Forcepoint Test Scenarios

Scenarios

Forcepoint AP-Web

Proof-Of-Concept (POC)

Forcepoint. 1
Confidential
 Forcepoint Test Scenarios
Scenarios

Document Reference

Property Description

Document Name Forcepoint AP-Web – Test Scenarios

Document Owner Forcepoint

Document Author Forcepoint

and Contact
Information

Creation Date

Forcepoint has prepared this document for use by Forcepoint and the intended
recipient and addressee only. The contents of this document, which does not purport to
be comprehensive, has not been independently verified and shall remain the
confidential property of Forcepoint and must not be communicated to any other party
without the prior written approval of Websense. While this information has been
prepared in good faith, no representation or warranty, express or implied, is or will be
made and no responsibility or liability is or will be accepted by Websense or by any of
its affiliates, respective officers, employees or agents in relation to the accuracy or
completeness of this information or any other written or oral information made available
to any interested party and any such liability is expressly disclaimed. No legally binding
relations relating to the proposed transactions referred to in this RFI exist or will exist
between the parties until such time as a formal agreement providing for the proposed
transactions has been negotiated, executed and delivered by the parties. The
contents of this Response are the intellectual property of Websense. Provision of this
Response does not grant or transfer rights in relation to Websense intellectual
property contained in this Response. By accepting this RFI and the information
therein, the recipient agrees to be bound by the foregoing limitations.
Copyright © 2016 Forcepoint. All Rights
Reserved.

Forcepoint. 2
Confidential
 Forcepoint Test Scenarios
Scenarios

Table of Contents

1. Executive Summary.................................................................................................4
2. Solution Overview………………….………………………………………………………5
3. Proposed Setup…………………………………………………………………………..10
4. POC Schedule and Work Plan………………………………………………………….12
5. Web Security Gateway (WSG)Test Cases…………………………………………….13
5.1. Test: Custom Block Page to include User ID / IP Address............................... 13
5.2. Test: Internet Access Test............................................................................... 14
5.3. Test: Blocked Category ................................................................................... 14
5.4. Test: Blocked Category (Security: Malicious Web Sites & Malicious Embedded
iFrame)...................................................................................................................... 14
5.5. Test: Eicar test virus........................................................................................ 15
5.6. Test: Web 2.0 dynamic categorization............................................................. 15
5.8. Test: Application Protocol Detection (APD) ..................................................... 16
5.9. Test: Authentication (as configured, if deployed) ............................................. 16
5.10. Test: Social Web Control – Granular control on Facebook access............... 16
5.11. Test: SSL /HTTPS Interception.................................................................... 17
5.12. Test: Real Time Monitor .............................................................................. 17
5.13. Test: Analysis of outgoing password file ...................................................... 17
5.14. Test: Reporting ............................................................................................ 18
6. Web DLP (Optional) .............................................................................................. 17
6.1 Test: Web data loss prevention with on-box Data Security policy engine............. 17
POC Sign-off Sheet…………………………………………………………………………….24
White Papers……………………………………………………………………………………25

Forcepoint. 3
Confidential
 Forcepoint Test Scenarios
Scenarios

1. Executive Summary

The World Wide Web has changed dramatically in the past decade. The use of Web as
an application platform, a communication medium, and a business tool, combined with
the migration of attackers on the Web, demands new solutions to help manage business
and mitigate security threats. Enterprise IT managers should carefully evaluate both the
ease of management, as well as the effectiveness, of gateway-based Web security
solutions against a constantly evolving threat landscape.

Web 2.0 sites are rapidly growing to be some of the most visited Web sites on the
Internet. The ability of users to freely create and upload content into Web 2.0 sites is
increasingly attractive to attackers who upload malicious and objectionable content onto
reputable Web 2.0 sites or onto legitimate sites that have been compromised. The ability
of a Web security gateway to detect malicious content accurately on dynamic Web sites
like Web 2.0 relies greatly on real-time analysis of content, and not just on the reputation
of the Web sites.

Web 2.0 technologies have transformed the Web into an extremely viable and
increasingly popular platform for business communications. At the same time, however,
associated rich applications featuring real-time interaction and supporting user-
generated content have also elevated its potential as a conduit for sensitive information
and made the Web a highly attractive target/vehicle for hackers.

As a result, in addition to bolstering their formerly static Web defenses with real-time
scanning, analysis, and classification capabilities, today’s chief information, security, and
compliance officers should be considering how to address data loss over the Web
channel. The secure web gateway (SWG) is a logical consolidation point in this regard,
offering the potential for reduced infrastructure, complexity and cost of ownership.

Forcepoint. 4
Confidential
 Forcepoint Test Scenarios
Scenarios

2. Solution Overview
The Forcepoint AP-Webis designed for customers that want to ensure their level of web
security increases as the web evolves from a static resource, to a dynamic
communication platform. Forcepoint AP-Webbuilds on the existing level of security
offered by Websense Web Security, adding real-time content classification and security
scanning coupled with outbound content control.

The Web Security Gateway makes the web safer and more productive for your
enterprise by securely enabling Web 2.0, consolidating your existing investment in
Websense solutions, and simplifying web management and reporting.

Forcepoint. 5
Confidential
 Forcepoint Test Scenarios
Scenarios

Securely Enable Web 2.0

Some very popular sites, thought to be safe, distribute many types of threats, making
them a launch pad to transmit malware to unsuspecting users. For example, 75% of web
sites with malicious code are compromised/legitimate sites, 60% of the top 100 most
popular web sites have either hosted or been involved in malicious activity, and 29% of
malicious web attacks included data-stealing code.

The Forcepoint AP-Webis the leading Web security solution to secure against dynamic,
Web 2.0 threats and ensure Web content is appropriate and within policy for your
organization. The Web Security Gateway provides real-time content inspection and
application control for the latest dynamic Web 2.0 content, including SSL traffic, ensuring
your IT staff is able to keep up with the latest threats.

 Built-in antivirus, along with sophisticated malware threat protection from

Websense means your network is safeguarded at multiple layers ranging from
viruses to the ever-increasing threats being exploited through Web 2.0 content.

 Visibility and control over SSL encrypted traffic, allowing administrators complete
visibility of network traffic entering and leaving the enterprise.

 Previously unseen web content such as private proxy avoidance servers can now
be effectively identified as can users trying to bypass your web security controls.
While many of these new types of Internet technologies are in wide use, the
ability to secure and control their use is not as widely deployed. Many of the
traditional IT security and control technologies simply do not address the risks
associated with accessing dynamic content in real time via these new delivery
systems.

 Network firewalls provide little protection as Web 2.0 relies primarily on standard
HTTP and HTTPS protocols that simply can’t be blocked without cutting off Web
access.

 Traditional antivirus is limited to inspecting file transfers, and many of the

greatest “drive by” threats encountered today are contained in browser scripts
that are invisible to AV.

 Web reputation services alone are ineffective as some of the most valuable sites
on the Web, such as Google or Yahoo, have fallen victim to hosting malicious
code, and simply blocking access to these sites is not an acceptable answer for
most businesses.

Develop Acceptable Use Policies For Web 2.0 Sites.

The Forcepoint AP-Webidentifies, classifies, and adapts to content trends on a global

scale to protect customers and their essential information. Websense provides the
most advanced content classification solution working in real-time. With

Forcepoint. 6
Confidential
 Forcepoint Test Scenarios
Scenarios

solid visibility into the network, administrators can create use policies that work for both
the company and employee.

 Rather than taking a “block all” approach to web security, Websense Security
Gateway can create use policies that permit good traffic to cross into your
network while blocking components from the same site that are deemed to pose
a threat to the security and safety of your network. The granular and real-time
content review approach to web security means that corporate compliance and
user demands can be met simultaneously.

 Controlling outbound content flow is equally important to maintain a secure

network. Using integrated DLP, also available from Websense, you have a single
vendor to manage Web 2.0 content and the movement of sensitive data across
your network.

Consolidate your Existing Websense Deployment

Another powerful benefit of Web Security Gateway is its compact size and consolidation
of technologies into an extensible appliance. The V10000 appliance combines multiple
Websense services onto a single platform. This reduces the number of servers, rack
space and power needed to deploy and manage your Websense security
implementation.

 The Web Security Gateway integrates the Websense web proxy into a single
appliance providing visibility and control of all types of web traffic, including SSL.
Web filtering solutions can leverage the integrated web proxy/cache allowing
administrators to maintain a single solution to monitor private channels and
satisfy business users with optimal performance of their web activities.

 Whereas Websense Web Filter and Web Security solutions can integrate directly
with these network components, and use them to re-direct web traffic, the Web
Security Gateway uses its integrated proxy capabilities built in to the product to
analyse the web content traversing the network. The Web Security Gateway
effectively captures all web traffic, co-existing with existing network infrastructure
components such as a firewall, router etc.

 Forcepoint AP-Webalso helps you consolidate other expensive, legacy

architecture (i.e., third-party proxy solutions) with a single web management
solution.

Forcepoint. 7
Confidential
 Forcepoint Test Scenarios
Scenarios

Simplifly Management and Reporting

No web security solution is complete without a comprehensive management dashboard.

The single console delivered in the Web Security Gateway aggregates data on web
security events into comprehensive summary and customised reports. Reports can
easily be generated to show categories of malicious URLs or categories of specific
threats, all from a single interface and in real time.

 With the new task-based dashboard of Web Security Gateway, administrators

can drill down into security events to view more details behind each of the
statistics. The time to resolve or investigate security incidents is reduced as
administrators can pinpoint problem areas with a single view. Administrators can
take immediate action on any threat, especially dynamic threats caused as a
result of Web 2.0 content. Web Security Gateway allows IT to go well beyond
traditional page blocking to address sections of content within the same page.
The difference in this capability is compelling because the “all or nothing”
approach to managing web access is eliminated.

 55 built-in reports can easily be automated for generation and distribution to key
stakeholders to track all aspects of your web security and blocking activity.

Maximize your Websense Investment

The Forcepoint AP-Webis an integrated solution providing greater functionality and

controls than found with typical proxy and firewall solutions. To keep pace with the
current threats from dynamic content IT staffs desire advanced application controls.

 The Web Security Gateway provides over 125 controls to manage thousands of
web applications, including IM and P2P, ensuring that your network can be
managed and secured against today’s latest technologies. With only a check of a

Forcepoint. 8
Confidential
 Forcepoint Test Scenarios
Scenarios

box, you can instantly control what applications can communicate over your
network.

 Updates for new or updated applications are automatic, keeping networks safe
against today’s threats. This means no additional time is required to stay up to
date and no additional IT resources are consumed trying to anticipate changes to
applications.

Forcepoint. 9
Confidential
 Forcepoint Test Scenarios
Scenarios

3. Proposed Setup

Figure 3-1: Explicity Proxy Setup

Forcepoint. 10
Confidential
 Forcepoint Test Scenarios
Scenarios

4. POC Schedule and Work Plan

Initial Meeting
Discussion on the Forcepoint AP-WebPOC requirements and setup

Forcepoint AP-WebInstallation
Forcepoint AP-Webwill be installed on the V5000 G2 appliance. Afterwards,
corresponding patches, if necessary, will be installed. The Websense Master Database
will be downloaded.

Websense TRITON Infrastructure, Log Server and Real-Time Monitor Installation

Websense TRITON Infrastructure will be installed on the Windows Server 2008 R2
64- bit OS machine. Subsequently, the Microsoft SQL 2008 R2 database, Websense
Log Server and Real Time Monitor (RTM) component will be installed on this
machine. Additional patches will be applied as required.

Configuration, Troubleshooting and Fine Tuning

Initial configuration of the Websense Web Security Gateway settings will be done.
Should there be any issues that will be encountered along the way, the troubleshooting
will commence. Afterwards, the configuration fine-tuning will be done on the Forcepoint
AP-Websetup.

Testing
Forcepoint AP-Webtest cases will be executed for the POC proper. Expected results
will be generated afterwards.

Report Generation
Report will be generated during the entire duration for the POC process and will be
submitted to the customer for reference purposes.

POC Wrap-up and Acceptance

All POC reports on test cases conducted will be summarized and submitted to the client.
Furthermore, the client will sign the POC document after the POC proper.

Activity Day Day Day Day Day

1 2 3 4 5
Initial Meeting
Websense Web Security Gateway
and Log Server Installation
Configuration
Troubleshooting and Fine Tuning
Testing
Report Generation
POC Wrap-up and Acceptance

Forcepoint. 11
Confidential
 Forcepoint Test Scenarios
Scenarios

5. Web Security Gateway (WSG) Test Cases

Pass/Fail
5.1. Test: Custom Block Page to include User ID / IP Address

a. Under Appliance Manager UI > Administration > Toolbox,

Websense Security Block Pages. Download the block.html to local
machine for customization.
b. Add the following parameter to block.html to show user name in the
block page:
<p class=”label”>User: </p> <p
id=”UserName”>$*WS_USERNAME*$</p>

c. Upload the block.html using the Appliance Manager UI and restart

the filtering service.
d. Browse to a site that is blocked by usage policy and the block page
should show the user name.

Forcepoint. 12
Confidential
5.2. Test: Internet Access Test Pass/Fail

To perform this test, check that the policy has action based on “Confirm”
or “Quota”

1. Test coaching/continue pages/quota time

5.3. Test: Blocked Category Pass/Fail

To perform this test, check that the policy has blocked the category
“Adult Material”, “Gambling” and “Proxy Avoidance”.

2. Verify that access to this is blocked as ‘Adult Material’:

http://testdatabasewebsense.com/adultmaterial

3. Verify that access to this is blocked as ‘Gambling’.

http://testdatabasewebsense.com/gambling

4. Verify that access to this is blocked as ‘Proxy Avoidance’.

http://testdatabasewebsense.com/proxyavoidance

5.4. Test: Blocked Category (Security: Malicious Web Sites Pass/Fail

& Malicious Embedded iFrame)
1. To perform this test, check that the policy has block the category
“Malicious Web Sites” & “Malicious Embedded iFrame”.
2. From a Web browser, attempt to access:
http://testdatabasewebsense.com/maliciouswebsites
http://testdatabasewebsense.com/maliciousembeddediframe

3. Verify that access to this is blocked as “Malicious Web Sites” and

“Malicious Embedded iFrame”.

4. Verify that access to this is blocked as “Phishing”.

http://testdatabasewebsense.com/phishing
 Pass/Fail
5.5. Test: Eicar test virus
1. From a Web browser, attempt to access:
http://www.eicar.org/download/eicar.com (for fake virus)
2. Verify that access to this Web page is blocked

Pass/Fail
5.6. Test: Web 2.0 dynamic categorization
1. From a Web browser, attempt to access:
http://www.facebook.com
2. Verify that access to the Games within Facebook page is blocked as
“Games”.

Pass/Fail
5.7. Test: Application Protocol Detection (APD)
Individual applications

Repeat the steps in APD is on for the following applications/protocols

and verify that they are blocked based on policy.

 Yahoo Messenger (explicit proxy, and remove default gateway

from client box to force the traffic to go through Websense
Content Gateway)
 Microsoft Live Messenger (explicit proxy and remove default
gateway from client box to force the traffics to go through
Websense Content Gateway)

Protocol Reporting

Verify that protocols detected by APD are listed in Web Security

Investigative Reporting.
 Pass/Fail
5.8. Test: Authentication (as configured, if deployed)
LDAP Integration

1. Enable LDAP in Websense Content Gateway Manager. Enter

Domain Controller info on LDAP settings page under Security 
Access Control. Verify users are authenticated properly.
2. Verify correct user information is logged in log records using Real
Time Monitor or Testlogserver tool or Presentation reports.

Pass/Fail
5.9. Test: Social Web Control – Granular control on Facebook
access
Social Web Control - Facebook

1. To perform this test, check that the policy has block message action
under the category “Social Web Control - Facebook” and category
of “Social Networking” is allowed
2. From a Web browser, attempt to access:
http://www.facebook.com
3. Verify that access to the message action within Facebook page is
blocked.

Pass/Fail
5.10. Test: SSL /HTTPS Interception

1. Configure Policy to intercept specific categories / sites only and test

2. Ensure that the policy definition for Categories / Sites that are not
intercepted is indeed filtered as expected without decryption.

Pass/Fail
5.11. Test: Real Time Monitor
Real Time Monitor

1. Ensure all the user traffics is captured within the Real Time Monitor
Tool and it contains information about the time/user
name/url/category/action/etc
 Pass/Fai
5.12. Test: Analysis of outgoing password file l
ThreatDashboard

1. Logon to webmail like Hotmail/Live and send an email by attaching

sample Active Directory SAM database or Unix shadow file.
2. Check that the Threat Dashboard contains the this outgoing incident
with the captured file as a forensic.

passwordfiles.zip

Pass/Fail
5.13. Test: Reporting

1. Check presentation and investigative reports as well as dashboard,

drill down reports and confirm working order.
2. Show reporting for the following:
a. User / Group Reporting
b. Trend Analysis of Browsing i.e. Categories etc
c. Full Detailed Analysis of all sites accessed / blocked
d. Drillable reports
6. Web DLP (Optional)
Pass/Fail
6.1 Test: Web data loss prevention with on-box Data Security policy
engine
Web DLP:
To perform this test, you must have a Websense Content Gateway
Anywhere subscription and an installation of Data Security Management
Server on a separate system.

1. Enabling the feature (assuming that the customer’s subscription level

includes On-box integration)
a. Enable the feature DSS on-box integration. Configure > My
Proxy > Basic > Data Security and restart Websense Content
Gateway as requested.
b. Verify that the feature is selected and the configuration menu
is available under Networking
c. Verify that an alarm is generated for not being activated
2. Activate Policy Engine
a. After enabling the feature, access the DSS configuration page
Configure > My Proxy > Networking
b. Register with the DSS Manager
c. Verify in the DSS Manager (settings > Modules) that
Websense content gateway is registered.
3. Create a keyword policy via DSS Manager and deploy the policy
a. Access the DSS Manager select Key Phrases to set up
Keyword policy.
b. Once policy is set up using a keyword, deploy the settings.
c. Verify that the settings are deployed Websense Content
Gateway without an error.
4. Test out the policy
a. Access Babelfish.yahoo.com and try to translate the keyword
i. Verify that the request is blocked when trying to send a
request that contains the keyword.
b. Access a web-based email client and try to attach a text file
that contains the keyword
i. Verify that the attachment is blocked.
PoC Sign-off Sheet

Performed by:

Date:
Designation:

Witnessed by:

Date:
Designation: