Greetings,

We hope you have been enjoying your summer so far and are staying cool. In this issue, our feature article focuses on how you can use Cyfin or CyBlock to help control and look for spyware. Web-based security threats are becoming more common and are expected to pass email security threats sometime next year.

New versions of our products were recently released, and you can check out the new enhancements below. To get the full release notes, just visit your product’s support Web page at www.wavecrest.net. You can download the newest version directly from the product on the Administration – Product Update screen.

Finally, don’t forget to check out the tech tip on using MSDE data, and if you are a new customer, check out our “OtherWise” program to see how Wavecrest may be able to help you categorize previously unknown sites. Enjoy the rest of your summer! The Wavecrest Team

Controlling Spyware with Cyfin® and CyBlock®

Introduction
Spyware — software that tracks Web surfers' activity without their knowledge and sends the information back to a third party — is a growing concern for IT administrators. Spyware can compromise security, consume bandwidth and slow networks to a crawl. The good news is you can help protect your network from spyware with Cyfin and CyBlock software.

Spyware problems
Spyware can get into your computer(s) very easily, and it can be extremely hard to detect. Most employees never realize their computers are infected, and those that do have no idea how it happened.

Because spyware enters a user’s system with “legitimate” traffic through an open Internet port, firewalls are not an adequate defense. Spyware remains undetected by firewalls designed to block suspicious inbound traffic rather than monitor the heavy outbound activity spyware generates. (Inbound spyware doesn’t look suspicious.)

Wavecrest solutions
Your Cyfin® monitoring software or CyBlock® filtering software can help identify spyware and reduce your risk of downloading it in the future.

1) Use reporting tools to spot spyware activity with Cyfin or CyBlock.

A. Look for unusual patterns of Web activity. Run a Site Analysis report at least once a week and be alert to changes in the volume and pattern of outbound Web activity. For example, if a single user is suddenly logging thousands of visits a day, chances are it's a spyware issue. That’s because “human” activity is usually more random than spyware activity. Here’s another clue. If you notice that every morning at 3 a.m. a user appears to be accessing the same Web site repeatedly, most likely the activity is being automatically triggered by a spyware program.

B. Watch the IP Address category. High activity in this reporting category should raise a red flag for administrators. Most spyware programs send information back to an IP address, while actual user activity is almost always driven by domain name. Wavecrest software will categorize all IP Address activity automatically. High traffic volume here warrants further investigation.

C. Identify the source of the problem. Dig deeper by running a Category Audit Detail report to uncover both the spyware site and the affected user. If your Category Audit Detail report shows an unusual number of hits to a specific Web site, that site is most likely the source.

2) Use CyBlock’s filtering tools to control surfing.

A. Create a strict “allow” list. One way to prevent spyware is to strictly control employee Internet access. With CyBlock, you can limit online access to only the Web sites you know to be trustworthy and automatically block access to any Web site not on your “allow” list.

B. Block access to high-risk sites. Another less restrictive way to minimize exposure to spyware is to block user access to high-risk site categories. These include spyware/malicious, hacking, phishing/fraud, music downloads, download sites, social networks, games, chat and pornography.

3) Update your Web-use management tools.

A. Update your Acceptable Use Policy. Employees need to understand the risks of Web surfing. Minimize risks of Internet abuse by implementing a policy to curtail at-work surfing and communicate it clearly to employees.

B. Update your Wavecrest list. The Wavecrest control list is updated daily, adding Web sites known to host spyware. We recommend downloading your Wavecrest control list daily to minimize the number of visits categorized as “Other” and ensure the best coverage possible. You can set Cyfin and CyBlock to do this automatically on the Administration – URL List – Schedule screen.

(Note: If you spot a Web site you suspect may be spyware, email it to us at sites@wavecrest.net. Our OtherWise research team will review the site and categorize it appropriately.)

C. Update your operating system. Download updates to your operating system on a regular basis. Spyware multiplies on your network by exploiting weaknesses in OS software. Frequent updates will help plug these holes and minimize the damage if you become infected.

4) Work with your employees.

Counsel employees about the dangers of spyware. Brief your employees on the dangers and detrimental effects of malicious software, and tell them about the actions you’re taking as well as the actions they should take and the sites they should avoid.

Maintenance Release – CyBlock 5.7.1 and Cyfin 7.7.1

Maintenance Releases for CyBlock and Cyfin were recently distributed. CyBlock ISA and Cyfin Reporter now support a direct connection to the Microsoft ISA Server MSDE database. Additionally, Cyfin Reporter now offers support for CyberGuard Firewall and FortiGate Syslog logfile data.

Additional enhancements for all products include:

Audit Detail Reports Now Have Page Sizes For Each URL. The page size is now displayed for each URL in all Audit Detail reports!
Email Subject. You can now have your server alias name displayed in the subject for all product-generated emails.
URL List Update Email Confirmation. Email confirmation for the URL List update has the new option of only being sent if there were error conditions.

Tech Tip – MSDE Support for CyBlock ISA and Cyfin Reporter

The recent product releases CyBlock ISA 5.7.1 and Cyfin Reporter 7.7.1 now offer support for ISA Server’s MSDE database. With the new upgrade, you no longer have to convert the MSDE data to text. The product will now connect directly to the MSDE database.

Once you upgrade your product version, all you need to do is create a new logfile configuration to your MSDE database. There are only a couple of simple scripts to run, and these steps are clearly explained during configuration. Start the process by going to the Logfiles – Setup screen.

Improve Categorization with Otherwise

If you haven't taken advantage of our OtherWise program, now's a great time to start! What is OtherWise? It's an easy way for Cyfin and CyBlock customers to reduce the percentage of non-categorized (also known as "Other") Web sites in their reports.

To participate in OtherWise, simply run a “Top Non-Categorized Sites” report and email it to sites@wavecrest.net. Our list technicians will categorize the top sites on your report and add them to your list. There is no cost, and your report data is kept completely confidential.

Memory Update Alert

The Wavecrest URL list continues to grow due to the rapid growth of the Internet. To ensure that you have enough memory for the URL list and to run your reports, please increase the memory setting in your Wavecrest product. The minimum memory setting you should be using is 256 MB.

To change your memory setting, go to the Setup – Memory screen, select the appropriate memory setting, and click Submit.

NOTE: Please remember that you will need to restart the service in order for your changes to take place.

Online Support Forum

Connect with over 3,000 Wavecrest software users worldwide — 24 hours a day, 7 days a week — at Wavecrest's online support forum.

Wavecrest's online support forum is a searchable forum of questions and answers related to Wavecrest software. The information is contributed by Wavecrest users and moderated by Wavecrest's technical support staff.

To access the support forum, go to http://forum.wavecrest.net/.

And remember, you can still reach Wavecrest tech support via email at support@wavecrest.net or by phone Monday – Friday between 8 a.m. and 6 p.m. Eastern Time at 877-442-9346 (toll free in the US and Canada) or 001-321-953-5351(International).

You are receiving this e-mail because you are a Wavecrest customer or have shown an interest in our products. Your relationship with us is important. Please know that the e-mail addresses of our subscribers will never be sold or distributed to other companies or lists.

If you wish to no longer receive the Wavecrest newsletter, please reply to this email with REMOVE as the subject.


IN THIS ISSUE Controlling Spyware New Maintenance Releases Tech Tip: MSDE Data Support Improve Categorization Memory Upgrade Alert WAVECREST HOME	Greetings, We hope you have been enjoying your summer so far and are staying cool. In this issue, our feature article focuses on how you can use Cyfin or CyBlock to help control and look for spyware. Web-based security threats are becoming more common and are expected to pass email security threats sometime next year. New versions of our products were recently released, and you can check out the new enhancements below. To get the full release notes, just visit your product’s support Web page at www.wavecrest.net. You can download the newest version directly from the product on the Administration – Product Update screen. Finally, don’t forget to check out the tech tip on using MSDE data, and if you are a new customer, check out our “OtherWise” program to see how Wavecrest may be able to help you categorize previously unknown sites. Enjoy the rest of your summer! The Wavecrest Team Controlling Spyware with Cyfin® and CyBlock® Introduction Spyware — software that tracks Web surfers' activity without their knowledge and sends the information back to a third party — is a growing concern for IT administrators. Spyware can compromise security, consume bandwidth and slow networks to a crawl. The good news is you can help protect your network from spyware with Cyfin and CyBlock software. Spyware problems Spyware can get into your computer(s) very easily, and it can be extremely hard to detect. Most employees never realize their computers are infected, and those that do have no idea how it happened. Because spyware enters a user’s system with “legitimate” traffic through an open Internet port, firewalls are not an adequate defense. Spyware remains undetected by firewalls designed to block suspicious inbound traffic rather than monitor the heavy outbound activity spyware generates. (Inbound spyware doesn’t look suspicious.) Wavecrest solutions Your Cyfin® monitoring software or CyBlock® filtering software can help identify spyware and reduce your risk of downloading it in the future. 1) Use reporting tools to spot spyware activity with Cyfin or CyBlock. A. Look for unusual patterns of Web activity. Run a Site Analysis report at least once a week and be alert to changes in the volume and pattern of outbound Web activity. For example, if a single user is suddenly logging thousands of visits a day, chances are it's a spyware issue. That’s because “human” activity is usually more random than spyware activity. Here’s another clue. If you notice that every morning at 3 a.m. a user appears to be accessing the same Web site repeatedly, most likely the activity is being automatically triggered by a spyware program. B. Watch the IP Address category. High activity in this reporting category should raise a red flag for administrators. Most spyware programs send information back to an IP address, while actual user activity is almost always driven by domain name. Wavecrest software will categorize all IP Address activity automatically. High traffic volume here warrants further investigation. C. Identify the source of the problem. Dig deeper by running a Category Audit Detail report to uncover both the spyware site and the affected user. If your Category Audit Detail report shows an unusual number of hits to a specific Web site, that site is most likely the source. 2) Use CyBlock’s filtering tools to control surfing. A. Create a strict “allow” list. One way to prevent spyware is to strictly control employee Internet access. With CyBlock, you can limit online access to only the Web sites you know to be trustworthy and automatically block access to any Web site not on your “allow” list. B. Block access to high-risk sites. Another less restrictive way to minimize exposure to spyware is to block user access to high-risk site categories. These include spyware/malicious, hacking, phishing/fraud, music downloads, download sites, social networks, games, chat and pornography. 3) Update your Web-use management tools. A. Update your Acceptable Use Policy. Employees need to understand the risks of Web surfing. Minimize risks of Internet abuse by implementing a policy to curtail at-work surfing and communicate it clearly to employees. B. Update your Wavecrest list. The Wavecrest control list is updated daily, adding Web sites known to host spyware. We recommend downloading your Wavecrest control list daily to minimize the number of visits categorized as “Other” and ensure the best coverage possible. You can set Cyfin and CyBlock to do this automatically on the Administration – URL List – Schedule screen. (Note: If you spot a Web site you suspect may be spyware, email it to us at sites@wavecrest.net. Our OtherWise research team will review the site and categorize it appropriately.) C. Update your operating system. Download updates to your operating system on a regular basis. Spyware multiplies on your network by exploiting weaknesses in OS software. Frequent updates will help plug these holes and minimize the damage if you become infected. 4) Work with your employees. Counsel employees about the dangers of spyware. Brief your employees on the dangers and detrimental effects of malicious software, and tell them about the actions you’re taking as well as the actions they should take and the sites they should avoid. Maintenance Release – CyBlock 5.7.1 and Cyfin 7.7.1 Maintenance Releases for CyBlock and Cyfin were recently distributed. CyBlock ISA and Cyfin Reporter now support a direct connection to the Microsoft ISA Server MSDE database. Additionally, Cyfin Reporter now offers support for CyberGuard Firewall and FortiGate Syslog logfile data. Additional enhancements for all products include: Audit Detail Reports Now Have Page Sizes For Each URL. The page size is now displayed for each URL in all Audit Detail reports! Email Subject. You can now have your server alias name displayed in the subject for all product-generated emails. URL List Update Email Confirmation. Email confirmation for the URL List update has the new option of only being sent if there were error conditions. Tech Tip – MSDE Support for CyBlock ISA and Cyfin Reporter The recent product releases CyBlock ISA 5.7.1 and Cyfin Reporter 7.7.1 now offer support for ISA Server’s MSDE database. With the new upgrade, you no longer have to convert the MSDE data to text. The product will now connect directly to the MSDE database. Once you upgrade your product version, all you need to do is create a new logfile configuration to your MSDE database. There are only a couple of simple scripts to run, and these steps are clearly explained during configuration. Start the process by going to the Logfiles – Setup screen. Improve Categorization with Otherwise If you haven't taken advantage of our OtherWise program, now's a great time to start! What is OtherWise? It's an easy way for Cyfin and CyBlock customers to reduce the percentage of non-categorized (also known as "Other") Web sites in their reports. To participate in OtherWise, simply run a “Top Non-Categorized Sites” report and email it to sites@wavecrest.net. Our list technicians will categorize the top sites on your report and add them to your list. There is no cost, and your report data is kept completely confidential. Memory Update Alert The Wavecrest URL list continues to grow due to the rapid growth of the Internet. To ensure that you have enough memory for the URL list and to run your reports, please increase the memory setting in your Wavecrest product. The minimum memory setting you should be using is 256 MB. To change your memory setting, go to the Setup – Memory screen, select the appropriate memory setting, and click Submit. NOTE: Please remember that you will need to restart the service in order for your changes to take place. Online Support Forum Connect with over 3,000 Wavecrest software users worldwide — 24 hours a day, 7 days a week — at Wavecrest's online support forum. Wavecrest's online support forum is a searchable forum of questions and answers related to Wavecrest software. The information is contributed by Wavecrest users and moderated by Wavecrest's technical support staff. To access the support forum, go to http://forum.wavecrest.net/. And remember, you can still reach Wavecrest tech support via email at support@wavecrest.net or by phone Monday – Friday between 8 a.m. and 6 p.m. Eastern Time at 877-442-9346 (toll free in the US and Canada) or 001-321-953-5351(International). You are receiving this e-mail because you are a Wavecrest customer or have shown an interest in our products. Your relationship with us is important. Please know that the e-mail addresses of our subscribers will never be sold or distributed to other companies or lists. If you wish to no longer receive the Wavecrest newsletter, please reply to this email with REMOVE as the subject. © Copyright 1996-2008 Wavecrest Computing. All rights reserved.