|
|
||
Vital
SecurityTM Appliance
Series Release Notes - Version 9.2
Table of Contents
·
New Limitations for this Release
Documentation
The following documentation is available
for Version 9.2
·
Setup
and Configuration Guide
·
Management
Console Reference Guide
·
User Identification and Authentication
Downloadable
for this Release
The following Downloadable is available for
Version 9.2
Installing This Release
To create a bootable USB key with Version 9.2:
DISCLAIMER: The most
recent Finjan USB Flash Drive Creator must be downloaded to ensure successful
installation.
Any USB Creator older
than version 1.0.6 is not supported in Vital Security 9.2.
1.
Create a
bootable USB flash device. Should you encounter any difficulties creating a bootable
USB, please contact your local System Engineer.
2.
Download
the following file USB ROOT
and extract it into the USB Flash device.
3.
Next, click and download the 9.2
ISO Image (md5) (approx
940 MB) onto your computer.
4.
Install the image according to the following
procedures:
To install this Release using USB key on NG-5000:
1.
Attach
the bootable USB flash device, and a USB keyboard and VGA monitor to the
appliance while it is still switched off.
2.
Power on
the appliance. The appliance will read automatically from the USB disk-on-key.
3.
When the
Finjan screen appears, type vs-92 to continue with this process.
4.
Let the
installation run - it will take approximately 20 minutes. After this time, the
appliance will reboot.
5.
Set up
the appliance configuration as required via an SSH connection to the Limited
Shell and by running the Setup command.
6.
After
performing Setup via the Limited Shell, log in to the Management Console. You
will be directed to the License screen where you must enter the License key
provided to you by Finjan.
7.
Navigate
to Administration > Updates > Updates Management. Click 
next to the latest
Security Update and select Install Now.
NOTE: Follow the same
installation procedure for older appliance models.
To install this Release using USB key on NG-6000/NG-8000:
1.
Attach
the bootable USB flash device, and a USB keyboard and VGA monitor to the
appliance while it is still switched off.
2.
On
NG-8000, press the Media Tray button and the Display button on the required
blade.
3.
Power on
the appliance.
4.
Press F12
to choose the Boot Device Configuration Menu. The Boot Device menu appears.
5.
In the
Boot Device menu, use the arrow key to select USB Key/Disk and press Enter.
6.
In the
screen that appears, select the required USB key and press Enter.
7.
In the
next screen, in the Persistent field, ensure that it says This boot only and
press Enter.
8.
In a few
minutes, when the Finjan screen appears, type yes to continue with this
process.
9.
Let the
installation run - it will take approximately 20 minutes. After this time, the
appliance will reboot.
10.
When the
Finjan installation screen reappears, remove the USB disk-on-key and reboot the
appliance by pressing Ctrl + Alt + Delete.
11.
Set up
the appliance configuration as required via an SSH connection to the Limited
Shell and by running the Setup command.
12.
After
performing Setup via the Limited Shell, log in to the Management Console. You
will be directed to the License screen where you must enter the License key
provided to you by Finjan.
13.
Navigate
to Administration > Updates > Updates Management. Click next to the latest
Security Update and select Install Now.
IMPORTANT NOTICES FOR EXISTING CUSTOMERS
·
Customers
working with Scanning Servers from Version 8.4.x or 8.5.0 who need to
re-install the Policy Server should use the USB Flash Device to reinstall the
same base image on all the Scanning Servers and then perform an upgrade.
·
It will
not be possible to import customer-defined Reports into Software Version 9.2.
Therefore it is recommended to export the Policy Server Database, and store the
Reports information locally, before installing this Release. The new Reporting
Tool - available in May 2008 - will allow you to run customer-defined Reports.
·
Rollback
from Versions 8.4.3 and above is supported.
New Features
- Secure
Caching
The Integrated Secured Caching allows Vital Security version 9.2 to cache HTTP objects in its local RAM and disks and provide content to the end-user that was previously requested by another user, and in so doing improves the overall response time. (When enabling Secured Caching, Vital Security works with HTTP 1.0)
§ Secure Caching requires a caching kit, which includes additional RAM and disks and a special caching license.
§ Note: After installing a caching kit, is it mandatory to reinstall the Vital Security system. For systems shipped with a caching kit, this step is not required.
- SSL
Enhancements
Vital Security version 9.2 allows system administrators to import and export the SSL certificate, as well as to generate the following certificates:
§ Self Signed Certificated – During the installation process, a new self-signed certificated is created in the system. The system administrator can create a new self-signed certificate.
§ Certificate Signing Request (CSR) – The system administrator can now generate a CSR and send it to the root CA to sign on the certificate.
Additionally,
Vital Security version 9.2 supports the Authority Information Access extension
for SSL. Authority Information Access (AIA) is an SSL extension that indicates
to the browser how it should retrieve information about the Certificate
Authority of the issuer of the SSL certificate.
- WCCP
Enhancements
Vital Security version 9.2 now supports the configuration of the Assignment Method when using WCCP.
- Limited
Shell Enhancements
Using the Limited Shell command ethconf it is possible to view the interface’s speed and duplex in Auto-negotiation mode.
- Secured
LDAP
It is now possible to connect to LDAP servers when importing users over SSL. When Vital Security connects to the LDAP server, in order to import the users, it does so over SSL.
·
New Wizards for User
and Log Management
Two
new Wizards have been developed for Vital Security version 9.2:
1. User Groups Wizard
2. Log Entry Wizard
This provides the
following benefits:
§ Task-based management of users, policies, and logs
§ User-friendly screens
§ Easy work flows
§ Intuitive navigation
The
new Management wizards are accessible through the 
icon on the top left of the Management
Console.
·
Dashboard
Enhancements
The
real-time Dashboard Console has been enhanced and now displays three additional
informative graphs.
1. Cache Memory Usage
2. Cache Hit Ratio
3. HTTP(S) Connection Count
·
Password
Synchronization
The
Limited Shell and the Management Console passwords are now synched. The need to
define the password separately for each tool has been eliminated.
·
Master Policy
A Super Administrator is now able to assign a Master Security Policy to an
administrator, ensuring that all users under this administrator use a Master
Policy in addition to the Security Policy defined by their own administrator.
In addition, the Master Policy enables the administrator to create similar
security policies for different groups without the need to duplicate a security
policy for each user group. The master policy layer is initially added without
any policy so current installations are not affected.
·
Radius Administrator
Authentication
Finjan Vital Security is now manageable by administrators defined on a RADIUS
Server. Version 9.2 enables using Radius Authentication for the Management
Console administrators.
·
Alert Enhancements
Vital Security version 9.2 can now alert administrators of security events
occurring on the network. These alerts can be received either via email or via
SNMP Traps and are split into two main sections:
§ Incoming Events – mainly malicious code, viruses, and crimeware
§ Outgoing Events – URL categories, lists, and forbidden file extensions
The
events can be configured to be triggered according to the administrator’s
needs. For more information, see the Management Console Reference Guide.
·
Data Leakage
Prevention/Protection
Finjan
now provides a new Security Content Processor, which is able to scan for
specifically defined words, phrases, or different string combinations within
documents. The DLP Content Processor enables the administrator to create
personal dictionaries using a simple Text Editor.
For a list of supported document types, see the Management Console Reference
Guide.
·
Additional File Type
Support
Vital
Security now supports scanning of malicious content within PDF and Flash files
New Limitations for this Release
·
After installing a
caching kit, it is mandatory to re-install the Vital Security system.
·
When using IE6 and
Windows XP, the Status Page case files must be downloaded twice.
MCRC Security Policy Changes
|
New Rule Name |
Description |
Rule Condition |
|
Data Leakage Prevention |
This rule was designed to scan web content in order to
prevent vital information from leaving the company network. |
Direction: Allows the administrator to trigger a rule specifically
on the request (Outgoing) or response (Incoming) phase of the transaction. Data Leakage Prevention: Allows the administrator to monitor and prevent data
leakage. |
|
Allow Known Legitimate Content |
This rule was designed to test the behavior policy profile
with a selection of files that have been approved as known legitimate content
by Finjan |
Static Content: Used to identify content based
on its signatures. |
|
Block Rich Content Application Level Vulnerabilities |
This rule triggers Flash and PDF scanning engines. |
Behavior Profile: Vulnerability Anti.dote Profile Behavior Profile: Scripts engine |
·
New Rule added to
all three Security Policies:
|
New Rule Name |
Description |
Rule Condition |
|
Data Leakage Prevention |
This rule uses the DLP Content Processor and is based on a
default Dictionary, which was predefined by Finjan. |
This rule is in X-ray format. This means that using this rule
in one of the predefined Finjan Security Policies will not block outgoing
documents but will log the results of these transactions instead. To use this
rule as a block rule, duplicate one of the Policies and uncheck the X-Ray
checkbox. |
For
more details on Advanced Policies and Rules, see Security
Policies In-Depth.
Bug Fixes for Version 9.2
1.
Scanner
stayed unsynchronized in PS HA environment after “Switch”. (Finjan
internal #27748)
2.
ARB
timeout was not respected in some cases. (Finjan internal #27119)
3.
It was
not possible to import configuration that includes policies related to
SecureComputing. (Finjan internal #27809)
4.
Excel
with embedded flash movie recognized as Document with Macro. (Finjan Internal
#28374)
5.
Save
button wasn’t enabled after deleting all URLs from a URL list (Finjan
internal #27581)
6.
Error 404
received when clicking “Online help” after opening a web
log’s transaction. (Finjan internal #27582)
7.
Scheduled
reports, which spanned over two databases, did not include the entire data
(Finjan internal #27639)
8.
Import of
a new URL list from a file failed. (Finjan internal #27752)
9.
If a
security update failed on a device, it was still sent to all devices. (Finjan
internal #27689)
10.
After
changing password the first time to a newly created administrator, Vital
Security displayed a wrong administrator. (Finjan internal #26722)
11.
In some
cases, custom block pages were displayed incorrectly. (Finjan internal #27764)
12.
When a
modified content was sent to the client, Vital Security did not send
“Connection: Close” header. (Finjan internal #27197)
13.
An error
page was displayed when the web logs were refreshed. (Finjan internal #27470)
14.
In some
cases, after configuring a Standby Policy Server, both Policy Servers were in
standby mode. (Finjan internal #27740)
15.
When WCCP
was in use and there were more than two Scanning Servers, the negotiation was
lengthy. (Finjan internal #28397)
16.
In some cases,
java applets failed to load when using HTTPS. (Finjan internal #27001)
17.
Log
viewer was not sorted by date and time. (Finjan internal #28377)
18.
When
working in transparent mode, and when the html contained an absolute URL to a
class and when the hostname in the URL is different than the hostname Java
applet failed to load. (Finjan internal #27474)
19.
It was
not possible to edit the “Settings and Defaults” options for LDAP.
(Finjan internal #27505)
20.
In some
rare cases, when editing the multiple file extension lists, an error message
was displayed. (Finjan internal #28429)
21.
A long
URL was truncated in web logs. (Finjan internal #27448)
22.
When
configuring e-mail alerts, it was not possible to delete e-mail addresses.
(Finjan internal #28432)
23.
An
administrator with view permissions to the LDAP was able to create and delete
groups. (Finjan internal #27945).
24.
In some
cases, an IP address field was not displayed properly. (Finjan internal
#28375).
25.
After
reordering imported LDAP groups in Policy Server, the groups appeared to have
the correct priority. However, clicking the browser's Refresh button usually
revealed that the groups were not in the correct order. (Finjan internal
#28392)
26.
Scanning
Server performance and stability improvements. (Finjan internal #27863)
Known Limitations
·
X-ray rules within
Policies may block traffic (Rare)
On
rare occasions; X-ray rules within "regular" Security Policies may
block traffic. This can happen when the Web server replies with non-standard
HTTP traffic.
·
Scheduled Reports:
Timeout error for large amounts of information (Finjan Internal #25319)
NOTE:
A scheduled report on a large size database may not work due to a timeout. If
this happens, run the report manually.
·
Scheduled Reports:
Reports sent in Excel format to email may not open due to naming issues (Finjan
Internal #25081)
If an error message is received, simply save the report with a different name.
This should alleviate any future problems.
·
Multiple LDAP
Servers with Kerberos is only supported on Simple Authentication (Finjan
Internal #25331, #25329)
·
Authentication fails
when enabling Upstream Authentication pass through (Finjan Internal #24259)
FTP over HTTP does not support the persistent connection required for NTLM to
be performed through proxy. Therefore, NTLM authentication between client and
upstream proxy cannot be performed through Vital Security for FTP over HTTP.
·
FTP in Transparent
mode: Cannot modify Page Block messages
When
using the browser for FTP access in Transparency mode, block messages are
generated by the client-side browser and cannot be modified.
·
ICAP Protocol FTP
over HTTP Transaction not logged as such when working with Bluecoat
FTP
over HTTP transactions via Bluecoat appear as ICAP/HTTP in the logs instead of
ICAP/FTP over HTTP.
·
Using NetCache as an
ICAP client results in problems with Windows Update (#19713)
This is a known bug in NetApp Support (Bug ID 147838).
To fix this problem:
Access NetCache's command line interface.
Type the following command: config.icapv1.incl_cont_len = on
·
Block page not sent
when attaching files in gmail (#20004)
When an end-user attempts to attach files containing suspected viruses in
gmail, the action is blocked, but a block page is not sent to the user.
However, the transaction is marked as logged in the Log View.
·
Large numbers of log
entries may cause delays when using filters
Issues regarding the Log Viewer delay have been resolved. However, there may
still be delays when using filters that result in a large number of entries.
·
Internet Explorer 6
combo box (Finjan Internal #29398)
In the case of an error in a combo box, the user will not get the extra
information tool-tip
·
No session time-out
(#29419)
A session time-out does not occur in the Device Status screen or the Log View
screen because the device is in a constant state of monitoring.
·
Integrated SSL
Scanning
If Vital Security includes the Integrated SSL Scanning license, the HTTPS port
should be port 8443 (or as configured on the Scanning Server). If Vital
Security does not have a license for SSL scanning, the HTTPS port should be
port 8080
·
Dashboard does not
work in conjunction with SNMPv3 (Finjan Internal #27597)
Customers
who have SNMPv3 configured will not be able to view Dashboard in its entirety.
·
Time periods when
defining monthly/weekly reports
Settings > System > Logging > Report Database Granularity: Changing
between the granularity will create an overlap in dates between databases.
Release
Notes – Vital Security Appliance Series
ISR
VSNG.SYSRN01 23 November 08 9.2
© Copyright 1996-2008. Finjan Software Inc. and its
affiliates and subsidiaries. All rights reserved.
All
text and figures included in this publication are the exclusive property of
Finjan and are for your personal and non-commercial use. You may not modify,
copy, distribute, transmit, display, perform, reproduce, publish, license,
create derivative works from, transfer, use or sell any part of its content in
any way without the express permission in writing from Finjan. Information in
this document is subject to change without notice and does not present a
commitment or representation on the part of Finjan. The Finjan technology
and/or products and/or software described and/or referenced to in this material
are protected by registered and/or pending patents including European Patent EP
0 965 094 B1 and U.S. Patents No. 6092194, 6154844, 6167520, 6480962, 6209103,
6298446, 6353892, 6804780, 6922693, 6944822, 6993662, 6965968, 7058822, 7076469,
7155743, 7155744, 7185358, 7418731 and may be protected by other U.S. Patents,
foreign patents, or pending applications.
Finjan,
Finjan logo, Vital Security, Vulnerability Anti.dote, Window-of-Vulnerability
and RUSafe are trademarks or registered trademarks of Finjan. Sophos and
Websense are registered trademarks of Sophos plc. McAfee is a registered
trademark of McAfee Inc. Kaspersky is a registered trademark of Kaspersky Lab.
IBM Proventia Web Filter is a registered trademark of IBM Corporation. SurfControl
and Websense are registered trademarks of Websense, Inc. Microsoft and
Microsoft Office are registered trademarks of Microsoft Corporation. All other
trademarks are the trademarks of their respective owners.
written by Sari Klaff