Transcription
Barracuda Web Filter Administrator’s GuideVersion 3.0Barracuda Networks Inc.385 Ravendale DriveMountain View, CA 94043http://www.barracuda.comi
Copyright NoticeCopyright 2004-2007, Barracuda Networkswww.barracuda.comv30-061212-01-0129All rights reserved. Use of this product and this manual is subject to license. Information in this document is subject to change without notice.TrademarksBarracuda Web Filter is a trademark of Barracuda Networks. All other brand and product names mentioned in this document are registeredtrademarks or trademarks of their respective holders.iiBarracuda Web Filter Administrator’s Guide
ContentsChapter 1 – Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . 7Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .Spyware Blocking Techniques. . . . . . . . . . . . . . . . . . . . .Content Filtering Techniques . . . . . . . . . . . . . . . . . . . . .User and Group-based Policy Control . . . . . . . . . . . . . . . .Application Blocking Techniques . . . . . . . . . . . . . . . . . . .Energize Updates Minimize Administration and Maximize ProtectionDeploying the Barracuda Web Filter . . . . . . . . . . . . . . . . . . .Inline Pass-through (Transparent Mode) . . . . . . . . . . . . . . .Forward Proxy 13.8.8.9.9.9101111C h a p t e r 2 – I n s ta l l a t i o n a n d C o n f i g u r a t i o n . . . . . . . . . . . . 1 5Network Considerations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16Routers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16External DNS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16Internal DNS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16Enterprise class Layer 3 Switch, VLANS, VPN concentrators . . . . . . . 16Firewall DMZ . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17Internal Servers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17Cache . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17QoS/Packet Reconfig (Quality of Service, Packet Shapers) . . . . . . . . 17Mounting and Cabling Considerations . . . . . . . . . . . . . . . . . . . 17Installing and Configuring the Barracuda Web Filter . . . . . . . . . . . . . . . . 18Step 1. Verify You Have the Necessary Equipment . . . . . . . . . . . . 18Step 2. Install the Barracuda Web Filter . . . . . . . . . . . . . . . . . . 18Step 3. Configure the Barracuda Web Filter IP Address and Network Settings 19Step 4. Configure Your Corporate Firewall . . . . . . . . . . . . . . . . . 20Step 5. Configure the Barracuda Web Filter . . . . . . . . . . . . . . . . 20Step 6. Update the Barracuda Web Filter Firmware . . . . . . . . . . . . 22Step 7. Verify Your Subscription Status . . . . . . . . . . . . . . . . . . 22Step 8. Update the Definitions . . . . . . . . . . . . . . . . . . . . . . . 24Step 9. Integrate your Barracuda Web Filter into your Network . . . . . . 24Step 10. Test and Adjust your Barracuda Web Filter . . . . . . . . . . . 24Connecting your Barracuda System to your Network . . . . . . . . . . . . . . 25Advanced Installation Topics . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27Inline Pass-through with Pre-existing Proxy Deployment . . . . . . . . . . . . 27Supported Pre-existing Proxy Types . . . . . . . . . . . . . . . . . . . . 28Connecting your Barracuda System and Pre-existing Proxy Server to your Network29C h a p t e r 3 – C o n f i g u r i n g , M on i t o r i n g , a n d M a n a g i n g t h eB a r r a c u d a We b F i l t e r . . . . . . . . . . . . . . . . . 3 3Configuring the Barracuda Web Filter . . . . . . . . . . . . . . . . . . . . . . . 34Configuring System IP Information . . . . . . . . . . . . . . . . . . . . . . . 34iii
Setting Up Linked Management . . . . . . . . . . . . . . .Data Propagated to the Linked Systems . . . . . . . . .Switching a System to Standby Mode . . . . . . . . . .Controlling Access to the Administration Interface . . . . . .Customizing the Appearance of the Administration Interface .Changing the Language of the Administration Interface . . .Setting the Time Zone of the System . . . . . . . . . . . . .Enabling and Disabling Virus Protection . . . . . . . . . . .Enabling and Disabling Web Caching . . . . . . . . . . . . .Setting up a Syslog Server to Centrally Monitor System LogsCreating Block and Accept Filters . . . . . . . . . . . . . . . .Best Practices . . . . . . . . . . . . . . . . . . . . . . . . .Domain Filters . . . . . . . . . . . . . . . . . . . . . . . . .Pattern Filters . . . . . . . . . . . . . . . . . . . . . . . . .Examples . . . . . . . . . . . . . . . . . . . . . . . . .Content Filters. . . . . . . . . . . . . . . . . . . . . . . . .Application Filters . . . . . . . . . . . . . . . . . . . . . . .Block Messages Filter . . . . . . . . . . . . . . . . . . . . .About the Barracuda Spyware Removal Tool . . . . . .Enabling the Barracuda Spyware Removal Tool . . . . .MIME Blocking Filter . . . . . . . . . . . . . . . . . . . . .Exempt IPs Filter . . . . . . . . . . . . . . . . . . . . . . .Blocked IPs Filter . . . . . . . . . . . . . . . . . . . . . . .Creating Exception Policies . . . . . . . . . . . . . . . . . .Testing Web Site Access . . . . . . . . . . . . . . . . . . .Monitoring the Barracuda Web Filter . . . . . . . . . . . . . . .Viewing Performance Statistics . . . . . . . . . . . . . . . .Understanding the Indicator Lights . . . . . . . . . . . . . .Viewing the System Log. . . . . . . . . . . . . . . . . . . .Automating the Delivery of System Alerts and Notifications .Generating System Reports . . . . . . . . . . . . . . . . . .Viewing a List of Infected Clients . . . . . . . . . . . . . . .Viewing System Tasks . . . . . . . . . . . . . . . . . . . .Managing the Barracuda Web Filter . . . . . . . . . . . . . . .Backing up and Restoring System Configuration . . . . . . .Updating the Firmware of your Barracuda Web Filter . . . . .Updating the Spyware, Virus, and Category Definitions . . .Replacing a Failed System . . . . . . . . . . . . . . . . . .Reloading, Restarting, and Shutting Down the System . . . .Using the Built-in Troubleshooting Tools . . . . . . . . . . .Rebooting the System in Recovery Mode. . . . . . . . . . .Reboot Options . . . . . . . . . . . . . . . . . . . . . 34444444545454646474747484848494950C h a p t e r 4 – M a n a g i n g U s e r s a n d G r o u ps . . . . . . . . . . . . . . 5 1Overview . . . . . . . . . . . . . . . . . . .About Local and LDAP Accounts . . . . .Creating Local Users and Groups . . . . . .Creating Local User Accounts. . . . . . .Creating Local Groups . . . . . . . . . .Creating IP Address Groups . . . . . . .Integrating with an External Directory Server.ivBarracuda Web Filter Administrator’s Guide.52525353535455
About the DC Agent . . . . . . . . . . . . . . . . . .DC Agent Log Files . . . . . . . . . . . . . . . .DC Agent Service . . . . . . . . . . . . . . . .PDC Requirements . . . . . . . . . . . . . . . .Installing and Configuring the DC Agent on your PDCViewing and Managing Accounts . . . . . . . . . . . . .555656565658A p p e n d i x A – A b o u t t h e B a r r a c u d a We b F i l t e r H a r d w a r e . . 5 9Front Panel of the Barracuda Web Filter . .Barracuda Web Filter 210, 310, and 410Barracuda Web Filter 610 61Barracuda Web Filter 810 and 910 . . .Back Panel of the Barracuda Web Filter . .Barracuda Web Filter 210, 310, and 410Barracuda Web Filter 610 65Barracuda Web Filter 810 and 910 66Hardware Compliance . . . . . . . . . . .Notice for the USA . . . . . . . . . . .Notice for Canada . . . . . . . . . . . .Notice for Europe (CE Mark) . . . . . . . . . . . . . . . . . . . . . . . . . 60. . . . . . . . . . . . . . . . . . . . 60. . . . . . . . . . . . . . . . . . . . 62. . . . . . . . . . . . . . . . . . . . 64. . . . . . . . . . . . . . . . . . . . 64.67676767Appendix B – Regular Expressions . . . . . . . . . . . . . . . . . . 69Using Special Characters in Expressions . . . . . . . . . . . . . . . . . . . . 70Examples . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 70Appendix C – Limited Warranty and LicenseLimited Warranty . . . . . . . . .Exclusive Remedy. . . . . . . . .Exclusions and Restrictions . . . .Software License . . . . . . . . .Energize Update Software LicenseOpen Source Licensing . . . . . .73.737374747579I n d e x . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 85v
viBarracuda Web Filter Administrator’s Guide
Chapter 1IntroductionThis chapter provides an overview of the Barracuda Web Filter and includes the following topics: Overview on page 8Deploying the Barracuda Web Filter on page 11Introduction 7
OverviewThe Barracuda Web Filter is an integrated anti-spyware and content filtering solution that eliminatesspyware and other forms of malware from your organization.The Barracuda Web Filter combines preventative, reactive, and proactive measures to form acomplete anti-spyware solution. The Barracuda Web Filter: Provides user and group-based policy controlStops spyware downloads (including drive-by downloads)Uses content filters to block access to Web site categories like gaming or online shopping sitesBlocks access to applications like instant messaging and music streamingBlocks access to spyware Web sitesDetects spyware access to the InternetIdentifies infected machinesFacilitates spyware removal by providing access to the Barracuda Spyware Removal ToolSpyware Blocking TechniquesThe Barracuda Web Filter prevents spyware programs from being installed on your users’ systemsand also secures your organization against existing spyware by detecting spyware access to theInternet and notifying you of infected systems. You can also configure the Barracuda Web Filter toprompt infected users to run the Barracuda Spyware Removal Tool.Table 1.1: Spyware FunctionsFunctionDescriptionSpyware Web site BlockingBarracuda Networks continuously updates a list containingthousands of known spyware download sites. The BarracudaWeb Filter blocks spyware at the source by preventingbrowser and application access to these locations.Spyware Download BlockingSpyware is everywhere, even in apparently harmlessdownloads from legitimate sites. The Barracuda Web Filterunpacks and examines every individual file within 17 differenttypes of archives. It also uses techniques to examinepassword-protected archives.Spyware DetectionThe Barracuda Web Filter not only identifies infectedmachines on the network, but also blocks the spywarecommunication from those infected systems to the spywareservers on the Internet.Spyware RemovalThe Barracuda Web Filter can be configured to automaticallyprompt users to run the Barracuda Spyware Removal Toolwhen spyware is detected on their system. This featureallows users to proactively remove spyware so they do nothave to rely on network administrators to perform this task.The Barracuda Web Filter scans inbound traffic for the following malware over HTTP port 80 andFTP port 21: spyware (like keyloggers, Browser Helper Objects [BHOs], and data miners), adware,8Barracuda Web Filter Administrator’s Guide
trojans, and viruses. The Barracuda Web Filter also scans outbound traffic on all ports and protocolsto prevent spyware from communicating outside of your network.NoteThe Barracuda Web Filter does not block or scan SSL (https://) traffic because almost all spywaretraffic travels over non-encrypted channels.Content Filtering TechniquesIn addition to protecting your network from spyware infections, the Barracuda Web Filter also usesfilters to protect your users from visiting offensive Web sites and to help enforce your organization’sInternet usage policies.To block access to offensive sites, the Barracuda Web Filter includes a URL list containing millionsof URLs classified into 57 categories for easy and efficient content filtering. This list is continuouslyupdated by engineers at Barracuda Central and delivered hourly via the Energize Updatessubscription service sold with the Barracuda Web Filter.These content filters can help organizations comply with new security initiatives and standards.User and Group-based Policy ControlThe Barracuda Web Filter allows you to create exception policies for specific users and groups so theycan override the blocking filters that prevent them from accessing content or applications. Thesepolicies are useful in providing executives and departments with additional control over the contentthey can access.You can also use exception policies to allow users to bypass blocking filters during specific hours ofthe day. For example, you can set up your Barracuda system to allow users to access shopping orgaming sites only during non-business hours.Application Blocking TechniquesMany organizations choose to block access to certain applications so they can minimize the amountof non-essential traffic on their network and to prevent users from running applications that canspread viruses or other malware. For this reason, the Barracuda Web Filter allows you to block accessto applications based on their MIME type or port number as well as to common applications like RealPlayer or Yahoo Messenger.For example, you can use the MIME blocking feature to prevent users from running executable files(.exe) or from streaming music and video files over your network.Introduction 9
Energize Updates Minimize Administration and Maximize ProtectionTo provide you with maximum protection against the latest types of spyware, Barracuda Networksmaintains Barracuda Central, a powerful operations center. From this center, engineers monitor theInternet for trends in spyware and automatically deploy updates and definitions via BarracudaEnergize Updates.By spotting spyware trends early on, the team at Barracuda Central can quickly develop new andimproved blocking techniques that are quickly made available to your Barracuda Web Filter.Barracuda Central has identified over 2,000 spyware applications that are actively blocked and iscontinuously adding to this list.The following figure shows how Barracuda Central provides the latest rules and definitions throughthe Energize Update feature.Figure 1.1: Barracuda Energize Updates10Barracuda Web Filter Administrator’s Guide
Deploying the Barracuda Web FilterYou can deploy your Barracuda Web Filter so it is either inline with your core network components,or you can deploy the system as a forward proxy. The following sections provide a brief overviewabout each deployment type.Inline Pass-through (Transparent Mode)Inline pass-through is the recommended type of deployment because it provides the strongest level ofprotection against spyware. In this deployment, the Barracuda Web Filter is directly inline with yourcore Internet network components, and all network traffic to the Internet passes through the BarracudaWeb Filter. In this mode, your Barracuda Web Filter is able to: Filter and scan all Internet traffic requests.Perform content filtering and scan downloads for spyware and viruses.Detect and block outbound spyware protocol requests.Scan all outbound traffic for spyware activity on all ports to detect infected clients.Inline pass-through deployment requires you to have an understanding of your network topologybecause even though the Barracuda Web Filter acts as a proxy, it does not participate in routingprotocols. As a result, you may need to set up static routes in your Barracuda Web Filter so it knowshow to properly route traffic.The following table describes the advantages and disadvantages of deploying your Barracuda WebFilter in inline pass-through mode.AdvantagesDisadvantagesSupports application blockingMay require setting up static routes in your BarracudaWeb Filter.Supports automatic pass-through mode in the Initial setup requires an interruption to network trafficevent of a system failure (model 310 andwhile you make necessary cabling changes.above)Does not require users to configure proxyserver settings in their Web browserUses perimeter transparency mode thatexposes client IP addresses (supportscorporate firewall rules)Figure 1.2 illustrates a basic installation using the Inline Pass-Through deployment.Introduction 11
Figure 1.2: Inline Pass-through Deployment12Barracuda Web Filter Administrator’s Guide
Forward ProxyThe Forward Proxy deployment uses a proxy as an intermediary between a client and the Internet toprotect the client from being visible from the Internet. In a forward proxy deployment, only HTTPInternet traffic passes through the Barracuda Web Filter. Once the Barracuda Web Filter processesclients’ requests, it sends the requests out directly to the Internet.When deployed as a forward proxy, the Barracuda Web Filter shows all HTTP traffic as coming fromits own IP address instead of from the individual client IP addresses as is done in the inline passthrough deployment.We recommend deploying the Barracuda Web Filter in forward proxy mode in the followingsituations: You need to replace an existing forward proxy (such as Microsoft ISA Server) with theBarracuda Web Filter.You do not want the Barracuda Web Filter to reside inline with all your network traffic and aresatisfied with the system only scanning HTTP traffic for viruses and spyware.The following table describes the advantages and disadvantages of deploying your Barracuda WebFilter in forward proxy mode.AdvantagesDisadvantagesThe initial setup of forward proxy mode doesnot require any interruptions to your networktraffic.Because the Barracuda Web Filter only scans outboundHTTP traffic, the system cannot perform the followingfunctions in forward proxy mode: Block access to applications listed on theBlock/Accept Applications page. Block access to applications that use the destinationport specified on the Block/Accept Blocked IPspage. Inspect outbound traffic for spyware infection activity.Does not require the configuration of staticroutes.The Barracuda Web Filter does not scan non-HTTPtraffic for viruses and spyware.Requires clients’ Web browsers to be configured with theIP information of the forward proxy server (BarracudaWeb Filter).Figure 1.3 illustrates a basic installation using the Forward Proxy Deployment.Introduction 13
Figure 1.3: Forward Proxy Deployment14Barracuda Web Filter Administrator’s Guide
Chapter 2Installation and ConfigurationThis chapter provides general instructions for installing the Barracuda Web Filter.This chapter covers the following topics:Network Considerations. 16Installing and Configuring the Barracuda Web Filter . 18Advanced Installation Topics . 27Installation and Configuration 15
Network ConsiderationsThe Barracuda Web Filter appliance is a low-risk deployment because it is designed to be a bridgewithin your network. The appliance can view Internet traffic that passes through the network but doesnot affect its routing. To reduce the
8 Barracuda Web Filter Administrator’s Guide Overview The Barracuda Web Filter is an inte grated anti-spyware and content fi ltering solution that eliminates spyware and other forms of malware from your organization. The Barracuda Web Filter combines preventative, reactive, and pro
