A DMINISTRATOR ' S G UIDE KASPERSKY HOSTED SECURITY SERVICES
Dear User! Thank you for choosing our product. We hope that this documentation will help you in your work and will provide answers regarding this software product. Warning! This document is a property of Kaspersky Lab Ltd, and all rights to this document are reserved by the copyright laws of the Russian Federation and international treaties.
CONTENTS INTRODUCTION ........................................................................................................................................................... 7 Navigation ................................................................................................................................................................ 7 Logging in ...................................................................................................................................................
KASPERSKY HOSTED SECURITY SERVICES Filtering Scheduled Reports ............................................................................................................................. 37 Delete an existing Web Filtering Scheduled Report ................................................................................... 38 Add a Web Filtering Scheduled Report ...................................................................................................... 38 Filtering Forensic Audit...............
CONTENTS IM Control Summary Reports ........................................................................................................................... 70 Viewing the reports ..................................................................................................................................... 71 IM Control Scheduled Reports .........................................................................................................................
KASPERSKY HOSTED SECURITY SERVICES Case 3: User Authentication Key ................................................................................................................ 96 Creating and deleting Authentication Keys....................................................................................................... 97 Creating an Authentication Key ..................................................................................................................
INTRODUCTION This guide explains how to set up and manage your services via the Administrator's Guide to Kaspersky Hosted Security portal. NAVIGATION There are seven main elements to Kaspersky Hosted Security: Dashboard Web Virus Spyware Web Filtering IM Control Admin Support These are shown as tabs at the top of the Kaspersky Hosted Security screen along with a Logout link. Simply click the tab corresponding to the function which you wish to manage.
KASPERSKY HOSTED SECURITY SERVICES Once you have selected a particular function, a corresponding ‘sub-service’ menu will appear in the left hand column. This menu includes a set of ‘sub-service’ buttons, which will appear for each of the four main Kaspersky Hosted Security services: Reports – provides access to a number of available reports. Management – allows you to configure and deploy usage and security policies for each of the Kaspersky Hosted Security.
INTRODUCTION DASHBOARD PAGE Once you have logged into Kaspersky Hosted Security, you will automatically be taken to the ‘dashboard’ page. This page welcomes you to Kaspersky Hosted Security portal and also provides you with the latest news regarding virus outbreaks, improvements to the Kaspersky Hosted Security services, and a summary of each service. The summary for each service can be accessed through the drop down menu on the right hand side.
KASPERSKY HOSTED SECURITY SERVICES DROP DOWN TOP GRAPH BOTTOM GRAPH All blocks: HTTP Hits per Day: Bar graph for all blocked events for all provisioned services for specified time period (day, week, month, year) Line graph with number of HTTP hits per day Viruses blocked: Top 10 Virus blocks: Line chart with number of viruses detected and blocked Bar chart with top 10 virus blocks and name of virus available in scroll over Spyware blocks: Top 10 spyware blocks: Line chart with number of malwar
WEB VIRUS SERVICE The ‘Web Virus’ service utilizes two sub-service buttons: Reports Notifications Each will be described in the following sections. WEB VIRUS SUMMARY PAGE The Web Virus Summary sub-service lets you view related real-time Web virus activity at a glance. You can select the required time scale from the top of the window: daily, weekly, monthly, or yearly. Web Virus Blocks: This shows the number of Web virus instances blocked by the Web Security service.
KASPERSKY HOSTED SECURITY SERVICES TO VIEW SUMMARY DATA 1. Click the ‘Web Virus’ service tab at the top of the screen. This will automatically take you to the Web Virus Reports page. 2. The default time period for the statistics displayed is for the last 24 hours (Daily). You can switch this to display weekly, monthly or yearly statistics by clicking the corresponding ‘Weekly’, ‘Monthly’ and ‘Yearly’ buttons located just below the main navigation bar at the top of the page. 3.
WEB VIRUS SERVICE WEB VIRUS SCHEDULED REPORTS This feature provides Web Virus scheduled reporting, available either as a table, graph or both. You can select the type of presentation, report date range, users to report on, the report generation scheduled, formatting options, and who to email the report to. Kaspersky Hosted Security generates this report once a day from the Internet traffic that your organization sends within a 24-hour period. EDIT AN EXISTING WEB VIRUS SCHEDULED REPORT 1.
KASPERSKY HOSTED SECURITY SERVICES DELETE AN EXISTING WEB VIRUS SCHEDULED REPORT 1. Click the ‘Web Virus’ service tab at the top of the screen. 2. Click the ‘Reports’ link and select ‘Scheduled Reports’. 3. From the Web Virus Scheduled Reports page, you can click the checkbox to the right of the available reports, and then click the ‘Delete Reports’ button to delete the selected reports.
WEB VIRUS SERVICE You can filter on either groups or user (not a combination of both). Clicking the Add group or Add user button will bring up a popup where you can select them, When you save, only the open filter (group or user) will be saved. Step 4: Schedule the report delivery, by selecting the specific start date using the drop down boxes, and selecting the frequency of the scheduled report delivery: either Once only, Daily, Weekly or Monthly.
KASPERSKY HOSTED SECURITY SERVICES WEB VIRUS FORENSIC AUDIT The Web Virus Forensic Audit sub-service lets you receive a detailed audit trail of all Web Virus scanning activity resulting in a blocked Web request. VIEWING A VIRUS EVENT EXPORT (WEB VIRUS AUDIT) 1. Click the ‘Web Virus’ service tab at the top of the screen. 2. Click the ‘Forensic Audit’ link in the ‘Reports’ sub-service tab. 3.
WEB VIRUS SERVICE The requested activity is exported to a CSV file and contains the following data: Date/Time – date and time of the block. Threat Type – lists the pattern name of the offending malware (virus, worm, Trojan, etc.). User – identifies the external IP address of the customer site. Internal IP – identifies the internal IP address of the user. Group – identifies the directory group from which the Web request originated (if available – requires installation of a Connector).
KASPERSKY HOSTED SECURITY SERVICES There are two ways to select an individual user: search mode or alphabet search. Please note that the system is designed to search for usernames, so those in Active Directory format (WinNT://domain\user) can only be searched for the username part of the string. The system will display the complete active directory string for those users which are registered in this way.
WEB VIRUS SERVICE WEB VIRUS NOTIFICATIONS Under the Web Virus Notifications sub-service tab, there are two settings which require configuration: User Messages – specifies the message which an end-user will see when a Web request is blocked. Email Alerts – lets the administrator receive an email alert when malware is blocked. Further information is given on these settings below.
KASPERSKY HOSTED SECURITY SERVICES 6. Once you are happy with the Alert Page modifications you have made, click the ‘Save’ button located at the bottom of the screen. 7. Click the preview button just beneath the text area to see how the additional information is rendered. You must save your changes before preview displays your new settings.
WEB VIRUS SERVICE 3. Select whether or not you want to be notified when a virus is blocked by selecting ‘Yes’ or ‘No’ from the drop down box. 4. Enter the email address (or addresses) you want notifications to be sent to in the empty text fields provided. You can specify a maximum of five different email addresses to which you wish to have alerts sent. If you require the alerts to be sent to more addresses than this, we recommend that you set up a group mailing address. 5.
SPYWARE The ‘Spyware’ service utilizes three sub-service buttons: Reports Management Notifications Each will be described in the following sections. SPYWARE SUMMARY PAGE The Spyware Summary sub-service lets you view related spyware, phishing, and adware activity at a glance. You can select the required time scale from the top of the window: daily, weekly, monthly, or yearly.
SPYWARE TO VIEW SUMMARY DATA 1. Click the ‘Spyware’ tab at the top of the screen. This will automatically take you to the Summary Page. 2. By default, the time period for the statistics displayed on the page is for the last 24 hours. You can switch this to display weekly, monthly or yearly statistics by clicking the corresponding ‘Weekly’, ‘Monthly’ and ‘Yearly’ buttons located just below the main navigation bar at the top of the page. 3.
KASPERSKY HOSTED SECURITY SERVICES VIEWING THE REPORTS 1. Click the ‘Spyware’ service tab at the top of the screen. 2. Click the ‘Reports’ link and select ‘Summary Reports’. 3. Select the required reporting period from the top of the page (Daily, Weekly, Monthly or Yearly). 4. From the pull-down list, select an end date for the reporting period. 5. To view a specific report, simply click the ‘Graph’ button located just to the right of the report’s name, underneath the ‘View’ heading.
SPYWARE EDIT AN EXISTING SPYWARE SCHEDULED REPORT 1. Click the ‘Spyware’ service tab at the top of the screen. 2. Click the ‘Reports’ link and select ‘Scheduled Reports’. 3. From the Spyware Scheduled Reports page, you can click available reports by clicking their name, which is underlined as a link, to edit the report. 4. The report will allow you to change all options, except that the presentations that were previously selected are not editable.
KASPERSKY HOSTED SECURITY SERVICES Step 2: Select the desired date range required: either Yesterday, Last full week, Last full month or a customized date range. Step 3: Select either all users or specific users or groups by clicking the ‘Edit’ button. The Groups and User IPs screen show the available groups and User or IP addresses that are available to be reported on. This data is based on the monitored traffic. You can filter on either groups or user (not a combination of both).
SPYWARE Step 6: Select the report recipients by selecting the email group, entering the subject line of the email, the message text and a password to open and review the report. If you want to create new email groups or edit existing ones, click the ‘Email Groups’ button. Select the Email Group on the left side to see the email addresses assigned to that group on the right side. You can add new email groups, delete groups, and remove and add email addresses.
KASPERSKY HOSTED SECURITY SERVICES SPYWARE FORENSIC AUDIT The Spyware Audit sub-service enables an administrator to receive a detailed audit trail of all Spyware scanning activity resulting in a blocked Web request. VIEWING A VIRUS EVENT EXPORT (SPYWARE AUDIT) 1. Click the ‘Spyware’ service tab at the top of the screen. 2. Click the ‘Forensic Audit’ button in the ‘Reports’ sub-service tab. 3.
SPYWARE SPYWARE MANAGEMENT Spyware Management consists of just one sub-service tab, Manage Approved List. ADWARE PROGRAMS By default, Kaspersky Hosted Security blocks some incoming programs that is defines as adware. If an administrator requires a specific adware application to be permitted, the administrator can simply ‘check’ the required adware instance/application within the Approved List.
KASPERSKY HOSTED SECURITY SERVICES SPYWARE NOTIFICATIONS Under the Spyware Notifications sub-service tab, there are two settings which require configuration: User Messages – specifies the message which an end-user will see when a request is blocked. Email Alerts – enables an administrator to receive an email alert whenever spyware is blocked.
SPYWARE USING VARIABLES TO CUSTOMIZE BLOCK PAGE TEXT You may insert #reason, #url, #category or #username into the HTML in your custom block page and the block page will show the reason for the block event.
KASPERSKY HOSTED SECURITY SERVICES 3. Select whether or not you want to be notified when a spyware application is blocked by selecting ‘Yes’ or ‘No’ from the drop down box. 4. Enter the email address (or addresses) you want notifications to be sent to in the empty text fields provided. You can specify a maximum of five different email addresses where you wish to have alerts sent. If you require the alerts to be sent to more addresses than this, we recommend that you set up a group mailing address. 5.
FILTERING The Filtering service enables you to: configure, enforce, and monitor Web content filtering for your organization; view comprehensive, filtering related information in the form of statistical reports, graphs, tables and exportable data files, based on your Web traffic and filtering blocks; customize the HTML block alert page; set up and manage email alerts for monitoring.
KASPERSKY HOSTED SECURITY SERVICES Pages Blocked (table): this table displays all the filtering blocks by Kaspersky Hosted Security for the given time period. The table shows 100 entries at a time and orders them by most recent. There are links at the bottom of the table to step back in lots of 100, until you reach the very first page blocked by Kaspersky Hosted Security for the given time period. For each blocked instance, the table will display: The date and time the page was blocked.
FILTERING FILTERING REPORTS There are three different types of reporting available: Summary Reports Scheduled Reports Forensic Audit Reports FILTERING SUMMARY REPORTS This feature provides a Filtering Summary Report which is available either as a table, graph or exportable file. The exportable files are provided for those who wish to import the reports data into their own reporting applications.
KASPERSKY HOSTED SECURITY SERVICES Report Descriptions: REPORT NAME DESCRIPTION GRAPH TYPE Bytes Received by Hour The number of bytes downloaded by the hour Bar Bytes Sent by Hour The number of bytes uploaded by the hour Bar Connections per Hour The number of requests for files by the hour Bar Top 10 Categories by Bytes Received The top 10 Web content categories based on bytes downloaded Bar Top 10 Categories by Bytes Sent The top 10 Web content categories based on bytes uploaded Bar Top
FILTERING REPORT NAME DESCRIPTION GRAPH TYPE Top 10 Users by Connections The top 10 individual users based on how many requests they have generated through browsing Pie Top 10 Users by Connections (Auctions / Classified Ads) The top 10 individual users based on how many requests they have made to Auctions / Classified Ads Web sites Bar Top 10 Users by Connections (Chat) The top 10 individual users based on how many requests they have made to Chat sites Bar Top 10 Users by Connections (Erotic /
KASPERSKY HOSTED SECURITY SERVICES 3. Click the ‘Scheduled Reports’ link and select ‘Scheduled Reports’. 4. From the Filtering Scheduled Reports page, you can click available reports by clicking their name, which is underlined as a link, to edit the report. 5. The report will allow you to change all options, except that the presentations that were previously selected are not editable. If you wish to change the presentations you wish to report upon, you should create a new scheduled report. 6.
FILTERING All Protocols by Connections Users by Categories File Types by User Top Users by No of Hits File Types by Connections Categories by User File Types by Bandwidth Top Destinations by Bandwidth Top Groups by Bytes Transferred Top Categories by Bandwidth Throughout the day, Kaspersky Hosted Security counts the length of time each user downloads data through the Web browser. This counter stops after 4 minutes of inactivity from the user.
KASPERSKY HOSTED SECURITY SERVICES You can filter on either groups or user (not a combination of both). Clicking the Add group or Add user button will bring up a popup where you can select them, When you save, only the open filter (group or user) will be saved. Step 4: For those reports that are based on categories, you can select a subset of these categories to report on. You can select multiple categories for the filter.
FILTERING Select the Email Group on the left side to see the email addresses assigned to that group on the right side. You can add new email groups, delete groups, and remove and add email addresses. Email addresses are restricted to the company domain that is created when your account is created. If you would like to add additional company domains, please send a request to KHSS-Support@kaspersky.com. Click the ‘Back’ button to return to the previous screen.
KASPERSKY HOSTED SECURITY SERVICES To generate a Filtering Forensic Audit for Allowed Traffic: 1. Click the ‘Filtering’ service tab at the top of the screen. 2. Click the ‘Forensic Audit – Allowed Traffic’ button in the ‘Reports’ sub-service tab. 3. From the Forensic Audit page, select the desired date from the drop-down list of available days. Select who the audit is about – this can mean a specific user or the entire company. (See ‘User Selection Tool’ on page 17 for more information). 4.
FILTERING URL: lists the requested URL. The report can be generated in a similar way to the ‘Allowed Traffic’ report (see ‘Allowed Traffic’ on page 41). FILTERING MANAGEMENT The process of configuring a Web Filtering policy requires the use of several ‘filtering objects’. Each of these objects is listed under the Web Filtering Policy Manager Management sub-menu.
KASPERSKY HOSTED SECURITY SERVICES Policy: A policy is a series of rules which operate in a fall-through manner, much the same way as a firewall does. Each rule is made up of a ‘WHO’ filter, a ‘WHAT’ filter and a ‘WHEN’ filter, alongside the action to take if this rule is matched. Rules can be active or inactive and can be reordered within the policy. Quotas: A quota is an administrator-defined parameter which limits user Web usage, typically by time spent ‘surfing’ or by bytes downloaded.
FILTERING EDITING OR VIEWING A FILTER 1. Click the ‘Web Filtering’ service tab on the main navigation bar at the top of the screen. 2. Under the Management sub-service dropdown, click the ‘Filter’. This will bring up the ‘Manage Filter’ screen. 3. The main ‘Manage Filters’ page presents you with a list of all your current filters. To review the settings for a particular filter, click the restriction name in question or click the ‘Edit’ button.
KASPERSKY HOSTED SECURITY SERVICES 3. Click the boxes next to the corresponding categories which you want to select. 4. If you want to select all the available categories, you can click the ‘Select All’ button located at the bottom of the page. Conversely, you can click the ‘Deselect All’ box to remove all category selections. 5. Click the ‘Save’ button at the bottom of the screen to save your changes.
FILTERING CONTENT TYPES. CONFIGURING THE CONTENT TYPES YOU WOULD LIKE TO FILTER 1. Verify that you have selected the particular Filter you wish to edit. 2. Click the ‘Content Types’ tab. This will bring up the ‘Content Types’ page. 3. Click the boxes corresponding to the content types which you want to filter on. A check mark indicates that the Content Type will be filtered. 4.
KASPERSKY HOSTED SECURITY SERVICES 8. Once you are satisfied with the content types you wish to filter on, click the ‘Save’ button located at the bottom of the screen. Clicking the ‘Cancel’ button will return you to the previous page without saving any of the current settings. DELETING A FILTER 1. Click the ‘Web Filtering’ service tab on the main navigation bar at the top of the screen. 2. On the Management sub-menu click the ‘Filters’. This will bring up the main ‘Filters’ page. 3.
FILTERING HOW KASPERSKY HOSTED SECURITY PROCESSES SCHEDULES Within Kaspersky Hosted Security a schedule takes precedence based on the position of the rule with the policy.
KASPERSKY HOSTED SECURITY SERVICES If you would like to create a 24-hour Schedule, then you must set both the ‘From’ and ‘To’ times to 00hrs 00mins. 6. Select the time zone for which you would like to set up this Schedule. 7. Select the days of the week for which you would like the Schedule to be active. This is done by clicking the check boxes located next to each day of the week.
FILTERING DELETING A SCHEDULE 1. Click the ‘Web Filtering’ service tab on the main navigation bar at the top of the screen. 2. Click the ‘Schedules’ link in the ‘Management’ sub-service menu. This will bring up the main ‘Manage Schedules’ page. 3. The main ‘Manage Schedules’ page presents you with a listing of all your current Schedules. To delete an existing Schedule, click the corresponding check box next to an existing Schedule and click the ‘Delete Schedules’ button. 4.
KASPERSKY HOSTED SECURITY SERVICES 3. Click the ‘Create a Rule’ tab located at the top of the page. You will then be taken to the ‘Create a Rule’ page. This page allows you create a new rule in the policy. 4. The first thing you need to do is give it a unique name in the ‘Name:’ field. 5. You should now choose which action is going to take place when this rule is matched.
FILTERING 8. Once you can see the group you want, click the ‘Select’ button and then click the ‘Confirm Selection’ button to return to the rule with the group added to the rule. 9. Clicking the ‘Go’ button with an empty search box will return a list of all groups registered against your company. 10. You then need to define ‘WHAT’ this rule will filter on. You can select any of your filters from the drop down box and click the Add button.
KASPERSKY HOSTED SECURITY SERVICES 12. Click ‘Create Rule’ to save the pairings to return to the Manage Policy window. Unless you have checked the ‘Active’ checkbox, the rule will be inactive (grayed out). You can now move the rule into the correct position using the up and down arrows on the left hand side of the rule. Once it is in the correct position, you can click the active check box and apply the changes. ORDERING THE RULES The Company policy works in much the same way as a firewall.
FILTERING DELETING A RULE 1. Click the ‘Web Filtering’ tab on the main navigation bar at the top of the screen. 2. Click the ‘Policy’ link in the ‘Management’ sub-service menu. This will then bring up the main ‘Manage Policy’ page. 3. Find the Rule within the listed Policy that you want to delete, and then click the ‘Delete’ Button located to the right of the pairing. 4. You will then be presented with a pop-up dialog box asking you if you are sure you want to delete the rule.
KASPERSKY HOSTED SECURITY SERVICES Once these filters have been created, you need to create two new rules in the policy. To create the Global White List rule, you should add the Global White List filter only to a rule called ‘Global White List’. To create the Global Black List rule you should add the Global Black List filter only to a rule called ‘Global Black List’.
FILTERING These rules now need to be positioned correctly and activated. They will appear in the Company Policy list (inactive) just above the default rule. The Global White list should be moved to the top of the rules and the Global Black list should be just under it. Both rules should be activated.
KASPERSKY HOSTED SECURITY SERVICES QUOTAS Quotas are only available when using the Connector. Quotas enable you to limit the amount of Web access a user can have on a daily or weekly basis.
FILTERING 5. Select the group to which you want to apply the Quota. (If you want this Quota to apply to everyone, then leave the group blank). By clicking the ‘Browse’ button you will see the group search selector. This selector will allow you to find a specific group (both custom and directory) from your list of groups. Click the ‘Select’ button next to the group and then click the ‘Confirm Selection’ button.
KASPERSKY HOSTED SECURITY SERVICES DELETING A QUOTA 1. Click the ‘Web Filtering’ service tab on the main navigation bar at the top of the screen. 2. Under the Management sub-service dropdown, click the ‘Quota’. This will bring up the ‘Manage Quotas’ screen. 3. Click the ‘Delete’ button corresponding to the quota you wish to delete. The following popup message will appear: 4. Click OK to delete the quota. 5. The page will refresh, and quota will no longer be shown in the list of existing quotas.
FILTERING SEPARATE HTTP/HTTPS FILTERING By enabling this check box, the Filters page will alter to show two different tabs. Clicking the Categories (HTTP) tab will take you to the page to define the restrictions for HTTP only traffic. Clicking the Categories (HTTPS) tab will take you to the page to define the restrictions for HTTPS only traffic.
KASPERSKY HOSTED SECURITY SERVICES SUPPORTED SEARCH ENGINES Google www.google.com , www.google.co.uk , www.google.ca , www.google.de , www.google.com.au , www.google.ie , www.google.ru , www.google.dk , www.google.no , www.google.se , www.google.fi , www.google.nl Yahoo www.yahoo.com , www.yahoo.co.uk , www.yahoo.com.au , www.yahoo.ca , www.yahoo.ie , www.yahoo.dk , www.yahoo.no , www.yahoo.se , www.yahoo.fi MSN www.msn.com , www.msn.co.uk , www.msn.com.au , www.msn.ca , www.msn.ie , www.msn.
FILTERING Now each search result/advertising link will be annotated with an icon that displays information about the link based upon your corporate Web filtering policy and sites that contain malware. ANNOTATIONS This site is compliant with the Web usage policy set by your administrator. While this content is not blocked by your administrator, it is advisable to proceed with caution. (This will be seen if the category is covered by the ‘Warn’ action within the policy for the user.
KASPERSKY HOSTED SECURITY SERVICES THE SEARCHAHEAD BUBBLE By placing the mouse over the annotation, more detailed information is shown to the end-user. The SearchAhead Bubble details whether or not the link is considered safe and passes your corporate Web Filtering policy. It will also show you the categorization for the site as well. Sites which fail the corporate Web Filtering policy clearly show this by the use of the Red Cross icon.
FILTERING ACCEPTABLE USAGE POLICY SCREEN Many users today claim to not be aware of the company’s Acceptable Usage Policy (AUP) for the Web. To help our customers, Kaspersky Hosted Security provides a click-through Acceptable Usage Policy screen. This Параметры, is only available управляющие to customers взаимодействием using the Connector Антивируса v2.5 orКасперского higher in workgroup с мастер-агентом mode. SNMP, находятся в конфигурационном файле snmp_settings.
KASPERSKY HOSTED SECURITY SERVICES 6. Once you are happy with the AUP Page modifications you have made, click the ‘Save’ button located at the bottom of the screen. 7. Click the preview button just beneath the text area to see how the additional information is rendered. You must save your changes before preview displays your new settings. The Параметры, AUP screens управляющие rely on the Quota взаимодействием functionality of Антивируса the Standalone Касперского Connector.
FILTERING 4. Enter the desired HTML into the ‘User Messages’ field. Any images/css referenced needs to be a resolvable location. Typically you will be required to host your own images/css for this page. 5. You may insert #reason, #url, #category or #username into the HTML and it will be parsed as the reason for the block event. More detail on this is available in the next section. 6.
KASPERSKY HOSTED SECURITY SERVICES USING VARIABLES TO CUSTOMIZE BLOCK PAGE TEXT You may insert #reason, #url, #category or #username into the HTML in your custom block page and the block page will show the reason for the block event. An example to the right shows this more clearly.
IM CONTROL The IM Control service enables you to: Configure, enforce, and monitor IM use within your organization. View comprehensive, filtering related information in the form of statistical reports, graphs, tables and exportable data files, based on your IM traffic and filtering blocks. Set up and manage email alerts for monitoring. Changes made to IM Control settings will be applied to your live IM Control service within 60 seconds of submission via Kaspersky Hosted Security portal.
KASPERSKY HOSTED SECURITY SERVICES Top 10 Users by Blocked Messages. This shows the following information: Date, User, Group, IM Name, Reason Blocked, Counterparty User, Counterparty Group, Counterparty IM Name, Protocol, Message Text. It is also possible (in the second tab) to view all the IM filtering blocks for the given time period. The table shows 100 entries at a time and orders them by most recent.
IM CONTROL VIEWING THE REPORTS 1. Click the ‘IM Control’ service tab at the top of the screen. 2. Click the ‘Reports’ link and select ‘Summary Reports’. 3. Select the required reporting period from the top of the page (Daily, Weekly, Monthly or Yearly). 4. From the pull-down list, select an end date for the reporting period. 5. To view a specific report, simply click the ‘Graph’ button located just to the right of the report’s name, underneath the ‘View’ heading.
KASPERSKY HOSTED SECURITY SERVICES 3. From the IM Control Scheduled Reports page, you can click available reports by clicking their name, which is underlined as a link, to edit the report. 4. The report will allow you to change all options, except that the presentations that were previously selected are not editable. If you wish to change the presentations you wish to report upon, you should create a new scheduled report. 5.
IM CONTROL Step 2: Select the desired date range required either Yesterday, Last full week, Last full month or a customized date range. Step 3: Select either all users or specific users or groups by clicking the ‘Edit’ button. The Groups and User IPs screen show the available groups and User or IP addresses that are available to be reported on. This data is based on the monitored traffic.
KASPERSKY HOSTED SECURITY SERVICES Step 6: Select the report recipients by selecting the email group, entering the subject line of the email, the message text and a password to open and review the report. If you want to create new email groups or edit existing ones, click the ‘Email Groups’ button. Select the Email Group on the left side to see the email addresses assigned to that group on the right side. You can add new email groups, delete groups, and remove and add email addresses.
IM CONTROL IM CONTROL FORENSIC AUDIT The Forensic Audit sub-service enables an administrator to receive a detailed audit trail of all IM Control activity. The requested activity is then viewable as a CSV file. ALLOWED TRAFFIC The IM Control Allowed Traffic sub-service enables an administrator to receive a detailed audit trail of all IM Control activity that contains a user-defined keyword. To generate an IM Control Forensic Audit of Allowed Traffic: 1.
KASPERSKY HOSTED SECURITY SERVICES 4. Select who the audit is about – this can mean a specific user or the entire company. (See ‘User Selection Tool’ on page 17 for more information). 5. Enter in a keyword for what you are looking for. 6. Click ‘Generate Audit’. 7. From the pop-up, select ‘Open’ to immediately view the file in Excel, or select ‘Save’ to save the data in a CSV Excel file.
IM CONTROL The report can be generated in a similar way to the ‘Allowed Traffic’ report (see ‘Allowed Traffic’ on page 75). BY PARTICIPANTS The IM Control ‘By Participants’ sub-service enables an administrator to receive a detailed audit trail of all IM Control activity that contains data between two participants. The requested activity is exported to a CSV file and contains the following data: Date/Time: date and time of the blocked scan / event. Message: the message.
KASPERSKY HOSTED SECURITY SERVICES Applications Dictionaries Each of these objects is defined specifically for each Access Restriction. Schedules: a Schedule is a pre-defined period of time and days, based on a 7 day week and a 24 hour clock. They are defined globally, but can be assigned and ‘re-used’ within any Policy. Policies: a Policy is a combination of a group (user or directory identity), schedule, and access restriction (IM Control access privileges – see ‘Restrictions’ on page 78).
IM CONTROL DEFAULT RESTRICTION The ‘Default’ restriction is the restriction that will apply to any user that is not a member of a defined Group (either Custom Group or Directory Group). It is also the restriction that will apply to a Group that does not have a pairing with a Schedule that matches the current time. With this in mind, it is important to note that no users or Groups will ever be completely blocked from browsing. If there are no matching rules then the ‘Default’ restriction will always apply.
KASPERSKY HOSTED SECURITY SERVICES 4. A dialog box will appear, asking if you are sure you want to delete the access restriction. Click the ‘OK’ button to proceed with deletion. The deleted restriction will no longer be displayed in the list on the main ‘Manage Restrictions’ page. If the restriction you have chosen to delete has one or more pairings associated with it in the Policies listing Kaspersky Hosted Security will not let you delete it.
IM CONTROL 7. Select ‘Yes’ or ‘No’ to block the Skype application for communicating. 8. To save the settings, click the ‘Save’ button. You will then be taken back to the ‘Edit Restrictions’ page. If you hit ‘Cancel’, the operation will be aborted. For Skype Blocking to successfully work, your network must be configured in the following way. 9.
KASPERSKY HOSTED SECURITY SERVICES SCHEDULES When implementing IM Control within an organization, you may wish to change the type of Restriction for a group of users based on the time of day and/or day of the week. For example, you might like to let your staff have access to IM only during their lunch hour. Kaspersky Hosted Security facilitates this by enabling you to create a time period (called a Schedule) and then pair that ‘Schedule’ with a particular Group and ‘Restriction’ within the ‘Dashboard’.
IM CONTROL 3. Click the ‘Add Schedule’ button, which brings up the Add/Edit Schedule. 4. Type the name you wish to give to the new Schedule in the ‘Name:’ text field located at the top of the page. 5. Select the ‘From’ and ‘To’ times that you would like the schedule to encompass, by selecting the hour and or minutes from the respective drop-down boxes provided. If you would like to create a 24-hour schedule, you must set both the ‘From’ and ‘To’ times to 00hrs 00mins. 6.
KASPERSKY HOSTED SECURITY SERVICES DELETING A SCHEDULE 1. Click the ‘IM Control’ service tab on the main navigation bar at the top of the screen. 2. Click the ‘Schedules’ link in the Management sub-service menu. This will bring up the main ‘Manage Schedules’ page. 3. The main ‘Manage Schedules’ page presents you with a listing of all your current schedules. To delete an existing schedule, click the corresponding check box under the Delete column. Then, click the ‘Delete Schedules’ button.
IM CONTROL POLICIES The ‘Manage Policies’ page provides you with a visual overview of the IM Control settings you have configured for your organization. The simple layout enables you to see all the User Groups, Restrictions, and Schedules. Each combination of a Restriction and a Schedule within the Policies page is referred to as a Pairing. Each Policy must consist of at least one pairing along with a single Group name. To create a typical, time-dependent policy, multiple pairings can be used.
KASPERSKY HOSTED SECURITY SERVICES 5. Click ‘Save’ to save the pairings to return to the Policies window. Otherwise, click ‘Cancel’ to abort and to return to the Manage Policies window. DELETING A POLICY 1. Click the ‘IM Control’ service on the main navigation bar at the top of the screen. 2. Click the ‘Policies’ link in the Management sub-service tab. 3.
IM CONTROL IM CONTROL USER MESSAGES The Kaspersky Hosted Security User Message is the page that your users will see when they log into their IM client, when a virus is detected, when a word has been blocked, and when a file transfer has been blocked while they are using their IM client. You can append your own information to the Alert Page in order to customize it for your organization.
KASPERSKY HOSTED SECURITY SERVICES EMAIL GENERATION 1. Click the ‘IM Control’ service tab on the main navigation bar at the top of the screen. 2. Click the ‘Email Alerts’ link in the Notifications sub-service. This will bring up the ‘E-mail Alerts’ page. 3. Select whether or not you want to be notified when a page is blocked by selecting ‘Yes’ or ‘No’ from the drop down box. 4. Enter the email address (or addresses) you want notifications to be sent to in the empty text fields provided.
ADMINISTRATION EDITING YOUR ACCOUNT DETAILS Click the ‘Admin’ tab on the main navigation bar at the top of the screen. You will be presented with the ‘Account Details’ page. The form on the ‘Account Details’ page is self-explanatory; fill in the required contact details and then click the ‘Save’ button located at the bottom of the page. GROUP MANAGEMENT The ‘Groups’ link in the Management sub-service tab is used to create and define Custom Groups and Directory Groups.
KASPERSKY HOSTED SECURITY SERVICES HOW KASPERSKY HOSTED SECURITY EVALUATES/PRIORITIZES GROUPS Kaspersky Hosted Security evaluates groups using a fast, multi-stage selection process, which accommodates variations in customer infrastructure and the Connector configuration. 1. If the Connector has been configured to send internal group details, then a check will first be made to see if the supplied group name matches any groups configured within Kaspersky Hosted Security.
ADMINISTRATION EDITING A DIRECTORY GROUP NAME 1. Click the ‘Admin’ service tab on the main navigation bar at the top of the screen. 2. Click the ‘Group’ button in the ‘management’ sub-service tab. This will bring up the ‘Groups’ screen. 3. Click the group button which corresponds to the Directory Group which name you want to change. 4. Edit the name of the Directory Group in the text field.
KASPERSKY HOSTED SECURITY SERVICES CREATING A CUSTOM GROUP 1. Click the ‘Group’ button in the ‘Management’ sub-service tab. This will bring up the ‘Groups’ screen. 2. Click ‘Add Custom Group’. 3. Enter the name of the Custom Group you wish to create into the ‘Custom Group’ text field. 4. To register the new Custom Group, click the ‘Save’ button. You will then be taken back to the main ‘Manage Groups’ page where you will see the new Custom Group name in the groups list.
ADMINISTRATION CREATING A GROUP USING IP ADDRESSES 1. Click the corresponding existing group button on the Group listing page. 2. Enter the IP expressions, into the text area, that are required to identify the users you want in the group. The expressions you can use are as follows: Individual IP addresses, each on a new line (e.g. 192.168.0.25) Network Masks, each on a new line (e.g. 192.168.0.0/255.255.255.0) 3. To save the entered IP Addresses (and subnets), click the ‘Save’ button.
KASPERSKY HOSTED SECURITY SERVICES DUPLICATE USERS OR IP ADDRESSES The administrator should avoid duplicating Domain/Active Directory usernames or IP addresses across different Custom Groups. If you do duplicate any of these parameters, then the first group found will determine web access policy for that user. AUTHENTICATION KEY MANAGEMENT Kaspersky Hosted Security Authentication Keys are used in conjunction with an installation of a Connector.
ADMINISTRATION Scenario Questions & Answers What policy will apply to Dan, Bob, and Steve? Policy1 is applied to Dan and Bob, and Policy2 is applied to Steve. If a policy causes a block, what group will be registered against the block? Blocks for Dan and Bob are registered against group WinNT://…/Marketing with user information for Dan and Bob. Blocks for Steve are registered against group WinNT://…//Engineering with user information for Steve.
KASPERSKY HOSTED SECURITY SERVICES Blocks will be registered against the group LONDONGROUP for Jim. Blocks will be registered against the group SYDNEYGROUP for Joe. If you are using Active Directory, you are advised to use Case 1 (Company Authentication Key) to appropriately apply group policy.
ADMINISTRATION With the launch of Anywhere+, Kaspersky Hosted Security no longer recommends the use of the Connector on mobile laptops. Please contact your Kaspersky Hosted Security representative for more information on the Anywhere+ roaming. CREATING AND DELETING AUTHENTICATION KEYS In most cases, the Company Authentication Key is the only key you need to create.
KASPERSKY HOSTED SECURITY SERVICES DEACTIVATING AN AUTHENTICATION KEY 1. Click the ‘Admin’ tab and click the type of Authentication Key you wish to deactivate under ‘Authentication’. 2. Look for the Authentication Key you wish to deactivate and click the corresponding ‘Deactivate’ button, which will not delete the Authentication Key, but sets the Authentication Key state to ‘Inactive’.
ADMINISTRATION MOBILE SETTING FOR USER AUTHENTICATION KEYS On the user key screen you will see that there is a check box by each user to state if they are an Anywhere+ user. This should only be checked if you are using the Anywhere+ in user mode with this key, not any other type of connector including the Virtual Connector. IMPORTING A USER LIST Kaspersky Hosted Security allows administrators to import a list of users and have multiple authentication keys generated in one action.
KASPERSKY HOSTED SECURITY SERVICES The following screen will appear if the CSV file is correct. 5. Click the ‘Confirm’ button to add these users. An email will be sent to each user using the email template created (see below). If a user already has a key, then this current key will be revoked and a new one created. If the user appears in a different group, the user will be moved to the new group.
APPENDIX: FILTERING CATEGORIES Alcohol Includes Web sites that deal with alcohol as a pleasurable activity (e.g. wine, beer, liquor, breweries) and the Web sites of alcohol distributors. Anonymous Proxies Includes Web sites that allow users to anonymously view Web sites. Art / Museums Includes Web sites from the area of theatre, museums, exhibitions, photography, graffiti, etc.
KASPERSKY HOSTED SECURITY SERVICES Dating / Relationships This category contains Web sites that promote interpersonal relationships and escort services. Digital Postcards Includes Web sites that allow people to send digital postcards via the Internet, and also the providers of these services.
APPENDIX: FILTERING CATEGORIES Humor This category contains sites with jokes, sketches, comics and sites with other humorous content. Illegal Activities Includes activities that are illegal according to regional law such as instructions for murder, manuals for bomb building, instructions for illegal activity, child pornography, sodomy, instructions for cheating, etc.
KASPERSKY HOSTED SECURITY SERVICES Political Parties This category contains Web sites of political parties and those sites that provide information about a particular political party and different political topics (election, democracy, etc.) Pornography Includes Web sites containing the depiction of sexually explicit activities and erotic content unsuitable to persons under the age of 18. Private Homepages This category contains Web sites about and from private individuals.
APPENDIX: FILTERING CATEGORIES Sports This category contains Web sites such as resort sports, fan clubs, events (e.g. Olympic Games, World Championships), sport results, clubs, teams and sporting federations, magazines and fan sites. Swimwear / Lingerie / Nudity Includes Web sites containing nudity, but with no sexual references. Includes illustration of swimwear and lingerie. Tobacco Includes Web sites dealing with tobacco and smoking (cigarettes, cigars, pipes), and Web sites from tobacco vendors.
KASPERSKY LAB Founded in 1997, Kaspersky Lab has become a recognized leader in information security technologies. It produces a wide range of data security software and delivers high-performance, comprehensive solutions to protect computers and networks against all types of malicious programs, unsolicited and unwanted email messages, and hacker attacks. Kaspersky Lab is an international company.