DOCSLIB.ORG

Content Gateway Manager Help, V8.0.X

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
Content Gateway Manager Help, V8.0.X Content Gateway Manager Help Websense® Content Gateway v8.0.x ©1996–2014, Websense Inc. All rights reserved. 10900 Stonelake Blvd, 3rd Floor, Austin, TX 78759, USA Websense Content Gateway Online Help November 2014 R050914800 This document contains proprietary and confidential information of Yahoo, Inc and Websense, Inc. The contents of this document may not be disclosed to third parties, copied, or duplicated in any form, in whole or in part, without prior written permission of Websense, Inc. Every effort has been made to ensure the accuracy of this manual. However, Websense Inc., and Yahoo, Inc. make no warranties with respect to this documentation and disclaim any implied warranties of merchantability and fitness for a particular purpose. Websense Inc. shall not be liable for any error or for incidental or consequential damages in connection with the furnishing, performance, or use of this manual or the examples herein. The information in this documentation is subject to change without notice. Use, duplication, or disclosure of the technical data contained in this document by the Government is subject to restrictions as set forth in subdivision (c) (1)(ii) of the Rights in Technical Data and Computer Software clause at DFARS 52.227-7013 and/or in similar or successor clauses in the FAR, or in the DOD or NASA FAR Supplement. Unpublished rights reserved under the Copyright Laws of the United States. Contractor/manufacturer is Websense, Inc, 10900 Stonelake Blvd, 3rd Floor, Austin, TX 78759, USA. Trademarks Websense, the Websense Logo, ThreatSeeker, and TRITON are registered trademarks of Websense, Inc. in the United States and/or other countries. Websense has numerous other unregistered trademarks in the United States and internationally. All other trademarks are the property of their respective owners. Portions of Websense Content Gateway include third-party technology used under license. Notices and attribution are included elsewhere in this manual Traffic Server is a trademark or registered trademark of Yahoo! Inc. in the United States and other countries. Red Hat is a registered trademark of Red Hat Software, Inc. Linux is a registered trademark of Linus Torvalds. Microsoft, Windows, Windows NT, and Active Directory are either registered trademarks or trademarks of Microsoft Corporation in the United States and/or other countries. Mozilla and Firefox are registered trademarks of the Mozilla Foundation. Netscape and Netscape Navigator are registered trademarks of Netscape Communications Corporation in the United States and in other countries. UNIX is a registered trademark of AT&T. All other trademarks are property of their respective owners. Contents Contents Topic 1 Overview . 1 Deployment options . 2 SSL inspection . 2 As a Web proxy cache. 3 In a cache hierarchy. 4 In a managed cluster . 4 As a DNS proxy cache . 4 Components . 4 Cache. 4 RAM cache . 5 Adaptive Redirection Module . 5 Host database. 5 DNS resolver. 6 Processes. 6 Administration tools . 7 Proxy traffic analysis features . 7 Online Help . 8 Technical Support. 8 Topic 2 Getting Started . 11 Accessing the Content Gateway manager . 11 Configuring Content Gateway for two-factor authentication . 13 Accessing the Content Gateway manager if you forget the master administrator password . 15 Entering your subscription key. 16 Providing system information . 16 Verifying that the proxy is processing Internet requests . 17 Using the command-line interface . 18 Starting and stopping Content Gateway on the Command Line . 19 The no_cop file . 19 Topic 3 Web Proxy Caching . 21 Cache requests . 21 Ensuring cached object freshness . 22 HTTP object freshness . 22 FTP object freshness . 26 Scheduling updates to local cache content . 27 Configuring the Scheduled Update option . 28 Forcing an immediate update . 28 Pinning content in the cache. 29 Online Help i Contents Setting cache pinning rules . 29 Enabling cache pinning . 30 To cache or not to cache? . 30 Caching HTTP objects . 30 Client directives . 31 Origin server directives . 32 Configuration directives . 34 Forcing object caching . 36 Caching HTTP alternates . 36 Configuring how Content Gateway caches alternates. 36 Limiting the number of alternates for an object . 37 Caching FTP objects. 37 Disabling FTP over HTTP caching. 38 Topic 4 Explicit Proxy . 39 Manual browser configuration . 39 Using a PAC file. 40 Sample PAC file . 41 Using WPAD . 42 Configuring FTP clients in an explicit proxy environment . 43 Topic 5 Transparent Proxy and ARM . 47 The ARM . 48 Transparent interception strategies . 49 Transparent interception with a Layer 4 switch . 49 Transparent interception with WCCP v2 devices . 50 Transparent interception and multicast mode . 66 Transparent interception with policy-based routing . 67 Transparent interception with software-based routing . 68 Configuring Content Gateway to serve only transparent requests . 69 Interception bypass . 70 Dynamic bypass rules . 71 Static bypass rules . 72 Viewing the current set of bypass rules . 73 Connection load shedding . 73 Reducing DNS lookups . 74 Topic 6 Additional Proxy Configuration . 77 IP spoofing . 77 Range-based IP spoofing. 78 IP spoofing and the flow of traffic . 79 Configuring IP spoofing . 80 Support for IPv6 . 82 ii Websense Content Gateway Contents IPv6 configuration summary. 83 Topic 7 Clusters. 85 Management clustering . 86 Changing clustering configuration . 86 Adding nodes to a cluster . 89 Deleting nodes from a cluster . 91 Virtual IP failover. ..
Load more

Recommended publications
  • Feature Description
    NTLM Feature Description UPDATED: 19 March 2021 NTLM Copyright Notices Copyright © 2002-2021 Kemp Technologies, Inc. All rights reserved. Kemp Technologies and the Kemp Technologies logo are registered trademarks of Kemp Technologies, Inc. Kemp Technologies, Inc. reserves all ownership rights for the LoadMaster and Kemp 360 product line including software and documentation. Used, under license, U.S. Patent Nos. 6,473,802, 6,374,300, 8,392,563, 8,103,770, 7,831,712, 7,606,912, 7,346,695, 7,287,084 and 6,970,933 kemp.ax 2 Copyright 2002-2021, Kemp Technologies, All Rights Reserved NTLM Table of Contents 1 Introduction 4 1.1 Document Purpose 6 1.2 Intended Audience 6 1.3 Related Firmware Version 6 2 Configure NTLM Authentication 7 2.1 Configure Internet Options on the Client Machine 7 2.2 Configure the LoadMaster 11 2.2.1 Enable NTLM Proxy Mode 13 2.2.2 Configure the Server Side SSO Domain 13 2.2.3 Configure the Client Side SSO Domain 15 2.2.4 Configure the Virtual Service 15 2.3 Configure Firefox to Allow NTLM (if needed) 17 2.4 Troubleshooting 18 References 19 Last Updated Date 20 kemp.ax 3 Copyright 2002-2021, Kemp Technologies, All Rights Reserved NTLM 1 Introduction 1 Introduction NT LAN Manager (NTLM) is a Windows Challenge/Response authentication protocol that is often used on networks that include systems running the Windows operating system and Active Directory. Kerberos authentication adds greater security than NTLM systems on a network and provides Windows-based systems with an integrated single sign-on (SSO) mechanism.
    [Show full text]
  • Understanding the Windows SMB NTLM Authentication Weak Nonce Vulnerability
    Understanding the Windows SMB NTLM Authentication Weak Nonce Vulnerability Hernan Ochoa Agustin Azubel [email protected] [email protected] Understanding the Windows SMB NTLM Authentication Weak Nonce Vulnerability Presentation goals: ‣ Describe the vulnerability in detail ‣ Explain & demonstrate exploitation • Three different exploitation methods ‣ Clear up misconceptions ‣ Determine vulnerability scope, severity and impact ‣ Share Conclusions BlackHat USA 2010 Understanding the Windows SMB NTLM Authentication Weak Nonce Vulnerability Vulnerability Information ‣ Flaws in Windows’ implementation of NTLM - attackers can access SMB service as authorized user - leads to read/write access to files, SMB shared resources in general and remote code execution ‣ Published February 2010 ‣ CVE-2010-0231, BID 38085 ‣ Advisory with Exploit Code: • http://www.hexale.org/advisories/OCHOA-2010-0209.txt ‣ Addressed by MS10-012 BlackHat USA 2010 Understanding the Windows SMB NTLM Authentication Weak Nonce Vulnerability Why talk about this vulnerability? ‣ Major 14-year old vulnerability affecting Windows Authentication Mechanism! - Basically, all Windows versions were affected (NT4, 2000, XP, 2003, Vista, 2008, 7) - Windows NT 4 released in ∼1996 - Windows NT 3.1 released in ∼1993 (∼17 years ago) - All this time, we assumed it was working correctly.. but it wasn’t... - Flew under the radar... BlackHat USA 2010 Understanding the Windows SMB NTLM Authentication Weak Nonce Vulnerability Why talk about this vulnerability? ‣ Interesting vulnerability, not your common buffer overflow - Issues in the Pseudo-Random Number Generator (PRNG) - Challenge-response protocol implementation issues - Replay attacks - Attack to predict challenges is interesting BlackHat USA 2010 Understanding the Windows SMB NTLM Authentication Weak Nonce Vulnerability Why talk about this vulnerability? ‣ There’s a lesson to be learned..
    [Show full text]
  • Chapter 15-70-411FINAL[1]
    Lesson 15: Configuring Service Authentication MOAC 70-411: Administering Windows Server 2012 Overview • Exam Objective 5.1: Configure Service Authentication • Configuring Service Authentication • Managing Service Accounts © 2013 John Wiley & Sons, Inc. 2 Configuring Service Authentication Lesson 15: Configuring Service Authentication © 2013 John Wiley & Sons, Inc. 3 Authentication • Authentication is the act of confirming the identity of a user or system and is an essential part used in authorization when the user or system tries to access a server or network resource. • Two types of authentication that Windows supports are NT LAN Manager (NTLM) and Kerberos. • Kerberos is the default authentication protocol for domain computers. • NTLM is the default authentication protocol for Windows NT, standalone computers that are not part of a domain, and situations in which you authenticate to a server using an IP address. © 2013 John Wiley & Sons, Inc. 4 Understanding NTLM Authentication • NT LAN Manager (NTLM) is a suite of Microsoft security protocols that provides authentication, integrity, and confidentiality to users. • NTLM is an integrated single sign-on mechanism. • NTLM uses a challenge-response mechanism for authentication in which clients are able to prove their identities without sending a password to the server. © 2013 John Wiley & Sons, Inc. 5 Managing Kerberos Kerberos: • Is a computer network authentication protocol, which allows hosts to prove their identity over a non-secure network in a secure manner. • Can provide mutual authentication
    [Show full text]
  • Level One Benchmark Windows NT 4.0 Operating Systems V1.0.5
    Level One Benchmark Windows NT 4.0 Operating Systems V1.0.5 Copyright 2003, The Center for Internet Security www.cisecurity.org Page 2 of 32 Terms of Use Agreement Background. CIS provides benchmarks, scoring tools, software, data, information, suggestions, ideas, and other services and materials from the CIS website or elsewhere (“Products”) as a public service to Internet users worldwide. Recommendations contained in the Products (“Recommendations”) result from a consensus-building process that involves many security experts and are generally generic in nature. The Recommendations are intended to provide helpful information to organizations attempting to evaluate or improve the security of their networks, systems and devices. Proper use of the Recommendations requires careful analysis and adaptation to specific user requirements. The Recommendations are not in any way intended to be a “quick fix” for anyone’s information security needs. No representations, warranties and covenants. CIS makes no representations, warranties or covenants whatsoever as to (i) the positive or negative effect of the Products or the Recommendations on the operation or the security of any particular network, computer system, network device, software, hardware, or any component of any of the foregoing or (ii) the accuracy, reliability, timeliness or completeness of any Product or Recommendation. CIS is providing the Products and the Recommendations “as is” and “as available” without representations, warranties or covenants of any kind. User agreements. By using the Products and/or the Recommendations, I and/or my organization (“we”) agree and acknowledge that: 1. No network, system, device, hardware, software or component can be made fully secure; 2.
    [Show full text]
  • Windows Poster 20-12-2013 V3
    Microsoft® Discover the Open Specifications technical documents you need for your interoperability solutions. To obtain these technical documents, go to the Open Specifications Interactive Tiles: open specifications poster © 2012-2014 Microsoft Corporation. All rights reserved. http://msdn.microsoft.com/openspecifications/jj128107 Component Object Model (COM+) Technical Documentation Technical Documentation Presentation Layer Services Technical Documentation Component Object Model Plus (COM+) Event System Protocol Active Directory Protocols Overview Open Data Protocol (OData) Transport Layer Security (TLS) Profile Windows System Overview Component Object Model Plus (COM+) Protocol Active Directory Lightweight Directory Services Schema WCF-Based Encrypted Server Administration and Notification Protocol Session Layer Services Windows Protocols Overview Component Object Model Plus (COM+) Queued Components Protocol Active Directory Schema Attributes A-L Distributed Component Object Model (DCOM) Remote Protocol Windows Overview Application Component Object Model Plus (COM+) Remote Administration Protocol Directory Active Directory Schema Attributes M General HomeGroup Protocol Supplemental Shared Abstract Data Model Elements Component Object Model Plus (COM+) Tracker Service Protocol Active Directory Schema Attributes N-Z Peer Name Resolution Protocol (PNRP) Version 4.0 Windows Data Types Services General Application Services Services Active Directory Schema Classes Services Peer-to-Peer Graphing Protocol Documents Windows Error Codes ASP.NET
    [Show full text]
  • Polycom Unified Communications Deployment
    SOLUTION DEPLOYMENT GUIDE November 2016 | 3725-06675-008A Polycom® Unified Communications for Microsoft® Environments Polycom, Inc. 1 Copyright© 2016, Polycom, Inc. All rights reserved. No part of this document may be reproduced, translated into another language or format, or transmitted in any form or by any means, electronic or mechanical, for any purpose, without the express written permission of Polycom, Inc. 6001 America Center Drive San Jose, CA 95002 USA Trademarks Polycom®, the Polycom logo and the names and marks associated with Polycom products are trademarks and/or service marks of Polycom, Inc. and are registered and/or common law marks in the United States and various other countries. All other trademarks are property of their respective owners. No portion hereof may be reproduced or transmitted in any form or by any means, for any purpose other than the recipient's personal use, without the express written permission of Polycom. End User License Agreement By installing, copying, or otherwise using this product, you acknowledge that you have read, understand and agree to be bound by the terms and conditions of the End User License Agreement for this product. Patent Information The accompanying product may be protected by one or more U.S. and foreign patents and/or pending patent applications held by Polycom, Inc. Open Source Software Used in this Product This product may contain open source software. You may receive the open source software from Polycom up to three (3) years after the distribution date of the applicable product or software at a charge not greater than the cost to Polycom of shipping or distributing the software to you.
    [Show full text]
  • IT Security Principles: Windows Exploitation
    IT Security Principles: Windows Exploitation IT 444 – Network Security Understanding LLMNR and NBNS • Windows systems go through several different steps to resolve a hostname to an IP address for us. • Windows will search the hosts or LMHosts file on the system to see if there’s an entry in that file. • If there isn’t, then the next step is to query DNS. Windows will send a DNS query to the default nameserver to see if it can find an entry. • In most cases, this will return an answer, and we’ll see the web page or target host we’re trying to connect to. • In situations where DNS fails, modern Windows systems use two protocols to try to resolve. LLMNR and NetBios Understanding LLMNR and NBNS o LLMNR: this protocol uses multicast in order to try to find the host on the network. Other Windows systems will subscribe to this multicast address, and when a request is sent out by a host, if anyone listening owns that name and can turn it into an IP address, a response is generated. Once the response is received, the system will take us to the host o If the host can’t be found using LLMNR, Windows use the NetBIOS protocol to try to discover the IP. It does this by sending out a broadcast request for the host to the local subnet, and then it waits for someone to respond to that request. If a host exists with that name, it can respond directly, and then our system knows that to get to that resource, it needs to go to that location Understanding LLMNR and NBNS o Both LLMNR and NBNS rely on trust o As a malicious actor, though, we can respond to any request sent out to LLMNR or NBNS and say that the host being searched for is owned by us.
    [Show full text]
  • [MS-MSSO]: Media Streaming Server System Overview
    [MS-MSSO]: Media Streaming Server System Overview Intellectual Property Rights Notice for Protocol Documentation . Technical Documentation. Microsoft publishes Open Specifications documentation for protocols, file formats, languages, standards as well as overviews of the interaction among each of these technologies. Copyrights. This documentation is covered by Microsoft copyrights. Regardless of any other terms that are contained in the terms of use for the Microsoft website that hosts this documentation, you may make copies of it in order to develop implementations of the technologies described in the Open Specifications and may distribute portions of it in your implementations using these technologies or your documentation as necessary to properly document the implementation. You may also distribute in your implementation, with or without modification, any schema, IDL’s, or code samples that are included in the documentation. This permission also applies to any documents that are referenced in the Open Specifications. No Trade Secrets. Microsoft does not claim any trade secret rights in this documentation. Patents. Microsoft has patents that may cover your implementations of the technologies described in the Open Specifications. Neither this notice nor Microsoft's delivery of the documentation grants any licenses under those or any other Microsoft patents. However, a given Open Specification may be covered by Microsoft's Open Specification Promise (available here: http://www.microsoft.com/interop/osp) or the Community Promise (available here: http://www.microsoft.com/interop/cp/default.mspx). If you would prefer a written license, or if the technologies described in the Open Specifications are not covered by the Open Specifications Promise or Community Promise, as applicable, patent licenses are available by contacting [email protected].
    [Show full text]
  • Case COMP/C-3/37.792 Microsoft)
    EN EN EN COMMISSION OF THE EUROPEAN COMMUNITIES Brussels, 21.4.2004 C(2004)900 final COMMISSION DECISION of 24.03.2004 relating to a proceeding under Article 82 of the EC Treaty (Case COMP/C-3/37.792 Microsoft) (ONLY THE ENGLISH TEXT IS AUTHENTIC) (Text with EEA relevance) EN EN COMMISSION DECISION of 24.03.2004 relating to a proceeding under Article 82 of the EC Treaty (Case COMP/C-3/37.792 Microsoft) (ONLY THE ENGLISH TEXT IS AUTHENTIC) (Text with EEA relevance) THE COMMISSION OF THE EUROPEAN COMMUNITIES, Having regard to the Treaty establishing the European Community, Having regard to Council Regulation No 17 of 6 February 1962, First Regulation implementing Articles 85 and 86 of the Treaty1, and in particular Article 3 and Article 15(2) thereof, Having regard to the complaint lodged by Sun Microsystems, Inc. on 10 December 1998, alleging infringements of Article 82 of the Treaty by Microsoft and requesting the Commission to put an end to those infringements, Having regard to the Commission decision of 1 August 2000 to initiate proceedings in Case IV/C-3/37.345, Having regard to the Commission decision of 29 August 2001 to initiate proceedings in this case, and to join the findings in Case IV/C-3/37.345 to the procedure followed under this case, Having given the undertaking concerned the opportunity to make known their views on the objections raised by the Commission pursuant to Article 19(1) of Regulation No 17 and Commission Regulation (EC) No 2842/98 of 22 December 1998 on the hearing of parties in certain proceedings under Articles 85 and 86 of the EC Treaty2, Having regard to the final report of the hearing officer in this case, After consulting the Advisory Committee on Restrictive Practices and Dominant Positions, 1 OJ 13, 21.2.1962, p.
    [Show full text]
  • Technical Information, You Will Find Several Different Types of Symbols Are Used to Identify Different Sections of Text
    Technical FAST/TOOLS R10.01 Information System Hardening Windows 7/8, Windows Server 2008/2012 TI 50A01A10-02EN (Rev. 1.0) Yokogawa Electric Corporation TI 50A01A10-02EN 2-9-32, Nakacho, Musashino-shi, Tokyo, 180-8750 Japan ©Copyright June 2015 (YK) Tel.: 81-422-52-2006 Fax.: 81-422-52-2540 1st Edition June 30, 2015 (YK) Blank Page i Introduction n Purpose In order to protect systems from network related security vulnerabilities, it is important to harden the operating system on which the application is running. This document describes the hardening procedure to be followed for FAST/TOOLS R10.01 systems running Microsoft operating systems. n Validity This document is primarily intended for internal Yokogawa use when engineering projects that use FAST/TOOLS on Microsoft operating systems. n Definitions, Abbreviations and Acronyms AV : Antivirus software DMZ : DeMilitarized Zone GSC : Global SCADA Center SCADA : Supervisory Control And Data Acquisition n References [1] McAfee VirusScan Enterprise version 8.8, YHQ recommended antivirus software. [2] IT Security Guide for System Products (Common Information) TI30A15B30-01E. All Rights Reserved Copyright © 2015, Yokogawa Electric Corporation TI 50A01A10-02EN June 30, 2015-00 ii n Symbol Marks Throughout this Technical Information, you will find several different types of symbols are used to identify different sections of text. This section describes these icons. CAUTION Identifies instructionsthat must be observed in order to avoid physical injury and electric shock or death to the operator. IMPORTANT Identifies importantinformation required to understand operations or functions. TIP Identifies additionalinformation. SEE ALSO Identifies asource to be referred to. n Trademark • FAST/TOOLS is registered trademark of Yokogawa Electric Corporation.
    [Show full text]
  • Windows Protocols Errata
    Windows Protocols Errata This topic lists the Errata found in the Windows Protocols Technical Specifications, RSS Overview Documents, and Reference documents since they were last published. Since this topic is updated frequently, we recommend that you subscribe to these Atom RSS or Atom feeds to receive update notifications. Errata are subject to the same terms as the Open Specifications documentation referenced. Errata are content issues in published versions of protocols documents that could impact an implementation. Examples of errata are errors or missing information in the normative sections of the Technical Specifications or in the use cases (examples) in the Technical Specifications and Overview Documents. Content issues that don't impact an implementation, for example, editorial updates due to typos, formatting updates, and rewrites for readability and clarity, are not included in Errata. The sections below list the Windows Protocols documents that contain active Errata (i.e., Errata not yet released with the documents on MSDN) and provide links to archived Errata (i.e., Errata already released with the documents on MSDN). Protocols Documents with Active Errata [MC-NMF]: .NET Message Framing Protocol [MS-ADDM]: Active Directory Web Services: Data Model and Common Elements [MS-ADTS]: Active Directory Technical Specification [MS-CIFS]: Common Internet File System (CIFS) Protocol [MS-DFSC]: Distributed File System (DFS) Referral Protocol [MS-EMFPLUS]: Enhanced Metafile Format Plus Extensions [MS-FASP]: Firewall and Advanced Security
    [Show full text]
  • 0672325756 A020101
    A Brief History of IIS A020101 Despite how ubiquitous you might think Microsoft is now on the Web—particularly the high use of the Internet Explorer product—you’d be forgiven for thinking that Microsoft was there right from the start. In fact, Microsoft came to the scene relatively late in terms of its own presence—and quite later still in terms of its IIS product. The first version of a Web server to be used and supported by Microsoft was the one running its Web site on Windows NT 3.51 using the European Microsoft Windows Academic Consortium (EMWAC) WWW software. This was 1994, and many of the bigger companies like Sun and the National Center for Supercomputing Applications (NCSA) had jumped on the bandwagon a few years earlier. IIS 1 The first noted version of IIS was IIS 1, born out of the EMWAC server and officially built and tested using Microsoft’s own Web sites before being formally released to the world in February 1996. IIS 1 incorporated and supported the three main protocols of the time—HTTP, FTP, and Gopher (a hierarchical file viewing system). IIS 1 also included support for CGI working with tools such as Perl to provide a dynamic envi- ronment and ISAPI that enabled developers to write custom applications that worked with IIS. 2 A020101 A Brief History of IIS This version also gave rise to a number of the basic features we expect to find in all versions of IIS today, including n Internet Services Manager (now part of the MMC) n Integration with the OS n Virtual Servers n Virtual Directories n Basic authentication and Windows NT LAN Manager authentication n Secure Sockets Layer support IIS 2 This was the first release of IIS that was bundled with an operating system.
    [Show full text]