However, ensuring network availability is just one important piece of the puzzle. A network is only as strong as its security infrastructure. That’s why it’s important to efficiently monitor and manage firewalls, proxy servers, virtual private networks (VPNs), Intrusion Detection Systems (IDSs), and Intrusion Prevention Systems (IPSs).

The Firewall Analyzer add-on for OpManager enables organizations to monitor and manage both network devices, and network security devices from a single OpManager console. The add-on helps IT security admins track policy changes, optimize firewall performance, and maintain compliance standards. With this you can also:

• Analyze the efficiency of firewall rules and administer them directly into your firewall.

• Manage and monitor your VPN and proxy server.

• Identify security attacks, viruses, and other anomalies in your network.

• View the complete trail of all changes applied to your firewall configurations.

• Automate firewall audit reports, and ensure continuous compliance.

• Get detailed reports on internet and bandwidth usage.

We are conducting an exclusive free webinar on how network administrators can utilize the complete capabilities of the Firewall Analyzer add-on to handle real world network security issues.

 So, what are you waiting for? Come join us, and learn how to better manage your network security infrastructure from your OpManager console.

Book your spot now  

Date: Sept. 24, 2020 | Time: 11am ET | 6am GMT

The post Explore how the Firewall Analyzer add-on for OpManager can help you improve your network security! appeared first on ManageEngine Blog.

Apart from the connectivity issues, IT administrators also have to closely monitor for network attacks, as hackers tend to target remote workers specifically. The IT teams in companies leveraging a remote workforce have a challenging task ahead of them: they need to facilitate a secure and well-planned VPN infrastructure to ensure a hassle-free work environment.

VPN logs provide critical traffic and security details, which can help IT administrators understand VPN capacity requirements and the security posture in their enterprise. ManageEngine Firewall Analyzer is VPN log monitoring tool that helps track VPN users in real time, monitor VPN user activity for anomalous behavior, and report on security attacks carried out in the network. The VPN reports in Firewall Analyzer help network administrators gain complete visibility over their VPN traffic and firewall logs by providing visibility on a number of metrics.

Let’s take a closer look at some of Firewall Analyzer’s VPN reports.

Employee usage statistics: The VPN usage of specific users and their unique session count is crucial for planning VPN bandwidth and capacity. Firewall Analyzer monitors user-level VPN bandwidth usage and provides a list of users utilizing the maximum VPN bandwidth. This list helps you keep a tab on VPN usage at the individual user level.

VPN sessions and peak hour utilization: Firewall Analyzer not only helps you keep tabs on the number of active VPN sessions and the session history, but it also identifies peak hour utilization. These stats help you identify the busiest hours of the day and plan your infrastructure accordingly. Obtaining stats on VPN bandwidth demand is useful for calculating further scalability.

Device-based connection and usage trends: The ability to view VPN connection and usage statistics for a specific network security device is extremely critical in optimizing your VPN infrastructure. With Firewall Analyzer’s device-based VPN reports, you can easily get the connection, user, and session details for a specific network security device.

VPN bandwidth consumption and login status: Firewall Analyzer inspects all the IPs utilizing VPNs as well as their individual bandwidth consumption. This helps you zero in on IPs that consume inordinate levels of bandwidth and restrict their consumption in the future.

Being able to view the destinations and URLs your VPN clients visit is vital. With Firewall Analyzer, you can do this while easily classifying URLs as business-critical or non-critical. You can also block non-critical URLs, and save valuable bandwidth. Apart from this, you can also identify failed user logins, which helps in proactively solving VPN connection issues.

VPN bandwidth trends: Studying VPN bandwidth trends helps you anticipate consumption levels during various times of the day, and plan bandwidth capacity needs. Firewall Analyzer’s VPN Trend report gives you the ability to track these consumption trends and plan your VPN infrastructure well in advance.

Security and bandwidth alerts: Alarms and alert notifications play a critical role in identifying traffic anomalies in your VPN infrastructure. With Firewall Analyzer, you can set bandwidth triggers as per your requirements, and alert notifications will be sent directly to your email or phone via SMS.

With these reports, network administrators can easily plan an efficient VPN infrastructure that provides the ideal platform for remote employees to work without any hassle. A well-planned VPN infrastructure enables your company to retain its productivity and gain a competitive edge in today’s challenging marketplace. Download a free trial of Firewall Analyzer, and get the best out of your VPN infrastructure.

The post Overcoming VPN bandwidth and capacity complications using Firewall Analyzer appeared first on ManageEngine Blog.

The COVID-19 outbreak has brought businesses around the globe to their knees. To survive, organizations across verticals are rolling out work-from-home policies. And for effective remote working, it’s imperative to employ VPN connections, as they serve as a conduit for workers to access business-critical data remotely.

But when valuable VPN bandwidth is consumed by trivial activities, business-critical applications can run on only meager bandwidth, which translates to lost productivity. To ensure uninterrupted remote working, organizations must be able to gauge VPN bandwidth consumption.

Proper VPN bandwidth can make or break a business 

Certain information and services are only accessible inside company premises; accessing them remotely through a secure VPN connection is a must. After the initial deployment of VPN connections, some businesses encounter technical difficulties from the server and client side. A major bottleneck is the mismanagement and improper forecasting of VPN bandwidth capacity. Inadequate VPN bandwidth can lead to dire consequences for businesses, including everything from impaired services to operational disasters.

How can mismanaged VPN bandwidth impact remote work? 

The repercussions businesses can experience from mismanaged VPN bandwidth include:

• Business-critical applications are impeded, resulting in reduced productivity.

• Substandard customer service is provided, leading to a poor end-user experience.

• Slow file sharing and lags in video conferences occur, resulting in poor collaboration within and across teams.

• Poor VPN bandwidth capacity forecasting causes IT costs to increase.

• Failure to meet service-level agreements could lead to penalties.

Capabilities you need for effective VPN bandwidth monitoring and forecasting

Proactive monitoring of the following factors can help keep your VPN bandwidth in check:

• IPs and their VPN bandwidth consumption: Inspecting all the IPs utilizing VPNs, as well as their individual bandwidth consumption, is imperative. This helps you zero in on IPs that consume inordinate levels of bandwidth and restrict their consumption in the future.

• Destinations your VPN IPs land on: Viewing the destinations and URLs your VPN clients visit is vital. This helps you classify URLs as business-critical and non-critical. Access to non-critical URLs can be blocked using a blacklist to save valuable bandwidth.

• VPN bandwidth trends: Studying VPN bandwidth trends helps you anticipate consumption levels during various parts of the day, and helps you plan bandwidth capacity needs.

• Active VPN sessions and peak hour utilization: Keeping tabs on the number of active VPN sessions and peak hour utilization helps you with VPN capacity forecasting and planning. Obtaining stats on VPN bandwidth demand is useful for calculating further scalability.

Quickly adapting to an ever-changing environment is important for survival. Organizations need a VPN monitoring solution that helps network administrators dynamically plan, monitor, and manage their VPN infrastructure.

How Firewall Analyzer can help combat bandwidth anomalies

ManageEngine Firewall Analyzer helps network administrators gain complete visibility over their VPN traffic and firewall logs. Firewall Analyzer generates VPN reports that help in answering the following questions.

• Who logged into a VPN, and how many VPN logins occur every day?

• How many VPN login attempts failed?

• How many live VPN user sessions are currently running?

• What are the top VPN sessions in terms of length?

• How much bandwidth does each user consume?

• What protocols were used to access VPNs?

• What are the VPN usage trends?

• Does VPN usage increase during a specific day or hour?

• Which VPN groups are consuming the most traffic?

With these reports, network administrators can easily plan an efficient VPN infrastructure that provides the ideal platform for remote employees to work without any hassle. A well-planned VPN infrastructure enables your company to retain its productivity and gain a competitive edge in this volatile marketplace. Download a 30-day free trial of Firewall Analyzer to start efficiently monitoring your VPN infrastructure.

The post How VPN bandwidth monitoring helps retain remote workforce productivity appeared first on ManageEngine Blog.

With hackers working around the clock to breach networks, it’s essential to ensure that your firewall rules are spot on. The problem many organizations face is that rule optimization is not a one time activity; it requires constant review. Moreover, most enterprise networks have thousands of rules, making it rather challenging to perform this analysis manually.

In other words, security admins need to periodically:

1. Optimize the existing rules.

2. Reorder rules for maximum speed.

3. Delete unused rules.

4. Add new rules.

Adding new rules can be especially tricky, as not all rules are independent from each other. In fact, most new rules will have a distinct impact on existing rules, and the simplest errors can trigger a massive security loophole that can:

• Allow malicious traffic to sneak in, resulting in a network breach.

• Block legitimate traffic, disrupting normal business.

• Interact poorly with the existing rule set, affecting the efficiency of the rule performance.

This is why it’s critical for security admins to thoroughly measure the consequences of adding a new rule in the firewall.

The new Firewall Analyzer feature, Rule Impact Analysis, helps security admins analyze the impact of adding a new rule in the firewall. Firewall Analyzer is an efficient firewall rule planning tool that determines if the proposed new rule will negatively impact the existing rule set. A typical rule impact analysis process will include:

• Proposed new rule: A new rule is submitted for impact analysis.

• Anomaly detection: The proposed new rule is checked against the existing rule base for anomalies.

• Rule order recommendation: An optimal rule order is suggested by analyzing the proposed new rule for complexity and anomalies.

• Permissive interface identification: Any overly permissive destination interfaces for the proposed new rule are found.

• Threat detection: Service, application, and interface-level threats are detected and reported on.

• Blacklisted IP identification: Blacklisted IP addresses that are used in the proposed new rule are singled out.

• Risk assessment: Risk assessment is provided for relevant service, application, and interface ports.

• New rule implementation: The new rule is implemented in the firewall.

With these reports, security admins can identify threats, understand risks, remove anomalies, and optimize proposed new rules. Rule impact analysis simplifies the complicated process of adding new rules, so security admins can safely write the rule in the firewall.

 Download a free, 30-day trial of Firewall Analyzer to try out the new Rule Impact Analysis feature yourself.

The post Rule impact analysis: A new dawn of firewall policy planning appeared first on ManageEngine Blog.

1. New supported vendor: F5 BIG-IP Local Traffic Manager

F5 Networks is located in more than 30 countries and has more than 20 years experience in network security for both on-premises and multi-cloud environments. BIG-IP Local Traffic Manager enables you to control network traffic, selecting the right destination based on server performance, security, and availability.

Firewall Analyzer lets you collect, archive, and analyze F5 BIG-IP Local Traffic Manager device syslogs, as well as generate security and forensic reports. Firewall Analyzer customers can now fetch syslogs for F5 BIG-IP Local Traffic Manager as well as generate the following:

• High-level overview on live traffic to identify bandwidth utilization
• Detailed security analytics on attacks, viruses, spam, security events, denied events, denied URLs, and failed logons
• In-depth traffic usage reports on different users, protocols, applications, cloud services, and VPNs
• Custom reports for unique requirements
• Forensic log analysis using search reports that provide intricate details on the individual raw log responsible for a specific event
• Alerts based on syslogs

2. New reports supported for Vyatta, Huawei, and Check Point

2.A. Rule management report: Along with syslog reporting, Firewall Analyzer can now fetch firewall rule-sets and their configurations using CLI with different protocols like SSH, SCP, TFTP, and TELNET. It generates the rule management reports shown below for Vyatta, Huawai, and Check Point* firewall devices.

*Rules and configurations for Check Point firewalls are fetched using Check Point API versions R-80.10 and above.

2.A.A. Policy Overview Report: Lists all the rules and policies written in the firewall. Further rules can be filtered according to:

• Allowed/denied rules

• Inbound/outbound rules

• Inactive rules

• Logging disabled rules

• Over permissive any-to-any rules

Policy Overview Report

2.A.B. Policy Optimization Report: Identifies shadow, redundancy, generalization, correlation, and grouping anomalies of the existing rules that impact the performance of the firewall.

Policy Optimization Report

2.A.C. Rule Reorder Report: Suggestions on changing the rule position by correlating the number of rule-hits, complexities, and anomalies. This change might help in improving rule performance.

Rule Reorder Report

2.A.D. Rule Cleanup Report*: Lists all the unused rules, objects, and interfaces present under a firewall.

 *The Rule cleanup report for Vyatta firewall is not yet available, but will be available soon.

Rule Cleanup Report

2.B. Change Management Report: Firewall Analyzer automatically fetches configurations based on the logout syslog received from the firewall device and generates configuration change management reports for Vyatta, Huawai, and Check Point* firewall devices.

*Configurations for Check Point firewalls are fetched using the Check Point API.

Configuration Change Management Overview

This report helps you find who made what changes, when, and why. Not only that, it sends alerts to your phone in real time when changes happen. This report ensures that all the configurations and subsequent changes made in the firewall device are captured periodically and stored in the database.

Change Management Report

2.C. Compliance Reports: Firewall Analyzer also generates out-of-the-box industry standard compliance reports for SANS, PCI-DSS, NIST, ISO, and NERC-CIP. With these, security admins can track the configuration compliance status for Vyatta and Huawai firewall devices.

Compliance Reports

3. New log format supported: Barracuda Email Security Gateway

Barracuda Email Security Gateway is an email security gateway that manages and filters all inbound and outbound email traffic to protect organizations from email-borne threats and data leaks. As a complete email management solution, Barracuda Email Security Gateway lets organizations encrypt messages and leverage the cloud to spool email if mail servers become unavailable.

Firewall Analyzer analyzes syslogs generated by Baracuda Email Security Gateway and provides security and traffic reports.

Download Firewall Analyzer and check out all the latest updates now!

The post Firewall Analyzer enhancements that fire up your firewall devices appeared first on ManageEngine Blog.

Attack landscape

• On July 17, 2013, personal information of more than 72,000 staff members (past and present) of the University of Delaware in Newark was compromised. Hackers  obtained the information (names, addresses, social security numbers, etc.) by exploiting the vulnerability in a third-party software that the university used.

• On July 18, 2013, during a routine security scan of IT resources, the University of Hong Kong found that a Trojan had been planted, which had mined the user names and passwords of more than 3676 accounts, including more than 250 administrative accounts.

• On July 24, 2013, the Stanford University announced that its computer system had suffered a security breach and advised its users to change their passwords. The university, however, said that the scope of intrusion was not known.

• In January this year, the Mississippi State University was the target of a cyber attack on one of the university’s servers. However, the investigation conducted later confirmed that there was no loss of secure data.

• In April this year, Universities UK, a representative body of 133 universities in the UK, issued guidance on how institutions should defend their research from cyber attacks.

The incidents listed so far are just a sampling of the cyber incidents that have happened in the last few months. These incidents have come as a rude shock to the academic community because only commercial establishments, such as banks, financial institutions, and Fortune 500 enterprises, have remained the targets of cyber criminals across the globe so far.

Universities – paradise for hackers?

Academic institutions mostly concentrate on research and accord top priority for information exchange, collaboration, and a culture of openness. Naturally, IT security, which often creates various kinds access barriers, takes the back seat. Hackers always look for loopholes in security settings. And, it’s no wonder that universities, with their low emphasis on IT security, have become a hacker’s paradise.

Why hackers target universities?

• Universities deal with a vast amount of intellectual property acquired through active research. Research by Nobel laureates is invaluable and could fetch hackers a premium.  The servers of the institutions where Nobel laureates are working are potential targets for  hackers!
• Destroying path-breaking research and espionage could also be the motives.
• Universities handle consultancy services involving huge money.
• Bigger universities play many roles like commercial establishments – they deal with the personal data of students and staff; store sensitive financial data; collect and manage funds; run hostels, which are bigger than commercial restaurants; and perform a host of other services. Hackers look to gain access to credit card details and other personal info.
• Moreover, cyber criminals are now keen on siphoning off login credentials of employees and administrative passwords of IT resources by using techniques such as spam and phishing emails, keystroke loggers, and Remote Access Trojans (RAT). Identities stolen in this manner help hackers access several other online applications, because users normally reuse the same passwords across applications.

How to combat?

Clearly, a major challenge that the top universities face today is defending their intellectual properties. Mobile devices, cloud computing, and virtualization have all made information security quite complex. Therefore, combating sophisticated cyber attacks on universities demands a multi-pronged strategy that would incorporate a complex set of activities.

We’ll discuss the combat strategies in the next post!

Bala
ManageEngine IT Security Solutions | Password Manager Pro – Quick Video | Free Trial Download | White Papers | Success Stories

The post Spate of shocking cyber attacks on universities jolt academia appeared first on ManageEngine Blog.

This week’s shocker was the outing of a hole in mobile device SIM cards, by Karsten Nohl, the founder of Security Research Labs in Berlin. Nohl was able to send a virus to the SIM card through a text message, then eavesdrop on calls, make purchases through the phone and even impersonate the phone’s owner. He did all this in under two minutes using an everyday PC and estimates that 750 million phones are vulnerable to attacks.

It’s so new that any in-depth analysis may be relegated to hallway discussions at the conference, because it’s not even on the official program. In fact, maybe the Black Hat organizers should simply use a real-time data feed of all security breaches in lieu of a planned agenda, as anything else will likely be dated by the opening keynote.

Case in point, no sooner did the news break about the vulnerability of SIM cards than Apple announced its own developer site was hacked.

Summer of Hackers (Again)

Why is everything related to computing getting hacked? Well, if you asked Willie Sutton, the prolific American bank robber, he would say “because that’s where the money is.”

Of course, nearly all of us have our net worth accessible by the click of a browser, user name and password. In fact, nearly every aspect of our lives is online — personal details, pictures, communications and job information. You name it; it’s all online.

So it should be no surprise that modern day thievery has moved online too. The number of breaches will continue to grow, and hacks will become increasingly imaginative as hackers strive to stay two (or sometimes ten) steps ahead of the security experts.

5 Ways To Stay Safe Online

But you don’t have to take the risks lying down. With a few simple steps, you can stay miles ahead of the bad guys — or at least make them jump through some hoops trying to break in.

Password Management: Good password management practices remain the greatest deterrent to electronic break-ins and theft, yet people and companies continue to not take it seriously — or at least act like they do. Be honest — when did you last change your own passwords? Do you use the same one for multiple sign-ins? Is it strong enough? The fact that people don’t employ strong passwords to protect their electronic assets is perplexing since it can be automated through password management software.

Two-Factor Authentication: Using applications that utilize two-factor authentication (TFA) is another level of protection. TFA requires a second level of authentication beyond a password, such as a random passcode that must be entered along with a password when logging into an app. Popular applications like Gmail and Twitter now offer optional TFA with their services — so opt for it!

Mobile Device Management: Most companies allow employees to access the corporate network and applications via BYOD (bring your own devices) devices, which means that both personal and corporate data reside together. Companies are waking up to the fact that mobile devices store a lot of information and offer would-be intruders access to personal and corporate data alike. Mobile device management (MDM) software is the best way to control access to mobile devices. Most MDM solutions allow you to set device configurations and profiles of all devices accessing the corporate network.

Encryption: If a hacker gets into your computer or mobile device, the last line of defense may be whether the data on the devices themselves is encrypted. And, actually, your data should be encrypted when connecting to an application, while in transit and at rest. Again, there are many software applications that can offer this type of protection for computers and mobile devices.

Common Sense Strategies: Lastly, there are important non-technical tactics that fall into the category of common sense. Don’t keep your life history in your Inbox; purge or archive data after it is no longer needed or being used. Only put sensitive data or personal data online if it’s absolutely necessary. And never send or store it in plain text.

Best Laid Plans

These are some easy, but effective security precautions against the known vulnerabilities that hackers target. And if you’re rolling into Las Vegas today for the Black Hat conference, you’ll definitely want to implement these extra precautions before you even step foot on the show floor (or the hotel or even the airport!).

Either way, whether it’s SIM cards or webcam attacks, assume that anything containing valuable information will be targeted — stay vigilant of the Black Hat.

Raj Sabhlok is the president of Zoho Corp., which is the parent company of Zoho.com and ManageEngine. Follow him @rajsabhlok.

The post Your Net Worth Is Online – And Less Safe Than Ever appeared first on ManageEngine Blog.

Engineers and technicians working with service providers would require remote privileged access to servers, databases, network devices, and other IT applications to discharge their contractual duties. Typically, in outsourced IT environments, the technicians working with the service provider will be located at a faraway place and will access the IT resources of your organization remotely through VPN.

Uncontrolled Administrative Access – A Potential Security Threat

With remote privileged access that grants virtually unlimited access privileges and full controls to physical and virtual resources, the outsiders virtually become insiders and in some cases, much more powerful than the real insiders of the organization. Uncontrolled administrative access is a potential security threat, which can jeopardize your business.

A disgruntled technician could plant a logic bomb on your network, create a sabotage, or steal customer information, and cause irreparable damage to your business and reputation. In fact, analysis of many cyber incidents reported in the past has revealed that misuse of privileged access had been the root cause.
So, in outsourced IT environments, controlling privileged access and keeping an eye on the actions on critical IT resources are absolutely essential, both as protective and detective security control against cyber attacks.

Essential Security Measures for Outsourced Environments

• An inventory of resources/IT assets accessed by the third-party technicians should be kept up to date.
•  Third-party technicians should get access only to the resources that are necessary to perform their work.
• Access should be granted without revealing the underlying passwords. That means, the third-party technicians should be able to access the resources without seeing the passwords in plain text.
• The remote access enabling mechanism should be highly secure.
• All activities done by them should be video-recorded and monitored. Any suspicious activity should be terminated.
• Comprehensive, tamper-proof audit records should be maintained on ‘who’, ‘what’ and ‘when’ of access.
• Password management best practices like usage of strong passwords, frequent rotation, etc. should be strictly enforced.

These simple security aspects would be difficult to implement without the aid of a proper software solution. Manual approach to consolidating, securing, controlling, managing, and monitoring privileged accounts is not only cumbersome and time-consuming, but also highly insecure.

Preventive & Detective Security Controls Through an Automated Approach

To overcome the security threats arising out of outsourcing, organizations need to follow an automated approach to control, monitor, and manage privileged access. ManageEngine Password Manager Pro is a solution that offers such an automated approach. It delivers both privileged access management and privileged session management in a single unified solution. It helps enterprises consolidate and control all the privileged accounts centrally in a fully automated fashion, ending convoluted manual password management practices.

• You can selectively share credentials with third-party technicians on need basis. Even time-limited, temporary access could be granted without exposing the credentials in plain text.
• In the central GUI of Password Manager Pro, the technicians get to see only the resources allotted to them. This restricts their remote access only to the required assets.
• As and when needed, you can take a report on the privileged access scenario – ‘who’ has access to ‘what’ resources. And, the audit trails will tell you ‘who’ actually accessed ‘what’ and ‘when’. You will also receive alerts and notifications when someone accesses a sensitive resource.
• User activities during privileged sessions are video-recorded and archived for forensic audits. Password Manager Pro employs first-in-class, remote login mechanism to deliver on both ease of use and security. From any HTML5-compatible browser, users can launch highly secure, reliable, and completely emulated Windows RDP, SSH, and Telnet sessions with a single click, without the need for additional plug-in or agent software. The session recording capability is an extension of the robust remote login mechanism in which the remote connections are tunneled through the Password Manager Pro server, requiring no direct connectivity between the user device and the remote host.
• Normally, cyber incidents do not take place suddenly; they are the result of meticulous planning for several months. Logs from critical systems carry vital information that could prove effective in preventing such ‘planned’ attacks by malicious technicians. For instance, monitoring activities like user logons, failed logins, password access, password changes, attempts to delete records, and other suspicious activities could help identify hacking attempts, malicious attacks, DoS attacks, policy violations, and other incidents. Monitoring network activity to establish real-time situational awareness is essential to enterprise security. ManageEngine’s log analytics and SIEM solutions EventLog Analyzer and Firewall Analyzer would be immensely helpful in achieving real-time situational awareness.

Of course, not all security incidents can be prevented or avoided. However, by taking proper preventive and detective security controls as explained above, you can ensure information security while outsourcing IT.

Bala
Password Manager Pro – Quick Video | Free Trial Download | White Papers | Success Stories

The post IT outsourcing: When outsiders become insiders, how do you ensure information security? appeared first on ManageEngine Blog.

To add tooth to the ‘written policy’ companies should have tools in place to enforce the policy in letter and in spirit. Companies use non-intrusive and real-time network security monitoring software’s like ManageEngine Firewall Analyzer to implement the Internet fair use policy in their corporate network.

With ManageEngine Firewall Analyzer, you can get detailed reports on your corporate user’s internet usage and you can verify whether it is as per the allowed policy. The reports are:

• List of denied URLs and URL categories, each user tried to access
• List of allowed URLs and URL categories accessed by each user
• Sent, received and total Internet bandwidth consumed by each user
• Protocol based Internet usage of each user
• Separate report for each protocol

In this series of posts, we will show how companies use Firewall Analyzer to enforce Internet fair use policy.

Part 1

How to get the list of denied URLs and URL categories, each user tried to access and the list of allowed URLs and URL categories accessed by each user?

Using Firewall Analyzer network security administrators can obtain detailed reports on employees who have tried to access URLs, which are ‘denied’ as per Internet fair use policy.  They also obtain reports on users who have accessed safe or allowed URLs. See how it can be get done and how your company can benefit from it.

Steps Involved:

Create a report profile, which will generate a report, displaying the denied URLs and URL categories the user has attempted to access and the allowed URLs and URL categories the user has access.

Create a new report profile

Use the ‘Add New > Report Profile’ menu available in the sub-tab.

Wizard Screen 1 – Select Devices and Filters

1. Enter a name for this report profile. This field is mandatory.
2. Select the devices as per your requirement.
3. Choose any of the filters from the existing list, which meets the denied URL report condition.
4. If there is no such filter available, add a filter. Use the ‘+ Add’ menu link.
5. Navigate to the next wizard screen. Use the ‘Next’ button.

Add Report Filter

1. Enter a name for this report filter. This field is mandatory. If filter name is not entered, by default ‘<Report Profile Name>_filter’ will be assigned as filter name. Select the filter type as required.
2. Select ‘Include the following Users’ option and enter the user name in the text box.  Use the ‘Add >>’ button to add the users for whom report should be filtered. Remove the user using ‘Remove’ button.
3. Use the ‘Finish’ button to complete the report filter creation.

Wizard Screen 2 – Select Report Type and Schedule

1. Scroll down and choose the ‘URL Report’ from the ‘Available Reports’ list, which meets the denied URL report condition.
2. Optionally, if you want to modify the definition of the report type, use the ‘+ Add’ menu link.
3. Optionally, you can schedule the report generation, by default it is generated only once
4. The report can be emailed to the concerned Administrator if you enable the ‘Email the report’ option and configure the ‘Mail Server’ and recipients email IDs.
5. Use the ‘Preview’ button to have the report preview and Use the ‘Save’ button to save the report profile.

View Report

The denied and allowed URL report for user ‘David’ is given below:

Note that this report captures the accessed URLs and denied URLs attempted by one specific user. To get report for multiple users, use the ‘Advance Search’ option.

In our subsequent posts we will cover few of the other methods of implementing Internet fair use policy using Firewall Analyzer.

The post How companies can implement Internet fair use policy for corporate users? appeared first on ManageEngine Blog.