Proxy Training

BLUENET WEB SECURITY TRACK
Blue Coat Confidential Internal Use Only Copyright 2013 Blue Coat Systems Inc. All Rights Reserved. 1
AGENDA
Blue Coat Product Family Policy Management

Blue Coat SG Deployment Authentication Introduction
Blue Coat SG Initial Setup Authentication Realms
Blue Coat GUI Bluecoat Reporter
Content Filtering
BLUENET BLUECOAT PRODUCTS
PRODUCT LIST
Hardware Based Software Based
Blue Coat SG Blue Coat Reporter
Blue Coat AV Blue Coat WebFilter
Blue Coat K9
Blue Coat Director
Proxy Client
Packetshaper
BLUE COAT SG APPLIANCE
Enables enterprises to secure, control, and enhance

performance of networks
Deployed at different enterprise locations

Internet gateway
Edge of application delivery infrastructure
In the DMZ
BLUE COAT AV
Powerful defense against

Viruses and worms
Spyware and Trojans
Protects often overlooked back doors

Personal Web e-mail accounts
Web content or e-mail spam with Trojan or spyware
Browser-based file downloads that bypass existing virus-scanning
defenses
BLUE COAT AV DEPLOYMENT
WHAT IS DIRECTOR?
Centralizes Blue Coat SG management

Saves time and costs
Enables standardization of configuration and policy
Automates device-management tasks

Configuration and policy changes
Backups
Helps implement Application Delivery Network
DIRECTOR DEPLOYMENT
BLUE COAT REPORTER
Generate reports on a wide range of data

150+ pre-defined reports available
Reports can be customized
Schedule reports
At a specific time, periodically, or in real time
Export reports
In HTML by scheduled e-mails
In Excel-compatible format
BLUE COAT WEBFILTER
Hybrid Solution
Onbox database for Blue Coat SG
Optional service to categorize unrated URLs
Data Quality
About 71 categories
More than 50 languages
Consistency
Priority to most frequently requested resources
BLUE COAT SG
DEPLOYMENT
DEPLOYMENT OPTIONS
Explicit Proxy
Clients know there is a proxy in the path
Transparent Proxy
Clients do not know there is a proxy in the path
Reverse Proxy
Protects a web server from clients on the internet
EXPLICIT PROXY
Clients know there is a proxy in the path
TRANSPARENT PROXY
Clients do not know there is a proxy in the path
EXPLICIT: MANUALLY CONFIGURED
Simple High Maintenance

TRANSPARENT: LAYER 4 SWITCH
Simple Initial Cost

TRANSPARENT: CISCO WCCP
Simple Router Load

TRANSPARENT: BLUE COAT SG BRIDGING
Simple Single Point of Failure

TRANSPARENT: DEFAULT ROUTER
Simple Single Point of Failure

DEPLOYMENT BEST PRACTICE
Firewall Rules
Source Destination Action
172.16.0.100 ANY ALLOW
172.16.1.10 25 ALLOW
ANY ANY DENY
EDGE DEPLOYMENT
Core Deployment Edge Deployment
REVERSE PROXY
The proxy is the Web server to clients
ACCELERATING WEB CONTENT
Web Server Farm
SECURING CORPORATE CONTENT
MIXED DEPLOYMENT
3
5
2
BLUECOAT SG
INITIAL SETUP
INITIAL SETUP ACCESS
Serial Console
Easy and reliable
LCD / Keypad
A built-in interface for proxy configuration (most models)
TCP/IP
Access reserved site https://proxysg.bluecoat.com:8083
Blue Coat SG200-X in bridging mode only
SERIAL ACCESS SETUP
Initial Setup Console Wizard

Network Interface Setup (Required)
Admin Account Setup (Required)
Restrict Access Setup (Optional)
Press the Esc key to exit the Wizard without saving any
changes
PASSWORD LEVELS
Create Administrator Account

Username and password are both case-sensitive
Both can be set to any alphanumeric value
Two login levels

Basic Access
Enable Access
FEATURES REQUIRING LICENSING
SGOS License Optional Add-on Licenses

Required
Encrypted Tap
Includes:
SGOS Content Filtering
HTTP, FTP, SOCKS Blue Coat WebFilter
ICAP SmartFilter
Others
Compression
P2P Instant Messaging
Premium Streaming Optional but free
LICENSING INSTALLATION OVERVIEW
Log in to WebPower
Register Blue Coat SG Serial Number

Add licenses to your Blue Coat SG
Retrieve the license key
HANDS-ON SECTION
Blue Coat SG Initial Configuration
BLUECOAT SGOS
GRAPHICAL USER INTERFACE
MANAGEMENT CONSOLE CONFIGURATION
Starting point for most tasks with Blue Coat SG
Select options in left navigation bar
Use options to change configurations
Use options to create objects and parameters used to

create policy
MANAGEMENT CONSOLE
MAINTENANCE
Starting point for variety of maintenance tasks
Restart appliance, restore defaults, clear caches
Upgrade SGOS, license new features
Configure health monitoring, use diagnostic tools
Take disks offline, put them online
MANAGEMENT CONSOLE STATISTICS
Allows you to view statistics graphically
Statistics include
System usage
HTTP/FTP, CIFS, MAPI, and byte-caching history
Resources
Efficiency
HANDS-ON SECTION
Using the Blue Coat SG

Graphical User Interface
SERVICE FRAMEWORK
SERVICES TYPES
Proxy Services
Matches TCP ports to proxy types
Can be set to Bypass or Intercept
Console Services
Services Blue Coat SG administration
Can be Enabled or not
PROXY SERVICES LISTENER FEATURES
Destination Address
Defines the host or hosts to be intercepted by the proxy service
Multiple listeners can be defined for a proxy service
Modes: All, Transparent, Explicit, Destination
Port Range
Defines a port or port range to be intercepted by the service.
PROXY SERVICE ACTIONS
PROXY SERVICE ATTRIBUTES
Attributes define the default parameters for the proxy

service
Only apply when action is set to Intercept
Attributes vary for different proxy types

Dependent on protocol
SERVICES ATTRIBUTES
Attribute Description
Enable ADN Transmit the traffic over the ADN

connection, if available
Detect Protocol Recognize protocols tunneled over
others. Es: HTTPS over HTTP proxy
Early Intercept Proxy completes the TCP connection
setup with the client without having to
wait for the server response
Reflect Client IP Proxy connects to the OCS using as
source IP address the clients IP
SERVICES PROCESSING
CONSOLE SERVICES
HANDS-ON SECTION
Configuring Services
WEB FILTERING
CONTENT FILTERING LOGICAL FLOW
CATEGORIZATION TECHNIQUES
Database Pros Dynamic Cat Pros

Accuracy (100%) Immediate coverage
Response time Scalability
Database Cons Dynamic Cat Cons

Small number of site Response time
Update time Accuracy (90%)
BLUE COAT WEB FILTER
Hybrid Solution
Onbox database for Blue Coat SG
Optional Service Component to categorize unrated URLs
Data Quality
Granular Categories
Consistency
Relevant URLs (feedback)
Immediate coverage for new sites (DRTR)
BLUE COAT WEBFILTER DETAILS
Features Quantity Comments

Languages 50 + Excellent quality
Categorized URL list is
Ratings 15 Million + growing daily
Includes spyware and

Categories 60+ malware
4,000 to 6,000 additional Highly accurate

Categorization unique URLs rated per day categorization of URLs
40+ Recognized languages Categorizes over 95% of
Dynamic Rating 10+ Categorized languages objectionable content
DYNAMIC CATEGORIZATION OVERVIEW
BLUE COAT WEBFILTER SERVICE POINTS
sp.cwfservice.net
DNS
Sacramento
London
Salt Lake City
Tokyo
BCWF COMPLETE WORKFLOW
LOCAL DATABASE
Custom Categories
Custom allowed list
Customer denied list
Internal URLs
Performance and Security

Hash list
Does not require VPM/Management Console Access
HANDS-ON SECTION
Content Filtering Configuration
HANDS-ON SECTION
Content Filtering Policy
POLICY MANAGEMENT
COMPANY POLICY ENFORCEMENT
Create Acceptable Usage Policy (AUP)
Create Web Authentication Layer(s)

Monitor user by login name
Create Web Access Layer(s)

Implement AUP
DEFAULT POLICY
Deny
Default option for Blue Coat SG
All network traffic received by the proxy is blocked
Allow
Network traffic is allowed through the proxy
Other policies can deny selected traffic
VPM OBJECTS
Trigger Objects
Source
Destination
Service
Time
Action Objects
Action
Track
POLICY TRANSLATION
XYZ Inc. employees may not visit the BBC Web site at
any time.
Simple Language
Who Where How When What
XYZ Employees BBC On web At any time May not visit
Blue Coat Language

Source Destination Service Time Action
ANY bbcworld.com ANY ANY DENY
POLICY TRANSLATION
XYZ Inc. employees may not visit any

travel related Web site at any time.
Simple Language
XYZ Employees Travel On web At any time May not visit
Blue Coat Language

ANY Travel ANY ANY DENY
POLICY TRANSLATION
The Engineering department may not visit any

gaming site during regular business hours.
Simple Language
Engineering Gaming On web M-F, 08-17 May not visit
Blue Coat Language

ENG Gaming ANY Mon-Fri, 08-17 DENY
XYZ INC. WEB ACCESS POLICY
Similar rules become a layer in the Web

Access Policy

ANY BBC ANY ANY DENY
ANY Travel ANY ANY DENY
ENG Gaming ANY Mon-Fri, 8-17 DENY
Layer
Web Access Policy
VPM RULES PRIORITY
VPM POLICY LAYERS
Admin Authentication SSL Access

Admin Access
Web
DNS Access
Authentication
SOCKS Authentication
Web Access
SSL Intercept
Web Content
Forwarding
VPM LAYERS PRIORITY
HANDS-ON SECTION
Creating Basic Policy
AUTHENTICATION
AUTHENTICATION AND SECURITY TYPES
Blue Coat SG Security

Console Access
Physical Access (front panel, serial port)
Blue Coat SG Authentication

Validate users before allowing access to protocols
Remote resources authentication requests
BLUE COAT SG SECURITY
Limit access to the Blue Coat SG appliance

Restrict access by IP address or IP ranges
Password to secure Setup Console
Require PIN to operate front panel
Password protect serial access
Role-based security
Use realm-based authentication
Granular permission selection
AVAILABLE SECURITY MEASURES
AUTHENTICATION
Policies based on users and groups
Granular Reporting
Manage Exceptions
EXPLICIT PROXY AUTHENTICATION
Proxy requires client to authenticate

HTTP 407 Response Proxy Authentication Required
Browser resends the request with users credentials

Credentials are sent with every request
Most browsers cache credentials as long as

the process is running
EXPLICIT PROXY AUTHENTICATION
AUTHENTICATION OPTIONS
Force Authenticate
Authenticate
REMOTE RESOURCES AUTHENTICATION
AUTHENTICATION REALM
AUTHENTICATION REALMS
IWA
Windows NT Domains and Active Directory
LDAP
Active Directory and other LDAP Databases
Sequence
List of authentication realms to be processed
IWA REALM
Basic Credentials
Username and password are sent base64 encoded
Least secure option
NTLM Credentials
Uses the Microsoft proprietary authentication
Medium security option
Kerberos Credentials
Uses Microsoft implementation of M.I.T Kerberos v5
Highly secure option
NTLM AUTHENTICATION
Provides secure authentication

Password is not transmitted over the network
Supports single sign-on

Requires compatible user agents
Widely used
Prevalence of Windows OS on desktops
NTLM AUTHENTICATION
BCAAA
NTLM AUTHENTICATION OVER HTTP
HANDS-ON SECTION
Authentication Configuration IWA
LDAP REALM
Lightweight Directory Access Protocol
LDAP can contain a wide range of information

Users, applications, devices, etc.
LDAP realm supports Basic and Basic over SSL
LDAP DIRECTORY INFORMATION TREE
DC=BlueCoat
C=US C=IT C=UK
OU=Groups OU=People OU=Applications OU=Locations OU=Locations
CN=Human resources UID=kelly.lee CN=Oracle CN=Milan
CN=Information Technology UID=joe.doe CN=Exchange CN=Turin
LDAP DISTINGUISHED NAME
DN: UID=kelly.lee, OU=people, C=IT, DC=BlueCoat
Additional objects for a DN

CN: Kelly Lee
GIVENNAME: Kelly
TEL: +39-347-555-2200
HANDS-ON SECTION
Authentication Configuration LDAP
SEQUENCE REALM
Credentials checked against multiple realms
LDAP, Local, or IWA realm in sequence
Ideal for mixed environments
SEQUENCE AUTHENTICATION
ACCESS LOGGING
ACCESS LOGGING
Track Web usage for

entire network
specific information on user
department usage patterns.
Blue Coat SG creates access logs for each type of protocol.
ACCESS LOGGING
PROTOCOLS SUPPORTING ACCESS LOGGING
Endpoint Mapper Proxy Peer-to-Peer( P2P)
FTP Real Media/Quick time
HTTP SOCKS
HTTPS Forward Proxy SSL
HTTPS Reverse Proxy TCP Tunnel
ICP Telnet
Instant Messaging (IM) Windows Media
PROTOCOLS AND DEFAULT LOGS
Protocol Default Log

Endpoint Mapper main
FTP
HTTP
TCP Tunnel
Telnet
HTTPS Reverse proxy
ICP,SOCKS no logging
Instant Messaging im
Peer-to-Peer p2p
Multimedia Streaming streaming
SSL, HTTPS ssl

LOG FACILITY
SUPPORTED LOG FORMATS
Available log formats

NCSA Common
SQUID Compatible
ELFF
Smart Reporter
SurfControl
Websense
BC ReporterMain
BC ReporterSSL
Custom log formats

Create your own log format using format strings.
UPLOAD LOGS
CONTINUOUS UPLOAD
PERIODIC UPLOAD
LOG FILE ENCODING
Gzip
Text Access Logs
Text
Continuous Periodic
Upload Upload
Remote Server Remote Server
HANDS-ON SECTION
Access Logging
BLUECOAT REPORTER
REPORTER OVERVIEW
Analyzes Blue Coat SG access logs.
Presents data using pre-defined formats.
Runs as it owns Web server.
Access through Web interface.
REPORTER OVERVIEW
PROFILES
REPORTER LICENSING
REPORTER- STANDARD VERSION
Blue Coat Reporter Features Standard Version
Profile Creation Limited to five
Scalability Single processor only
Customizing Reports Limited
Formats Only default Blue Coat SG

formats
REPORTER- ENTERPRISE VERSION
Blue Coat Reporter Features Enterprise Version
Profile Creation Unlimited profile creation
Scalability Multiple processors
Customizing Reports Create, customize, edit

unlimited reports
Formats Permits use of custom

formats
SYSTEM REQUIREMENTS- HARDWARE
Total Reporting CPU RAM Drives Disk Operating

Users Days Storage Space System
<2000 1 month 1x P4 (2.8 GHz 2 GB Internal 15k RPM/RAID 0 Total amount of Windows XP and 2003
or faster) or SCSI Controller compressed servers, Red Hat
Xeon(2.8 GHz logs x 10 Linux
or faster)
<2000 2 months 1x P4 (2.8 GHz 2 GB Internal 15k RPM/RAID 0 Total amount of Windows XP and 2003
or faster) or SCSI Controller compressed servers, Red Hat
Xeon(2.8 GHz logs x 10 Linux
or faster)
<2000 3 months 2x Xeon (2.8 4 GB Internal Dual 15k RPM/RAID 0 Total amount of Windows XP and 2003
GHz or faster) Channel SCSI compressed servers, Red Hat
logs x 10 Linux
2001 - 4000 1 month 2x Xeon (2.8 4 GB Internal Dual 15k RPM/RAID 0 Total amount of Windows XP and 2003
logs x 10 Linux
2001 - 4000 2 months 2x Xeon (2.8 4 GB Internal Dual 15k RPM/RAID 0 Total amount of Windows XP and 2003
logs x 10 Linux
2001 - 4000 3 months 4x Xeon (2.8 8 GB Internal Dual 15k RPM/RAID 0 Total amount of Windows XP and 2003
logs x 10 Linux
SYSTEM REQUIREMENTS- HARDWARE
Total Reporting CPU RAM Drives Disk Operating

Users Days Storage Space System
4001 - 6000 1 month 2 x Xeon(2.8 4 GB Internal Dual 15k RPM/RAID 0 Total amount of Windows XP and 2003
logs x 10 Linux
4001 - 6000 2 months 4x Xeon(2.8 8 GB Internal Dual 15k RPM/RAID 0 Total amount of Windows XP and 2003
logs x 10 Linux
4001- 6000 3 months 4x Xeon (2.8 8 GB Internal Dual 15k RPM/RAID 0 Total amount of Windows XP and 2003
logs x 10 Linux
>6000 1 month 4x Xeon (2.8 8 GB Internal Dual 15k RPM/RAID 0 Total amount of Windows XP and 2003
logs x 10 Linux
>6000 2 months 4x Xeon (2.8 8 GB Internal Dual 15k RPM/RAID 0 Total amount of Windows XP and 2003
logs x 10 Linux
>6000 3 months 4x Xeon (2.8 8 GB Internal Dual 15k RPM/RAID 0 Total amount of Windows XP and 2003
logs x 10 Linux
Blue Coat Reporter sizing guide URL

http://download.bluecoat.com/release/Reporter/reporter-sizing.html
SYSTEM REQUIREMENTS
HANDS-ON SECTION
Creating Reporter Profiles and

Generating Reports
HANDS-ON SECTION
Real-Time Reporting

Proxy Training

Hochgeladen von

Dokumentinformationen

Copyright

Verfügbare Formate

Dieses Dokument teilen

Dokument teilen oder einbetten

Freigabeoptionen

Stufen Sie dieses Dokument als nützlich ein?

Sind diese Inhalte unangemessen?

Copyright:

Verfügbare Formate

Proxy Training

Hochgeladen von

Copyright:

Verfügbare Formate

BLUENET WEB SECURITY TRACK

Blue Coat Product Family Policy Management

Hardware Based Software Based

Blue Coat SG Blue Coat Reporter

Blue Coat AV Blue Coat WebFilter

Enables enterprises to secure, control, and enhance

Deployed at different enterprise locations

Powerful defense against

Protects often overlooked back doors

Centralizes Blue Coat SG management

Automates device-management tasks

Helps implement Application Delivery Network

Generate reports on a wide range of data

Clients know there is a proxy in the path

Clients do not know there is a proxy in the path

Simple High Maintenance

Simple Initial Cost

Simple Router Load

Simple Single Point of Failure

Simple Single Point of Failure

Core Deployment Edge Deployment

The proxy is the Web server to clients

Web Server Farm

Initial Setup Console Wizard

Create Administrator Account

Two login levels

SGOS License Optional Add-on Licenses

Register Blue Coat SG Serial Number

Retrieve the license key

Blue Coat SG Initial Configuration

Starting point for most tasks with Blue Coat SG

Select options in left navigation bar

Use options to change configurations

Use options to create objects and parameters used to

Starting point for variety of maintenance tasks

Restart appliance, restore defaults, clear caches

Upgrade SGOS, license new features

Configure health monitoring, use diagnostic tools

Take disks offline, put them online

Allows you to view statistics graphically

Using the Blue Coat SG

Attributes define the default parameters for the proxy

Attributes vary for different proxy types

Enable ADN Transmit the traffic over the ADN

Database Pros Dynamic Cat Pros

Database Cons Dynamic Cat Cons

Features Quantity Comments

Includes spyware and

4,000 to 6,000 additional Highly accurate

Performance and Security

Content Filtering Configuration

Content Filtering Policy

Create Acceptable Usage Policy (AUP)

Create Web Authentication Layer(s)

Create Web Access Layer(s)

Blue Coat Language

XYZ Inc. employees may not visit any

Blue Coat Language

The Engineering department may not visit any

Blue Coat Language

Similar rules become a layer in the Web

Source Destination Service Time Action

Web Access Policy

Admin Authentication SSL Access