- Monitor Web Access
- Reporting
- Technical Spec
- FAQs
Monitor Web Access
Web filtering and reporting software for your ISA Server.
Functional Features
- Filters Web access hourly by category, content type, and extension
- Produces Web-use reports that are detailed, accurate and actionable
- Features white list filtering by user, group, or enterprise
- Covers over 500 million Web pages in 81 different categories
- Customizable blocking message
Technical Features
- Filters and protects against spyware, malware, and other security threats
- Integrates easily with and supports multiple ISA servers
- Supports Microsoft ISA 2000, 2004, 2006 and Active Directory
- Includes an internal database that stores and compresses Web-use data
- Supports logfile format MSDE
- Array configuration capability lets IT manage policy configurations and reporting from one server
- Free technical support, daily URL list updates, and software upgrades
Reporting
Employee Internet reports that are detailed and accurate.
Employee Internet Reporting Features
- Customizable high and low-level reports show the Internet activity of a single user, a specific workgroup, or the entire organization.
- Interactive Reports provide single click action drill down so that you can quickly get more detailed Internet use on a specific user, category, classification rating and more.
- Internal Database speeds up reporting, easily handles large amounts of data, and lets you export Internet-use data to other applications for further analysis.
- Automatic Abuse Detection system identifies Internet abuse instantly.
- Custom Categories allow you to monitor sites of specific interest.
- Anonymous ID option ensures that ID names and IP addresses do not show in reports.
- Report Scheduler runs and distributes reports automatically.
- Access Accounts allow other personnel to run reports (supports Active Directory authentication).
Accurate Reporting
Employee Internet reports are often used as the basis for sensitive personnel actions and evidence in court. In both areas, erroneous information can lead to disastrous results. Wavecrest ensures the accuracy of its reports by using a couple of methods that will give you a clear view of employees' Internet activity.
- We Distinguish Visits from Hits.
Wavecrest reports show actual human click actions (‘visits’ or 'page views') separately from automatically generated extraneous hits (ads, banners, graphics, audio, etc.). “Visits” count how many Web pages a user actually requested, not all the elements downloaded as a result of those requests. - We Provide Reliable Metrics.
Wavecrest reports do not measure how long a user was online, and the reason is simple. The fact that a user downloaded a Web page to a browser doesn't necessarily mean that he or she was actually looking at that page while it was "open." After all, the user could have suddenly received a phone call, gone to lunch, attended a short-notice meeting, been interrupted by a colleague, or gone to the restroom. Also, users typically have more than one Web page "open" at a time, but only one is truly viewable. When a computer user clicks on a URL, that action merely constitutes a one-time request for a document, and the "connection" with the server is immediately broken. There is no "session," no end-of-session, and no possibility of measuring duration.
Interactive Reporting
With Interactive reports, you can quickly drill down to get more detailed Web-use data by simply clicking on a report's elements. It is an efficient way to get the detailed employee Internet reports that you need. It can also save administrators and report recipients a tremendous amount of time. It eliminates the need to log in to the product to run a detailed report on the same time frame. Instead, an audit detail report for the same time frame can quickly be retrieved by simply clicking on a user, category, etc. The image below illustrates how Interactive Reporting works.
1. Run a High-Level Summary Report
A Site Analysis report, for example, will show the number of Web visits that were acceptable, unacceptable, or neutral for the specified time period. To get more detailed data on the Unacceptable visits, simply click on "Unacceptable" and an Unacceptable Visits report will run.
2. Drill Down to an Unacceptable Visits Report
The Unacceptable Visits report will show all unacceptable categories, the users, and the number of visits to each unacceptable category. If a potential problem area is spotted, i.e., a user has an excessive number of visits, just click on the ID Name or IP address, and a User Audit Detail report will run.
3. Drill Down Further to a User Audit Detail Report
A User Audit Detail report is one of the most detailed reports Cyfin offers. This report includes every URL that a user visited, its category, and the date and time that the user accessed the Web page.
Sample Employee Internet Reports
High-Level Activity – Click on the links below to see excerpts from our most-used high-level report, "Site Analysis." They provide a quick look into a company's overall Internet use.
- Acceptability data: Activity totals grouped by your own “acceptability” criteria.
- Top cateories: Activity totaled and shown in categories, e.g., News, Porn, etc.
- Top users' visits: Most active Internet users, listed in descending order of total visits.
- Top bandwidth users: List users consuming the most bandwidth.
Low-Level Activity – Click on the links below to see the extensive and detailed drill-down capability built into Wavecrest's reports.
- Top Web sites: A list of domains visited most often by your users.
- Single category analysis: All Internet visits in a single category, e.g., Sports or Porn.
- Single user activity analysis: Breakdown of a single user's Internet visits.
- Top bandwidth sites: A list of the domains consuming the most bandwidth.
Abuse-Detection – Based on your company's Web-use policy, you can specify how many visits are acceptable in each Web category in a 24 hour period. If this threshold is exceeded by users, the reports will show it. Click below to see how Wavecrest's products automatically flag instances of abuse based on your threshold criteria.
- Top Abusers
Report Descriptions
CyBlock ISA has numerous standard reports with customizable parameters to give you the employee Internet use and bandwidth utilization information you need.
Technical Spec
Web filter plug-in for Microsoft ISA Server.
Use the links below to find out how CyBlock ISA Web filter fits into your network.
- Network Configuration
- Array Configuration
- OS Requirements
- ISA Server 2004 and 2006 Compatibility
- ISA Server 2000 Compatibility
Network Configuration
CyBlock ISA plug-in installs directly on Microsoft ISA Server, monitoring user activity, filtering access to the Web sites or categories of sites you specify, and generating categorized reports on user activity.
Array Configuration
Install CyBlock ISA on multiple ISA Servers and manage settings from the designated primary console. This makes for easy administration when managing different locations or a large number of employees.
- Install CyBlock ISA on your specified ISA servers.
- Designate one server as your primary and follow the instructions on the product's Setup - Array screen to get set up properly.
- Enter settings at the primary console, and add the other servers to its product "array" (not to be confused with an actual Microsoft ISA Server array, which has no effect on this configuration).
- Settings and policies you make will be applied to secondary servers. For more information, check the CyBlock ISA product manual.
OS Requirements
The supported operating systems for CyBlock ISA Web filter are shown below. Please click on the links for recommendations and details.
Minimum Requirements
- Processor: 2.0 GHz
- Memory: 1GB RAM
- Hard Disk: 200 MB free disk space
- Browser: Internet Explorer version 6.0 or higher, Mozilla Firefox 1.0 or higher, Netscape 7.0 or higher. Test your browser for compatibility.
Supported Operating Systems
-
Windows Server 2003,2000
NOTE: Windows Server 2008 is not included here because ISA Server 2006 cannot be installed on that operating system.
ISA Server 2004/2006 Compatibility
CyBlock Web filter is designed to work with ISA Server 2004/2006. Your CyBlock ISA system can be configured in two ways: as an on-box solution (required for filtering) and optionally, as an off-box solution (to assume reporting duties).
Below, please examine the diagrams depicting how CyBlock integrates with ISA Server 2004/2006. Also please view our recommendations for product configuration. This information is designed to help you have seamless, trouble-free use of CyBlock ISA.
- CyBlock ISA installed directly on ISA Server 2004 or 2006 ("on-box")
- CyBlock ISA installed on an additional server for reporting purposes only (optional)
CyBlock ISA installed directly on ISA Server ("on-box")
NOTE: CyBlock ISA must be installed on your ISA Server to filter Web browsing. Other off-box options are discussed later on this page.
NOTE: One of the following four "logfile types" needs to be configured in the CyBlock ISA browser interface.
MSDE database configuration:
Logfile Type: Microsoft ISA Server (MSDE database)
Default Directory: C:\Program Files\Microsoft ISA Server\ISALogs
NOTE: A few simple steps are required to set up communication between the product and your MSDE database. These instructions appear after you select "Microsoft ISA Server (MSDE database) as your logfile type in the product (begin with Logfiles - Setup screen).
NOTE ABOUT PRIOR RELEASES: MSDE-formatted data no longer needs to be extracted to ASCII text files for this product to use. However, if you were using that method (previously required when using MSDE data in past versions of our product), upgrades are backwards-compatible and you do not have to change your processes. You could simply create a new configuration if you want to stop converting MSDE data to text, while still maintaining your older "text" configuration as well.
SQL database configuration:
Logfile Type: Microsoft ISA Server (SQL database)
Default Directory: (none)
NOTE: Some configurations are necessary so that the product can access the SQL database and read it. Follow the onscreen instructions provided when configuring this type of data source in the product (begin with Logfiles - Setup screen).
ISA Server Format configuration:
Logfile Type: Microsoft ISA Server (ISA Server Format)
Default Directory: C:\Program Files\Microsoft ISA Server\ISALogs
NOTE: ISA Server Format uses local time for data record time stamp.
Extended Format configuration:
Logfile Type: Microsoft ISA Server (Extended)
Default Directory: C:\Program Files\Microsoft ISA Server\ISALogs
NOTE: ISA Extended format uses GMT time (this is set by the ISA server and is not configurable).
ISA 2004 and 2006 Requirements: No Service Pack required.
NOTE: ISA Server 2006 can NOT be installed on Windows Server 2008!
Set Service Account:
- On your ISA Server, open Services.
- Double-click on Microsoft Firewall to display its properties.
- On the Log On tab, choose Local System Account.
- Click Apply and Ok to save changes.
- Restart the Service to put changes into effect.
Configure Web proxy logging:
With ISA 2004/2006, information is logged to an MSDE database by default. This product can also read SQL Server data. A few simple steps are required - and described - in the Logfiles - Setup wizard when you select "Microsoft ISA Server (MSDE database)" or "Microsoft ISA Server (SQL database)" as your logfile type. If you plan to use either of these, steps 1-10 below are unnecessary.
NOTE: These steps below are only pertinent to the 'Standard' and 'Extended' logfile configurations mentioned above.
To change Web proxy logging to the standard file type (non-MSDE), here are detailed instructions:
- On your ISA Server, open the ISA Server Management console and expand the server name.
- Click on Monitoring node in the left pane of the console.
- On the Monitoring node, click the Logging tab in the middle pane.
- Click on the Tasks tab in the right pane.
- Click the Configure Web Proxy Logging link.
- Select log storage format File (do not select database).
- In the format drop down menu select ISA Server file format.
- Click "Apply."
- Click "OK."
- To save these changes please click "Apply" on the top of the middle pane.
Filter Setup: Setting up filtering in CyBlock for ISA Server is a simple process, explained with the following steps:
NOTE: These steps should be performed regardless of which data type you plan to use in the product.
- In the CyBlock ISA browser interface, go to the Setup-Filtering screen.
- Choose the type of user ID to use in CyBlock filtering (e.g., Login Name, IP Address, or Login Name/IP).
- Choose how CyBlock will respond when Login Name has been chosen as the ID type, but a login name is not present in the data. If you check the Block anonymous users check box, CyBlock will block all requests that don't have a login name. If you do not select the check box, CyBlock will allow all requests that don't have a login name.
Configure Integrated authentication for outbound Web requests *(Optional, recommended)*
It is recommended that you configure Integrated authentication for the users on your network, as it will provide seamless Internet browsing (e.g., no 'popup' messages requiring a login and password will appear) for Internet Explorer browsers. To do this, follow these steps:
- On your ISA Server, start the ISA Server Management tool.
- Expand Server Name, expand Configuration, and then click on Networks.
- Right-click the network that listens for the outbound Web requests and then click Properties. For example, to configure authentication for users who are connected to the internal network, right-click Internal, and then click Properties.
- Click the Web Proxy tab, and then click the Authentication button.
- Click to select the Basic check box, then click to select the Integrated check box.
- Click to select the Require all users to authenticate check box.
- Click OK to save changes and to exit.
CyBlock ISA installed on an additional server for reporting purposes only (optional)
NOTE: CyBlock ISA can also be installed on another machine to handle reporting duties (the machine in the middle of the above diagram depicts this setup). This is recommended due to the CPU usage required when running reports. Simply put, it can be beneficial to have CyBlock ISA doing its filtering on your ISA Server, and its reporting functions on another machine.
Additionally, you can FTP the ISA Server logfiles to the second machine to help with ease of reporting. The section below discusses "off-box" logfile options in more detail.
If CyBlock ISA is also installed "off-box" for reporting use, the logfiles need to be transferred to that box or put into a suitable location where CyBlock can read them. This can be done in a few ways:
- Copy the logfiles to the second CyBlock machine's local drive (this is what we recommend for best network performance). To automate this process, you can create a script to copy the logs over at a specific time each day.
- FTP the logs over to the second CyBlock machine's local drive. Again, this process can also be automated with scripts.
- Have the logfiles reside on a network drive. NOTE: CyBlock cannot browse the network in its default state. For this logfile option to be successful, two things must be true:
- The network drive must be mounted on the network
- The CyBlock Service logon account needs to be a domain account with administrative rights
Please see the section above for information about logfile setup, keeping in mind that the directory path for logfiles might be different in an "off-box" solution.
NOTE: The filtering piece of the product will not function on a machine other than the ISA Server, but reporting will work normally. Simply use the "off-box" installation of CyBlock ISA to run reports (and possibly store logfiles).
ISA server 2000 Compatibility
CyBlock Web filter is designed to work with ISA Server 2000. Your CyBlock ISA system can be configured in two ways: as an on-box solution (required for filtering) and optionally, as an off-box solution (to assume reporting duties).
Below, please examine the diagrams depicting how CyBlock integrates with ISA Server 2000. Also please view our recommendations for product configuration. This information is designed to help you have seamless, trouble-free use of CyBlock ISA.
CyBlock ISA installed directly on ISA Server 2000 ("on-box")
NOTE: CyBlock ISA must be installed on your ISA Server to filter Web browsing. Other off-box options are discussed later on this page.
Recommended configuration:
Logfile Type: Microsoft ISA Server (ISA Server Format)
Default Directory: C:\Program Files\Microsoft ISA Server\ISALogs
NOTE: ISA Server Format uses local time for data record time stamp.
Alternate configuration:
Logfile Type: Microsoft ISA Server (Extended)
Default Directory: C:\Program Files\Microsoft ISA Server\ISALogs
NOTE: ISA Extended format uses GMT time (this is set by the ISA server and is not configurable).
ISA 2000 Requirements: ISA Service Pack 1 corrects a log file problem for the reporting piece of the product. You can download the ISA Service Pack 1.
Filter Setup: Setting up filtering in CyBlock for ISA Server 2004 is a simple process, explained with the following steps:
- In CyBlock ISA, go to the Setup-Filtering screen.
- Choose the type of user ID to use in CyBlock filtering (e.g., Login Names, IP Addresses, or Login Name/IP).
- Choose how CyBlock will respond when Login Name has been chosen as the ID type, but a login name is not present in the data. If you check the Block anonymous users check box, CyBlock will block all requests that don't have a login name. If you do not select the check box, CyBlock will allow all requests that don't have a login name.
Configure Integrated authentication for outbound Web requests *(Optional, recommended)*
It is recommended that you configure Integrated authentication for the users on your network, as it will provide seamless Internet browsing (e.g., no 'popup' messages requiring a login and password will appear) for Internet Explorer browsers. To do this, follow these steps:
- Start the ISA Server Management tool.
- Expand Servers and Arrays.
- Right-click the network Server that listens for the outbound Web requests, and then click Properties.
- Click the Outgoing Web Requests tab.
- Highlight the Server displayed in the box, and click the Edit button.
- Click to select the Integrated checkbox.
- Click OK to save changes and to exit.
NOTE: To completely authenticate all browsers, check both the Integrated checkbox and the Basic with this domain checkbox, making sure to select the domain for the latter if necessary.
CyBlock ISA installed on an additional server for reporting purposes only (optional)
NOTE: CyBlock ISA can also be installed on another machine to handle reporting duties (the machine in the middle of the above diagram depicts this setup). This is recommended due to the CPU usage required when running reports. Simply put, it can be beneficial to have CyBlock ISA doing its filtering on your ISA Server, and its reporting functions on another machine.
Additionally, you can FTP the ISA Server logfiles to the second machine to help with ease of reporting, or send the logfiles to a shared (mounted) network drive.
The section below discusses "off-box" logfile options in more detail.
If CyBlock ISA is also installed "off-box" for reporting use, the logfiles need to be transferred to that box or put into a suitable location where the additional CyBlock ISA box can read them. This can be done in a few ways:
- Copy the logfiles to the second CyBlock machine's local drive (this is what we recommend for best network performance). To automate this process, you can create a script to copy the logs over at a specific time each day.
- FTP the logs over to the second CyBlock machine's local drive. Again, this process can also be automated with scripts.
- Have the logfiles reside on a network drive. NOTE: CyBlock cannot browse the network in its default state. For this logfile option to be successful, two things must be true:
- The network drive must be mounted on the network
- The CyBlock Service logon account needs to be a domain account with administrative rights
Please see the section above for information about logfile setup, keeping in mind that the directory path for logfiles might be different in an "off-box" solution.
NOTE: The filtering piece of the product will not function on a machine other than the ISA Server, but reporting will work normally. Simply use the "off-box" installation of CyBlock ISA to run reports (and possibly store logfiles).
Answers to the most frequently asked questions about CyBlock Proxy.
If your question does not appear on the list below, please feel free to contact us at info@supya.com
Functionality and Pricing
- What is the difference between CyBlock Proxy and CyBlock ISA?
- Can I create a "white" (allow-only) list?
- Can CyBlock ISA tell me how long somebody has been online?
- Can different Web policies be created for groups?
- What protocols does CyBlock ISA block?
- Does CyBlock ISA do anything about spyware and phishing threats?
- How is CyBlock ISA priced, i.e., is it subscription-based, priced "per seat," etc.? And can I get a free trial?
Technical Integration and Product Administration
- For CyBlock ISA, what hardware specifications do you recommend, i.e., processor and memory?
- Can CyBlock ISA be remotely administered?
- Do I need any software or plug-ins on users' computers?
- What is the difference between the 30-day evaluation software and the purchased product? If I purchase the product, will I need to reinstall?
Q1. What is the difference between CyBlock Proxy and CyBlock ISA?
A1. Functionally, the products are virtually identical. The chief difference between the two product editions is technical, i.e., the way in which they integrate into your network. CyBlock ISA is a plug-in application that depends on the pre-existence of Microsoft ISA 2000/2004/2006, MS Proxy or Microsoft Small Business Server Premium. CyBlock Proxy is a standalone proxy solution that requires none of these. For reporting purposes, it creates its own logfiles.
Q2. Can I create a "white" (allow-only) list?
A2. Yes. CyBlock ISA has 12 custom categories that can be used to create white lists. This is done by simply blocking all other categories and allowing the users to access only the sites listed in the custom white list category. (The custom categories can also be used to block sites of special or local interest).
Q3. Can CyBlock ISA tell me how long somebody has been online?
A3. No, and be careful of products that say they can. The reason is simple. The fact that a user downloaded a Web page to a browser doesn't necessarily mean that he or she was actually looking at that page while it was "open." After all, the user could have suddenly received a phone call, gone to lunch, attended a short-notice meeting, been interrupted by a colleague, or gone to the restroom. Also, users typically have more than one page "open" at a time, but only one is truly viewable, and there is no technical way to know which one. When a computer user clicks on a URL, that action merely constitutes a one-time request for a document, and the "connection" with the server is immediately broken. There is no "session," no end-of-session, and no possibility of measuring duration. Because of these variables, the default time for a Web page "visit" in reports has been set to 3 seconds. This is the approximate minimum amount of time it takes to load a Web page. Read more about the importance of reliable metrics when using Web-use monitoring software .
Q4. Can different Web policies be created for groups?
A4. Yes. Different Web policies can be created for groups and individual users. Customers can customize CyBlock ISA to fit their Web policy whether they have a universal policy or multiple policies for different groups. A VIP group is also included in CyBlock ISA's core grouping structure, and IDs placed in this group will not show up on any reports.
Q5. What protocols does CyBlock ISA block?
A5. CyBlock ISA blocks http and https protocols, i.e., it blocks Web-based protocols.
Q6. Does CyBlock ISA do anything about spyware and phishing threats?
A6. Yes. CyBlock ISA blocks categories with Web sites that are known security threats, e.g., spyware/ malicious, phishing/ fraud, hacking, and download sites. Social networking is another category with Web sites that are known for being high security threats to company networks. View all of CyBlock ISA's categories.
Q7. How is CyBlock ISA priced, i.e., is it subscription-based, priced "per seat," etc.? And can I get a free trial?
A7. CyBlock ISA is a licensed, subscription-based software service. Pricing is tiered, based on the number of people ("users") to be monitored. In general, the price-per-user decreases as the number of users goes up. Get a price quote and a free 30-day trial of CyBlock ISA today.
Q8. For CyBlock ISA, what hardware specifications do you recommend, i.e., processor and memory?
A8. For optimal reporting performance, we recommend 1.5GHZ-3GHZ processor speed and a minimum of 1GB RAM. Once installed, you should set the product to use at least 512MB of that memory on the Setup - Memory screen. NOTE: Bear in mind that processor speed is the most important hardware factor affecting reporting speed. If you double the processor speed, the time to create a report is cut in half. Memory becomes increasingly important with larger logfiles.
Q9. Can CyBlock ISA be remotely administered?
A9. Yes. While it can be administered from a server computer ("local" administration), it can also be administered from a separate, remotely-located client computer using CyBlock's browser interface. This design enables CyBlock ISA to support local and/or remote administration. In addition, CyBlock ISA's software can accommodate a wide variety of complex installation configurations, including those in heterogeneous environments with multiple servers.
Q10. Do I need any software or plug-ins on users' computers?
A10. No. CyBlock ISA is a server-based application. It does not require any desktop software installation for administration, filtering or reporting.
Q11. What is the difference between the 30-day evaluation software and the purchased product? If I purchase the product, will I need to reinstall?
A11. The evaluation "mode" of CyBlock ISA is the real product, not a special piece of evaluation software. The only difference between the evaluation mode and the licensed software is that actual URLs in adult content categories are not visible to trial users - however, reporting on activity in these categories is fully operational. Once the product is purchased, an Activation Key will be provided that will "turn-on" the product and all categories will be active. No reinstallation is required.
