Web Security.cloud Best Practices

book

Article ID: 178693

calendar_today

Updated On:

Products

Web Security.cloud

Issue/Introduction

 

Resolution

When you are provisioned with Web Security, it is enabled with default settings. A policy rule is defined to block traffic to Web pages with URLs that are known to contain content in the following categories: Adult/Sexually Explicit, Illegal Activity, Spam URLs, and Spyware. This rule constitutes the best practice setting for the Web Security Service. You can configure further rules to reflect your organization's Acceptable Use Policy, but we recommend that you keep the default rule as a minimum default setting.

To configure the best practice rule

  1. Click Services > Web Security Services > Web URL Filtering.

    The Policy Rules page with a rule called Default is displayed.

  2. To view the components of the rule, click the name of the rule.

    The Rule tab is displayed showing the rule name and Block & Log action setting.

  3. Click on the URL Categories tab.

    The Use URL Categories below checkbox is selected and the following four categories are checked -Adult/Sexually Explicit,Criminal ActivitySpam URLs, and Spyware.

When configuring rules, note the following:

  • Use distinct rule names and keep a record of your rule configurations so you can easily amend them later, if required.

    For example, it could be confusing if two rules handle the same traffic differently at certain times of the day and they are not named appropriately. Try to group similar rules together in the rule list; if one rule changes, it is easier to remember to change similar rules, if required.

  • As with any live service setup, you are strongly advised to check thoroughly that the new configuration for accessing the web works satisfactorily before turning off the previous setup. This is normally best achieved by performing a limited deployment on several PCs and checking everything thoroughly before you roll out the deployment across your company. You may want to extend the basis of the test configuration beyond the scope described in this guide.

  • When you first set up your rules relating to what is blocked or allowed, it is useful to set the rule to 'Block and Log', or 'Allow and Log.' Then you can verify that it operates as expected by looking in the detailed reports.

    When you are satisfied that everything is configured correctly, the 'Block and Log' can be reset to 'Block' (and 'Allow and Log' can be set to 'Allow'), knowing that it has already been tested. Note that if a rule is set to 'Block' (rather than 'Block and Log'), the blocked event will not appear in the detailed reports. It also does not contribute to the system statistics. 'Block' or 'Allow' (with no log) should therefore only be used when you do not need to track whether (or how often) the rule is applied.

  • To use specific groups and users in your rules, you must download and install the Client Site Proxy. You can also synchronize directory information with us using the Group Synchronization Tool. Check that these components are installed and working as expected before configuring rules based on Group and User information.

  • The Web URL Filtering element of Web Security actively blocks access to certain Web sites when configured to do so. As a result, you might not be able to access some essential websites. To minimize the chance of this happening, we recommend that you specifically permit access to the following sites at the top of your policies list:

     

    The portal

    The URL for Web Security Services Configuration Management Portal

    Websites

    The URL for the Web Security Services supplier

    The URL for your organization's website

    The URL for the websites of any partners or subsidiaries of your organization

    The URL for your desktop antivirus vendor's website. To enable automatic downloads of antivirus signatures for your PCs

    Quarantine Manager

    us.quarantine.symantec.com

    eu.quarantine.symantec.com

    Certain sites are always allowed (whitelisted) when you use Web Security. These sites cannot be blocked using Web Security policy rules. We recommend that you always permit access to relevant download sites, such as Windows updates, desktop software, and antivirus vendor software. Some of these sites may already be whitelisted on our infrastructure.

    These are the URLs allowed for Windows updates:

     

    • url-prefix http://update.microsoft.com/

    • url-prefix http://download.microsoft.com/

    • url-prefix http://v5.windowsupdate.microsoft.com/

    • url-prefix http://windowsupdate.microsoft.com/

    If you need to block any of these sites and cannot achieve this using your policy rules, you may be able to use the Client Site Proxy or your firewall. If you have difficulty blocking access to a particular site, contact the Support team.

  • Place rules that should have no exceptions (such as block spyware and porn) at the top of the list.

  • Avoid defining rules that 'allow' access based only on content type or file type. If such a rule exists higher up the list than a 'block' rule that applies to a particular site, then the 'allow' rule is applied, and the traffic that you want to block may be allowed.

    Similarly, if there is already a rule higher up the rules list that blocks the traffic from a particular Web site , the 'allow' rule would never be hit.