ebook img

Trend Micro™ InterScan™ Web Security Virtual Appliance Administrator's Guide PDF

774 Pages·2013·7.25 MB·English
by  
Save to my drive
Quick download
Download
Most books are stored in the elastic cloud where traffic is expensive. For this reason, we have a limit on daily download.

Preview Trend Micro™ InterScan™ Web Security Virtual Appliance Administrator's Guide

i-i Trend Micro™ InterScan™ Web Security Virtual Appliance 6.0 Administrator’s Guide i-ii Trend Micro Incorporated reserves the right to make changes to this document and to the products described herein without notice. Before installing and using the software, please review the readme files, release notes and the latest version of the Installation Guide, which are available from Trend Micro’s Web site at: http://www.trendmicro.com/download/documentation/ Trend Micro, the Trend Micro t-ball logo, InterScan, TrendLabs, Trend Micro Control Manager, and Trend Micro Damage Cleanup Services are trademarks or registered trademarks of Trend Micro Incorporated. All other product or company names may be trademarks or registered trademarks of their owners. Copyright© 2013 Trend Micro Incorporated. All rights reserved. No part of this publication may be reproduced, photocopied, stored in a retrieval system, or transmitted without the express prior written consent of Trend Micro Incorporated. Release Date: June 2013 Protected by U.S. Patent No. 5,951,698 The Administrator’s Guide for Trend Micro is intended to provide in-depth information about the main features of the software. You should read through it prior to installing or using the software. For technical support, please refer to the Technical Support and Troubleshooting chapter for information and contact details. Detailed information about how to use specific features within the software are available in the Online Help file and online Knowledge Base at Trend Micro’s Web site. Trend Micro is always seeking to improve its documentation. If you have questions, comments, or suggestions about this or any Trend Micro documents, please contact us at [email protected]. Your feedback is always welcome. Please evaluate this documentation on the following site: http://www.trendmicro.com/download/documentation/rating.asp i ii Contents Preface IWSVA Documentation ................................................................................xxii Audience ..........................................................................................................xxiii Document Conventions ...............................................................................xxiii About Trend Micro .......................................................................................xxiv Chapter 1: Introducing Trend Micro™ InterScan™ Web Security Virtual Appliance Main Features ..................................................................................................1-2 Application Control ...................................................................................1-2 Traffic Monitoring and Reporting ...........................................................1-2 HTTP Inspection .......................................................................................1-2 Password Override Action for Blocked URL Filtering Categories ....1-2 Time Limit Action for URL Filtering .....................................................1-3 Time Quota Extension for URL Filtering Time Limit Action ...........1-3 Data Loss Prevention ................................................................................1-3 Data Identifier Types ............................................................................1-4 Expressions .................................................................................................1-4 Predefined Expressions ........................................................................1-4 Keyword Lists .............................................................................................1-5 Predefined Keyword Lists ...................................................................1-5 Data Loss Prevention Templates ............................................................1-5 Data Loss Prevention Policies .................................................................1-6 Advanced Threat Protection ....................................................................1-6 HTTPS Decryption ...................................................................................1-6 Web Reputation .........................................................................................1-6 High Availability .........................................................................................1-7 FTP Scanning .............................................................................................1-7 URL Filtering ..............................................................................................1-8 Content Caching ........................................................................................1-8 IP Address, Host Name and LDAP-based Client Identification .......1-8 iii Hyper-V Installation Support ...................................................................1-8 Notifications ................................................................................................1-9 Real-time Statistics and Alerts ..................................................................1-9 Logs and Reports ........................................................................................1-9 Syslog Support ..........................................................................................1-10 Integration with Cisco WCCP ................................................................1-10 Reverse Proxy Support ............................................................................1-11 Support for Multiple Trend Micro™ InterScan™ Web  Security Virtual Appliance Installations ................................1-11 Command Line Interface ........................................................................1-11 What’s New? ..................................................................................................1-12 System Specifications ....................................................................................1-15 Web-based Browser Requirements ........................................................1-15 Hardware Requirements ..........................................................................1-15 Compatible Directory Servers for End-User Authentication ............1-16 Integration with ICAP 1.0-compliant Caching Devices .....................1-16 X-Authenticated ICAP Headers Support ........................................1-16 System Status ..................................................................................................1-16 Enabling Threshold Alert Settings ....................................................1-17 Concurrent Connections Display ......................................................1-18 Interface Status ....................................................................................1-18 Hardware Status ........................................................................................1-19 SNMP Queries and Traps .......................................................................1-20 CPU Usage Display .............................................................................1-20 Physical Memory Usage Display .......................................................1-21 Hard Drive Display .............................................................................1-21 Accessing Additional Web Threat Information ..................................1-22 Dashboard ......................................................................................................1-23 Web Traffic Security Risk Overview ..........................................................1-24 Smart Search Support ..............................................................................1-26 Chapter 2: Deployment Wizard Overview of the Deployment Wizard ..........................................................2-2 Mode Selection ................................................................................................2-2 iv Transparent Bridge Mode .........................................................................2-3 Transparent Bridge Mode - High Availability .......................................2-4 About Cluster IP Addresses ................................................................2-5 About Weighted Priority Election ......................................................2-6 Create a New Cluster ............................................................................2-6 Join an Existing Cluster .......................................................................2-8 Forward Proxy Mode ................................................................................2-9 Reverse Proxy Mode ...............................................................................2-10 ICAP Mode ...............................................................................................2-11 Deploying IWSVA in ICAP Mode in the Deployment Wizard ..2-12 Simple Transparency Mode ....................................................................2-13 Web Cache Coordination Protocol (WCCP) Mode ...........................2-14 Mode-specific Settings .................................................................................2-15 Proxy Settings ...........................................................................................2-15 Forward Proxy Mode .........................................................................2-16 Reverse Proxy Settings .......................................................................2-18 ICAP Settings ...........................................................................................2-19 Simple Transparency Settings ................................................................2-21 WCCP Settings .........................................................................................2-22 Network Interface .........................................................................................2-25 Host Information .....................................................................................2-25 Interface Status ....................................................................................2-26 Data Interface ......................................................................................2-29 Separate Management Interface ........................................................2-31 Miscellaneous Settings (IPv4 and IPv6) ...............................................2-32 Static Routes ..................................................................................................2-33 Product Activation ........................................................................................2-34 About Licenses .........................................................................................2-35 Third-party Licensing Agreements ...................................................2-35 Registering Online ...................................................................................2-35 About Activation Codes .........................................................................2-37 System Time Settings ...................................................................................2-38 Results .............................................................................................................2-38 Deployment Status ..............................................................................2-39 Post Deployment ..........................................................................................2-39 v LAN Bypass Function .............................................................................2-40 Enabling the LAN Bypass Function ................................................2-41 Setting Up IWSVA ICAP .......................................................................2-42 Setting up an ICAP 1.0-compliant Cache Server ...........................2-43 Configuring Virus-scanning Server Clusters ........................................2-49 Deleting a Cluster Configuration or Entry ......................................2-50 Flushing Existing Cached Content from the Appliance ....................2-50 Verifying that InterScan Web Security Virtual Appliance  is Listening for ICAP Requests ..........................................2-51 Understanding the Differences between Request Mode  and Response Mode ................................................................2-53 Triggering a Request Mode Action ...................................................2-53 Triggering a Response Mode Action ................................................2-53 Chapter 3: High Availability and Cluster Management for Transparent Bridge Mode High Availability Overview ............................................................................3-2 About Active/Passive Pairs ......................................................................3-3 The HA Agent Handles Status Changes ............................................3-4 Failover vs. Switchover .........................................................................3-4 HA Agent and Interfaces ...............................................................................3-4 About the Deployment Wizard ................................................................3-4 Creating a Cluster ..................................................................................3-5 Joining a Cluster .....................................................................................3-5 About the Application Health Monitor ..................................................3-5 Link Loss Detection ..............................................................................3-6 About Central Management .....................................................................3-6 Centrally Managed and Non-centrally Managed Features ..............3-7 About Cluster Management ....................................................................3-10 Cluster Configuration .........................................................................3-10 Node Configuration ............................................................................3-11 Cluster Logs and Notifications ..........................................................3-12 Accessing the Cluster ..........................................................................3-12 Cluster Management Web Console Page .........................................3-14 vi Chapter 4: Updates Product Maintenance .....................................................................................4-2 Renewing Your Maintenance Agreement .............................................4-2 About ActiveUpdate .......................................................................................4-3 Updating From the IWSVA Web Console ............................................4-3 Proxy Settings for Updates ............................................................................4-3 Updatable Program Components .................................................................4-4 Virus Pattern File .......................................................................................4-5 How it Works ........................................................................................4-5 Page Analysis Pattern ................................................................................4-6 Spyware/Grayware Pattern File ...............................................................4-7 IntelliTrap Pattern and IntelliTrap Exception Pattern Files ...............4-7 Scan Engine ................................................................................................4-8 About Scan Engine Updates ...............................................................4-9 Web Reputation Database ........................................................................4-9 Incremental Updates of the Pattern Files and Engines .....................4-10 Component Version Information .........................................................4-10 Manual Updates ............................................................................................4-10 Forced Manual Updates ..........................................................................4-11 Scheduled Updates ........................................................................................4-11 Maintaining Updates .....................................................................................4-13 Update Notifications ...............................................................................4-13 Rolling Back an Update ..........................................................................4-13 Deleting Old Pattern Files ......................................................................4-13 Controlled Virus Pattern Releases ..............................................................4-14 Chapter 5: Application Control Application Control Overview .....................................................................5-2 Application Control Policy List ....................................................................5-2 Add Policies: Select Accounts ..................................................................5-4 Adding an Application Control Policy ..............................................5-4 Add or Edit Policies: Specify Rules for Application  Control Policies ..........................................................................5-5 vii Specifying Application Control Policy Rules ....................................5-5 Application Control Settings ....................................................................5-7 Traffic Monitoring Overview ........................................................................5-8 Notification for Denying HTTP/HTTPS Access  with Application Control ..........................................................5-9 Chapter 6: HTTP Configuration Enabling the HTTP/HTTPS Traffic Flow .................................................6-2 Specifying a Proxy Configuration and Related Settings ............................6-2 Proxy Configurations .................................................................................6-4 No Upstream Proxy (Stand-alone Mode) ..........................................6-4 Upstream Proxy (Dependent Mode) ..................................................6-5 Transparent Proxy .................................................................................6-7 Reverse Proxy ........................................................................................6-9 Proxy-related Settings ..............................................................................6-10 HTTP Listening Port ..........................................................................6-10 Anonymous FTP Logon Over HTTP Email Address ..................6-11 Network Configuration and Load Handling .............................................6-11 Configuring Internet Access Control Settings ..........................................6-12 Identifying Clients and Servers ...............................................................6-13 Client IP .....................................................................................................6-13 Approved Server IP List .........................................................................6-14 Destination Port Restrictions .................................................................6-15 HTTPS Ports ............................................................................................6-16 Chapter 7: Policies and User Identification Method How Policies Work .........................................................................................7-2 Default Global and Guest Policies ...............................................................7-4 About the Guest Policy .............................................................................7-5 Enabling the Guest Account ....................................................................7-5 Policy Queries .............................................................................................7-6 Deploying Policies ...........................................................................................7-6 Configuring the User Identification Method ..............................................7-6 viii

Description:
Trend Micro Incorporated reserves the right to make changes to this Verifying that InterScan Web Security Virtual Appliance Server Certificate Validation
See more

The list of books you might like

Most books are stored in the elastic cloud where traffic is expensive. For this reason, we have a limit on daily download.