i-i i-ii Trend Micro Incorporated reserves the right to make changes to this document and to the products described herein without notice. Before installing and using the software, please review the readme files, release notes and the latest version of the Installation Guide, which are available from Trend Micro’s Web site at: http://www.trendmicro.com/download/documentation/ Trend Micro, the Trend Micro t-ball logo, InterScan, TrendLabs, Trend Micro Control Manager, and Trend Micro Damage Cleanup Services are trademarks or registered trademarks of Trend Micro, Incorporated. All other product or company names may be trademarks or registered trademarks of their owners. Copyright© 2011 Trend Micro Incorporated. All rights reserved. No part of this publication may be reproduced, photocopied, stored in a retrieval system, or transmitted without the express prior written consent of Trend Micro Incorporated. Release Date: January 2011 Protected by U.S. Patent No. 5,951,698 The Administrator’s Guide for Trend Micro is intended to provide in-depth information about the main features of the software. You should read through it prior to installing or using the software. For technical support, please refer to the Technical Support and Troubleshooting chapter for information and contact details. Detailed information about how to use specific features within the software are available in the online help file and online Knowledge Base at Trend Micro’s Web site. Trend Micro is always seeking to improve its documentation. If you have questions, comments, or suggestions about this or any Trend Micro documents, please contact us at [email protected]. Your feedback is always welcome. Please evaluate this documentation on the following site: http://www.trendmicro.com/download/documentation/rating.asp ii Contents Preface IWSVA Documentation ................................................................................xxii Audience ..........................................................................................................xxiii Document Conventions ...............................................................................xxiii About Trend Micro .......................................................................................xxiv Chapter 1: Introducing Trend Micro™ InterScan™ Web Security Virtual Appliance Web Traffic Security Risk Overview ...........................................................1-2 Smart Search Support ................................................................................1-3 Hardware Specifications ................................................................................1-4 Compatible Directory Servers ..................................................................1-5 Integration with ICAP 1.0-compliant Caching Devices ......................1-5 X-Authenticated ICAP Headers Support ..........................................1-5 What’s New ....................................................................................................1-6 High Availability .........................................................................................1-6 Cluster Management ..................................................................................1-6 Hardware Event Monitoring ....................................................................1-6 Network Packet Capturing .......................................................................1-6 System Updates ..........................................................................................1-7 Hyper-V Installation Supported ..............................................................1-7 Prevention of Brute Force Attacks against Password ..........................1-7 Advanced Reports and Management (ARM) Database Failover Support ........................................................................................1-7 Updates for URL Categories ....................................................................1-7 Main Features ..................................................................................................1-8 Support for Multiple Trend Micro™ InterScan™ Web Security Virtual Appliance Installations ..............................................................1-8 HTTP Virus Scanning ...............................................................................1-8 iii FTP Scanning ..............................................................................................1-8 Improved Deferred Scanning for HTTP and FTP Large File Scans .1-9 Applets and ActiveX Security ...................................................................1-9 URL Filtering ..............................................................................................1-9 Direct URL Filter Category Selection .....................................................1-9 URL Filtering Category Mapping .....................................................1-10 Access Quota Policies ..............................................................................1-16 URL Access Control ................................................................................1-16 IP Address, Host Name and LDAP Client Identification .................1-16 Server and Port Access Control Restrictions .......................................1-16 Notifications ..............................................................................................1-16 PhishTrap ..................................................................................................1-17 Web Reputation ........................................................................................1-17 Anti-phishing and Anti-pharming Based on Web Reputation .....1-18 IntelliTrap ..................................................................................................1-18 IntelliTunnel ..............................................................................................1-18 Easier Collection of System Information for Support Diagnosis .....1-19 True File-type Blocking Within Compressed Files .............................1-19 Real-time Statistics and Alerts ................................................................1-19 Configurable Threshold Warning ..........................................................1-20 Reverse Proxy Support ............................................................................1-20 Logs and Reports ......................................................................................1-20 Additional Reporting Information .........................................................1-21 Integration with Cisco WCCP ................................................................1-22 Command Line Interface ........................................................................1-22 HTTPS Decryption ..................................................................................1-23 Secure Shell (SSH) Configuration in Web Console ............................1-23 Per-policy Exception ...............................................................................1-23 Compressed File Handling Actions .......................................................1-23 Custom Category ......................................................................................1-23 URL Monitoring Mode ...........................................................................1-23 Reporting ...................................................................................................1-24 Web Page Analysis ...................................................................................1-24 Safe Search Engine ...................................................................................1-24 User/group Name Authentication in Transparent Mode (WCCP and Bridge mode) ............................................................................1-24 White List for User/group Name Authentication ..............................1-24 iv Network Interface Configuration and PING Management ..............1-25 System Event Logs ..................................................................................1-25 Syslog Support ..........................................................................................1-25 System Shutdown or Restart ..................................................................1-25 Configuration Backup and Restore .......................................................1-25 License Management in Control Manager ...........................................1-26 Manual Component Update Button .....................................................1-26 Advanced Reporting and Management Integration ...........................1-26 Deployment Wizard ................................................................................1-26 Fail Open/LAN Bypass ..........................................................................1-26 Notification Message Enhancement .....................................................1-26 Smart Search .............................................................................................1-27 URL Filtering Access Warning Mode ...................................................1-27 LDAP Integration Policy Improvement ..............................................1-27 Product License ........................................................................................1-27 Content Cache ..........................................................................................1-27 HTTPS Scanning .....................................................................................1-28 X-Forwarded-For Header .......................................................................1-28 Administration and Management ..........................................................1-28 Virus Scan Technology Enhancement .................................................1-28 Chapter 2: Deployment Wizard Overview of the Deployment Wizard .........................................................2-2 Mode Selection ................................................................................................2-2 Transparent Bridge Mode .........................................................................2-3 Transparent Bridge Mode - High Availability .......................................2-4 About Cluster IP Addresses ................................................................2-5 About Weighted Priority Election ......................................................2-6 Create a New Cluster ............................................................................2-6 Join an Existing Cluster .......................................................................2-7 Forward Proxy Mode ................................................................................2-8 Reverse Proxy Mode ...............................................................................2-10 ICAP Mode ...............................................................................................2-11 Deploying IWSVA in ICAP Mode in the Deployment Wizard ..2-12 Simple Transparency Mode ....................................................................2-12 Web Cache Coordination Protocol (WCCP) Mode ...........................2-14 v Mode-specific Settings ..................................................................................2-15 Proxy Settings ...........................................................................................2-15 Forward Proxy Mode ..........................................................................2-16 Reverse Proxy Settings .......................................................................2-19 ICAP Settings ............................................................................................2-20 Simple Transparency Settings .................................................................2-22 WCCP Settings .........................................................................................2-23 Network Interface .........................................................................................2-24 Host Information .....................................................................................2-25 Interface Status ....................................................................................2-25 Data Interface ......................................................................................2-28 Separate Management Interface ........................................................2-30 Miscellaneous Settings .............................................................................2-31 Static Routes ...................................................................................................2-32 Product Activation ........................................................................................2-33 About Licenses .........................................................................................2-33 Third-party Licensing Agreements ...................................................2-34 Registering Online ....................................................................................2-34 About Activation Codes ..........................................................................2-35 System Time Settings ....................................................................................2-36 Summary .........................................................................................................2-37 Results .............................................................................................................2-38 Deployment Status ..............................................................................2-38 Post Deployment ...........................................................................................2-39 LAN-bypass Function .............................................................................2-39 Enabling the LAN-bypass Function ................................................2-40 Setting Up IWSVA ICAP .......................................................................2-41 Setting up an ICAP 1.0-compliant Cache Server ...........................2-41 Configuring Virus-scanning Server Clusters ........................................2-48 Deleting a Cluster Configuration or Entry ......................................2-48 Flushing Existing Cached Content from the Appliance ....................2-49 Verifying that InterScan Web Security Virtual Appliance is Listening for ICAP Requests ................................................................2-49 Understanding the Differences between Request Mode and Response Mode ..........................................................................................2-51 vi Triggering a Request Mode Action ..................................................2-52 Triggering a Response Mode Action ...............................................2-52 Chapter 3: High Availability and Cluster Management High Availability Overview ...........................................................................3-2 About Active/Passive Pairs ......................................................................3-3 The HA Agent Handles Status Changes ...........................................3-4 Failover vs. Switchover ........................................................................3-4 HA Agent and Interfaces ...............................................................................3-4 About the Deployment Wizard ...............................................................3-4 Creating a Cluster ..................................................................................3-5 Joining a Cluster ....................................................................................3-5 About the Application Health Monitor ..................................................3-5 Link Loss Detection .............................................................................3-5 About Central Management .....................................................................3-6 Centrally Managed and Non-centrally Managed Features ..............3-8 About Cluster Management ...................................................................3-10 Cluster Configuration .........................................................................3-11 Node Configuration ............................................................................3-11 Cluster Logs and Notifications .........................................................3-12 Accessing the Cluster .........................................................................3-13 Cluster Management Web Console Page ........................................3-15 Chapter 4: Updates Product Maintenance .....................................................................................4-2 Renewing Your Maintenance Agreement .............................................4-2 About ActiveUpdate .......................................................................................4-3 Updating From the IWSVA Web Console ............................................4-3 Proxy Settings for Updates ............................................................................4-3 Updatable Program Components .................................................................4-4 Virus Pattern File .......................................................................................4-5 How it Works ........................................................................................4-6 Phish Pattern File .......................................................................................4-7 Page Analysis Pattern ................................................................................4-7 vii Spyware/Grayware Pattern File ...............................................................4-7 IntelliTrap Pattern and IntelliTrap Exception Pattern Files ................4-8 Scan Engine .................................................................................................4-8 About Scan Engine Updates ................................................................4-9 Web Reputation Database ......................................................................4-10 Incremental Updates of the Pattern Files and Engines ......................4-10 Component Version Information ..........................................................4-10 Manual Updates .............................................................................................4-11 Forced Manual Updates ..........................................................................4-11 Scheduled Updates ........................................................................................4-12 Maintaining Updates .....................................................................................4-13 Verifying a Successful Update ................................................................4-13 Update Notifications ................................................................................4-13 Rolling Back an Update ...........................................................................4-14 Deleting Old Pattern Files ......................................................................4-14 Controlled Virus Pattern Releases ..............................................................4-15 Chapter 5: HTTP Configuration Enabling the HTTP(s) Traffic Flow .............................................................5-2 Specifying a Proxy Configuration and Related Settings ............................5-2 Proxy Configurations .................................................................................5-4 No Upstream Proxy (Stand-alone Mode) ..........................................5-4 Upstream Proxy (Dependent Mode) ..................................................5-5 Transparent Proxy .................................................................................5-7 Reverse Proxy ........................................................................................5-9 Proxy-related Settings ..............................................................................5-10 HTTP Listening Port ..........................................................................5-10 Anonymous FTP Logon Over HTTP Email Address ..................5-11 Network Configuration and Load Handling .............................................5-11 Shared Policy after Registering to ARM ...............................................5-12 Configuring Internet Access Control Settings ..........................................5-13 Identifying Clients and Servers ...............................................................5-13 Client IP .....................................................................................................5-14 Server IP White List .................................................................................5-15 viii
Description: