1.1 What Is WebMarshal?
WebMarshal is an employee Internet management solution, designed to promote responsible web use while providing protection from viruses, malware, confidentiality breaches, and downloading of non-business material. It provides an additional layer of security beyond what is offered by traditional Internet firewalls and proxy servers.
1.1.1 What Does WebMarshal Do?
WebMarshal helps to eliminate non-business and potentially objectionable browsing and file uploading–trimming bandwidth needs, reducing time-wasting, shielding the organization from exposure to legal liability threats, and reducing the organization’s Total Cost of Ownership for web connectivity.
WebMarshal is implemented as an authenticating proxy server for HTTP, HTTPS, and FTP protocols. WebMarshal can provide policy-based control of HTTP connection attempts from web browsers, as well as many streaming media and instant messaging applications. Where support for other protocols is required, WebMarshal can be used in conjunction with other proxy servers running on any platform.
WebMarshal allows you to monitor and enforce organizational Web access policy based on such factors as URL, file type and size, time of day, virus and malware checks, and file contents. WebMarshal can apply browsing time and volume quotas to limit web usage.
WebMarshal also provides “zero-day” protection against malicious content using the TRACEnet filtering framework. TRACEnet is updated many times a day using blended threat data generated by the Trustwave SpiderLabs team.
In addition to the real-time content checking mentioned above, WebMarshal can also use the Trustwave Web Filter Database and URLCensor (a DNS based real time URL checking service).
To assist with bandwidth management, WebMarshal offers optional proxy caching for HTTP.
You can monitor details of current Web access sessions using the WebMarshal Console. You can install one or more copies of the Console on workstations in your network.
WebMarshal can log Web access requests and use the information to produce detailed reports. Information is logged to a SQL Server database. You can generate reports using the web based Marshal Reporting Console.
WebMarshal can also log activity to text logs in W3C or WELF format. You can analyze these logs with external tools.
You can install WebMarshal as a single server, or as an array of servers (at one or more locations) with a common configuration. WebMarshal supports installation on current versions of Windows.
WebMarshal can authenticate users based on Windows login or Novell NDS login. WebMarshal can also control Web access on a per-workstation basis.
1.1.2 How Does WebMarshal Work?
The WebMarshal Processing Server(s) function as the web gateway of an organization. When a Web request is received, WebMarshal records the user name or workstation, time of day, and requested URL. WebMarshal then retrieves basic information about the requested resource from the remote server (or the WebMarshal proxy cache, if enabled).
WebMarshal next evaluates the request using the organization’s Web access policy. At any stage of the evaluation, the request can be permitted, denied, or permitted with a warning.
If TRACEnet is enabled, WebMarshal checks the TRACEnet database and blocks the request if appropriate.
If Connection Rules are in place, WebMarshal determines the connecting application (such as an Instant Messaging application) and accepts or blocks the attempt.
If the request is encrypted using HTTPS, and HTTPS Content Inspection is enabled, WebMarshal checks the protocol version and the validity of the site Certificate. Depending on your policy, WebMarshal can decrypt the traffic (either upload or download) for processing by Quota, Standard, and Content Analysis rules. WebMarshal re-encrypts the traffic for transfer between the WebMarshal server and the client workstation. All data transmitted over networks is encrypted.
When WebMarshal evaluates a standard Web request, it first checks time and volume quotas. Next, WebMarshal checks the URL of the requested resource. After full data has been returned to WebMarshal from the Web, the results can be evaluated by file type and size, checked for viruses and malware, stripped of cookies, and checked for specific text content before being returned to the user. WebMarshal unpacks archive files and documents, and can apply evaluation to all unpacked files.
WebMarshal can apply TextCensor rules to evaluate text content of files. TextCensor can check HTML pages, other text files, and text unpacked from archives or Word documents. Based on the result of this evaluation, WebMarshal can block the request and/or add the URL to a URL Category, potentially denying future access to the entire site.
When a file or form submission is submitted for upload, it is evaluated against all criteria before being sent. WebMarshal can enforce Safe Search on selected search engines.
Both successful and denied requests can be logged to the WebMarshal database (unless they are explicitly excluded from logging). Data logged includes user account, workstation, URL, time, permission or denial, quota usage, and one or more custom classifications according to the organization’s rules. This information is available for later reporting.
WebMarshal can also notify administrators of specific actions or notify end-users of blocked pages. You can associate the appropriate rule action when you create or modify rules.