If you want to change our default proxy port for security reasons or you have another application already listening on that port, just follow these instructions:

1) Go to your hidden screen, http://xx.xx.xx.xx:7999/admin/setup/proxy/adv.php
2) Change the ‘Proxy Server Port:’ option to any port number
3) Click Submit
4) Restart service

Default Port: 8080

We never stop improving and we love to receive feedback from you!

Our in-house support staff is available to assist you and can be reached at (321) 953-5351, ext. 4 or email at support@wavecrest.net.

Unfortunately, some instances of Web-use activity cannot be readily identified or categorized by Web access management products.  One type appears in the Wavecrest products’ Web Monitor and employee internet usage reports simply as IP addresses with no domain.

If the IP address is not recognized by our product it is put into IP address category and not into “Other” for the below reasons  (While some IP addresses have been identified and categorized in the Wavecrest URL control list, many have not.) If the product does not recognize the IP Address, it initially assigns them – in parallel to two special categories: (a) the IP Address category, and (b) the “Other” (uncategorized) category. This ‘groups’ them so they can be dealt with, as follows.

Using IP Addresses to Help Analyze Web Activity. At first glance it may appear impossible to make use of these initially unidentified IP addresses, but that’s not really the case. With a bit of work, it’s possible to:

• Deduce the source and purpose of most of them
• Categorize the legitimate ones
• Isolate/neutralize the malicious ones

Let’s see how this is done.

First though, for purposes of this discussion, let’s ‘label’ the four general types of unidentified IP addresses. We’ll call them:

• ‘Internal and partner Web pages without domain names’
• ‘Innocent links on Web sites’
• ‘Possible malware or virus servers.’
• ‘Public proxies’

Identification and Corrective Action Process. This is a three step process: (a) listing the IP addresses; (b) classifying them by the types defined above; and (c) taking appropriate action.

To take the first step, simply run a Top Non-Categorized Sites Report and note the rows with IP addresses.  Then, as explained below, classify each (by type) and take action.

1. IP Addresses Associated with Internal and Partner Web Pages.  These IP addresses could result from user-generated or Web application traffic. Using local knowledge, determine the sources and then enter the addresses in one or more custom categories. If you wish, give the addresses recognizable names. Complete instructions on how to create custom categories can be found in our manual.
2. IP Addresses Associated with Innocent links on Web sites. These addresses could be associated with image or ad servers. If you send a Otherwise report that contains these IPs to Wavecrest our categorization team will research and categorize these IPs for you  the same way we would categorize domains. If you would like to identify them yourself there are IP Address lookup tools like the one available from http://www.networksolutions.com This tool will provide you with information about the owner of the IP address(es) of interest. For example, the owner of the IP address could be a marketing company that serves ads, or it could be an image server. Once identified, add the addresses to one or more custom categories. If you wish, give the addresses recognizable names.
3. IP Addresses Associated with Possible Malware or Virus Servers. These addresses could be associated with malware, spyware or virus servers. The clue here is very high around-the-clock traffic (an indication that the user’s computer has been infected or attacked).  The solution in these cases is to isolate the internal computer(s) and remove the malware/spyware or virus.
4. Public proxies. Also known as “Anonymous proxies”, public proxies are often used by employees or students who want to get around Web filters and/or avoid being identified by Internet logging. In other words, public proxies allow individuals to surf the Web “anonymously.” Many public proxies promote spyware or malware activity. They are created to gather user information, or even worse, company information on an employee’s computer. They often log an individual’s online browsing, emails, and chat sessions to gather user names, passwords, credit card or banking information. Some of the information gained, e.g., email addresses, is often used to sell to other companies for marketing purposes.

For more information, read our post: The danger of public proxies.

Many customers have asked for it, so back in March, Wavecrest Computing added a new option to receive or email reports in PDF format.  This option is available for any manual or scheduled report in your Cyfin or CyBlock product.  To receive or email your reports in PDF format, simply select PDF in the Report Format pulldown on any of the reporting screens.

The option to email and run reports in HTML format is still available, and HTML format must be used when using Interactive reporting for drill-down purposes.

If you have any questions about this new feature or any other features in your Cyfin or CyBlock product, please feel free to contact us.

If you are still using Internet Explorer 6, we and Microsoft recommend that you upgrade as soon as possible.  One of the main reasons to upgrade is that Wavecrest’s CyBlock versions 6.3.0 and later and Cyfin versions 8.3.0 and later no longer support IE6.

Microsoft also has a big push now to get users to upgrade and stop using IE6.  See their new website ie6countdown.com. One of the main reasons they are pushing the upgrade is security. They state, “we recommend that Internet Explorer 6 users upgrade to a newer version of Internet Explorer for a safer browsing experience.” So if you haven’t done so already, Wavecrest recommends that you take a minute to make sure all of the computers and servers in your network are upgraded to a later version of Internet Explorer.

If you have any questions, please contact Wavecrest’s technical support team by phone at 321-953-5351, ext. 4 or toll-free at 1-877-442-9346, ext. 4.

Sources:

The Internet Explorer 6 Countdown
Microsoft Begs Users to Stop Using IE6
It’s Time to Finally Drop Internet Explorer 6

If you haven’t seen it yet, in the latest version of CyBlock 6.3.1, scheduled filtering has changed from hourly to half hour. This means that you can select to allow a category from 12:00 – 12:30pm instead of the full hour 12:00 – 1:00pm.

You can make these changes at Advanced Settings – Filter Settings – Block Web Categories. Simply click on the clock icon that appears when you select the “block” radio button and select the times you want to block and allow the category.

If you have not upgraded your product to the latest version of CyBlock, you may do so by going to Administration – Product Update screen.

When you create a custom category at the Advanced Settings — Category Setup — Custom Categories screen, the custom category is automatically set to ‘allow’ in all of your block policies.  So anybody will be able to access the sites listed in the newly created custom category.  If you want to block the sites in this category for some or all filter policies, be sure to go to the Advanced Settings — Filter Settings — Block Web Categories screen and set the policies to ‘block’.

In order to obtain usernames for filtering and/or reporting purposes in CyBlock Proxy, Cyfin Proxy, or CyBlock Appliance, authentication must be enabled. An issue that arises with authentication is that there are some Web apps and URLs/Domains that do not respond to the authentication request properly.  Because of this, in versions 6.2.0 and 8.2.0 we added the Authentication Manager in CyBlock Proxy, Cyfin Proxy and the CyBlock Appliance.

The Authentication Manager helps prevent these issues by automatically detecting the disruptions, identifying the failed applications, and employing automatic authentication-bypass techniques (when authentication is enabled in Moderate mode). This allows users to bypass proxy authentication (not the proxy server) with those web sites and web applications that do not properly respond to the proxy authentication request.  An example of this is your offensive line in a football game.  Just like your offensive line creates a hole for the running back to run through, bypass authentication opens a hole in the proxy so that the request can go through. The request will bypass authentication but not the proxy.

To learn more about proxy authentication and the Authentication Manager, read our document “Managing Web Application Authentication Problems” and see your product manual for specific instructions on fully utilizing the Authentication Manager.

We often get great feedback on our helpful technical support from both customers or those simply evaluating our product. For those of you that have not had the pleasure of working with our technical support yet, we want to invite you to contact us about any questions you have on your CyBlock or Cyfin product.  You can check out our services and contact information below. And of course we’re here for those of you that we have had the pleasure of helping in the past.

At Wavecrest, we listen to our customers, and the majority of the new features that show up in our products have come from communications with our customers.  Our customers are the most valuable asset we have, and we appreciate every single one of you.  Thank You!

We invite those of you that have used our support services in the past to leave a comment about your experience.  We’d love the feedback.

Wavecrest Technical Support Services

• Support via Telephone and Email. Technical and customer support representatives are available to answer questions about product setup, policy support usage, technical issues and more—via phone or email at no cost.
• Product Installation Support. Although our products are easy to install and integrate, a technical specialist will be available to help you ensure a smooth startup.
• Quick Start guides. Each product includes a built-in “Quick Start” guide that walks you through basic setup and usage steps. Complete user manuals are also provided.
• Online Support Forum. Ask a question and find answers from other product users and our own technical support specialists on the forum.
• Blog, Twitter or Facebook Updates. Get product tech tips and keep up-to-date on the latest product news by either subscribing to our feed or following us.
• Product Upgrades. Product upgrades are included in the cost of your annual license.
• On-line Web Conference. This valuable customer communications tool enables our Support staff to more easily and quickly address any product-related questions, provide assistance with setup and/or troubleshoot technical issues. We also use it to demonstrate the product and provide product evaluators a better understanding of the functionality.
• Categorization list updates. Updates to Wavecrest’s URL list are available for download on a daily basis.
• The OtherWise Program (Reports Enhancement and Optimization).  The centerpiece of our continuous support services concept is a program we call “OtherWise.”  Under this voluntary and confidential arrangement, we work individually with customers to maximize the number and percentage of Web sites that the Wavecrest product identifies and categorizes. The program focuses on sites that are of particular interest to the individual organization and/or are popular with its workforce.

Contact Information
Toll-free: 877-442-9346, ext 4(U.S. and Canada)
Direct: 321-953-5351, ext 4
International:001-321-953-5351, ext 4 (outside U.S. and Canada)
Email: support@wavecrest.net
Forum: forum.wavecrest.net

As many of you may already know, Wavecrest’s Cyfin and CyBlock products include a Data Manager.  The Data Manager compresses logfile data. This reduces report-generation time by more than 95 percent (compared to methods that generate reports by reading logfiles directly). We highly recommended that you use the Data Manager.

There are two database setups in the Data Manager with the installation of Wavecrest products: Dashboard and Mass Storage.

Dashboard (High-level) Database. This database is designed to store high-level data that are used to generate sophisticated summary-level trending and comparison charts on the Dashboard.

Mass Storage (Low-level) Database. This highly scalable database is designed to store huge amounts of detailed, ‘low-level’ Web-use data. The reports that are supported by this database include audit detail reports that provide every URL visited by a user, category or domain.

The Dashboard database and the Mass Storage database data are stored in your installation path by default. You can move the path of these databases to a drive that has more disk space, which you will need as the databases grow. The Logfiles – Data Manager – Settings screen gives you the option to change the path for both databases.

Note: When changing the path for the Mass Storage database .war files, the product will move the .war files to the  new location for you. With the Dashboard database, the Superview folder (C:\Program Files\Wavecrest\Cyfin\wc\cf\db\Superview) will need to be manually copied to the new location.

Do you have a good handle on all outbound connections from your network, and how do you know?  Many times legitimate programs and applications downloaded are creating outbound connections without your knowledge or approval.  This can cause a serious drain on an organization’s network resources.  This exact scenario recently happened to a Wavecrest customer, and with the help of Wavecrest’s reports and technical support specialists, they were able to locate a program that was making 1,400+ outbound connections a day without their knowledge.

Many times, a program like this can be running in the background without the organization’s knowledge and is not necessarily identifiable in the process table.  It can only be caught if an organization is monitoring outbound Web connections through reports such as the ones in Wavecrest’s Cyfin and CyBlock products.

In this particular scenario, the customer became knowledgeable of these unauthorized outbound connections because there were a couple of users being locked out of their computers.  To troubleshoot the issue, they along with Wavecrest technical support used the Authentication Manager in their CyBlock Proxy product to investigate.  They found that the users’ computers were creating some outbound traffic that was not authenticating with the proper credentials, thus eventually locking the users out due to an authentication security setting the organization had on their Active Directory configuration.  By using the Authentication Manager, Real-time Web Monitor and other reports, our technical support specialists were able to identify the file that was making these unauthorized outbound connections and remove it from the computers.

This scenario proves that it is important to be aware of what is going on in your network, and Wavecrest’s products can help IT administrators do that. There are several steps you can take to prevent and identify these types of problems in your network.

1. Use reporting tools to spot unusual activity.
   1. Look for unusual patterns of Web activity.
      1. Review Dashboard trends to spot any unexpected spikes in activity.
      2. Review Dashboard top sites and top categories charts to find any unexpected sites or categories showing up in the top ten all of the sudden.
      3. Run a Site Analysis report at least once a week and be alert to changes in the volume and pattern of outbound Web activity. For example, if a single user is suddenly logging thousands of visits a day, chances are there’s an issue. That’s because “human” activity is usually more random.
   2. Watch the following categories: IP Address, Spyware/Malicious, Unsolicited or Push, Phishing/Fraud and Uncategorized “Other” Sites. High activity in these categories should raise a red flag for administrators. High traffic volume here warrants further investigation.
   3. Identify the source of the problem. Dig deeper by running a Category Audit Detail report to uncover both the site and the affected user. If your Category Audit Detail report shows an unusual number of hits to a specific Web site, that site is most likely the source of the issue.  You can also monitor the traffic in real time using the Real-Time Monitor to uncover the site causing the problem.
2. Update your Web-use management tools.
   1. Update your Acceptable Use Policy. Employees need to understand the risks of Web surfing. Minimize risks of Internet abuse by implementing a policy to curtail at-work surfing and communicate it clearly to employees.
   2. Update your Wavecrest list. The Wavecrest control list is updated daily. We recommend downloading your Wavecrest control list daily to minimize the number of visits categorized as “Other” and ensure the best coverage possible. You can set Cyfin and CyBlock to do this automatically on the Administration – URL List – Schedule screen. (Note: If you spot a problem Web site that is uncategorized, email it to us at sites@wavecrest.net. Our site analysts will review the site and categorize it appropriately.)
3. Contact Wavecrest Technical Support. Our support specialist are always eager to help you troubleshoot any issues you are having by helping you get the best out of the features and tools our products offer.

For more information on how Wavecrest’s products can help keep your network safe, we recommend you read our previous blog post on “Controlling Spyware” and “The Purpose of the IP Address Category.”

Note: The program in question that is addressed in this post is the Akamai NetSession Interface. It was hitting cn1.redswoosh.akadns.net and cn2.redswoosh.akadns.net 1400+ times a day. The program was located at C:\Program Files\Common Files\Akamai\AdminTool.exe. To remove the program with Wavecrest’s help, the customer:

1. Opened the Command Prompt
2. Went to the folder location by typing”Program Files\Common Files\Akamai”
3. Then typed “admin uninstall-force” to remove it.

Remember: Our technical support specialists are here to help. If you ever need help with your product configuration or see something unusual in a report or on the real-time monitor that you are unsure about, please feel free to contact Wavecrest technical support, and they will be happy to help you.

Technical Support Contact Information
Direct: 321-953-5351, ext. 4
Toll-Free: 877-442-9346 ext. 4
Email: support@wavecrest.net