1Copyright © 2013 Blue Coat Systems Inc. All Rights Reserved. PROXYSG POLICY BEST PRACTICES  Thank you for joining today’s Blue Coat Customer Support.

Slides:



Advertisements
Similar presentations
Configuration management
Advertisements

Configuration management
Business Intelligence
© 2008 RightNow Technologies, Inc. Title Best Practices for Maintaining Your RightNow Knowledge Base Penni Kolpin Knowledge Engineer.
[Title of meeting] [Name of sponsor] [Date] For guidance on working with PowerPoint and reformatting slides, click on Help, then Microsoft PowerPoint Help,
Using XACML Policies to Express OAuth Scope Hal Lockhart Oracle June 27, 2013.
Microsoft ASP.NET Security Venkat Chilakala Support Professional Microsoft Corporation.
Due to the competitive nature of this document, the information contained within is considered to be of a proprietary and confidential nature and shall.
World Class Security Experts © Copyright 2004 SkyView Partners LLC. All rights reserved. How IT is affected by Sarbanes-Oxley Act.
Lesson 18: Configuring Application Restriction Policies
IMPLEMENTATION OF AN E-LEARNING PLATFORM USING CMS
Libraries and Institutional Content Management Systems
Introduction to Systems Analysis and Design
Creating Online Class Communities Jennifer Dorman Discovery Education
© 2006 Jupitermedia Corporation Webcast TitleSuccessful Rollout Planning 1 January 19, :00pm EST, 11:00am PST George Spafford, President Spafford.
Primavera Highlights During COLLABORATE  Primavera Key Note: Making the Most of Your Oracle Primavera Investment Dick Faris, Primavera Co-Founder & Oracle.
BTS730 Communications Management Chapter 10, Information Technology Management, 5ed.
Drive Customer Satisfaction. Cut Costs. Improve Efficiencies. Oracle i Support Chris Kirby Senior Sales Consultant Oracle.
Product Portability “Optimizing Your Investment in Dimensions CM” Presented by Lovell & Mercier, Inc.
T. Rowe Price, Invest With Confidence and the Bighorn Sheep logo is a registered trademark of T. Rowe Price Group, Inc. Please dial from.
 To explain the importance of software configuration management (CM)  To describe key CM activities namely CM planning, change management, version management.
While You’re Waiting… Questions during the webinar? Use the Question and Answer box—you’re muted Please open a new, separate browser on your computer If.
Session 21 Knowledge is Power: the FSA Schools Portal and IFAP Marcello Rojtman.
Basic Introduction Training Lindsey Cook. By the end of the session, you will be able to:  Define Study Island  Implement the program with students.
Questionmark’s 2005 Users Conference  New Orleans Copyright © Questionmark Corporation and/or Questionmark Computing Limited, known collectively.
Visual Studio 2005 Team System Winning the testing space with advanced testing tools Eric Adams Program Manager Visual Studio 2005 Team System Microsoft.
Using Encryption with Microsoft SQL Server 2000 Kevin McDonnell Technical Lead SQL Server Support Microsoft Corporation.
© 2010 Oracle Corporation – Proprietary and Confidential.
0 SharePoint Search 2013 Rafael de la Cruz SharePoint Developer Seneca Resources twitter.com/delacruz_rafael
Using the Right Method to Collect Information IW233 Amanda Murphy.
WEBCAST SCHEDULE Today’s event will run one-hour long. Here are the expected times for each segment of the Webcast:  :00 – :05: Moderator introduces the.
© Copyright 2016 Cyberscience Corporation. All rights reserved. John Day Senior Consultant Cyberscience Corporation
Executive Summary - Human Factors Heuristic Evaluation 04/18/2014.
Copyright © 2006 Accenture All Rights Reserved. Accenture, its logo, and High Performance Delivered are trademarks of Accenture. Streaming at work in a.
1 © 2008 OSIsoft, Inc. – All Rights Reserved PI T&D Users Group via LiveMeeting June 18, 2008 Transmission & Distribution Webinar PI for Asset Model and.
Workflow in Microsoft Office SharePoint Server Jessica Gruber Consultant Microsoft Corporation.
PIER USER TRAINING 1 Class Date and Location. Instructor Name Instructor Contact Info 2 PIER User Training 1.
Proxysg policy optimization and troubleshooting
1Copyright © 2013 Blue Coat Systems Inc. All Rights Reserved. MANAGING SSL ON PROXYSG  Thank you for joining today’s Blue Coat Customer Support Technical.
1Copyright © 2013 Blue Coat Systems Inc. All Rights Reserved.Blue Coat Confidential – Internal Use Only COMPLETE LIFECYCLE APPROACH TO ADVANCED THREAT.
SSL Interception Planning and Implementation Best Practices Stephen Watkins, CISSP (a.m. webcast) Matthew Lange, CISSP (p.m. webcast), Blue Coat Americas.
Blue Coat Confidential Web and Mobile Application Controls Timothy Chiu Director of Product Marketing, Security July 2012.
Public Tech Instruction: Internet Safety March 26, 2014.
Building Complete Web Application Using ASP.NET 3.5 & Visual Studio 2008 Omar Khan Group Program Manager Visual Studio.
1 Copyright © 2008, Oracle. All rights reserved. Repository Basics.
| 1 EBSCOadmin EBSCO Support EDS Wiki Renata Wlodarczyk | EBSCO.
Enterprise Library 3.0 Memi Lavi Solution Architect Microsoft Consulting Services Guy Burstein Senior Consultant Advantech – Microsoft Division.
1 Copyright © 2016 Blue Coat Systems Inc. All Rights Reserved. Live Online Q&A Session! We are excited to continue the live online Q&A session immediately.
University of Florida EMS Campus Kickoff Martha Elder
Collaboration, Interpersonal Communication, and Business Etiquette
Welcome to Cisco! Getting Started…
Learning Management System
Instructional slide to Partner: REMOVE BEFORE PRESENTING TO CUSTOMER
Insert Product Photograph Here
To Join the Teleconference
Online Testing System Assessment Viewing Application (AVA)
DBM 380 EDU Lessons in Excellence-- dbm380edu.com.
Welcome to ForumPass Site Creator Training
Product Name.
Online Testing System Assessment Viewing Application (AVA)
DAT381 Team Development with SQL Server 2005
Product Name.
Product Name.
SOFT-TRONIK, a.s. ProxySG’s Policy Michal Červinka Pre-sales SE.
Online Testing System Assessment Viewing Application (AVA)
If Your Session Title Is Really Long and Stretches to Four Lines, Use This Title Slide for Your PowerPoint Presentation Your Name, Your Title/Position.
Quarterly Business Review Template
SEIU Local 1000: Improving Results through Better Project Management
ArcGIS Online Steps for Success A best practices approach
Welcome to ForumPass Site Creator Training
Presentation transcript:

1Copyright © 2013 Blue Coat Systems Inc. All Rights Reserved. PROXYSG POLICY BEST PRACTICES  Thank you for joining today’s Blue Coat Customer Support Technical Webcast! The Webcast will begin just a minute or so after the top of the hour to allow today’s very large audience sufficient time to join You may join the teleconference through the numbers provided in your invite, or listen through your computer speakers Audio broadcast will go live when the Webcast begins The Presentation will run approximately 60 minutes There will be a 30-minute Q/A session thereafter  Please submit questions using the Webex Q/A feature!

2Copyright © 2014 Blue Coat Systems Inc. All Rights Reserved. PROXYSG POLICY BEST PRACTICES BRENT “BUCKY” BALDWIN Sr. Consultant, Professional Services June 24, 2014

3Copyright © 2014 Blue Coat Systems Inc. All Rights Reserved. AGENDA  Policy Construct  Policy Integrity  Policy Optimization  Q&A

4Copyright © 2014 Blue Coat Systems Inc. All Rights Reserved.4Copyright © 2013 Blue Coat Systems Inc. All Rights Reserved. Copyright © 2014 Blue Coat Systems Inc. All Rights Reserved. The building blocks to policy POLICY CONSTRUCT

5Copyright © 2014 Blue Coat Systems Inc. All Rights Reserved. POLICY CONSTRUCT OVERVIEW Blue Coat Policy is:  Subjective  Powerful  Flexible  CPL (Content Policy Language)  VPM (Visual Policy Manager)  Hybrid

6Copyright © 2014 Blue Coat Systems Inc. All Rights Reserved. POLICY CONSTRUCT GENERAL GUIDELINES Express Separate Decisions in Separate Layers  Keep policy logic separate & distinct  One Layer  Adjacent Layers

7Copyright © 2014 Blue Coat Systems Inc. All Rights Reserved. POLICY CONSTRUCT DISTINCT LAYERS

8Copyright © 2014 Blue Coat Systems Inc. All Rights Reserved. POLICY CONSTRUCT THE MODEL Be Consistent With The Model  Default Blue Coat Policy aligns with the corporate security policy ALLOW – Easier to implement DENY – where security is more important (e.g. government or banking)  Global deny list  Global allow list  Model policy: General rules then exceptions

9Copyright © 2014 Blue Coat Systems Inc. All Rights Reserved. POLICY CONSTRUCT EXAMPLE ;Default Policy is DENY Define subnet corporate_subnet /24 end ;First, explicitly allow access to only our users client.address=corporate_subnet ALLOW ;Next, impose any authentication requirements authenticate(corp_realm) ;Next, begin to exclude specific types of requests url.domain=playboy.com DENY category=(gambling, hacking, games) exception(content_filter_denied) ;Next begin exceptions to the general rule group=execs, managers url.domain= fantasyfootball.com ALLOW

10Copyright © 2014 Blue Coat Systems Inc. All Rights Reserved. POLICY CONSTRUCT POLICY OPTIONS

11Copyright © 2014 Blue Coat Systems Inc. All Rights Reserved. POLICY CONSTRUCT ORDERING OF LAYERS Ordering of Layers

12Copyright © 2014 Blue Coat Systems Inc. All Rights Reserved. POLICY CONSTRUCT LAYER NAMING url.domain = competitor.com Deny category=(Gambling) Deny

13Copyright © 2014 Blue Coat Systems Inc. All Rights Reserved. POLICY CONSTRUCT TRIGGERS AND ACTIONS -Allow/Deny -Trace -Force_Deny -Exception

14Copyright © 2014 Blue Coat Systems Inc. All Rights Reserved. POLICY CONSTRUCT COMMON HTTP TRIGGERS ProtocolHostPortPathQueryFileExtension url.scheme= url.host= url.host.regex= url.address= url.domain= url.port= url.path= url.path.regex= url.extension= url.query= url.query.regex= url= url.regex=

15Copyright © 2014 Blue Coat Systems Inc. All Rights Reserved. 15 POLICY INTEGRITY Best practices for maintenance and operational excellence

16Copyright © 2014 Blue Coat Systems Inc. All Rights Reserved. POLICY INTEGRITY RULE EVALUATION IN LAYERS

17Copyright © 2014 Blue Coat Systems Inc. All Rights Reserved. POLICY INTEGRITY RULE EVALUATION IN LAYERS

18Copyright © 2014 Blue Coat Systems Inc. All Rights Reserved. POLICY INTEGRITY ACTIONS Allow OK Deny Force Deny Actions

19Copyright © 2014 Blue Coat Systems Inc. All Rights Reserved. POLICY INTEGRITY ALLOW VS OK TYPICAL IMPLEMENTATION url.extension=.exe DENY category=(sports) exception(content_filter_denied) client.address= /30 ALLOW

20Copyright © 2014 Blue Coat Systems Inc. All Rights Reserved. POLICY INTEGRITY ALLOW VS OK PREFERRED IMPLEMENTATION url.extension=.exe DENY client.address= /30 OK category=(sports) exception(content_filter_denied)

21Copyright © 2014 Blue Coat Systems Inc. All Rights Reserved. POLICY INTEGRITY DENY & FORCE_DENY Understand the Difference: DENY FORCE_DENY Category = (suspicious) DENY Client.address = ALLOW Category = (suspicious) Force_DENY Client.address = ALLOW

22Copyright © 2014 Blue Coat Systems Inc. All Rights Reserved. POLICY INTEGRITY OPERATORS The “and” operator: CPL: client.address= url.domain=abc.com url.extension=(exe, com) DENY

23Copyright © 2014 Blue Coat Systems Inc. All Rights Reserved. POLICY INTEGRITY OPERATORS The “and” operator with a negate: CPL: client.address= url.domain=abc.com url.extension=!(exe, com) DENY

24Copyright © 2014 Blue Coat Systems Inc. All Rights Reserved. POLICY INTEGRITY TYPICAL IMPLEMENTATION Negate and Exception: define subnet my_users / /16 end client.address=!my_users DENY category=(pornography, gambling) exception(content_filter_denied) condition=executable condition=!approved_application exception(user_defined.too_risky)

25Copyright © 2014 Blue Coat Systems Inc. All Rights Reserved. POLICY INTEGRITY PREFERRED IMPLEMENTATION Negate and Force Exception: define subnet my_users / /16 end client.address=!my_users FORCE_DENY category=(pornography, gambling) force_exception(content_filter_denied) Condition = executable condition=!approved_application exception(user_defined.too_risky)

26Copyright © 2014 Blue Coat Systems Inc. All Rights Reserved.26Copyright © 2013 Blue Coat Systems Inc. All Rights Reserved. Copyright © 2014 Blue Coat Systems Inc. All Rights Reserved. The need for speed. POLICY OPTIMIZATION

27Copyright © 2014 Blue Coat Systems Inc. All Rights Reserved. POLICY OPTIMIZATION IMPLEMENTATION TYPES CPL  Can be scripted  For implementing policy not available in the VPM Using the Visual Policy Manager (VPM) versus Content Policy Language (CPL) VPM  User-friendly  Graphical  Easy to use  Preferred method of configuring policy for most administrators  Supports subset of the functionality available through CPL

28Copyright © 2014 Blue Coat Systems Inc. All Rights Reserved. POLICY OPTIMIZATION OVERVIEW OF REGEXES  Use Regular Expressions (regex) Only When Absolutely Necessary  Are the most CPU-intensive policy that you can implement  Can result in sub-optimized policy  Sometimes used when administrators are not fully aware or don’t understand the numerous conditions available in VPM/CPL

29Copyright © 2014 Blue Coat Systems Inc. All Rights Reserved. POLICY OPTIMIZATION GENERAL REGEX GUIDELINES  Be careful with special characters: \ ^ $. | ? * + ( ) { } [ ] * is not a wildcard! * or.* are almost always unnecessary!  Be specific in what you are looking at:

30Copyright © 2014 Blue Coat Systems Inc. All Rights Reserved. POLICY OPTIMIZATION MORE REGEX GUIDELINES  Be specific in what you are looking for:

31Copyright © 2014 Blue Coat Systems Inc. All Rights Reserved. POLICY OPTIMIZATION GENERAL GUIDELINES  Place Rules Most Likely to Match at the Beginning of the Layer  Group Like Conditions  Subnets  Appropriate URL Condition  Use Definitions  Use Layer Guards

32Copyright © 2014 Blue Coat Systems Inc. All Rights Reserved. POLICY OPTIMIZATION RULE PLACEMENT Optimized Implementation url.domain= DENY url.domain= DENY url.domain= DENY url= DENY url= DENY im.buddy_id=bill DENY im.buddy_id=bob DENY Rule placement speeds processing: Typical Implementation url.domain= DENY url= DENY url= DENY url.domain= DENY im.buddy_id=bill DENY url.domain= DENY im.buddy_id=bob DENY

33Copyright © 2014 Blue Coat Systems Inc. All Rights Reserved. POLICY OPTIMIZATION SUBNETS Optimized Implementation client.address= /30 DENY Rule placement speeds processing: Typical Implementation client.address= DENY client.address= DENY client.address= DENY client.address= DENY

34Copyright © 2014 Blue Coat Systems Inc. All Rights Reserved. POLICY OPTIMIZATION APPROPRIATE URL CONDITION url.domain=company.com url.domain= url.domain= url.path=”/cgi-bin/” url= url=

35Copyright © 2014 Blue Coat Systems Inc. All Rights Reserved. POLICY OPTIMIZATION DEFINITIONS Optimized Implementation define subnet test_network / / end client.address=test_network category=(gambling) OK category=(gambling) exception(content_filter_denied Place common items into a condition Typical Implementation client.address= /8 category=(gambling) OK client.address= /16 category=(gambling) OK client.address= category=(gambling) OK client.address= category=(gambling) OK category=(gambling) exception(content_filter_denied)

36Copyright © 2014 Blue Coat Systems Inc. All Rights Reserved. POLICY OPTIMIZATION LAYER GUARDS group=corporate_user url.domain=competitor.com DENY category=(gambling) exception(content_filter_denied)

37Copyright © 2014 Blue Coat Systems Inc. All Rights Reserved. POLICY OPTIMIZATION LAYER GUARDS Optimized Implementation authenticate(myrealm) group=hr user=bluecoat\bob.kent OK url.domain=mercurynews.com/hotjobs OK url.domain=sfgate.com/jobs/ OK url.address= DENY category=(news/media) exception(content_filter_denied) Layer guards allow execution of a layer upon condition match Typical Implementation authenticate(myrealm) group=hr user=bluecoat\bob.kent OK group=hr url.domain=mercurynews.com OK group=hr url.domain=sfgate.com/jobs/ OK group=hr url.address= DENY group=hr category=(news/media) exception(content_filter_denied)

38Copyright © 2014 Blue Coat Systems Inc. All Rights Reserved. POLICY OPTIMIZATION LOCAL DATABASE

39Copyright © 2014 Blue Coat Systems Inc. All Rights Reserved. POLICY OPTIMIZATION LOCAL DATABASE

40Copyright © 2014 Blue Coat Systems Inc. All Rights Reserved. SUMMARY Policy Construct: How to express policy decisions in layers Importance of consistency within the policy model Logical ordering of layers Policy Integrity: Look at the different types of Triggers & Actions How use of Actions affect policy How the policy is evaluated Policy Optimization: VPM & CPL examples Talk about Importance of Rule Placement Correct syntax used for Conditions & Definitions within policy Use of Layer Guards

41Copyright © 2013 Blue Coat Systems Inc. All Rights Reserved. BLUE COAT CUSTOMER FORUMS  Community where you can learn from and share your valuable knowledge and experience with other Blue Coat customers  Please visit the Customer Forums pages at Coat-Support-Videos to view four new Knowledge Assets / Support Videos on ProxySG Policy. Coat-Support-Videos  Research, post and reply to topics relevant to you at your own convenience  Blue Coat Moderator Team ready to offer guidance, answer questions, and help get you on the right track  Access at forums.bluecoat.com and register for an account today!forums.bluecoat.com

42Copyright © 2013 Blue Coat Systems Inc. All Rights Reserved. THANK YOU FOR JOINING TODAY!  Please provide feedback on this webcast and suggestions for future webcasts to: Webcast replay and slide deck found here: er-support-technical-webcasts (requires BTO login)

43Copyright © 2014 Blue Coat Systems Inc. All Rights Reserved. Q&A Questions?

44Copyright © 2014 Blue Coat Systems Inc. All Rights Reserved.

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.