This session Netsweeper Blocking and Unblocking 3/16/2010

3/16/2010
This session
Netsweeper Blocking and
Unblocking
Charles Steinhaus
Network Consulting
Rebecca Wall
Technical Support
MOREnet Knowledgebase:
help@more.net
Thursday, 11 a.m. – Noon
www.more.net University of Missouri
Copyright 2010 MOREnet and the Curators of University of Missouri
MOREnet Hosted
• MOREnet Hosted vs. Member Hosted
• Define Group & Clients
• Tasks
– How to use the local deny list
– Submitting a url for review by Netsweeper
– “Member Hosted Only”
• Using the URL List Manager
• Blocking Tips, like Facebook, https, Google
Video, Craigslist personals…
• Questions?
Member Hosted
• You provide a workstation server
• MOREnet Hosts the server
• Full access to reports, & log files
• MOREnet Router redirects http (port 80) traffic
• User based filtering (A/D, eDir)
• Desktop client available for protocol filtering
• Protocol based filtering
1
3/16/2010
Clients and Groups
• Groups- Used to define a section of users. An
organization can have multiple Groups (i.e.
one for teachers and one for students)
Local Deny List
1. Login to your Netsweeper server
2. Click on Policy Management / Group Manager.
3. Click the name of the Group you want to edit.
• Clients- Individual users or workstations.
Groups are made up of Clients.
Local Deny List
4. Scroll to the Policies section, and click the Policy
you want to edit.
5. Scroll down the Policy Page to Local
URL/Keyword List. In the drop down list select
Local Deny URLs/ Keywords.
Local Deny List
6. In the Add Entry box, enter a “keyword search”
or the url you want blocked. Click Add
Note: URLs must begin with http://
Keywords are for search engines
7. Click Apply Settings at the top and click Apply
2
3/16/2010
Submitting URLs
for Review
1. Select URL Tools / URL Alert
2. Enter the requested information
URL List Manager
1. Select URL Tools / URL List Manager
2. In the drop down list select the list to edit
3. Click Submit. URLS are reviewed within 48 hours
URL List Manager
Authority Ranking:
URL List Manager
Definitions:
Highest Authority Level Deny Page Allow URL List
System URL List
Global Allow/Deny List - Applies to all Groups on
the system. Entries in this list can be
overridden by the Local Allow/Deny List
Local URL/Keyword Lists
Global URL Lists
Lowest Authority Level
System Allow/Deny List - Applies to all Groups on
the system. This list overrides the Global and
Local URL lists and cannot be overridden
Category URL List
3
3/16/2010
URL List Manager
System Allow/Deny Protocol List - Applies to all
Groups on the system. Used to block certain
protocols (example: https) and overrides the
Local Lists
URL List Manager
1. Type the URL in the Add URL box and click Add
2. Click Apply Settings at the top, click Apply
Deny Page Allow URL List - Ensures that all
components of a deny page are displayed
regardless of the policy applied
Custom Search Patterns using
REGEX (Regular Expressions)
• RegEx is a programing language used for text
string pattern searches
• Netsweeper uses RegEx for patterned Blocking
• RegEx is supported on the following lists:
- Local Allow/Deny List
- Global Allow/Deny List
- System Allow/Deny List
- System Allow Protocol List
Tip: Block all Google video sites
regardless of TLD*
Option 1: Enter each domain you want blocked
http://video.google.com
http://video.google.ca
http://video.google.co.uk
This is time consuming
* TLD=Top Level Domain ie .com or .ca or .uk
4
3/16/2010
Option 2: Block all Google video
sites using RegEx
A better solution is to use RegEx over all the
Google domains in one statement
Tips: Block exe & URL name
EXE Tip Block any file with the extension exe
Block List
Block List
/^http://.+\.+exe/
/^http://video\.google.*/
* The preceding and trailing slashes / / describes what to parse
* The ^ preceding the http tells the parser where to begin
Word Tip Block a url containing a specific word
Block List
Common Craigslist Blocks
/^http://.*porn.*/
Tip: Block all SSL/TLS traffic
Tip Block erotic services on CraigsList.com
Block List
Block List
/^http://.*craigslist.*category=ers/
/^http://.*\.ssl\.misc\.protocol-check\.net-sweeper\.com.*/
New Version
/^https://*
Tip Block personals on CraigsList.com
Block List
/^http://.*craigslist.*[m|w|t|mw|mm|ww]4.*/
5
3/16/2010
Tip: Block keywords in search strings
Code
http://www.youtube.com/results?search_type=&search_query=sex&aq=f
is the result if someone searches for sex on
YouTube
- or The following will block sex, but allow words like
"essex" and "sextant"
Code
https Code for Facebook
Code
/^http://69.63.*\:443/
/^http://66.220.*\:443/
/^http://96.7.*\:443/
/^http:\/\/.*youtube\.[^/]*/.*\?.*[=|+]sex[|+|&].*$/
Tip Block Facebook from using https
New Local SSL Block
• Try nslookup on the DNS name for the IPs.
New Version in version 2.6.27.33+ and IE8 & FF3.5
Code (Not RegEx)
https://facebook.com
• You may need nstail on the Netsweeper server
[me@localhost] nstail
Watch for https:// entries
6
3/16/2010
Questions?
help@more.net
Tel: 800 509-6673
Tel: 573 884-7200
7
Netsweeper Tips and Tricks
Additions to the Local Deny List
1. Log into the policy server. (For MOREnet Hosted users this is at http://tigers.more.net/)
2. In the left hand side menu, click on Policy Management, and then click Group Manager.
3. Find your Group and click on the name of the Group that you want to edit.
4. On the Group Policy Page, scroll down to the Policies section and click on the name of the Policy you want
to edit.
5. On the Policy Page, scroll down to the Local URL/Keyword List section. In the drop down select Local
Deny URLs/Keywords.
6. In the Add Entry box, enter either a keyword or a url you want blocked. Click add.
Note: URLs must be entered beginning with http://. Encode is used for entries containing nonalphanumeric characters.
7. Click Apply Settings at the top. Then Click the Apply button.
Submitting URLs for Review
1. In the left hand side menu, click URL Tools and then click URL Alert.
2. Enter the requested information in the following two boxes.
3. Click Submit. URLS should be reviewed and recategorized (if needed) within 48 hours.
URL List Manager
1. In the left hand side menu, click URL Tools and then click URL List Manager.
2. In the Select List drop down, choose the list you wish to add to.
3. Type the URL in the Add URL box and click the Add button.
4. Click Apply Settings at the top, and then click the Apply button.
Definitions:
Global Allow/Deny List- Applies to all Groups on the system. Entries in this list can be
the Local Allow/Deny List.
overridden by
System Allow/Deny List- Applies to all Groups on the system. This list overrides the Global and Local
URL lists and cannot be overridden.
System Allow/Deny Protocol List-Applies to all Groups on the system. Used to block certain protocols
(example: https) and overrides the Local Lists.
Deny Page Allow URL List-Ensures that all components of a deny page are displayed regardless of the
policy applied.
Authority Ranking:
Deny Page Allow URL List-Highest Authority
System URL Lists
Local URL/Keyword Lists
Global URL Lists
Category URL List-Lowest Authority
Regex Cheat Sheet
Character
\
Match
the escape character - used to find an instance of a metacharacter
like a period, brackets, etc.
match any character except newline
.
(period)
x
match any instance of x
^x
match any character except x
[x]
match any instance of x in the bracketed range - [abxyz] will
match any instance of a, b, x, y, or z
| (pipe) an OR operator - [x|y] will match an instance of x or y
()
used to group sequences of characters or matches
{}
used to define numeric quantifiers
{x}
match must occur exactly x times
{x,}
match must occur at least x times
{x,y}
match must occur at least x times, but no more than y times
?
preceding match is optional or one only, same as {0,1}
*
find 0 or more of preceding match, same as {0,}
+
find 1 or more of preceding match, same as {1,}
^
match the beginning of the line
$
match the end of a line
Reference http://support.netsweeper.com