear. SSL Protection Settings - Table of Parameters Parameter Name

Description Enter a descriptive name for the certificate. This will be used to identify it in cWatch.

Comodo cWatch Web Security - Website Administrator Guide | Š 2017 Comodo Security Solutions Inc. | All rights reserved.

60


Comodo cWatch Web Security - Website Administrator Guide Certificate

Paste the content of your certificate. For example, the content you are looking for will look something like this: -----BEGIN CERTIFICATE----MIICUTCCAfugAwIBAgIBADANBgkqhkiG9w0BAQQFADBXMQswCQYDVQQGEw JDTjEL MAkGA1UECBMCUE4xCzAJBgNVBAcTAkNOMQswCQYDVQQKEwJPTjELMAkGA1 UECxMC VU4xFDASBgNVBAMTC0hlcm9uZyBZYW5nMB4XDTA1MDcxNTIxMTk0N1oXDT A1MDgx NDIxMTk0N1owVzELMAkGA1UEBhMCQ04xCzAJBgNVBAgTAlBOMQswCQYDVQ QHEwJD TjELMAkGA1UEChMCT04xCzAJBgNVBAsTAlVOMRQwEgYDVQQDEwtIZXJvbm cgWWFu ZzBcMA0GCSqGSIb3DQEBAQUAA0sAMEgCQQCp5hnG7ogBhtlynpOS21cBew KE/B7j V14qeyslnr26xZUsSVko36ZnhiaO/zbMOoRcKK9vEcgMtcLFuQTWDl3RAg MBAAGj gbEwga4wHQYDVR0OBBYEFFXI70krXeQDxZgbaCQoR4jUDncEMH8GA1UdIw R4MHaA FFXI70krXeQDxZgbaCQoR4jUDncEoVukWTBXMQswCQYDVQQGEwJDTjELMA kGA1UE CBMCUE4xCzAJBgNVBAcTAkNOMQswCQYDVQQKEwJPTjELMAkGA1UECxMCVU 4xFDAS BgNVBAMTC0hlcm9uZyBZYW5nggEAMAwGA1UdEwQFMAMBAf8wDQYJKoZIhv cNAQEE BQADQQA/ugzBrjjK9jcWnDVfGHlk3icNRq0oV7Ri32z/ +HQX67aRfgZu7KWdI+Ju Wm7DCfrPNGVwFWUQOmsPue9rZBgO -----END CERTIFICATE-----

SSL Chain Certificate

If your certificate contains an intermediate certificate then paste it here. If not, leave this field blank.

Certificate Key

Paste the private key of your certificate

Click 'Create New SSL Certificate'

cWatch will create a new certificate and bind it with the website for data transfer through the CDN. DNS Configuration: •

Add the 'CNAME' record displayed in this interface to the DNS entry for your domain to route your site traffic through the CDN. Your web host may be able to help you with this step. Guidance is also available at https://support.google.com/a/topic/1615038?hl=en.

Once configured, cWatch will check the DNS records and route the traffic through the CDN.

Comodo cWatch Web Security - Website Administrator Guide | © 2017 Comodo Security Solutions Inc. | All rights reserved.

61


Comodo cWatch Web Security - Website Administrator Guide

It may take up to 20 minutes for the CDN to receive the traffic to your domain. Once it has started, you can view traffic statistics on the 'CDN Metrics' page for the domain. See Content Delivery Network Metrics for more details.

Origin Information •

Origin IP Resolution - Choose whether or not the CDN should use DNS servers to resolve the IP address of your origin web server. This depends on whether your server uses a static or dynamic IP address. If your server uses a static IP address, enable 'Origin IP Resolution'. The CDN will fetch your IP address by domain look-up, save it and display it in the 'Origin IP' field. The CDN will use this IP address to fetch the files from your web server. This will save time for content delivery to your website visitors. • If your server uses dynamic IP address, disable this option. The CDN will use DNS services to resolve your IP address. Custom Host Header - If the custom host header for your website configured in the origin hosting server, is different from the domain name, enter the Custom Host Header in this field. •

• •

4.8.3

Click 'Update' for your settings to take effect.

Configure Cache Settings

The 'Manage Cache' page allows you to configure validity periods of content cached by the content delivery network. Content is cached in order to serve pages faster to your website visitors. You may want to clear files in the cache if you have recently updated files on your website to ensure that updated content is served.

Comodo cWatch Web Security - Website Administrator Guide | © 2017 Comodo Security Solutions Inc. | All rights reserved.

62


Comodo cWatch Web Security - Website Administrator Guide

Manage Cache - Table of Parameters Parameter

Description Cache Settings

Set Default Cache Time

Allows you define the time period which content fetched by the CDN from your web servers should remain on the CDN cache. This is useful if your website's cache control headers (CCH) are not used or ignored by the browser on your visitors computer. Background Note: Cache Control Headers are used to define the length of time which content fetched from site should remain in the browser's cache. The local cache is used by the browser to render the site when it is re-visited by the user, avoiding the need to fetch the content again from the server.

Cache Control Header

Enter the validity period of the CCH at the end-user's web browser. This defines the time period which cached content in the web browser can be reused without checking the web server for updates

Use State

Select 'Serve expired content' if you want the CDN to deliver cached content when:

Query String

The CDN is currently checking the website for updated content

Your website is down.

Select 'Treat as separate cachable item' if you want webpages with query string parameters (e.g. '?q=something') to be cached as separate files. This will instruct the CDN to update the

Comodo cWatch Web Security - Website Administrator Guide | © 2017 Comodo Security Solutions Inc. | All rights reserved.

63


Comodo cWatch Web Security - Website Administrator Guide respective files in its cache whenever the original pages are updated. Ignore Cache

Select 'Ignore max age set by the origin' if you want your visitor's browsers and clients to ignore the time to live (TTL) and header expiry settings of your webpages. The web browsers will use the default cache time setting above to retain the content in their cache. Purge CDN Cache on Edge Servers

Purge Individual Files

Allows you remove specific files from the cache so that the CDN is forced to check your website the next time the files are requested. Enter the URI of the file in the text box and click the green '+' button Repeat the process to add more files Click 'Purge' Allows you remove all files from the cache so that the CDN is forced to check your website the next time the files are requested. • • •

Purge All Files

Click 'Purge'

Click 'Update Cache Settings' for your settings to take effect.

5

The Settings Interface

The 'Settings' interface lists all registered websites along with their license details, CNAME record and overall security level. You can also quickly configure a particular website or remove a website from cWatch. To open the 'Settings' interface, click the gear icon on the left

Settings Interface - Column Interface Column Header

Description

Site

The name of the registered website

CNAME

The CNAME DNS record created for the website by cWatch. The CNAME should be added to your DNS entry for the website in order to activate the CDN service. See Configuring CDN Settings for more details.

License

The type of license associated with the website. Protection features and CDN traffic quotas vary according to license type. See License Types for a license comparison.

Security

The security level of the website is based on the results of the malware scans on your

Comodo cWatch Web Security - Website Administrator Guide | © 2017 Comodo Security Solutions Inc. | All rights reserved.

64


Comodo cWatch Web Security - Website Administrator Guide site. If the security level is anything other than 'Safe', then please check the 'Malware' area of the domain to see whether you have active malware. Refer to Comodo Malware Scan Results for more details. Settings

Click 'Malware Settings' to open the 'Settings' page for the website. This allows you to configure: •

Malware Scanning on the website

CDN Coverage

See Website Configuration more details. To remove a website from cWatch protection •

Click the gear icon on the left to open the 'Settings' interface

Click the trashcan icon in the row of the website you want to delete:

Enter the website name in the field for confirmation and click 'Remove Site'

Note: •

Removing a website will remove its data from cWatch and revert the DNS settings. Its traffic will no longer be routed through the CDN.

Comodo cWatch Web Security - Website Administrator Guide | © 2017 Comodo Security Solutions Inc. | All rights reserved.

65


Comodo cWatch Web Security - Website Administrator Guide •

The license used for the website will become available for adding a new website.

6

Upgrading Licenses for Domains

You may want to upgrade a cWatch license if: •

You wish to enable the superior protection features afforded by a Pro, Premium or Enterprise license

You need more CDN traffic for a website

You want to add sub-domains for a website

There are various ways to upgrade your license:. •

There are various ways to upgrade your license:

Click 'Dashboard' then click on the website you wish to upgrade. Click the 'Upgrade to Pro', 'Upgrade to Premium' or 'Upgrade to Enterprise' button. OR

Select the target website from the list of registered domain on the left then •

Open 'CDN Metrics' and click 'Upgrade License'

Note: The 'Upgrade License' button will appear only when your traffic limit is exhausted. OR •

When creating a ticket. Support tickets can be raised only for websites with Premium or Enterprise licenses. If you click 'Create Ticket' when you only have a basic license, then a pop-up will appear which allows you to upgrade.

Any available licenses you own will be displayed in a drop-down. •

Choose the license you want to associate with the domain. The new license will be automatically transferred to the selected domain.

Comodo cWatch Web Security - Website Administrator Guide | © 2017 Comodo Security Solutions Inc. | All rights reserved.

66


Comodo cWatch Web Security - Website Administrator Guide

If you do not have any licenses available then you will be presented with the option to a buy new license:

Choose 'Click to Buy'

You will be taken to the cWatch license purchase page. •

Complete the purchase process. See Purchasing a License for more details.

The license will be added to your account.

Restart the process of upgrading the license for the domain as explained above.

The new license will be displayed in the drop-down

Select the license to associate it with the domain

7

Managing Your Profile

The Profile interface allows you to view and edit personal information and communication preferences for notifications and alerts. Administrators can also change the password used login to cWatch and Comodo Account Manager (CAM) at https://accounts.comodo.com. •

To open the 'Profile' interface, click the

icon on the left.

Comodo cWatch Web Security - Website Administrator Guide | © 2017 Comodo Security Solutions Inc. | All rights reserved.

67


Comodo cWatch Web Security - Website Administrator Guide

The following sections contain more information: •

Edit your profile

Change your password

To edit your profile •

Click 'Edit Profile'

The 'Edit Profile' dialog will open.

Comodo cWatch Web Security - Website Administrator Guide | © 2017 Comodo Security Solutions Inc. | All rights reserved.

68


Comodo cWatch Web Security - Website Administrator Guide Edit Profile Dialog - Form Parameters Form Element

Description

Full Name

Displays your username/email address as entered during your sign-up to cWatch. This field cannot be edited.

Mobile (call)

Specify your mobile phone number at which you wish to receive the notifications and alerts as calls.

Mobile (sms)

Subscription Email(s)

Subscribe

Select your country from the first drop-down

Enter the phone number with the country code prefix

The mobile phone number at which you wish to receive the notifications and alerts as text messages. •

Select your country from the first drop-down

Enter the phone number with the country code prefix

Primary email address as entered during sign-up. You can add alternative email address(es) if required. •

To add an alternative email address, click 'Add new e-mail address'

Enter the alternative email address in the text box and click the + button at the right.

Repeat the process to add more addresses.

Choose the reports you want to subscribe for. The reports will be sent to you at the email address(es) specified in the 'Subscription Email(s)' field.

Click 'Save' for your changes to take effect.

To change your password •

Click 'Change Password' from the 'Profile' interface

You will be taken to the CAM login page at https://accounts.comodo.com/login. •

Use your current username and password to login to CAM

The 'Change Password' page will appear

Comodo cWatch Web Security - Website Administrator Guide | © 2017 Comodo Security Solutions Inc. | All rights reserved.

69


Comodo cWatch Web Security - Website Administrator Guide

Enter your old password, new password and re-enter your new password for confirmation in the respective fields

Click 'Submit'

Your password will be changed, You can login to cWatch console and CAM with the new password, from the next login attempt.

8

Getting Support

cWatch live chat support is the quickest and more comprehensive way to get assistance to configure your domains and get information on support tickets. Simply click the 'Chat' button to launch a session with a qualified support technician at Comodo. The technician will offer advice on domain configuration and assist with escalating support tickets you have raised. You can even have your chat history emailed to you for future reference. To launch a chat session •

Click the 'Chat with us button' at the bottom right of the cWatch interface.

A chat window will open.

Comodo cWatch Web Security - Website Administrator Guide | © 2017 Comodo Security Solutions Inc. | All rights reserved.

70


Comodo cWatch Web Security - Website Administrator Guide

Enter your name, email address in the respective fields

Choose the department from which you require support, depending on your requirement. The available departments are:

cWatch Web Support - Onboarding, licensing, queries related to subscription and features and more • cWatch SOC L2 - Clean Website, Protect WebSite, Malware Removal, Virtual Hardening/Patching, 24/7 Cyber Security Monitoring and Response to Tickets Related with security incidnets Enter your message in the message field

Click 'Start chat'

Within seconds, a Comodo Support Technician from the selected department will respond in a chat window and ask you to describe the problem

Comodo cWatch Web Security - Website Administrator Guide | © 2017 Comodo Security Solutions Inc. | All rights reserved.

71


Comodo cWatch Web Security - Website Administrator Guide

Start chatting! Use the chat window to explain any problems you are having with configuring your domain or getting help on your tickets

The technician will offer advice accordingly.

To end the session, click the hamburger icon at bottom right and choose 'End Chat'

Comodo cWatch Web Security - Website Administrator Guide | © 2017 Comodo Security Solutions Inc. | All rights reserved.

72


Comodo cWatch Web Security - Website Administrator Guide

You will be given an option to save the chat history for your future reference. •

To save the chat history, click 'Send Transcript'

Comodo cWatch Web Security - Website Administrator Guide | Š 2017 Comodo Security Solutions Inc. | All rights reserved.

73


Comodo cWatch Web Security - Website Administrator Guide

•

Enter the email address to which the chat history needs to be sent and click 'Send Email'.

You will receive the chat history at the specified email address.

Comodo cWatch Web Security - Website Administrator Guide | Š 2017 Comodo Security Solutions Inc. | All rights reserved.

74


Comodo cWatch Web Security - Website Administrator Guide

About Comodo The Comodo organization is a global innovator of cybersecurity solutions, protecting critical information across the digital landscape. Building on its unique position as the world's largest certificate authority, Comodo authenticates, validates and secures networks and infrastructures from individuals to mid-sized companies to the world's largest enterprises. Comodo provides complete end-to-end security solutions across the boundary, internal network and endpoint with innovative technologies solving the most advanced malware threats, both known and unknown. With global headquarters in Clifton, New Jersey, and branch offices in Silicon Valley, Comodo has international offices in China, India, the Philippines, Romania, Turkey, Ukraine and the United Kingdom. For more information, visit comodo.com.

Comodo Security Solutions, Inc.

Comodo CA Limited

1255 Broad Street

3rd Floor, 26 Office Village, Exchange Quay, Trafford Road, Salford, Greater Manchester M5 3EQ,

Clifton, NJ, 07013 United States Email: EnterpriseSolutions@Comodo.com

United Kingdom. Tel : +44 (0) 161 874 7070 Fax : +44 (0) 161 877 1767

For additional information on Comodo - visit http://www.comodo.com.

Comodo cWatch Web Security - Website Administrator Guide | Š 2017 Comodo Security Solutions Inc. | All rights reserved.

75


Turn static files into dynamic content formats.

Create a flipbook
Issuu converts static files into: digital portfolios, online yearbooks, online catalogs, digital photo albums and more. Sign up and create your flipbook.