Blue Coat Certified Proxy Courses - Kaouk

tacitmarigoldInternet and Web Development

Jan 25, 2014 (3 years and 6 months ago)

529 views




















Technical Write
-
up








WRITTEN

BY

:

Mohammad Kaouk













V
ERSION

:

1.0














DATE

:

January 2013





Copyright Blue Coat 2013


2


1

INTRODUCTION:

................................
................................
................................
.......

5

2

SOLUTION OVERVIEW

................................
................................
............................

7

2.1

P
ROXY
PLATFORM ARCHITECTUR
E
:

................................
................................
.......................

8

2.2

U
SER
D
EFINED
F
ILTERING

................................
................................
................................
......

9

3

AUTHENTICATION/AUTHO
RIZATION:

................................
..............................

10

4

PROXY CLIENT

................................
................................
................................
.......

14

5

VISUAL POLIC
Y MANAGER:

................................
................................
................

15

5.1

P
OLICY

L
AYER

T
A
BS

................................
................................
................................
..............

18

5.2

W
E
B

A
CCESS

P
O
L
ICY

L
AYER

R
EFERENCE

................................
................................
...........

19

5.3

SSL

I
NTERCEPT

L
AYER

R
EFERENCE

................................
................................
....................

24

5.4

SSL

A
CCESS

L
AYER

R
EFERENCE

................................
................................
..........................

25

5.5

W
E
B

A
UTHENTICAT
I
ON

P
OL
I
CY

L
AYER

................................
................................
...............

26

6

CONTENT FILTERING:

................................
................................
...........................

27

7

BLUECOAT WEB FILTER:

................................
................................
.....................

27

7.1

B
LUE
C
OAT
W
EB
F
ILTER
URL

C
ATEGORIES
:

................................
................................
.....

28

7.2

A
PPARENT
D
ATA

TYPE

................................
................................
................................
.........

31

7.3

C
U
STOM
URL

F
ILTERS

................................
................................
................................
..........

32

8

WEB APPLICATION CONT
ROL

................................
................................
............

33

8.1

W
EB APPLICATION POLIC
Y ENGINE

................................
................................
......................

34

8.2

W
EB
A
PPLICATION
C
ONTROLS

................................
................................
.............................

36

8.3

W
EBPULSE

................................
................................
................................
..............................

37

9

ANTIVIRUS

................................
................................
................................
...............

39

10

CONTROL IM, P2P AND
STREAMING APPLICATIO
NS

................................
...

44

11

SSL PROXY

................................
................................
................................
...............

45

12

STREAMING MEDIA

................................
................................
...............................

46



Copyright Blue Coat 2013


3


13

BANDWIDTH MANAGEMENT

................................
................................
..............

48

14

NETWORK DESIGNS:

................................
................................
.............................

50

14.1

P
ROXY
M
ODE

................................
................................
................................
....................

50

14.2

T
RANSPARENT

................................
................................
................................
...................

51

14.2.1

B
RIDGING
:

................................
................................
................................
.......................

51

14.2.2

T
RANSPARENT REDIRECTI
ON
:

................................
................................
.........................

52

14.2.3

L
AYER
4
-
7

SWITCH

................................
................................
................................
...........

52

14.2.4

WCCP

ON
C
ISCO
R
OUTERS
:

................................
................................
............................

53

14.2.5

H
IGH
-
A
VAILABILITY

................................
................................
................................
.......

54

15

SUPPORT SERVICES:

................................
................................
..............................

55

15.1

B
LUE TOUCH USERS

................................
................................
................................
..........

59

16

BLUECOAT TRAINING

................................
................................
..........................

60

B
LUE
C
OAT
C
ERTIFIED
P
ROXY
C
OURSES

................................
................................
..................

60

17

BLUECOAT REPORTER

................................
................................
.........................

62

18

MANAGEMENT

................................
................................
................................
.......

73

18.1

I
NSTALLATION

................................
................................
................................
...................

73

18.2

S
TATI
STICS

................................
................................
................................
........................

75

18.3

A
CCESS
L
OGS

................................
................................
................................
....................

76

18.4

B
ACKUP
/
RESTORE OF CONFIGURA
TION

................................
................................
..........

76

18.5

P
ROXY
SG

SOFTWARE UPDATE

................................
................................
.........................

76

18.6

SNMP

................................
................................
................................
................................
.

77

18.7

A
LARM MANAGEMENT

................................
................................
................................
......

78

18.8

S
YSLOG
U
TILITY

................................
................................
................................
...............

78

19

BLUECOAT DIRECTOR

................................
................................
..........................

79

20

THE PROPOSED SECURIT
Y GW SOLUTION:

................................
.....................

83

21

RFP RESPONSE

................................
................................
................................
........

85

H
I
G
H

L
E
V
EL

BU
SI
N
E
S
S

RE
QU
I
R
E
M
E
N
TS

................................
...............................

85



Copyright Blue Coat 2013


4


21.1.1

BOQ
................................
................................
................................
................................
.

98

21.1.2

P
ROXY
SG

................................
................................
................................
........................

98

22

CERTIFICATIONS

................................
................................
................................
....

98

23

CONCLUSION

................................
................................
................................
........

100







































Copyright Blue Coat 2013


5


1

Introduction:


Founded in 1996, Blue Coat is the worldwide leader in Secure
Content and
Application Delivery (IDC 2006).

We provide 5,000 enterprise organizations with hardware and software solutions
that optimize

Communications

between users and applications throughout the
enterprise. Blue Coat solutions include intelligent appliances and endpoint
technologies that deliver a comprehensive set of application acceleration and
security features and benefits.

For example, Blue Coat
protects individual users


and the business as a whole


from the dangers of the Internet, enabling the Web to be safely integrated into
business processes that connect users across the distributed enterprise. These
same solutions also help limit or block

non
-
essential traffic, while accelerating the
delivery of all critical business applications by 10
-
100 times to all users


regardless of their physical location.

On top of these capabilities, Blue Coat provides IT organizations with granular
visibility a
nd policy
-
based control over who, what, when, where, and how users
and applications communicate with each other. This unmatched level of control
helps ensure that IT resources are aligned with priorities and processes that
drive the business.

Some 30,000 B
lue Coat appliances have been deployed in Fortune 1000
businesses, government agencies, and other organizations worldwide. If you’re
not already using Blue Coat solutions, you should be.


Now it’s all about users and applications and the way they communica
te with
each other. In this new IT

world, application performance must be optimized and
individual users must be secured throughout the

enterprise. Sounds simple
enough, but consider these seven key issues, trends, and challenges that you

must contend with

along the way.



Data centers, servers, and applications are becoming more consolidated
for cost and compliance

reasons. But users are becoming more distributed


more than 80% work outside of headquarters

offices. This creates more
application traffic (and

slower

response time) over expensive, constrained
WAN links.



Centralized file services provide your remote users with

access to
centrally
-
hosted

productivity applications and

files. But these applications
use chatty protocols,

exacerbating a WAN latency p
roblem that no amount
of bandwidth can improve.



Business applications hosted inside the data center


as well as those
hosted out on the

Internet


are all becoming more Webified and are
running over SSL. That creates more

encrypted traffic that

traditiona
l
network devices cannot “see” and therefore you cannot manage, control,
or accelerate.



Copyright Blue Coat 2013


6




Live and on
-
demand video are becoming important tools to train and
educate distributed

employees. But streaming media requires a significant
amount of bandwidth and can

quickly

consume WAN resources needed to
support other essential applications.

Likewise, these

applications can be a
victim of limited bandwidth and deliver a poor end user experience.



Virtually every user is now armed with a Web browser, which gives them
access to a lot more than just business applications. That means more
security threats, lost productivity, and more non
-
essential traffic slowing
performance of the applications that matter most.



Many organizations still have a centralized Internet gateway

for security
reasons. But that means all Web traffic is backhauled over costly WAN
links to remote users. As the amount of Web traffic


good and bad


continues to increase, organizations will want to consider “direct to ‘Net”
gateways (split VPN) in rem
ote offices.




Finally, IT organizations are increasingly being pressured to ensure that
the use of

critical and costly IT resources is properly aligned with the
processes and priorities of

the b
usiness. But in an enterprise without any
clear boundaries, th
is level of policy

based

user
-
application control is
elusive.


Although these issues impact WAN application performance, they are not
network problems. As noted above, today’s networks are generally reliable
systems that provide high availability and ubiqu
itous access. In other words, the
network is just fine, thank you. So the issues here cannot be resolved with a
“more of the same” approach. What’s needed is a new, overlay infrastructure,
specifically focused on user
-
application communications across a hi
ghly
distributed enterprise. This new infrastructure is known as an Application Delivery
Infrastructure (ADI) and combines elements of WAN optimization, application
acceleration, policy
-
based controls, and Web security. Blue Coat is focused on
helping its
customers create an ADI that addresses the issues outlined above.


Blue Coat provides customers with a family of intelligent appliances and software
technologies that are deployed at critical points throughout the distributed
enterprise


including data ce
nters, Internet gateways, branch offices, and even
individual client endpoints. In other words, wherever users need to communicate
securely with applications, inside or outside the organization. Blue Coat
appliances are unique because they are able to unde
rstand


and control


the
way users and applications interact and behave on the network. These
appliances are powered by a purpose
-
built operating system (SGOS) that
provides policy
-
based control over a broad set of integrated Web security and
application

performance optimization technologies. Even better, Blue Coat does
not require its customers to make a tradeoff between performance and security.
Typically, if an appliance delivers a broad range of security functions, one would


Copyright Blue Coat 2013


7


likely expect a significan
t performance impact (or vice versa


performance
-
oriented

Devices

might actually compromise security). With Blue Coat there is no
compromise, thanks to its unique combination of patented secure proxy
technology combined with MACH5 (Multiprotocol Accelerat
ed Caching Hierarchy)
technology.



2

Solution

Overview


Based on advanced proxy architecture, all Blue Coat SG appliances act as an
“invisible middleman” between individual users and applications.

More
specifically, these appliances act as server to the
client

and as a

client to the
server


seamlessly. As
a result, SG appliances provide
critical point of
policy
-
based control to filter Web content (including SSLencrypted
=
traffic),
prevent spyware and other malicious code, and control

IM, Skype, P2P, and
streaming traffic.

he same SG appliances also employ Blue Coat’s patented
MACH5 application acceleration

t
echnology to optimize WAN performance
and delivery of critical applications


including
encrypted applications,
regardless of

whether they’re hosted
internally or externally


to all users
across the distributed enterprise.



Copyright Blue Coat 2013


8




Figure1. Solution Overview


2.1

Proxy

platform architecture:

Blue Coat utilizes purpose
-
built hardware appliances optimized with a
custom, object
-
based operating system (SGOS), with comprehensive
proxy services ready to rack mount and run. Performance is
maximized with properly aligned CPU speeds, memory, disk spac
e
and network interfaces for the light
50
MB footprint of SGOS using
custom algorithms, a unique object store, and an integrated cache
engine to process layer
-
7 traffic at wire
-
speeds. Blue Coat SG is
purpose
-
built in all aspects of hardware, software and
services.




Copyright Blue Coat 2013


9


2.2

User Defined Filtering

(BACK)

While firewalls enable network administrators to implement a secured
Internet Access where no inbound connections are allowed, Blue Coat
with its Content Filtering features enables n
etwork administrators to
control Internet Access on a content basis. Two options are proposed:



User defined filter list
.



Content Filtering via 3rd Party databases




The following table presents the parameters can be taken into account
for defining a filter

list and their advantages.


Parameter

Advantage

User Name

User Group

User based policies

Client IP address

Client subnet

Location based policies

Protocol

Destination Port

Service based policy

IM alias, attachment, keyword

Flexible IM policies

Domain
,
URL
,
Wild Card URL (*.Blue
Coat.*)
,
HTTP method

Flexible destination based policies

Day/ Time of the day

Time based policies

User Agent

Browser type policies

MIME type

Content type policies

Figure
2


User defined filtering


Blue Coat ProxySG

appliances support the following protocols:

HTTP, HTTPS (forward and reverse proxy), FTP, CIFS, MAPI, DNS, P2P,
SOCKS (v4/v5), Telnet, IM (AOL, MSN, Yahoo Messengers), TCP
-
Tunnel, MMS,
RTSP and QuickTime.

The TCP
-
Tunnel allows unique application services to
pass
-
through Blue Coat ProxySG as required.






Copyright Blue Coat 2013


10


3

Authentication
/Authorization:

(BACK)



ProxySG enables user authentication based on many technologies

Utilize a company’s

existing authentication source for integrated SSO,

including
local password files, NTLM, LDAP (Active Directory, eDirectory, SunOne), CA
eTrust SiteMinder, Microsoft

Kerberos, Oracle Access Manager, RADIUS and
certificates Multi
-
realm authentication sequ
encing Forms
-
based authentication
support
.



Active directory integration and can be achieved by the below ways:




LDAP
:

Many companies and organizations use the Lightweight
Directory Access Protocol (LDAP) as the directory protocol of
choice, enabling sof
tware to find an individual user without
knowing where that user is located in the network topography.
The ProxySG supports LDAPv2 and v3. Moreover LDAP over
SSL is also supported to secure communication between the
ProxySG and the LDAP server.




NTLM or
IWA (integrated windows auth.) & Active
Directory
:

NTLM is a Microsoft
-
proprietary protocol that authenticates
users and computers based on an authentication challenge
and response. When an NTLM realm is used and a resource is
requested by the client from
the ProxySG, the appliance
contacts the user's or computer's account domain to verify
identity and then requests an access token. The access token
is generated by the domain controller and passed to (and if
valid, accepted by) the ProxySG.

In order to auth
enticate users
, the BlueCoat authentication
agent (BCAAA) is required. The agent is a WindowsNT/2000
+
compatible application for integrating NTLM security with the
ProxySG. It needs to be installed on a server (PDC, BDC, or
member that has the necessary tr
ust relationship). Blue Coat
has followed Microsoft’s recommended approach for NTLM
Proxy Authentication and implements the Security Support
Provider Interface:

“Microsoft encourages all Win32 application developers to
use the integrated security features
of SSPI for secure
distributed application development.”



Microsoft White Paper, the Security Support Provider Interface.



Copyright Blue Coat 2013


11


Major technology vendors that support SSPI include among
others, SAP, Oracle, and IBM.



IWA direct where the box can be joined
directly to active directory.

























Figure
3



Proxy mode authentication




Upgrading the BCAAA Authentication Service


SGOS 5.4.x requires you upgrade to Blue Coat Authentication and Authorization

Agent (BCAAA) version 130.

If you use one of the following authentication

realms, upgrade to the latest release of the Blue Coat Authentication and

Authorization Agent (BCAAA) service.




Integrated Windows Authentication: Windows® 2000 and 2003 (32 bit)



Oracle COREid: Windows
2000 and 2003 (32 bit)



CA eTrust SiteMinder: Windows 2000 and 2003 (32 bit) or Solaris™ 5.8 or 5.9



Windows SSO: Windows 2000 and 2003 (32 bit)



Novell SSO: Windows 2000 and 2003 (32 bit)




Copyright Blue Coat 2013


12


BCAAA can run on any hardware or virtual machine as long as the

preceding

operating system requirements are met.


Important: The BCAAA service cannot be installed on Windows NT, Windows
2008,or on Windows Vista.


BCAAA is distributed as a zip file or UNIX shell script, to be installed on a

Microsoft Windows system or
a Solaris system. The zip file for the BCAAA

service is posted with its corresponding SGOS version at


https://support.bluecoat.com/download/ProxySG


Using Multiple Versions of the BCAAA Service


If you access ProxySG appliances running different versions of SGOS, you will

require multiple version of the BCAAA service installed on your computer.

To ensure compatibility between the supported BCAAA version and SGOS

version installed on the ProxySG,

refer to the following table.



SGOS Version

Supported BCAAA Version


SGOS 4.2.1

100

SGOS 4.2.2

110

SGOS 4.2.3, SGOS 4.2.4

120

SGOS 5.1.1.x,SGOS 5.1.2,


SGOS5.1.3, SGOS 5.1.4

110

SGOS 5.2.1, 5.2.2,5.2.3

120

SGOS 5.3.x

120

SGOS 5.4.1

130

SGOS
5.5.x

130

SGOS 6.1.x( 32 Bit and 64 Bit)

130

SGOS 6.2.x ( 32 Bit and 64 Bit)

130

SGOS6.3.x ( 32 Bit and 64 Bit)

130

SGOS 6.4.x( 32 Bit and 64 Bit)

130


Install the lowest version of the BCAAA service first and the highest version of

BCAAA last,
allowing each version to uninstall the previous version. This process

leaves behind the bcaaa.ini and bcaaa
-
nn.exe files for the lower version.







Copyright Blue Coat 2013


13


Notes




Only one listening port is used, no matter how many versions you have

installed. The BCAAA service
hands off the connection to the appropriate

BCAAA version.




Installation instructions for BCAAA are located in
Volume 4: Securing the Blue

Coat ProxySG Appliance
in the
Blue Coat ProxySG Configuration and
ManagementSuite
documentation suite that is accessible through your
WebPower account

at
https://bto.bluecoat.com/documentation/pubs/view/SGOS%206.3.x%20





The BCAAA service cannot be instal
led on Windows NT, Windows 2008, or

on Windows Vista.


For information on support for other products, see
"Support for Other Products"

on page 47.


For more information:

https://bto.bluecoat.com/sgos/ProxySG/63/Authentication_We
bGuide/Authentication_WebGuide.htm
























Copyright Blue Coat 2013


14


4

Proxy Client
(BACK)


ProxyClient is the Solution






Remote Filtering



Cloud Connected



Threat Protection



Acceleration



Central Policy & Reporting



No Fees, No Extra Costs!

































Off Premise
Meetings

Tele
-
working

In Transit

Business
Travel

Working
Remotely

Branch
Office

Remote
Country

Office

Corporate WAN



Copyright Blue Coat 2013


15


5

Visual
Policy

Manager:

(BACK)


Blue Coat provides a GUI called
Blue Coat Visual Policy Manager
enabling
security administrators to create comprehensive and complex policies.













Figure
4



Blue Coat Visual Policy Manager


The actions that are part of policy creation are:



Allow, Authenticate, Deny, Modify Access Log



Suppress Headers, Control Request
Header, Control Response Header,
Coaching, Rewrite Host, Rewrite Header, Reflect IP



Bypass Cache, Return Exception, Redirect, Override Access Log



Strip Active Content, ICAP Patience Page, Block Popup Ads, Custom
Splash Pages



Rewrite Host, Rewrite Header, R
eflect IP, Combined Action


Return Exception

allows you to select exception types and associate a custom
message, if desired. Blue Coat provides a list of standard exceptions, but VPM
also accepts user
-
defined values.











Copyright Blue Coat 2013


16


Th
e

fol
l
ow
i
n
g

figu
r
e

label
s

V
P
M

components.



Menu

bar
T
o
o
l
b
ar



L
a
ye
r

t
abs


T
he

VP
M
Comp
o
nen
t
s


F
i
le

I
ns
t
a
l
l Po
l
icy

On
.
.
.
.

S
av
e
s

a
l
l

n
ew

po
l
icy

ru
l
e
s.

Revert

to

existing

P
o
licy
o
n
...

Igno
r
es

changes

a
nd

r
e
loads

installed

policy

r
u
l
es.

Ex
it

E
x
its

the

app
l
ication.

Edit

Ad
d

Rule
D
e
l
e
te

Ru
l
e

Adds

a

new

b
l
ank

r
u
le

t
o

t
he

visible

policy

l
ayer

or

r
e
mov
e
s

a

r
u
le

f
r
om

the

vi
s
ib
l
e

policy

l
a
ye
r
.

C
u
t
R
ule
C
o
py R
u
le

Pa
s
t
e

Rule

Standa
r
d

cut,

cop
y
,

and

pa
st
e

operation
s
.

Mov
e
R
u
le
(
s)

Up
Mov
e
Rule(
s)

Down

Moves

ru
les

up

or

down

one

position

in

a

policy

l
a
ye
r
.

Disable/Enabl
e

Layer

Disabl
e
s

or

enables

the

s
elected

laye
r
.

Y
ou

can

di
s
a
b
l
e

a

lay
e
r

w
i
t
h
out

r
emoving

i
t

f
r
om

the

VPM

(thus

losi
n
g

compo
s
ed

policy

r
u
les)

and

r
e
-
ena
b
l
e

it

if

r
eq
u
i
r
ed.

Renam
e
Layer

Blue

Coat

r
ecommends

r
enaming

lay
e
rs

to

make

for

easy

identification

when

many

layers

a
r
e

c
r
eat
e
d.

D
e
l
e
te

L
a
y
e
r

Deletes

a

specific

policy

l
a
ye
r
.

Ad
d

Laye
r
Guard

Used

to

set

matching

conditions.

See

"
A
b
o
u
t

the

Layer

Gua
r
d

Rul
e
"

on

p
age

17
3
.

Reorde
r
La
y
e
rs

Reo
r
d
ers

t
h
e

policy

lay
e
rs.

See

"
O
r
dering

Pol
i
cy

L
a
yers"

on

p
a
ge

17
2
.



Copyright Blue Coat 2013


17


Policy

Ad
d

Admi
n
Authenticatio
n

Layer
Ad
d

Admi
n
Acces
s

Layer

Ad
d

DN
S
Acces
s
Layer

Ad
d

SOCK
S

Authenticatio
n

Layer
Ad
d

SS
L
I
n
tercep
t

Layer

Ad
d

SS
L
Acces
s

Layer

Add

W
eb

Authentication

Layer
Ad
d

W
eb

Acces
s

Layer

Add

W
eb

Content

Layer
Ad
d

Forwardin
g

Layer

Add

CPL

Layer

The

Policy

menu

i
t
e
m
s

add

pol
i
cy

layers

to

be

populated

with

poli
c
y

r
u
les.

Configu
r
ation

S
et DNS Lookup

Restrictio
n
s

R
e
s
t
rict
s

D
N
S

loo
k
u
p
s

d
urin
g

pol
i
cy

eval
u
ation.


Se
t
R
e
vers
e

DN
S

Lookup

Restrictio
n
s

Restricts

r
everse

D
N
S

lookups

during

policy

evalua
t
i
on.


Set Gr
o
up Log

O
r
der

Con
f
i
g
u
r
e
s

the

o
r
der

in

whi
c
h

the

g
r
oup

i
nfo
r
mati
o
n

is

l
ogg
e
d.


E
dit

C
a
t
e
gori
e
s

E
d
its

cont
e
nt

f
i
lter
i
ng

cate
g
or
i
es.

V
iew

Generate
d
C
PL

Displ
a
ys

the

CPL

gener
a
ted

by

VP
M
.


C
u
rren
t
ProxyS
G

VPM Pol
i
cy

Fil
e
s

Displ
a
ys

the

c
u
r
r
ently

s
t
o
r
ed

VPM

pol
i
cy

f
i
le
s.


Ob
j
e
c
t

O
c
c
u
rren
c
es

Lists

the

use
r
-
c
r
eated

object(s)

in

the

s
el
e
ct
e
d

r
u
l
e;

l
i
sts

use

in

other

r
u
les

as

w
e
l
l
.


Al
l
Objects

Displ
a
ys

a

dialog

t
hat

lists

c
u
r
r
ent

s
t
atic

and

use
r
-
d
e
fined

VPM

obje
c
t
s
.

Y
o
u

can

also

c
r
eate,

edit,

and

delete

objects.

See

"C
e
nt
r
a
l
ized

Object

V
i
ew
i
ng

and

Manag
i
ng"

on

p
a
ge

16
3
.


T
o
o
l

T
i
ps

T
o
gg
l
es

the

tool
-
t
ip

d
isp
l
ay

on

a
n
d

o
f
f.

H
e
lp

H
e
lp

T
opi
c
s

Displ
a
ys

the

onl
i
ne

help.


Abo
u
t

Displ
a
ys

co
p
y
right

and

version

inform
a
t
i
o
n.










Copyright Blue Coat 2013


18


5.1

Policy

Layer

T
a
bs
(BACK)


Every

policy

layer

you

c
r
eate

f
r
om

the

Po
l
i
cy

>

A
dd

La
y
e
r
menu

displays

as

a

tab.

Cli
ck

a

ta
b

an
d

th
e

r
u
le
s

incl
u
ded

in

that

policy

layer

display

b
e
low

in

the

main

body

of

the

pane.

R
i
ght
-
clicking

a

tab

dis
p
lays

the

options

of

d
isable

or

enabling,

r
ena
m
ing,

and

deleting

the

p
o
licy

laye
r
,

or

adding

a

L
ay
er

G
u
ar
d
.














Ri
g
ht
-
c
l
ic
k

a

Po
l
ic
y

T
ab

t
o
Re
n
am
e
o
r
Del
e
t
e a
Pol
i
c
y

L
a
yer












The

layers

a
r
e:




A
d
mi
ni
stratio
n

A
ut
h
enticati
o
n

De
t
ermines

how

a
d
ministra
t
ors

acce
s
sing

P
r
oxySG

mu
s
t

au
t
henticat
e
.




A
d
mi
ni
stratio
n

A
cce
ss

De
t
ermines

who

can

access

the

P
r
oxySG

to

perform

adminis
t
ration

t
as
k
s.



DN
S

Acc
e
ss

Det
e
r
m
ines

how

the

P
r
oxySG

p
r
oce
s
ses

DNS

r
equ
e
st
s
.




SOCK
S

Authenticatio
n

D
e
termin
e
s

t
he

method

of

a
u
thentication

for

accessi
n
g

the p
r
oxy

t
h
r
ough

SOC
K
S.



SS
L

Intercep
t

D
et
e
r
m
ines

wh
e
th
e
r

to

tunnel

or

int
e
r
c
e
pt

HTTPS

tra
f
f
ic.



SS
L

Access

D
et
e
r
m
ines

the

allow/

deny

ac
t
ions

f
or

HTTPS

tra
f
fic.




W
e
b

Authenticatio
n

Determines

whether

user

clients

that

access

the

p
r
oxy

or

the
W
eb

m
u
s
t

authenticate.




Copyright Blue Coat 2013


19




W
e
b

Ac
c
es
s

D
etermines

w
hat

cli
e
nts

can

and

cannot

acc
e
ss

on

the

W
eb

and

s
p
e
c
ifie
s

an
y

r
e
str
i
ction
s

tha
t

appl
y
.




W
e
b

C
o
nte
nt

Determines

caching

behavio
r
,

s
uc
h

a
s

ver
i
ficat
i
o
n

an
d

ICAP

r
e
d
i
r
e
ction.



F
orw
ar
d
i
ng

D
et
e
r
m
ines

for
w
a
r
ding

hos
t
s

and

methods.



CPL

Allo
w
s

you

to

compose

C
ont
e
nt

Policy

Language

di
r
e
c
t
ly

into

the

VPM.

As

y
ou

c
r
eate

policy

layers,

you

will

c
r
eate

many

d
i
f
fe
r
ent

la
y
ers

of

the

same

type.

Often
,

a
n

ove
r
a
ll

polic
y

r
e
qui
r
e
s

l
ayer
s

of

di
f
fe
r
ent

types

designed

to

work

to
g
ether

to

p
e
rform

a

task.

For

example,

Authen
t
ica
t
ion

and

A
c
ces
s

layer
s

usually

accompany

each

other;

an

A
uthenticat
i
o
n

laye
r

determine
s

i
f

a

use
r

o
r

clien
t

must

authenticate,

and

an

Acce
s
s

la
y
er

subsequently

d
e
termin
e
s

w
he
r
e

that

us
e
r

or

cli
e
nt

c
a
n

g
o

(wh
a
t

P
r
ox
y
S
G

or

W
eb

s
i
tes

they

can

acce
s
s)

once

they

a
r
e

authenticate
d
.


5.2

W
e
b

Access

Po
l
icy

Layer

Reference
(BACK)

The

follo
w
ing

table

p
r
ovides

the

obj
e
c
t
s

a
v
a
i
l
a
bl
e

i
n

t
he

W
eb

Access

policy

l
a
ye
r
.

W
eb

Access

policy

layers

r
egulate,

f
r
om

a

g
e
n
eral

to

a

gra
n
ul
a
r

l
e
vel,

w
ho

or

w
hat

ca
n

acces
s

spe
c
ifi
c

W
e
b

lo
cation
s

o
r

co
ntent.




Users,

g
r
oups,

in
d
ividual

IP

add
r
esses,

and

subnets,

as

well

as

object

lis
t
s

comprised

o
f

any

combina
t
ion

of

t
he
s
e,

can

be

subj
e
ct

to

r
ules.




Rule
s

ca
n

i
nc
l
ud
e

ac
c
es
s

co
nt
r
ol

fo
r

spe
c
ifi
c

W
e
b

sites
,

spe
c
ifi
c

co
nten
t

f
r
om

any

W
eb

site,

individual

IP

add
r
e
ss
e
s,

and

subnet
s
.




Ac
t
io
n
s

t
ak
e
n

can

ra
n
ge

f
r
om

allowing

and

de
n
ying

ac
c
e
ss

t
o

mo
r
e

finely

tune
d

change
s

o
r

l
i
mitat
i
ons.




R
u
l
es

c
a
n

a
ls
o

b
e

s
u
bj
e
c
t

t
o

d
ay

a
n
d

t
i
me

specifications

and

p
r
otocol,

file

type,

and

agent

d
e
limit
e
r
s
.













Copyright Blue Coat 2013


20


Sour
c
e

Obj
e
c
t
s

Des
t
ina
t
i
o
n

Ob
je
c
t
s

Service

Objec
t
s

T
i
me

Ob
j
e
c
t
s

A
c
tion

Ob
j
e
c
t
s

T
rack

Obj
e
c
t
s

S
treamin
g
Client

Destinatio
n

IP

Address/Subnet

Usin
g

HTTP
T
r
an
s
p
ar
ent

Auth
en
t
ic
a
t
ion

T
i
me

Allow,

Dis
a
bl
e

F
ast
-

Caching

in

W
i
ndows

Media
Client/D
o
not
Dis
a
bl
e

F
ast
-

Caching

in
W
i
ndows

Media
Cli
e
nt

Ev
ent
Log

Clien
t
Hostname

Unavailable

Destination

Host/Port

V
i
r
us

Detected

Combined

Objects

Deny

Email

Gue
s
t

U
s
er

Req
u
e
s
t

URL

Req
u
est

URL

Application

Req
u
est

URL

Operation

Clien
t

Protoc
o
l


Fo
r
ce
De
n
y


I
M
Use
r
Agent

Unsupported






Auth
e
nt
i
c
a
ted

User

Req
u
est

URL

Ca
t
egory

Req
u
est

URL

Application

Req
u
est

URL

Operation

Se
r
vi
c
e

N
a
me


Bypass
C
a
c
he

S
NMP

Cli
e
n
t
I
P

Ad
dr
e
ss/

Subnet

Fil
e
Extensions

Protoco
l

Methods


Do Not

Bypass

Cache


Clien
t
Hostname

HTT
P

MIM
E

T
ype
s

IM

F
i
le

T
r
an
sf
er


Ch
e
ck
/
D
o

Not
Check

Author
i
z
a
tion

T
ra
c
e

Prox
y

I
P

Address/

Port

Apparen
t

Dat
a

T
ype

I
M

Messag
e

T
ext


Alway
s

V
erify

Combined

Objects

User

Respons
e
Code

I
M

Message

Reflection


U
se
Default

V
e
rification


Group

Respons
e
Header

S
t
reamin
g

Content

T
ype


Block/D
o

Not

Bloc
k
PopU
p

Ads


Att
r
ibute

Respons
e
Data

ICA
P

Erro
r

Code


Fo
r
c
e/D
o
Not
Fo
r
ce
I
W
A

for

S
e
rv
e
r
A
u
t
h


LDA
P
Attribute

IM
Buddy

Heal
th
S
tatus


Log

Out/Do

Not
Log

Out

Other
Us
e
rs
W
ith

Sa
m
e

IP




Copyright Blue Coat 2013


21


User

Login Address

IM C
h
at

Room

Combined

O
b
jects


Log

Out/Do

Not

Lo
g

Ou
t

U
s
er


Use
r

Logi
n
T
i
me

Serve
r
C
o
nnecti
o
n

DSC
P

T
r
igger



Log

Out/Do

Not
Lo
g

Ou
t

U
s
e
r

s

Other

Sessions


Use
r

Logi
n
Co
u
nt




Reflect/D
o

Not
Reflect

IM

M
es
s
ages


Client Address

Lo
g
in

Count




T
u
n
ne
l
/
D
o
N
ot

T
u
n
nel

IM

T
r
a
f
fic


Us
e
r

Auth
e
nt
i
ca
t
ion

Er
r
or

Com
b
in
e
d Obj
e
c
t
s



B
lo
c
k/Do

Not
Bloc
k
IM

Encryption


User

A
u
thorization

Er
r
or




Su
p
port
/
Do

Not
Su
p
port

Persistent

Clien
t

Requests


U
s
e
r

A
g
ent




Su
p
port
/
Do

Not
Su
p
port

Persistent

Serve
r
Requests


I
M
Use
r
Agent




T
ru
s
t/D
o

Not
T
r
u
st

D
e
s
t
in
a
tion

IP


Re
q
ue
s
t

He
a
der




Deny


SO
C
KS

V
ersion




Retur
n
Exception


IM User




Retur
n
R
e
direct


P2
P
Cli
e
nt




Sen
d

I
M
Alert


Cl
i
ent

Ne
g
oti
a
t
e
d

Cip
h
er




M
o
dif
y

A
c
c
e
ss

Logging


Cl
i
ent

Ne
g
oti
a
t
e
d

Cip
h
e
r

S
t
r
e
ngth




Overrid
e

Access

Log

Field


Client Con
n
ection

DS
C
P
T
r
igger




Rewrit
e

Host




Copyright Blue Coat 2013


22


Co
m
bin
e
d Ob
j
ec
t
s




R
ef
l
e
c
t

IP


P2
P
Cli
e
nt




Su
ppr
e
s
s
He
ad
er


Cl
i
ent

Ne
g
oti
a
t
e
d

Cip
h
er




Contr
o
l
R
equest
Hea
d
er
/C
ontrol

Response

Header


Cl
i
ent

Ne
g
oti
a
t
e
d

Cip
h
e
r

S
t
r
e
ngth




Notif
y
User


Client Con
n
ection

DS
C
P
T
r
igger




S
t
r
ip

Active

Content


Comb
in
e
d
Obj
ec
t
s




S
e
t

C
l
i
e
n
t
H
T
TP

Comp
r
ession






S
e
t

S
e
rv
e
r
HT
TP

Comp
r
ession






Manage

Bandwidth






M
o
dify

IM

M
es
s
a
ge






Return
I
C
AP

F
e
ed
b
a
c
k






S
e
t

Ex
t
ern
a
l

F
i
lt
e
r

S
e
rvi
c
e






Se
t

ICA
P

Request

S
e
rvi
c
e






S
e
t F
T
P

Connection






S
e
t

S
O
C
K
S

Acc
e
l
e
ra
t
ion






Disable

S
S
L

Det
e
c
t
ion




Copyright Blue Coat 2013


23






S
e
t

S
t
re
a
mi
n
g

M
a
x

Bit
r
ate






Set

Client
Connectio
n

DSCP

V
a
lue






S
e
t

S
e
rv
e
r
Connectio
n

DSCP

V
a
lue






S
e
t

A
DN

Connectio
n

DSCP






S
e
t

Author
i
z
a
ti
o
n

Refres
h
T
i
me






S
e
t

Cre
d
en
t
ial

Refres
h
T
i
me






S
e
t

S
u
rrog
a
te

Refres
h
T
i
me






S
e
t

S
e
rv
e
r
UR
L

DNS

Look
u
p






Combined

Objects



















Copyright Blue Coat 2013


24


5.3

SSL

Intercept

Layer

Reference
(BACK)


The

follo
w
ing

table

p
r
ovides

the

obj
e
c
t
s

ava
i
labl
e

i
n

th
e

SS
L

Inte
r
cep
t

po
l
icy

laye
r
.

Sour
c
e

Obj
e
c
t
s

De
s
tin
a
tion

O
b
j
e
c
t
s

A
c
tion

Obj
e
c
t
s

T
r
a
ck

O
b
j
e
c
t
s

Att
r
ibute

De
s
t
in
a
tion

IP Ad
d
ress/

Subnet

D
o
no
t
Preserve

Untrust
e
d
I
ssu
e
r

Ev
e
nt

Log

Auth
e
nt
i
c
a
ted

User

D
e
s
t
in
a
tion

Host/Port

P
r
eserve

Un
t
rust
e
d

Issuer

E
m
ail

Client Address

Login

C
ount

Reques
t
URL

Us
e

Default

Setting

for
P
r
eserve

Untrusted

Issuer

S
NM
P

Clien
t
Hostname

Reques
t

UR
L
Category

E
nabl
e
HTTPS

Interception

T
r
a
ce

Clien
t
Hostnam
e
Unavail
ab
le

S
e
r
ver

URL

Enable HTTPS
Interceptio
n
o
n

Exception

Comb
i
ned

Obj
e
c
t
s

Client IP

Ad
d
ress/Subnet

S
e
r
v
e
r

Ce
r
tificate

C
ombined

Objects


Group

S
e
rv
er

C
e
r
tif
i
c
a
te

Category



Guest

Us
e
r

Co
m
bin
e
d

O
b
je
c
ts



LDA
P
Attribute




Prox
y

I
P

Address/Port




U
s
er




Us
e
r

A
u
the
n
ti
c
a
t
ion

Err
o
r




User

A
u
thorization

E
r
ror




Use
r

Logi
n
Address




Use
r

Logi
n
Co
u
nt




Use
r

Logi
n
T
i
me




Com
b
in
e
d Obj
e
c
t
s















Copyright Blue Coat 2013


25




5.4

SSL

Access

Layer

Reference
(BACK)

The

follo
w
ing

table

p
r
ovides

the

obj
e
c
t
s

a
v
a
i
l
a
bl
e

i
n

t
he

SS
L

A
c
ces
s

Laye
r

poli
cy

laye
r
.

Sour
c
e

Ob
je
c
t
s

D
e
s
t
i
n
a
t
i
on

Objec
t
s

Service

Ob
j
e
c
t
s

Action

Obj
e
c
t
s

T
rack

Obj
e
c
t
s

Auth
e
nt
i
c
a
ted

User

D
e
s
t
in
a
tion

IP

Ad
d
ress/

Subnet

Req
u
es
t

Fo
r
w
arded

Allow

Even
t
Log

Clien
t
Hostname

Unavailable

D
e
s
t
in
a
tion

Host
/
Port

C
l
i
ent

Proto
c
ol

D
e
ny
(st
a
t
i
c)

E
m
a
il

Gues
t

User

Reques
t
URL

S
S
L

Prox
y

Mode

Require/D
o

Not
Require
C
lient

Certificate

SNMP

Cli
e
n
t
I
P

Ad
dr
e
ss/

Subnet

Reques
t
UR
L
Category

Healt
h

Check

Forc
e

Deny

T
r
ace

Clien
t
Hostname

Se
r
v
e
r

URL

Combine
d

Objects

Forc
e

Deny

(Co
n
te
n
t

F
i
lt
e
r)

Combined

Objects

Prox
y

I
P

Address/

Port

S
e
rv
er

C
e
r
tif
i
c
a
te


Deny


U
s
er

S
e
rv
er

C
e
r
tif
i
c
a
te

Category


R
e
turn

E
x
c
e
ption


Group

Se
r
ver

Ce
r
tificate


S
et Client
Certificate

V
a
lidation


Att
r
ibute

S
e
r
ver

Ce
r
tif
i
c
a
te

Category


S
et
S
e
rv
er
Certificate

V
a
lidation


LDA
P
Attribute

S
e
r
ver

Negotiated

Cipher


Se
t
Clien
t

Keyri
n
g


Use
r

Logi
n
Address

Se
r
ve
r

Negotiated

Cipher

S
tre
n
gth


Comb
in
e
d

Ob
j
e
c
ts


Us
e
r

A
u
the
n
ti
c
a
t
ion

Er
r
or

S
e
rv
er

N
e
gotiat
ed
SSL

V
er
s
i
o
n




User

A
u
thorization

Er
r
or

Co
m
bin
e
d

O
b
je
c
ts




Clien
t
Certificate





Cl
i
ent

Ne
g
oti
a
t
e
d

Cipher







Copyright Blue Coat 2013


26


Cl
i
ent

Ne
g
oti
a
t
e
d

Ciphe
r

S
t
r
e
ngth





Cl
i
ent

Ne
g
oti
a
t
e
d

S
SL
V
e
rsion





Com
b
in
e
d Obj
e
c
t
s







5.5

W
e
b

Authenticat
i
on

Pol
i
cy

Layer
(BACK)

The

follo
w
ing

table

p
r
ovides

the

obj
e
c
t
s

available

in

the

W
eb

Authentication

policy

laye
r
.

Sour
c
e

Obj
e
c
t
s

De
s
tin
a
tion

O
b
j
e
c
t
s

A
c
tion

Obj
e
c
t
s

T
r
a
ck

O
b
j
e
c
t
s

Cl
i
ent

Hostn
a
me

Un
a
va
i
la
b
le

De
s
t
in
a
tion

IP Ad
d
ress/

Subnet

Deny

T
race

Clien
t
I
P

Ad
d
r
ess/Subnet

Destin
a
tio
n

Host/Port

D
o
No
t
Authenticate


Clien
t
Hostname

Reques
t

URL

D
o
No
t
Authenticate

(Forwar
d

Credentials)


Prox
y

I
P

Address/Port

Reques
t
UR
L
Category

D
o

No
t

Sen
d

Credentials

Up
s
tream


U
s
e
r

A
g
ent


D
o
No
t
Us
e

Kerberos

Constraine
d
Dele
g
a
tion


Re
q
uest

He
a
der


Auth
e
nti
c
a
t
e


Com
b
ine
d
Objects

Combine
d

O
b
je
c
ts

A
uth
e
nti
c
a
t
e

Gue
s
t




Add Default

G
r
oup




F
o
rce

Aut
h
en
t
ic
a
te




Auth
e
nti
c
a
t
ion

Ch
a
rs
e
t




Set

IP Address

For

Auth
e
nti
c
a
t
ion




P
e
rm
i
t

Auth
e
nti
c
a
t
ion

Err
o
r




Permit

Authorizati
o
n

Err
o
r




Kerbero
s
Co
n
s
trained

Delegation




S
e
nd

Cred
e
nt
i
a
l
s

Up
s
tream




Comb
i
ned

Obj
e
c
t
s





Copyright Blue Coat 2013


27


6

Content

Filtering:

(BACK)


ProxySG offers as an option to enable the following Content Filtering databases
without additional hardware or software:




Proventia



Optenet



Webwasher



ALSI



ISS



BlueCoat Web Filter


User defined categories

can also be defined enabling security administrators to
create
“black”

and
“white”

lists.


7

Bluecoat

Web Filter
:

(BACK)


Blue Coat WebFilter

is an “on
-
proxy” web filtering solution that enables
enterprises and service providers to protect their users and networks from
Internet threats and abuse, including spyware; phishing attacks; P2P, IM and
streaming traffic; adult content; and others. WebF
ilter includes over fifteen million
ratings, representing billions of Web pages, organized into the most useful
categories. To ensure accuracy, each site can be classified into multiple
categories, which also allows customers to define an unlimited number
of “cross
-
categories” to fit specific requirements (for example block a site that is
categorized as both SPORTS and GAMBLING or block a site that is in ADULT
CONTENT except if it is also in HEALTH). To address sites not classified, each
license includes Dy
namic Real
-
Time Rating (DRTR™), a technology that
categorizes web sites on
-
the
-
fly as a user attempts access. Blue Coat WebFilter
runs on Blue Coat SG appliances, which provide the world’s fastest proxy
caching platform and most flexible policy enforcement
.






Copyright Blue Coat 2013


28


7.1

Blue Coat WebFilter URL Categories:
(BACK)


The Blue Coat WebFilter™ database

provides

over
six b
illion website

ratings

per
dayfor over 75 million users located in the largest enterprise and serviceprovider
networks ar
ound the world
, published in more than 50

languages, and organized
into
80

useful

categories.


-
> Abortion

-
> Adult/Mature Content

-
> Alcohol

-
> Alternative Sexuality/Lifestyles

-
> Alternative Spirituality/Occult

-
> Auctions

-
> Brokerage/Trading

-
>
Business/Economy

-
> Chat/Instant Messaging

-
> Computers/Internet

-
> Content Servers

-
> Cultural/Charitable Organizations

-
> Education

-
> Email

-
> Extreme

-
> Financial Services

-
> For Kids

-
> Gambling

-
> Games

-
> Government/Legal

-
> Hacking

-
> Health Sites

-
> Humor/Jokes

-
> Illegal Drugs

-
> Illegal/Questionable

-
> Intimate Apparel/Swimsuit

-
> Job Search/Careers

-
> LGBT

-
> Military

-
> News/Media

-
> Newsgroups/Forums

-
> Non
-
viewable

-
> Nudity

-
> Online Storage

-
> Open Image/Media Server

-
> Pay to Surf

-
> Peer
-
to
-
Peer (P2P)



Copyright Blue Coat 2013


29


-
> Personal Pages/Blogs

-
> Personals/Dating

-
> Phishing

-
> Political/Activist Groups

-
> Proxy Avoidance

-
> Real Estate

-
> Reference

-
> Religion

-
> Remote Access Tools

-
> Restaurants/Dining/Food

-
> Search Engines/Portals

-
> Sex Education

-
>
Shopping

-
> Social Networking

-
> Society/Daily Living

-
> Software Downloads

-
> Sports/Recreation

-
> Spyware Effects/Privacy Concerns

-
> Spyware/Malware

-
> Spyware/Malware Sources

-
> Suspicious

-
> Streaming Media/MP3s

-
> Tobacco

-
> Travel Sites

-
> Uncategor
ized

-
> User
-
Defined

-
> Vehicles

-
> Violence/Hate/Racism

-
> Weapons

-
> Web Advertisements

-
> Web Applications

-
> Web Hosting















Copyright Blue Coat 2013


30



Dynamic Rating and webpulse enabled for unattended updates












Copyright Blue Coat 2013


31



DRTR process








Figure 3


DRTR
process



Figure
5



DRTR
process













7.2

Apparent

Data

type
(BACK)


As more threats are transported over WEB protocols, it is required to identify the

content type” of the downloaded files. ProxySG

supports “Apparent Data Type”
that recognizes on the file the real type of the file. Therefore an executable which
would renamed as .gif with a different content
-
type header would be recognized
as an executable.





Copyright Blue Coat 2013


32


7.3

Custom URL Filters
(BACK)

Custom URL entries, exceptions and overrides are supported. Custom categories
can also be created on ProxySG and run alongside a commercial URL database on
the platform. Defined white list drive
-
by installers (fil
e types) from specific vendor
domains can be allowed, while blocking content and file types from blacklisted
domains.

Hence ProxySG provides custom white/black lists for URL filtering, request content
filtering, and the ability to blend these controls into

policy rules. If content type A
from domain B and categorized as NOT Suspicious, then allow content.
Administrators can define custom categories and policies to include or exclude from
user access. These custom filters can be defined using the Visual Pol
icy Manager
(VPM) or through CPL (Content Processing Language) scripts. CPL allows flexible
and complex policy develop outside of the boundaries defined by VPM. Blue Coat
provides Tech Briefs of advanced policy scenarios with VPM instructions and/or CPL
t
hat administrators can copy/paste into Blue Coat SG to install as new policy rules.














Copyright Blue Coat 2013


33


8

Web application Control
(BACK)




Over 200 apps/operations supported



Safe Search



Major Engines supported



Media Search engines as
well



Keyword Searches



Social Networks



Regulate Operations



Restrict abuse



Multi
-
media



Publishing



Sharing



Web Mail



And More!






























Upload Video

Upload Photo

Post Message

Send Email

Download Attachment

Upload Attachment




Copyright Blue Coat 2013


34


8.1

Web
application policy engine
(BACK)




GUI controls available now!



SGOS 6.2.3.1



VPM controls



Cloud Service











































Copyright Blue Coat 2013


35
















































Copyright Blue Coat 2013


36


8.2

Web Application Controls
(BACK)




Edit Operation Object



All operations listed



Select all or individual ops



Find Operations by Application Name



Select Operations Shown



Name to Easily Identify in Policy






































Copyright Blue Coat 2013


37


8.3

Webpulse
(BACK)


In addition to four Blue Coat products that directly incorporated or utilized
WebPulse, we’ve integrated WebPulse into two additional products in the past
year: our new Cloud product and PacketShaper.

This gives We
bPulse access to data from more users, different types of users,
and as a result
--
new types of data that help us to identify and nullify threats in via
background analysis and, increasingly in real
-
time.

We implemented both of these integrations to maximiz
e the data we can collect
while still protecting our customers’ privacy.

In the case of PacketShaper, we implemented to utilize WebPulse with caching
for all Web content ratings information. This is essentially the same model we
use for K9 and gives us
excellent visibility and insight into what is really
happening on the Web. In just 10 months since the integration of WebPulse into
PacketShaper, PacketShapers already account for nearly 5% of WebPulse
traffic.

In the case of cloud, WebPulse has full visib
ility into every request that passes
through the product which is invaluable in tracking certain types . Of course we
anonymize or filter out sensitive data such as user
-
identifiable information before
bringing this data from the Cloud to WebPulse for ana
lysis.






shaper



Copyright Blue Coat 2013


38




Content analysis

“what”

o

Long term strength

o

Analyzers



PDF



EXE



JavaScript



iFrame



Domain Name



Magic Bytes



Suspicious links



Reputation analysis “Who”

o

Web Reputation Factors



WHOIS data



IP info



IP address



Domain name



Historical info



Traffic pattern intelligent analysis
‘Where’

o

Malicious patterns

o

Suspicious traffic

o

33% of analyzed traffic rated in real Time

o

Pattern correlation for proactive analysis




Behavioral analysis

‘How’

o

Content



Sandbox
-
based



Proprietary

o

Site



“Lie Detector”



Server/Site DNA analysis
‘Connected’

o

Detect Related Sites & Servers



Clones



Close relatives




Copyright Blue Coat 2013


39



9

Antivirus
(BACK)


I
nline threat detection provides protection for areas where the cloud service lacks
visibility. Web mail attac
hments and software downloads, plus SSL traffic inspection are
key examples where a web gateway with inline threat detection provides an extra layer of
defense before web content arrives on the desktop or laptop. Performance features allow
inline threat
analysis to scale for large user audiences with the Blue Coat web gateway
solution.


The other advantages of web gateway inline AV is the inspection of large files (up to
2GB), inspecting to the depth of 99 layers of compression, and detecting masquerading

files natively or in archives with true file type checks. In essence you have a deeper,
larger, and frequently updated and always on AV defense layer using a secondary AV
engine/lab over the desktop. The economies of scale and defense benefits are well
worth
the investment.











Copyright Blue Coat 2013


40





Inline Threat Detection



Four Models



AV510, AV1200, AV1400 and AV2400



6M to 210Mbps, 7
-
9msec, inbound/outbound



four


Anti
-
Malware Choices



Four Modes of Analysis



Scan



Trickle First



Trickle Last



Defer Scan (e.g. Web
Radio, Media)




Co
-
Processor Architecture




Improved utilization with M:N ratio



Higher throughput per gateway



Results in less hardware



Optimized design












Copyright Blue Coat 2013


41


ProxyAV 1200/1400/2400

(BACK)




ProxyAV 1200
-
A



45Mbps
throughput



Dual core processor



ProxyAV 1400
-
A




>100 Mbps throughput



Single quad
-
core processor



ProxyAV 2400
-
A



>200 Mbps throughput




Dual quad
-
core processors



All units include



2 x 10/100/1000Base
-
T interfaces



Dual, hot
-
swappable power supplies



1U
form
-
factor with sliding, rack
-
mount rails



Tool
-
less chassis design



ProxyAV Administration
(BACK)




5
-
30min Update Checks



Custom Alerts



Malware Detected, Update Status, Files Dropped or Passed,
License Status, Expiration

Warning



SNMP Enhancements & Diagnostic Uploads



Enables you to monitor CPU, network utilization, RAM, and disk
usage on the ProxyAV and receive e
-
mail alerts for critical levels



Enables you to easily upload key log files by SR number to Blue
Coat Technica
l Support for troubleshooting



Threat Types



Differentiation between malware & potentially unwanted software
for finer detail in reports



On
-
box Licensing & Registration



S
-
ICAP Support (requires SSL license)














Copyright Blue Coat 2013


42


Depth & Size Controls

(BACK)




ProxyAV Default Settings



100MB files or less



500MB compressed archive



16 layers of compression



ProxyAV Maximum Settings



Up to 2GB files



99 layers of compression



Competitors do less…



IronPort defaults to 32MB, Websens
e only 10MB



Security SaaS solutions even less, plus fail open



Speed = small files, new date, no archives, fail open


ProxyAV Summary




Defense layer for inline threat detection



Optimized
co
-
processor design



Six anti
-
malware options



Four modes of analysis



Inspect SSL/TLS tunnels


























WebPulse


WebFilter

ProxySG

ProxyAV

ProxyClient

Hybrid Design / Layered Defenses



Copyright Blue Coat 2013


43




Malware Defined




Specific threats downloaded from web pages without a user’s knowledge,
often
piggybacking on a user’s trust of a known domain to deliver malware
payloads




Malware Classification



Virus


copies/infects without permission



Worm


self
-
propagating on a network



Trojan


destructive program inside a benign application



Bot


automated coo
rdination with networked computers



Rootkit


subverts control of operating system



Spyware


intercepts/controls user’s action with computer



Backdoor


covert access to enter undetected (bypass
-
auth)



Downloader


downloads/installs malicious software



Adware



automatically displays/downloads ads



Ransomware


encrypts individual’s data, demanding ransom


ICAP Traffic Deployment


Deployment options:


-


Use REQ
-
MOD for outbound traffic analysis (client request)

-


Use RESP
-
MOD for inbound traffic analysis (respons
e to client request)

-


ProxyAV is deployed with ProxySG for RESP
-
MOD traffic

-


Data Loss Prevention is deployed for REQ
-
MOD traffic

-


ProxySG has three NICs, private network for AV & DLP analysis

-


Off load provides optimal performance for web gateway






Copyright Blue Coat 2013


44



10

Control

IM, P2P and Streaming Applications

(BACK)

Internet applications, such as Instant Messaging (IM), peer
-
to
-
peer (P2P) file
sharing networks and multi
-
media streaming applications, continue to increase in
popularity wi
thin corporate networks