- Computers & electronics
- Networking
- Netgear
- STM600 - ProSecure Web And Email Threat Management Appliance
- Reference manual
Configuring Web and Services Protection. Netgear STM600 - ProSecure Web And Email Threat Management Appliance, STM300 - ProSecure Web And Email Threat Management Appliance, STM150 - ProSecure Web And Email Threat Management Appliance
Add to My manuals261 Pages
advertisement
![Configuring Web and Services Protection. Netgear STM600 - ProSecure Web And Email Threat Management Appliance, STM300 - ProSecure Web And Email Threat Management Appliance, STM150 - ProSecure Web And Email Threat Management Appliance | Manualzz Configuring Web and Services Protection. Netgear STM600 - ProSecure Web And Email Threat Management Appliance, STM300 - ProSecure Web And Email Threat Management Appliance, STM150 - ProSecure Web And Email Threat Management Appliance | Manualzz](http://s1.manualzz.com/store/data/007103135_1-92829e6779d984aae68708f02ebe0cf3-360x466.png)
ProSecure Web/Email Security Threat Management (STM) Appliance
Table 31. Distributed Spam Analysis Settings (Continued)
Setting Description (or Subfield and Description)
Set Public
Host/IP Address and Port
The management port of the STM usually has a LAN IP address assigned, preventing users from outside the LAN from accessing the STM to look at their quarantined spam email. Select this check box to enable users from outside the LAN to access their quarantined spam email. Complete the Host/IP fields.
Note:
If you use a firewall, you need to map the public IP address and public port to the
LAN IP address of the STM’s management port.
Note:
When you select the Set Public Host/IP Address and Port check box, the spam reports (see
on page 214) display an External Link
column with hyperlinks that are consistent with the IP address and port that you specify in the Host/IP field.
Host/IP Enter the public IP address and public port of the STM.
4.
Click Apply to save your settings. The Distributed Spam Analysis section and the Send
Quarantine Spam Report section each have their own Apply and Reset buttons to enable you to make changes to these sections separately.
Configuring Web and Services Protection
The STM lets you configure the following settings to protect the network’s Internet communication:
•
The Web protocols that are scanned for malware threats
•
Actions that are taken when infected Web files or objects are detected
•
The maximum file sizes that are scanned
•
Web objects that are blocked
•
Web categories, keywords, and file types that are filtered to block objectionable or high-risk content
•
Domains and URLs that are blocked for objectionable or high-risk content
•
Customer notifications and email alerts that are sent when events are detected
•
Schedules that determine when content filtering is active
Customizing Web Protocol Scan Settings
If you have used the Setup Wizard, you might have already configured the Web protocol scan settings; the (Web) Policy screen allows you to modify these settings.
Scanning all protocols enhances network security, but might affect the performance of the
STM. For an optimum balance between security and performance, enable scanning only of the most commonly used protocols on your network. For example, you can scan FTP and
HTTP, but not HTTPS (if this last protocol is not often used). For more information about performance, see
Managing the STM’s Performance
Chapter 4. Content Filtering and Optimizing Scans | 105
ProSecure Web/Email Security Threat Management (STM) Appliance
To specify the Web protocols and ports that are scanned for malware threats.
1.
Select Web Security > Polices from the menu. The (Web) Policy screen displays:
Figure 59.
2.
Select the check boxes and complete the fields and as explained in the following table:
Table 32. Web Policy Settings
Setting Description
Services to Scan
HTTP
HTTPS Select the HTTPS check box to enable Hypertext Transfer Protocol over Secure Socket Layer
(HTTPS). This service is disabled by default. The HTTPS default port is 443. You can change the standard service port or add another port in the corresponding Ports to Scan field.
FTP
Select the HTTP check box to enable Hypertext Transfer Protocol (HTTP) scanning. This service is enabled by default and uses default port 80. You can change the standard service port or add another port in the corresponding Ports to Scan field.
Select the FTP check box to enable File Transfer Protocol (FTP). This service is enabled by default and uses default port 21. You can change the standard service port or add another port in the corresponding Ports to Scan field.
Note:
If a protocol uses a port other than the standard service port (for example, port 80 for HTTP), enter this nonstandard port in the Ports to Scan field. For example, if the HTTP service on your network uses both port 80 and port 8080, enter both port numbers in the Ports to
Scan field, and separate them by a comma.
3.
Click Apply to save your settings.
106 | Chapter 4. Content Filtering and Optimizing Scans
ProSecure Web/Email Security Threat Management (STM) Appliance
Configuring Web Malware Scans
If you have used the Setup Wizard, you might have already configured the Web malware action and exception scan settings; the Malware Scan screen allows you to modify these settings.
Whether or not the STM detects Web-based malware threats, you can configure it to take a variety of actions (some of the default actions are listed in
that are too large, and send notifications, emails, or both to the end users.
To configure the Web-based malware settings:
1.
Select Application Security > HTTP/HTTPS from the menu. The HTTP/HTTPS submenu tabs display, with the Malware Scan screen in view:
Figure 60.
Chapter 4. Content Filtering and Optimizing Scans | 107
ProSecure Web/Email Security Threat Management (STM) Appliance
2.
Complete the fields, select the check boxes, and make your selections from the drop-down lists as explained in the following table:
Table 33. Malware Scan Settings
Setting
Action
HTTP and
HTTPS
Description
Action From the HTTP or HTTPS drop-down list, specify one of the following actions to be taken when an infected Web file or object is detected:
• Quarantine file. The file is placed in quarantine, a malware quarantine log entry is created, and depending on the nature of the malware threat, also a virus log entry or a spyware log entry.
• Delete file. This is the default setting. The Web file or object is deleted, and depending on the nature of the malware threat, a virus log entry or a spyware log entry is created.
• Log only. Depending on the nature of the malware threat, only a virus log entry or a spyware log entry is created. The Web file or object is not placed in quarantine nor deleted.
Streaming Select the Streaming check box to enable streaming of partially downloaded and scanned HTTP or HTTPS file parts to the end user. This method allows the user to experience more transparent Web downloading. Streaming is enabled by default.
Scan Exceptions
From the drop-down list, specify one of the following actions to be taken when a file or message exceeds the size that you specify in the file size field:
• Skip. The file is not scanned but skipped, leaving the end user vulnerable. This is the default setting.
• Block. The file is blocked and does not reach the end user.
The default and maximum file sizes are as follows:
• For the STM600 and STM300, the default setting is to block any attachment larger than 10240 KB. The maximum file size that you can specify is 51200 KB.
• For the STM150, the default setting is to block any attachment larger than 8192 KB. The maximum file size that you can specify is 25600 KB.
Note:
Setting the maximum file size to a high value might affect the STM’s performance. NETGEAR recommends the default value, which is sufficient to detect the vast majority of threats.
HTML Scan
Scan HTML
Files
Select this check box to enable scanning of HyperText Markup Language (HTML) files, which is enabled by default.
Notification Settings
Select the Replace Page with the Following Warning Text check box to enable the STM to replace the content of a Web page that is blocked because of a detected malware threat with the following text:
NETGEAR ProSecure Web/Email Security Threat Management Appliance has detected and stopped malicious code embedded in this web site for protecting your computer and network from infection.
%VIRUSINFO%
108 | Chapter 4. Content Filtering and Optimizing Scans
ProSecure Web/Email Security Threat Management (STM) Appliance
Table 33. Malware Scan Settings (Continued)
Setting Description
Note:
You can customize this text. Make sure that you keep the %VIRUSINFO% metaword in the text to enable the STM to insert the correct malware threat information. In addition to the %VIRUSINFO% metaword, you can insert the following metawords in your customized message: %TIME%,
%PROTOCOL%, %FROM%, %TO%, %SUBJECT%, %FILENAME%, %ACTION%, %VIRUSNAME%.
The text is displayed on the Malware Scan screen with HTML tags. Click Preview to open a screen that displays the notification text in HTML format.
3.
Click Apply to save your settings.
Configuring Web Content Filtering
If you want to restrict internal LAN users from access to certain types of information and objects on the Internet, use the STM’s content filtering and Web objects filtering. With the exception of the Web content categories that are mentioned in
on page 85, all requested traffic from any website is allowed.
You can specify a message such as “Blocked by NETGEAR” that is displayed onscreen if a user attempts to access a blocked site (see the Notification Settings section that is described at the bottom of
on page 112). Several types of Web content blocking are available:
•
File extension blocking. You can block files based on their extension. Such files can
include executable files, audio and video files, and compressed files.
•
Web object blocking. You can block the following Web objects: embedded objects
(ActiveX, Java, Flash), proxies, and cookies; and you can disable Java scripts. However, websites that are on the whitelist (see
never subject to Web object blocking.
•
Web category blocking. You can block entire Web categories because their content is
unwanted, offensive, or not relevant, or simply to reduce traffic.
Note:
You can bypass any type of Web blocking for trusted domains by adding the exact matching domain names to the trusted host list
on page 124). Access to the domains
on the trusted host list is allowed for PCs in the groups for which file extension, object, or category blocking, or a combination of these types of Web blocking has been enabled.
Note:
You can bypass any type of Web blocking for trusted URLs by adding the URLs to the whitelist (see
on page 116). Access to the URLs on the whitelist is allowed for PCs
in the groups for which file extension, object, or category blocking, or a combination of these types of Web blocking has been enabled.
Chapter 4. Content Filtering and Optimizing Scans | 109
ProSecure Web/Email Security Threat Management (STM) Appliance
Note:
For information about creating custom categories that allow you to set access exceptions for combinations of Web categories, see
Creating Custom Categories for Web Access Exceptions
If you have used the Setup Wizard, you might have already configured the Web category blocking settings; the Content Filtering screen allows you to modify these settings.
To configure Web content filtering:
1.
Select Web Security > HTTP/HTTPS from the menu. The HTTP/HTTPS submenu tabs display, with the Malware Scan screen in view.
2.
Click the Content Filtering submenu tab. The Content Filtering screen displays. Because of the large size of this screen, it is presented in this manual in three figures (the following figure,
Figure 61. Content Filtering, screen 1 of 3
110 | Chapter 4. Content Filtering and Optimizing Scans
ProSecure Web/Email Security Threat Management (STM) Appliance
Figure 62. Content Filtering, screen 2 of 3
Chapter 4. Content Filtering and Optimizing Scans | 111
.
ProSecure Web/Email Security Threat Management (STM) Appliance
Figure 63. Content Filtering, screen 3 of 3
3.
Complete the fields, select the check boxes, and make your selections from the drop-down lists as explained in the following table:
Table 34. Content Filtering Settings
Setting
Content Filtering
Description
Log HTTP Traffic Select this check box to log HTTP traffic. For information about how to view the logged
By default, HTTP traffic is not logged.
Note:
Logging HTTP traffic might affect the STM’s performance (see
112 | Chapter 4. Content Filtering and Optimizing Scans
ProSecure Web/Email Security Threat Management (STM) Appliance
Table 34. Content Filtering Settings (Continued)
Setting
Block Files with the Following
Extensions
Description
Select the check box to enable file extension blocking. By default, the File Extension field lists the most common file extensions that are detected. You can manually add or delete extensions. Use commas to separate different extensions. You can also use the drop-down list to add predefined file extensions from a specific category to the File
Extension field:
• None. No file extensions are added to the File Extension field. This is the default setting.
• Executables. Executable file extensions (exe, com, dll, so, lib, scr, bat, and cmd) are added to the File Extension field.
• Audio/Video. Audio and video file extensions (wav, mp3, avi, rm, rmvb, wma, wmv, mpg, mp4, and aac) are added to the File Extension field.
• Compressed Files. Compressed file extensions (zip, rar, gz, tar, and bz2) added to the File Extension field.
Show This Message When a File was Blocked
The STM replaces the content of a Web page that is blocked because of violating file extensions with the following text, which you can customize:
Internet Policy has restricted access to this location with file extension:
%URL%
Note:
Make sure that you keep the %URL% metaword in the text to enable the STM to show the URL of the blocked pager.
As an option, you can select the Insert Link to User Login Portal Page check box. When you select this check box, the screen that displays when a user attempts to access blocked content includes a hyperlink that allows the user to log in as another user:
You are logged in as %USER%
(Click here to login as another user)
Note:
Make sure that you keep the %LOGIN-LINK% metaword in the text to enable the STM to insert the actual hyperlink.
The text is displayed on the Content Filtering screen with HTML tags. Click Preview to open a screen that displays the notification text in HTML format.
Block Web Objects
Select one or both of the following check boxes:
Remove
Embedded Objects
All embedded objects such as ActiveX, Java, and Flash objects are removed from downloaded Web pages.
Note:
Because embedded objects are commonly used on legitimate websites, blocking embedded objects globally might have a negative impact on a user’s Web browsing experience.
Disable Javascript Javascript is disabled on downloaded Web pages.
Chapter 4. Content Filtering and Optimizing Scans | 113
ProSecure Web/Email Security Threat Management (STM) Appliance
Table 34. Content Filtering Settings (Continued)
Setting Description
Select the Web Categories You Wish to Block
Select the Enable Blocking check box to enable blocking of Web categories, which is the default setting.
Select the check boxes of any Web categories that you want to block. Use the action buttons at the top of the section in the following way:
• Allow All. All Web categories are allowed.
• Block All. All Web categories are blocked.
• Set to Defaults. Blocking and allowing of Web categories are returned to their default settings. See
on page 85 for information about the Web categories that are blocked by default. Categories
that are preceded by a green rectangle are allowed by default; categories that are preceded by a pink rectangle are blocked by default.
Web Categorization Schedule
Do You Want this
Schedule to be
Active on All Days or Specific Days?
Select one of the following radio buttons:
• All Days. The schedule is in effect all days of the week.
• Specific Days. The schedule is active only on specific days.
To the right of the radio buttons, select the check box for each day that you want the schedule to be in effect.
Do You Want this
Schedule to be
Active All Day or at
Specific Times during the Day?
Select one of the following radio buttons:
• All Day. The schedule is in effect all hours of the selected day or days.
• Specific Times. The schedule is active only on specific hours of the selected day or days.
To the right of the radio buttons, fill in the Start Time and End Time fields (Hour,
Minute, AM/PM) during which the schedule is in effect.
Replace the Content of a Blocked Page with the Following Text
The STM replaces the content of a Web page that is blocked because of violating content with the following text, which you can customize:
Internet Policy has restricted access to this location belonging to the following categories:
%FULL-CATEGORY-LIST%
Note:
Make sure that you keep the %FULL-CATEGORY-LIST% metaword in the text to enable the STM to insert the categories that the blocked Web page falls under.
114 | Chapter 4. Content Filtering and Optimizing Scans
ProSecure Web/Email Security Threat Management (STM) Appliance
Table 34. Content Filtering Settings (Continued)
Setting Description
As an option, you can select one or both of the following check boxes:
• Allow Users to Submit a "Report a URL Misclassification" Form. When you select this check box, the screen that displays when a user attempts to access blocked content includes a hyperlink to report a
URL misclassification. See
Click here to Report a URL Misclassification
section later in this table.
Note:
Make sure that you keep the %SUBMIT-URL-CATEGORIZATION% metaword in the text to enable the STM to insert the actual hyperlink.
• Insert Link to User Login Portal Page. When you select this check box, the screen that displays when a user attempts to access blocked content includes a hyperlink that allows the user to log in as another user:
You are logged in as %USER%
(Click here to login as another user)
Note:
Make sure that you keep the %LOGIN-LINK% metaword in the text to enable the STM to insert the actual hyperlink.
The text is displayed on the Content Filtering screen with HTML tags. Click Preview to open a screen that displays the notification text in HTML format.
Web Category Lookup
URL Enter a URL to find out if it has been categorized, and if so, in which category. Then click the Lookup button. If the URL has been categorized, the category appears next to Lookup Results.
Clear Web
Category Cache
Click Clear Web Category Cache to enable the STM to synchronize with the
NETGEAR server and download the most recent Web categorizations.
Click here to
Report a URL
Misclassification
Note:
Synchronizing might temporarily slow down the STM’s performance because the STM needs to acquire the Web categorizations remotely instead of from its local cache.
To submit a misclassified or uncategorized URL to NETGEAR for analysis, click the
Click here to Report a URL Misclassification link. A screen opens that allows you to select from drop-down lists up to two categories in which you think that the URL could be categorized. Then click the Submit button.
4.
Click Apply to save your settings.
Chapter 4. Content Filtering and Optimizing Scans | 115
ProSecure Web/Email Security Threat Management (STM) Appliance
Configuring Web URL Filtering
If you want to allow or block internal LAN users from access to certain sites on the Internet, use the STM’s Web URL filtering. You can create or import a whitelist that contains domain names and URLs that are accepted, and a blacklist with domain names and URLs that are blocked. The whitelist takes precedence over the blacklist.
Note:
A URL that you enter on the whitelist or blacklist might contain other embedded URLs such as URLs for advertisements or sponsors, causing unexpected behavior. If you want to allow a URL by placing it on the whitelist, make sure that all embedded URLs are also placed on the whitelist. Similarly, if you want to block a URL by placing it on the blacklist, make sure that all embedded URLs are also placed on the blacklist.
Note:
For information about creating custom categories that allow you to set access exceptions for combinations of URLs, see
Custom Categories for Web Access Exceptions
116 | Chapter 4. Content Filtering and Optimizing Scans
ProSecure Web/Email Security Threat Management (STM) Appliance
To configure Web URL filtering:
1.
Select Web Security > HTTP/HTTPS from the menu. The HTTP/HTTPS submenu tabs display, with the Malware Scan screen in view.
2.
Click the URL Filtering submenu tab. The URL Filtering screen displays:
Figure 64.
Chapter 4. Content Filtering and Optimizing Scans | 117
ProSecure Web/Email Security Threat Management (STM) Appliance
3.
Select the check boxes and complete the fields and as explained in the following table:
Table 35. URL Filtering Settings
Setting Description
Whitelist (takes precedence over Blacklist)
Enable
URL
Select this check box to bypass scanning of the URLs that are listed in the URL field.
Users are allowed to access the URLs that are listed in the URL field.
This field contains the URLs for which scanning is bypassed. To add a URL to this field, use the Add URL field or the Import from File tool (see information later in this table).
You can add a maximum of 2000 URLs.
Note:
If a URL is in both the whitelist and blacklist, then the whitelist takes precedence and URLs on the whitelist are not scanned.
Add URL
Import from File
Note:
Wildcards (*) are supported. For example, if you enter www.net*.com in the URL field, any URL that begins with www.net and ends with .com is allowed.
Delete To delete one or more URLs, highlight the URLs, and click the Delete table button.
Export To export the URLs, click the Export table button, and follow the instructions of your browser.
Type or copy a URL in the Add URL field. Then click the Add table button to add the
URL to the URL field.
To import a list with URLs into the URL field, click the Browse button and navigate to a file in .txt format that contains line-delimited URLs (that is, one URL per line). Then click the Upload table button to add the URLs to the URL field.
Note:
Any existing URLs in the URL field are overwritten when you import a list of
URLs from a file.
Blacklist
Enable
URL
Select this check box to block the URLs that are listed in the URL field. Users attempting to access these URLs receive a notification (see information later in this table).
This field contains the URLs that are blocked. To add a URL to this field, use the Add
URL field or the Import from File tool (see information later in this table). You can add a maximum of 2000 URLs.
Note:
If a URL is in both the whitelist and blacklist, then the whitelist takes precedence and URLs on the whitelist are not scanned.
Note:
Wildcards (*) are supported. For example, if you enter www.net*.com in the URL field, any URL that begins with www.net and ends with .com is blocked.
Delete To delete one or more URLs, highlight the URLs, and click the Delete table button.
Export To export the URLs, click the Export table button and follow the instructions of your browser.
118 | Chapter 4. Content Filtering and Optimizing Scans
ProSecure Web/Email Security Threat Management (STM) Appliance
Table 35. URL Filtering Settings (Continued)
Setting
Add URL
Import from File
Description
Type or copy a URL in the Add URL field. Then click the Add table button to add the
URL to the URL field.
To import a list with URLs into the URL field, click the Browse button and navigate to a file in .txt format that contains line-delimited URLs (that is, one URL per line). Then click the Upload table button to add the URLs to the URL field.
Note:
Any existing URLs in the URL field are overwritten when you import a list of
URLs from a file.
Replace the
Content of a
Blocked Page with the Following Text
When a user attempts to access a blocked URL, the STM replaces the content of the blocked URL with the following text, which you can customize:
Internet Policy has restricted access to this location:
%URL%
Note:
Make sure that you keep the %URL% metaword in the text to enable the STM to insert the category that the blocked Web page falls under.
As an option, you can select the Insert Link to User Login Portal Page check box to include a hyperlink on screen that allows the user to log in as another user:
You are logged in as %USER%
(Click here to login as another user)
Note:
Make sure that you keep the %LOGIN-LINK% metaword in the text to enable the
STM to insert the actual hyperlink.
The text is displayed on the URL Filtering screen with HTML tags. Click Preview to open a screen that displays the notification text in HTML format.
4.
Click Apply to save your settings.
HTTPS Scan Settings
HTTPS traffic is encrypted traffic that cannot be scanned or the data stream would not be secure. However, the STM can scan HTTPS traffic that is transmitted through an HTTP proxy. The STM can break up the SSL connection between the HTTPS server and the HTTP client, scan the HTTPS traffic, and then rebuild the SSL connection.
Chapter 4. Content Filtering and Optimizing Scans | 119
ProSecure Web/Email Security Threat Management (STM) Appliance
The following figure shows the HTTPS scanning traffic flow:
Figure 65.
The HTTPS scanning process functions with the following principles:
•
The STM breaks up an SSL connection between an HTTPS server and an HTTP client into two parts:
-
A connection between the HTTPS client and the STM
-
A connection between the STM and the HTTPS server
•
The STM simulates the HTTPS server communication to the HTTPS client, including the
SSL negotiation, certificate exchange, and certificate authentication. In effect, the STM functions as the HTTPS server for the HTTPS client.
•
The STM simulates the HTTPS client communication to the HTTPS server, including the
SSL negotiation, certificate exchange, and certificate authentication. In effect, the STM functions as the HTTPS client for the HTTPS server.
During SSL authentication, the HTTPS client authenticates three items:
•
Is the certificate trusted?
•
Has the certificate expired?
•
Does the name on the certificate match that of the website?
120 | Chapter 4. Content Filtering and Optimizing Scans
ProSecure Web/Email Security Threat Management (STM) Appliance
If one of these is not satisfied, a security alert message displays in the browser window:
Figure 66.
However, even when a certificate is trusted or still valid, or when the name of a certificate does match the name of the website, a security alert message still displays when a user who is connected to the STM visits an HTTPS site. The appearance of this security alert message is expected behavior because the HTTPS client receives a certificate from the STM instead of directly from the HTTPS server. If you want to prevent this security alert message from displaying, install a root certificate on the client PC. The root certificate can be downloaded
from the STM’s User Portal Login screen (see
If client authentication is required, the STM might not be able to scan the HTTPS traffic because of the nature of SSL. SSL has two parts—client and server authentication. HTTPS server authentication occurs with every HTTPS request, but HTTPS client authentication is not mandatory, and rarely occurs. Therefore it is of less importance whether the HTTPS request comes from the STM or from the real HTTPS client.
However, certain HTTPS servers do require HTTPS client certificate authentication for every
HTTPS request. Because of the design of SSL, the HTTPS client needs to present its own certificate in this situation rather than using the one from the STM, preventing the STM from scanning the HTTPS traffic. For information about certificates, see
You can specify trusted hosts for which the STM bypasses HTTPS traffic scanning. For more
Chapter 4. Content Filtering and Optimizing Scans | 121
ProSecure Web/Email Security Threat Management (STM) Appliance
To configure the HTTPS scan settings:
1.
Select Web Security > HTTP/HTTPS from the menu. The HTTP/HTTPS submenu tabs display, with the Malware Scan screen in view.
2.
Click the HTTPS Settings submenu tab. The HTTPS Settings screen displays:
Figure 67.
122 | Chapter 4. Content Filtering and Optimizing Scans
ProSecure Web/Email Security Threat Management (STM) Appliance
3.
Select the check boxes and complete the field and as explained in the following table:
Table 36. HTTPS Settings
Setting
HTTP Tunneling
Description
Select this check box to allow scanning of HTTPS connections through an HTTP proxy, which is disabled by default. Traffic from trusted hosts is not scanned (see
Note:
For HTTPS scanning to occur correctly, you need to add the HTTP proxy server port in the Ports to
Scan field for the HTTPS service on the Services screen (see
Configuring the HTTP Proxy Settings
HTTPS SSL Settings
Select the Allow the STM to handle HTTPS connections using SSLv2 check box to allow HTTPS connections using SSLv2, SSLv3, or TLSv1. If this check box is cleared, the STM allows HTTPS connections using SSLv3 or TLSv1, but SSLv2 connections are dropped by the STM.
HTTPS 3rd Party Website Certificate Handling
Select this check box to allow a Secure Sockets Layer (SSL) connection with a valid certificate that is not signed by a trusted Certificate Authority (CA). The default setting is to allow such as a connection.
Show This Message When an SSL Connection Attempt Fails
By default, a rejected SSL connection is replaced with the following text, which you can customize:
The SSL connection cannot be established.
URL: %URL%
REASON: %REASON%
Note:
The text is displayed on the HTTPS Settings screen with HTML tags. Click Preview to open a screen that displays the notification text in HTML format.
Note:
Make sure that you keep the %URL% and %REASON% metawords in the text to enable the STM to insert the correct URL information and the reason of the rejection.
4.
Click Apply to save your settings.
Note:
For information about certificates that are used for SSL connections and HTTPS traffic, see
Chapter 4. Content Filtering and Optimizing Scans | 123
ProSecure Web/Email Security Threat Management (STM) Appliance
Specifying Trusted Hosts
You can specify trusted hosts for which the STM bypasses HTTPS traffic scanning and security certificate authentication. The security certificate is sent directly to the client for authentication, which means that the user does not receive a security alert for trusted hosts.
For more information about security alerts, see
Note that certain sites contain elements from different HTTPS hosts. As an example, assume that the https://example.com site contains HTTPS elements from the following three hosts:
•
trustedhostserver1.example.com
•
trustedhostserver2.example.com
•
imageserver.example.com
To completely bypass the scanning of the https://example.com site, you need to add all three hosts to the trusted hosts list because different files from these three hosts are also downloaded when a user attempts to access the https://example.com site.
To specify trusted hosts:
1.
Select Web Security > HTTP/HTTPS from the menu. The HTTP/HTTPS submenu tabs display, with the Malware Scan screen in view.
2.
Click the Trusted Hosts submenu tab. The Trusted Hosts screen displays. (The following figure contains an example.)
Figure 68.
124 | Chapter 4. Content Filtering and Optimizing Scans
ProSecure Web/Email Security Threat Management (STM) Appliance
3.
Complete the fields and select the check box as explained in the following table:
Table 37. Trusted Hosts Settings
Setting Description
Do Not Intercept HTTPS Connections for the following Hosts
Enable
Hosts
Select this check box to bypass scanning of trusted hosts that are listed in the Hosts field.
Users do not receive a security alert for trusted hosts that are listed in the Hosts field.
This field contains the trusted hosts for which scanning is bypassed. To add a host to this field, use the Add Host field or the Import from File tool (see later in this table). You can add a maximum of 200 hosts.
Add Host
Delete
Export
To delete one or more hosts, highlight the hosts, and click the Delete table button.
To export the hosts, click the Export table button and follow the instructions of your browser.
Type or copy a trusted host in the Add Host field. Then click the Add table button to add the host to the Hosts field.
Import from File To import a list with trusted hosts into the Hosts field, click the Browse button and navigate to a file in .txt format that contains line-delimited hosts (that is, one host per line). Then click the Upload table button to add the hosts to the Host field.
Note:
Any existing hosts in the Hosts field are overwritten when you import a list of hosts from a file.
4.
Click Apply to save your settings.
Configuring FTP Scans
Some malware threats are specifically developed to spread through the FTP protocol. By default, the STM scans FTP traffic, but you can specify how the STM scans FTP traffic and which action is taken when a malware threat is detected.
Note:
The STM does not scan password-protected FTP files.
Chapter 4. Content Filtering and Optimizing Scans | 125
ProSecure Web/Email Security Threat Management (STM) Appliance
To configure the FTP scan settings:
1.
Select Web Security > FTP from the menu. The FTP screen displays:
Figure 69.
2.
Complete the fields, select the check boxes, and make your selections from the drop-down lists as explained in the following table:
Table 38. FTP Scan Settings
Setting Description
Action
FTP Action From the FTP drop-down list, specify one of the following actions to be taken when an infected FTP file or object is detected:
• Quarantine file. The FTP file or object is placed in quarantine, a malware quarantine log entry is created, and depending on the nature of the malware threat, also a virus log entry or a spyware log entry.
• Delete file. This is the default setting. The FTP file or object is deleted, and depending on the nature of the malware threat, a virus log entry or a spyware log entry is created.
• Log only. Depending on the nature of the malware threat, only a virus log entry or a spyware log entry is created. The FTP file or object is not deleted.
126 | Chapter 4. Content Filtering and Optimizing Scans
advertisement
Related manuals
advertisement
Table of contents
- 8 What Is the ProSecure Web/Email Security Threat Management Appliance STM150, STM300, or STM600?
- 9 What Can You Do with an STM?
- 9 Key Features and Capabilities
- 10 Stream Scanning for Content Filtering
- 11 Autosensing Ethernet Connections with Auto Uplink
- 11 Easy Installation and Management
- 12 Maintenance and Support
- 12 STM Model Comparison
- 12 Service Registration Card with License Keys
- 13 Package Contents
- 14 Hardware Features
- 14 Front Panel Ports and LEDs
- 20 Rear Panel Features
- 22 Bottom Panel with Product Label
- 23 Choosing a Location for the STM
- 24 Using the Rack-Mounting Kit
- 25 Choosing a Deployment Scenario
- 25 Gateway Deployment
- 26 Server Group
- 27 Segmented LAN Deployment
- 27 Understanding the Steps for Initial Connection
- 28 Qualified Web Browsers
- 28 Logging In to the STM
- 30 Understanding the Web Management Interface Menu Layout
- 32 Using the Setup Wizard to Perform the Initial Configuration
- 33 Setup Wizard Step 1 of 10: Introduction
- 33 Setup Wizard Step 2 of 11: Networking Settings
- 35 Setup Wizard Step 3 of 11: Time Zone
- 37 Setup Wizard Step 4 of 11: Email Security
- 39 Setup Wizard Step 5 of 11: Web Security
- 42 Setup Wizard Step 6 of 11: Email Notification Server Settings
- 43 Setup Wizard Step 7 of 11: Update Settings
- 45 Setup Wizard Step 8 of 11: HTTP Proxy Settings
- 46 Setup Wizard Step 9 of 11: Web Categories
- 48 Setup Wizard Step 10 of 11: Configuration Summary
- 49 Setup Wizard Step 11 of 11: Restarting the System
- 49 Verifying Correct Installation
- 49 Testing Connectivity
- 49 Testing HTTP Scanning
- 50 Registering the STM with NETGEAR
- 51 What to Do Next
- 52 Configuring Network Settings
- 56 Configuring Session Limits and Timeouts
- 57 Configuring the Network Refresh and Permanent MAC Address Bindings
- 59 Managing Permanent MAC Address Bindings
- 60 Configuring the HTTP Proxy Settings
- 61 About Users with Administrative and Guest Privileges
- 62 Changing Administrative Passwords and Timeouts
- 64 Configuring Remote Management Access
- 65 Using an SNMP Manager
- 67 Supported MIB Browsers
- 67 Managing the Configuration File
- 68 Backing Up Settings
- 69 Restoring Settings
- 70 Reverting to Factory Default Settings
- 71 Updating the Software
- 71 Scheduling Updates
- 73 Performing a Manual Update
- 74 Critical Updates That Require a Restart
- 74 Configuring Date and Time Service
- 76 Managing Digital Certificates
- 78 Managing the Certificate for HTTPS Scans
- 79 Managing Trusted Certificates
- 80 Managing Untrusted Certificates
- 81 Managing the Quarantine Settings
- 82 Managing the STM’s Performance
- 84 About Content Filtering and Scans
- 85 Default Email and Web Scan Settings
- 87 Configuring Email Protection
- 87 Customizing Email Protocol Scan Settings
- 88 Customizing Email Anti-Virus Settings
- 94 Email Content Filtering
- 97 Protecting Against Email Spam
- 105 Configuring Web and Services Protection
- 105 Customizing Web Protocol Scan Settings
- 107 Configuring Web Malware Scans
- 109 Configuring Web Content Filtering
- 116 Configuring Web URL Filtering
- 119 HTTPS Scan Settings
- 124 Specifying Trusted Hosts
- 125 Configuring FTP Scans
- 127 Configuring Application Control
- 130 Setting Scanning Exclusions and Web Access Exceptions
- 130 Setting Scanning Exclusions
- 132 Setting Access Exception Rules for Web Access
- 139 Creating Custom Groups for Web Access Exceptions
- 142 Creating Custom Categories for Web Access Exceptions
- 147 About Users, Groups, and Domains
- 148 Configuring Groups
- 149 Creating and Deleting Groups by Name
- 150 Editing Groups by Name
- 151 Creating and Deleting Groups by IP Address and Subnet
- 152 Configuring User Accounts
- 153 Creating and Deleting User Accounts
- 154 Editing User Accounts
- 154 Configuring Authentication
- 155 Understanding the STM’s Authentication Options
- 157 Understanding Active Directories and LDAP Configurations
- 161 Creating and Deleting LDAP and Active Directory Domains
- 164 Editing LDAP and Active Directory Domains
- 164 Understanding the ProSecure DC Agent
- 165 Requirements for the ProSecure DC Agent Software and DC Agent Server
- 165 Downloading ProSecure DC Agent Software, and Creating and Deleting DC Agents
- 167 Creating and Deleting RADIUS Domains
- 169 Editing RADIUS Domains and Configuring VLANs
- 170 Global User Settings
- 172 Viewing and Logging Out Active Users
- 175 Configuring Logging, Alerts, and Event Notifications
- 176 Configuring the Email Notification Server
- 177 Configuring and Activating System, Email, and Syslog Logs
- 182 Configuring Alerts
- 184 Monitoring Real-Time Traffic, Security, Statistics, and Web Usage
- 184 Understanding the Information on the Dashboard Screen
- 190 Monitoring Web Usage
- 192 Viewing System Status
- 194 Querying Logs
- 199 Example: Using Logs to Identify Infected Clients
- 199 Log Management
- 200 Viewing, Scheduling, and Generating Reports
- 200 Report Templates
- 202 Generating Reports for Downloading
- 203 Scheduling Automatic Generation and Emailing of Reports
- 204 Advanced Report Filtering Options
- 208 Viewing and Managing the Quarantine Files
- 215 Using Diagnostics Utilities
- 216 Using the Network Diagnostic Tools
- 217 Using the Realtime Traffic Diagnostics Tool
- 218 Gathering Important Log Information and Generating a Network Statistics Report
- 219 Restarting and Shutting Down the STM
- 222 Basic Functioning
- 222 Power LED Not On
- 222 Test LED or Status LED Never Turns Off
- 223 LAN or WAN Port LEDs Not On
- 223 Troubleshooting the Web Management Interface
- 224 When You Enter a URL or IP Address a Time-Out Error Occurs
- 224 Troubleshooting a TCP/IP Network Using a Ping Utility
- 225 Testing the LAN Path to Your STM
- 225 Testing the Path from Your PC to a Remote Device
- 226 Restoring the Default Configuration and Password
- 227 Problems with Date and Time
- 227 Using Online Support
- 227 Enabling Remote Troubleshooting
- 228 Installing Hot Fixes
- 229 Sending Suspicious Files to NETGEAR for Analysis
- 230 Accessing the Knowledge Base and Documentation