Transcription
End User’s GuideWebsense Endpoint Solutionsv8.0.x
2014, Websense Inc.All rights reserved.10900 Stonelake Blvd, 3rd Floor, Austin, TX 78759, USAPublished 2014Printed in the United States and IrelandThe products and/or methods of use described in this document are covered by U.S. Patent Numbers 5,983,270; 6,606,659; 6,947,985;7,185,015; 7,194,464 and RE40,187 and other patents pending.This document may not, in whole or in part, be copied, photocopied, reproduced, translated, or reduced to any electronic medium ormachine-readable form without prior consent in writing from Websense Inc.Every effort has been made to ensure the accuracy of this manual. However, Websense Inc., makes no warranties with respect to thisdocumentation and disclaims any implied warranties of merchantability and fitness for a particular purpose. Websense Inc., shall not beliable for any error or for incidental or consequential damages in connection with the furnishing, performance, or use of this manual orthe examples herein. The information in this documentation is subject to change without notice.TrademarksWebsense and TRITON are registered trademarks of Websense, Inc., in the United States and certain international markets. Websense hasnumerous other unregistered trademarks in the United States and internationally. All other trademarks are the property of their respectiveowners.Microsoft and Windows are either registered trademarks or trademarks of Microsoft Corporation in the United States and/or othercountries.Mozilla and Firefox are registered trademarks of the Mozilla Foundation in the United States and/or other countries.This product includes software distributed by the Apache Software Foundation (http://www.apache.org).Copyright (c) 2000. The Apache Software Foundation. All rights reserved.Other product names mentioned in this manual may be trademarks or registered trademarks of their respective companies and are the soleproperty of their respective manufacturers.
ContentsTopic 1Introduction to Websense Endpoint Solutions. . . . . . . . . . . . . . . . . . . 3Topic 2TRITON AP-ENDPOINT Web. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5How to check the status of TRITON AP-ENDPOINT Web . . . . . . . . . .How to use the TRITON AP-ENDPOINT Web diagnostics tool . . . . . .How to access the Internet if TRITON AP-ENDPOINT Web istemporarily unavailable . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .How to view logs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .How to disable TRITON AP-ENDPOINT Web protection . . . . . . . . . . .Topic 356889TRITON AP-ENDPOINT DLP. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11How to check the status of TRITON AP-ENDPOINT DLP . . . . . . . . .How to set encryption passwords . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .Decrypting files on a removable media device . . . . . . . . . . . . . . . . .How to view contained files and save them to an authorized location .How to view logs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .How to update TRITON AP-ENDPOINT DLP. . . . . . . . . . . . . . . . . . .How to disable TRITON AP-ENDPOINT DLP . . . . . . . . . . . . . . . . . .11131416171818Websense Endpoint Solutions End User’s Guide 1
Contents2 WebsenseEndpoint Solutions
1Introduction to WebsenseEndpoint SolutionsEnd User’s Guide Endpoint Solutions Version 8.0.xYour organization uses Websense endpoint solutions to protect you and other usersagainst advanced web-based threats and data theft while on and off the corporatenetwork. Endpoint solutions include server software installed on corporate servers andclient software installed on your computer. Websense offers 2 endpoint web protection options to defend against web threats: TRITON AP-ENDPOINT Web Remote Filtering ClientTRITON AP-ENDPOINT DLP is the data loss prevention option that protectsyou and your organization from not just the unintended loss of data but alsopotential data theft.If you see this iconin your task bar, Websense TRITON AP-ENDPOINT Webprotection is available and enabled.This iconmeans Websense TRITON AP-ENDPOINT DLP (Data LossPrevention) is protecting you and your organization.Remote Filtering Client has no identifying icon or end user interface, but you’ll knowit’s working, because it helps to enforce your organization's policies for URL requestswhen you are outside the network.This guide covers the following:Websense TRITON AP-ENDPOINT Web How to check the status of TRITON AP-ENDPOINT Web, page 5 How to use the TRITON AP-ENDPOINT Web diagnostics tool, page 6 How to access the Internet if TRITON AP-ENDPOINT Web is temporarilyunavailable, page 8How to disable TRITON AP-ENDPOINT Web protection, page 9*Websense TRITON AP-ENDPOINT DLP How to check the status of TRITON AP-ENDPOINT DLP, page 11Websense Endpoint Solutions End User’s Guide 3
Introduction to Websense Endpoint Solutions How to view logs, page 17 How to set encryption passwords, page 13 How to view contained files and save them to an authorized location, page 16 How to update TRITON AP-ENDPOINT DLP, page 18 How to disable TRITON AP-ENDPOINT DLP, page 18**Note that disabling the endpoint introduces possible vulnerabilities, because you areno longer receiving the protection provided by TRITON AP-ENDPOINT Web orTRITON AP-ENDPOINT DLP or both if both are installed and disabled.4 Websense Endpoint Solutions End User’s Guide
2TRITON AP-ENDPOINT WebEnd User’s Guide TRITON AP-ENDPOINT Web Version 8.0.xTRITON AP-ENDPOINT Web is a software application that runs on your laptop orother endpoint machine, protecting you from malware and enforcing yourorganization’s acceptable user policy.How to check the status of TRITON AP-ENDPOINT WebEnd User’s Guide TRITON AP-ENDPOINT Web Version 8.0.xRelated topics: How to access the Internet if TRITON AP-ENDPOINT Web istemporarily unavailable, page 8How to disable TRITON AP-ENDPOINT Web protection, page 9How to use the TRITON AP-ENDPOINT Web diagnostics tool,page 6How to view logs, page 8This applies to Windows operating system users. To view the status of TRITON APENDPOINT Web, hover over one of three possible icons for it that displays in yourWebsense Endpoint Solutions End User’s Guide 5
TRITON AP-ENDPOINT Webtask bar. Each icon serves as both a status indicator and an access point to additionaldiagnostic information:IconHover TextDescriptionTRITON AP-ENDPOINT Web:EnabledTRITON AP-ENDPOINT Websoftware is successfully configuredand activated.TRITON AP-ENDPOINT Web:OverrideTRITON AP-ENDPOINT Web isautomatically temporarilyoverridden due to certain networkevents. See How to access theInternet if TRITON AP-ENDPOINTWeb is temporarily unavailable.TRITON AP-ENDPOINT Web:DisabledThis icon displays if yourorganization has allowed you todisable TRITON AP-ENDPOINTWeb and you then disable it. SeeHow to disable TRITON APENDPOINT Web protection.ImportantIf you manually disable TRITON AP-ENDPOINT Web, areboot will always re-enable it.Note that if your organization is using both TRITON AP-ENDPOINT Web andTRITON AP-ENDPOINT DLP, a TRITON AP-ENDPOINT DLP icondisplayson your task bar as well. For more information about TRITON AP-ENDPOINT DLP,see TRITON AP-ENDPOINT DLP, page 11.How to use the TRITON AP-ENDPOINT Web diagnosticstoolEnd User’s Guide TRITON AP-ENDPOINT Web Version 8.0.xRelated topics: How to check the status of TRITON AP-ENDPOINT Web, page 5How to access the Internet if TRITON AP-ENDPOINT Web istemporarily unavailable, page 8 How to disable TRITON AP-ENDPOINT Web protection, page 9 How to view logs, page 86 Websense Endpoint Solutions End User’s Guide
TRITON AP-ENDPOINT WebThis applies to Windows operating system users. TRITON AP-ENDPOINT Weboffers a diagnostics tool that you can access by double-clicking any of the threepossible endpoint status icons that display in the task bar. The tool displaysinformation that you can provide to your system administrator to assist withtroubleshooting if TRITON AP-ENDPOINT Web is not behaving as expected.When the tool is launched, each of the diagnostic tests is executed in sequence. If oneof the tests results in a failure, the subsequent tests are not automatically run.Three diagnostic tests are accessed from this tool:1. System Information - collects basic information related to the specificsystem on which the TRITON AP-ENDPOINT Web software is installed2. Network Diagnostics - collects information related to basic networkconnectivity3. PAC File Status - collects information to determine if the PAC file isaccessibleNOTE: Corresponding log files generated from these new diagnostics can easily becollected with the existing CLIENTINFO.EXE tool. Your Help Desk may ask you torun this tool to collect these files. To run it, click the Collect Endpoint Info. buttonon the diagnostics screen, as shown below.The resulting file is placed onto the desktop. Attach the file to an email to yourHelpDesk or system administrator.Websense Endpoint Solutions End User’s Guide 7
TRITON AP-ENDPOINT WebHow to access the Internet if TRITON AP-ENDPOINT Webis temporarily unavailableEnd User’s Guide TRITON AP-ENDPOINT Web Version 8.0.xRelated topics: How to check the status of TRITON AP-ENDPOINT Web, page 5 How to disable TRITON AP-ENDPOINT Web protection, page 9 How to use the TRITON AP-ENDPOINT Web diagnostics tool,page 6How to view logs, page 8When certain system events occur, TRITON AP-ENDPOINT Web is automaticallytemporarily overridden. If this happens, you can continue to access the Internet(provided Internet access is available), although endpoint protection is not availableduring this time. If you see this iconin your task bar, the override feature is on.Events that trigger the temporary override include: Changing from Wi-Fi to an Ethernet network connection Assigning a new IP address to your laptop Connecting to a virtual private network (VPN)Once the network issue is resolved, TRITON AP-ENDPOINT Web is automaticallyre-enabled.How to view logsEnd User’s Guide TRITON AP-ENDPOINT Version 8.0.xRelated topics: How to check the status of TRITON AP-ENDPOINT Web, page 5How to access the Internet if TRITON AP-ENDPOINT Web istemporarily unavailable, page 8How to use the TRITON AP-ENDPOINT Web diagnostics tool,page 6You can see logs about system events related to TRITON AP-ENDPOINT Web. Toview the logs, go to the Application section of the Windows system event log.Examples of log notifications you might see are these: EventID 258: “User disabled Websense SaaS Service.”8 Websense Endpoint Solutions End User’s Guide
TRITON AP-ENDPOINT Web Event ID 257: “Websense SaaS Service has entered cloud enforce mode.”These logs may be helpful to share with your system administrator. All logs are inEnglish.How to disable TRITON AP-ENDPOINT Web protectionEnd User’s Guide TRITON AP-ENDPOINT Web Version 8.0.xRelated topics: How to check the status of TRITON AP-ENDPOINT Web, page 5How to access the Internet if TRITON AP-ENDPOINT Web istemporarily unavailable, page 8How to use the TRITON AP-ENDPOINT Web diagnostics tool,page 6How to view logs, page 8Sometimes, it may be useful to manually disable TRITON AP-ENDPOINT Web totroubleshoot issues with the assistance of your system administrator. Be aware thatdisabling TRITON AP-ENDPOINT Web removes the protection provided by theendpoint service.If your organization allows you to disable TRITON AP-ENDPOINT Web, when youright click the endpoint icon, you’ll see the option to Disable it. Select Disable todisable the endpoint at any time.Disabling the endpoint: Stops it from intercepting traffic and securing your workstation from web threats.Turns off anti-tampering controls, so that you can manually change your proxyauto-config (PAC) file settings in Internet Explorer.If you disable TRITON AP-ENDPOINT Web, it is a best practice to change yourPAC file settings. If you don’t, depending on your system configuration, you may seean authentication page asking for your username and logon credentials. Contact yoursystem administrator for assistance with changing your PAC file settings.To re-enable TRITON AP-ENDPOINT Web, click Enable.ImportantIf you manually disable TRITON AP-ENDPOINT Web, areboot will always re-enable it.Websense Endpoint Solutions End User’s Guide 9
3TRITON AP-ENDPOINT DLPEnd User’s Guide TRITON AP-ENDPOINT DLP Version 8.0.xTRITON AP-ENDPOINT DLP (Data Loss Prevention) expands protection tosensitive information stored on your computer. Depending on your corporate policy,data could be quarantined or encrypted when you try to email it, print it, or copy it toremovable media such as thumb drives, CD/DVD burners, and Android devices. (CD/DVD and Android support depends on your operating system.)How to check the status of TRITON AP-ENDPOINT DLPEnd User’s Guide TRITON AP-ENDPOINT DLP Version 8.0.xRelated topics: How to disable TRITON AP-ENDPOINT DLP, page 18How to view contained files and save them to an authorizedlocation, page 16 How to view logs, page 17 How to update TRITON AP-ENDPOINT DLP, page 18Websense Endpoint Solutions End User’s Guide 11
TRITON AP-ENDPOINT DLPTo view status information for TRITON AP-ENDPOINT DLP, click theTRITON AP-ENDPOINT DLP iconon your task bar.On the TRITON AP-ENDPOINT DLP screen, you can: See whether your machine is connected to a TRITON AP-DATA serverCheck the IP address of the TRITON AP-DATA server hosting the endpointserver software View your endpoint profile name, and when it was last updated Determine if TRITON AP-ENDPOINT DLP protection is enabled or bypassed View discovery status and details of the last and next discovery scansNote that if your organization is using both TRITON AP-ENDPOINT Web andTRITON AP-ENDPOINT DLP, a TRITON AP-ENDPOINT Web icon displays onyour task bar as well. For more information about TRITON AP-ENDPOINT Web, seeTRITON AP-ENDPOINT Web, page 5.12 Websense Endpoint Solutions End User’s Guide
TRITON AP-ENDPOINT DLPHow to set encryption passwordsEnd User’s Guide TRITON AP-ENDPOINT DLP Version 8.0.xRelated topics: How to disable TRITON AP-ENDPOINT DLP, page 18How to view contained files and save them to an authorizedlocation, page 16 How to view logs, page 17 How to update TRITON AP-ENDPOINT DLP, page 18 Decrypting files on a removable media device, page 14Some corporate policies dictate that sensitive data be encrypted before being copied toa removable media device such as a USB drive. If this is the case for yourorganization, you cannot copy files to such media until you set the password to use todecrypt them.Set the password one time, then any time you copy sensitive data to removable media,it is encrypted and copied along with a Websense Decryption Utility to the device.You, or any other user accessing the files on endpoints where the TRITON APENDPOINT DLP is not installed, or where the password configured for encryption isdifferent than yours, must enter this password.To specify the encryption password:1. Right-click the TRITON AP-ENDPOINT DLP icon on your task bar, and selectSet Encryption Password.2. Enter your password, then re-enter your password.NoteThe password should be at least 8 characters in length(maximum is 15 characters), and it should contain: At least one digit At least one symbol At least one capital letter At least one lowercase letterThe following example shows a strong password: 8%w@s1*F3. Click OK.See Decrypting files on a removable media device, page 14 for information on usingthe Websense Decryption Utility.Websense Endpoint Solutions End User’s Guide 13
TRITON AP-ENDPOINT DLPDecrypting files on a removable media deviceEnd User’s Guide TRITON AP-ENDPOINT DLP Version 8.0.xRelated topics: How to disable TRITON AP-ENDPOINT DLP, page 18How to view contained files and save them to an authorizedlocation, page 16 How to view logs, page 17 How to update TRITON AP-ENDPOINT DLP, page 18To decrypt the content on your removable media device, you must run a WebsenseDecryption Utility. Content that was encrypted on Windows can be encrypted on anyWindows or Mac machine. (Content cannot be encrypted on Mac, however.)The Websense Decryption Utility is copied to your removable media device alongwith the encrypted files.Decrypting files on Windows:1. Insert the removable device into a Windows laptop or desktop.2. Double-click wsdecrypt.exe.3. Enter the encryption password when prompted. A dialog appears and displayslists of subdirectories and files on your system.4. Navigate to the folder containing the encrypted files. By default, the files are onyour removable media device.5. Select the folders and files to decrypt, right-click, and select Save As.14 Websense Endpoint Solutions End User’s Guide
TRITON AP-ENDPOINT DLP6. Select the folder in which to save the decrypted files.Decrypting files on Mac1. Insert the removable device into a Mac laptop or desktop.2. Double-click Websense Decryption Utility.dmg and mount it as a disk volume.3. Launch the application Websense Decryption Utility in the disk volume.4. Drag and drop the encrypted files from the removable media device into theapplication's list window.5. Select the file to decrypt, and select "Decrypt File As.". If the file selected is notencrypted by the Websense endpoint, the operation is disabled.6. Enter the encryption password when prompted. A file save dialog appears if thecorrect password is entered.Websense Endpoint Solutions End User’s Guide 15
TRITON AP-ENDPOINT DLP7. Enter the file name that you want to save the decrypted file as.8. If necessary, select the next file to decrypt. No prompt appears as long as it isencrypted by the same password.The Websense Decryption Utility decrypts the files using the password you providedand places them in this path.Files that were encrypted with a different password are not decrypted.How to view contained files and save them to anauthorized locationEnd User’s Guide TRITON AP-ENDPOINT DLP Version 8.0.xContained files are those that are held in temporary storage on an endpoint machine.Files are contained if your organization chose to prevent sensitive information frombeing written from an endpoint machine to a removable device—such as a USB flashdrive, CD/DVD, or external hard disk—and you try to copy a file to a forbiddendevice. If the file has been modified, the contained file includes the modifications, butthe changes are not written to the original file location. This prevents work from beinglost, but does not jeopardize the original file.You can view the contents of contained files from the endpoint machine, and choose tosave them to an authorized location instead.16 Websense Endpoint Solutions End User’s Guide
TRITON AP-ENDPOINT DLP1. On the TRITON AP-ENDPOINT DLP screen, click Contained Files.2. To see the contents of a file, select the file and click Open.3. To save a file to an authorized location, select the file and click Save As, thenbrowse to the new location.4. Click Close when done.How to view logsEnd User’s Guide TRITON AP-ENDPOINT DLP Version 8.0.xRelated topics:How to disable TRITON AP-ENDPOINT DLP, page 18 How to view contained files and save them to an authorizedlocation, page 16 How to view logs, page 17 How to update TRITON AP-ENDPOINT DLP, page 18There are two logs available in TRITON AP-ENDPOINT DLP: The system log contains information about changes on your machine, forexample: Changes of connection status, such as your computer moving from an officeto a remote location When TRITON AP-ENDPOINT DLP is enabled or disabled When TRITON AP-ENDPOINT DLP profiles are applied and updated When the client is connected to or disconnected from the TRITON APENDPOINT DLP serverWebsense Endpoint Solutions End User’s Guide 17
TRITON AP-ENDPOINT DLP The content log contains details of file operations that have been picked up by theendpoint policy, and any actions taken by TRITON AP-ENDPOINT DLP as aresult.To see the log details, on the TRITON AP-ENDPOINT DLP screen, click View logs.To see the latest log information, click Refresh.How to update TRITON AP-ENDPOINT DLPEnd User’s Guide TRITON AP-ENDPOINT DLP Version 8.0.xRelated topics: How to disable TRITON AP-ENDPOINT DLP, page 18How to view contained files and save them to an authorizedlocation, page 16 How to view logs, page 17 How to update TRITON AP-ENDPOINT DLP, page 18Periodically, your corporate policies and TRITON AP-ENDPOINT DLP profile arepushed to your machine to keep them up to date. To update them manually, clickUpdate on the TRITON AP-ENDPOINT DLP screen.How to disable TRITON AP-ENDPOINT DLPEnd User’s Guide TRITON AP-ENDPOINT DLP Version 8.0.x18 Websense Endpoint Solutions End User’s Guide
TRITON AP-ENDPOINT DLP1. On the TRITON AP-ENDPOINT DLP screen, click Disable.2. Report the bypass ID to your TRITON AP-DATA administrator.3. Enter the bypass code supplied by the administrator.4. Click Enter.The endpoint client is disabled for the length of time specified when the bypass codewas created. The button on the task bar updates from the Disable button with the redX icon to an Enable button with a green check mark icon.Websense Endpoint Solutions End User’s Guide 19
Websense Endpoint Solutions End User's Guide 3 Introduction to Websense Endpoint Solutions End User's Guide Endpoint Solutions Version 8.0.x Your organization uses Websense endpoint solutions to protect you and other users against advanced web-based threats and da ta theft while on and off the corporate network.
