Surf Control v5.5 manual User Name Resolution, Eum

Page 18

INSTALLATION DECISIONS

User Name Resolution

2

USER NAME RESOLUTION

By default, SurfControl Web Filter doesn’t monitor user names. The Configuration Wizard enables you to monitor your users by name, in the following ways:

•By using ISA Server to authenticate user names. This also prevents having to install EUM on all your domain controllers. This is the recommended method.

•By installing the supplied Enterprise User Monitor (EUM) utility, which you can install either on your domain controllers, Novell NDS tree servers or via a logon program stored on your network.

•By issuing a NetBIOS query based on the MAC address.

Note: Web Filter supports three monitoring methods: user name, workstation name or IP address.

SurfControl recommends monitoring by user because:

•Monitoring by workstation name only identifies the machine requesting the data, not the user who originated the request.

•Monitoring by user name is more convenient in a workplace where employees share or swap machines frequently.

•Monitoring by user name enables you to filter users based on NT Users and Groups.

•Monitoring by user name makes it easier to track users that frequently login to multiple machines.

Web Filter places data on the Monitor with the following precedence:

1User name resolved with NetWareEUM.

2User name resolved with EUM.

3User name based on NetBIOS query.

4Workstation ID.

5IP address.

EUM

EUM accesses Windows NT, Windows 2000 and 2003 security auditing data to resolve user names. This provides Web Filter with the ability to monitor traffic on a routed network by user name. EUM provides Web Filter with continuous, accurate reporting of logon activity by user name.

For example, when jsmith attempts to access http://www.cnn.com, Web Filter sees jsmith’s IP address in the HTTP request. EUM provides the missing link by receiving data from the domain controllers regarding jsmith’s identity.

SurfControl Web Filter for ISA v5.5

Starter Guide 13

Image 18

Contents SurfControl Web Filter Trademarks SurfControl Web Filter Table of Contents Appendix Chapter Microsoft ISA Server Edition ISA ServerHOW WEB Filter and ISA Server Interact System Requirements Hardware RequirementsGeneral System Requirements SQL Server Licensing System Requirements Installation Decisions Network Considerations User Name ResolutionIntroduction Database OptionsNetwork Considerations Deployment RecommendationsDMZ Recommendations Network Considerations Firewall Port Configuration Web Filter communication portsISA Server Authentication ISA ServerISA Server 2004/2006 User Name Resolution EUMEUM on Windows 2000 and 2003 domain controllers Methods of Installing EUMEUM Agent on Domain Controllers EUM on Windows NT domain controllersBefore installation Netwareeum Ignoring Users in NetWare EUMLogging Levels Installing the Login Agent on Windows 2000 EUM Login AgentInstalling the Login Agent on NT Domains Login Agent LocationEumLogin.ini file Below is a copy of the supplied .ini fileHow to configure the file EumLogin.ini file sectionsConfiguring a logon and logoff script Add an Exception to the Windows FirewallDatabase Considerations Database PlatformsSQL Server Express SQL Server SQL Server minimum requirements on Web Filter serverWindows Authentication Database AuthenticationReasons to Install SQL Server on a Dedicated Server SQL AuthenticationCategorization Options Other ConsiderationsInternet Threat Database Internet Threat Database Improvement ProgramRemote Administration Client Mail NotificationsRemote Administration Client minimum requirements Privacy Edition ConsiderationsInstalling Web Filter Installation Process NetWare client on to the Web Filter serverInstalling SQL Server Express Optional Installing Surfcontrol WEB Filter Select I accept the terms of the license agreementInstalling SurfControl Web Filter Select SurfControl Web Filter Installing SurfControl Web Filter Installing SurfControl Web Filter Changes to the Server Configuring WEB Filter Configuring Web Filter Configuring Web Filter Configuring Web Filter Configuring Web Filter Configuring Web Filter Internet Threat Database Update screen is displayed Automatic Database Management screen is displayedThreat Database Configuring Web Filter Click Add to list Enterprise User Monitoring recommended NetBIOS Configuring Web Filter Configuring Web Filter Installing Service Pack Installing Service Pack Installing Service Pack Further Configuration Firewall Policy Rules for ISA Server 2004 Post Installation TasksALL Installations Network DependentInstalling the EUM Agent on Your Domain Controllers User Name Resolution Making changes to the EUM Agent configuration Select Domain Controllers screen is displayedUser Name Resolution Installing the EUM Login Agent on Your Network Installing NetwareeumAdd Web Filter Servers to NetWare EUM Automatically loading the NetWare EUMUnloading the NetWare EUM Ignored users in NetWare EUMInstall Surfcontrol Report Central Installing the Remote Administration Client Select I accept the terms of the license agreement Select Remote Administration Installing the Remote Administration Client Remote Administration Client and Windows Vista InstallShield Wizard Complete screen is displayedFirewall Policy Rules Allow Internet Threat Database UpdatesConfigure IE and the VCA Allow VCA Spider FunctionalityFrom Access Rule Destinations, click Add Allow the Remote Administration Client AccessConfigure a Firewall Policy Rule for the VCA From the Primary Connection Information screen, click NewAllow Remote Access to Surfcontrol Report Central SRCEnter 8888 in the Port Range From field Click Apply in the Firewall Policy window Appendix Contact Technical Support Location Contact information Sales and Feedback