Sophos

Quick product finder

Protect your sector

Education

Education
Protecting schools
and universities

Government

Government
Defending offices
across the globe

Service providers

Service providers
Keeping their
customers safe

Free tools

Alert services

WS1000 Web Appliance Frequently asked questions (FAQs)

WS1000 July 2008 upgrade

General

Specifications and network requirements

Management

Support and service

WS1000 July 2008 upgrade

What's new in the Sophos Web Appliance (Web Security and Control license)?

In addition to the bi-directional security filtering already available in the WS1000, the release includes:

  • Patent pending anonymizing proxy detection technology – identifies and blocks servers that can be used to bypass tranditional web filters in order to access banned or inappropriate content.
  • HTTPS-encrypted channel filtering – ensures that networks are not infected via personal email channels. This is a security blind spot as potentially infected attachments or malicious links can be sent into a network.
  • Automatic SafeSearch – ensures that all inappropriate content is blocked from searches access all major search engines.
  • Instant reports on browsing behavior – reveal what users are doing on the web, including categories searched for, sites visited and time spent online.
  • Active Directory forest support – for organizations that use more than one Active Directory.
  • Improved Windows Vista support.

Will existing WS1000 customers need to buy a license upgrade?

All existing Web Appliance customers will receive the new functionality automatically at no extra cost.

What will happen to existing WS1000 customers?

Existing WS1000 appliances will automatically update to the latest software when it is released on 21 July. Customers will continue to be protected without any administrator intervention. They can start using the new features at any time.

Will existing stock need to be refreshed or replaced?

No. There is no change to the WS1000 hardware platform in this release. If a customer receives a WS1000 with an old software image on it after the launch date, the software will be automatically updated during the installation. The update process will take longer than usual as it will be downloading a large update.

[TOP]
 

General

What is the WS1000 Web Appliance?

The Sophos WS1000 Web Appliance provides easy-to-manage security against web-based threats with one efficient, high-performance scanning engine in a compact appliance. It filters for both security risks (e.g. spyware, viruses and phishing) and content/productivity concerns (such as adult and gambling sites) and allows the administrator to eliminate the full spectrum of inbound and outbound web-based network threats without compromising end-user expectations for speed and efficiency.

Why has Sophos launched a web appliance?

We are building on over 20 years' experience providing best-of-breed security solutions that protect against threats to network security. Acknowledging the growth of web-based threats to enterprise network security, such as spyware, we are expanding our product range beyond email, hacking and malware solutions by offering a comprehensive web security solution.

We have been an active part of this market through a range of OEM relationships with companies such as Bluecoat and Secure Computing for many years. There are also many parallels between email and web filtering, and we will leverage the millions of messages that SophosLabs receives daily to identify known bad URLs, phishing attacks and websites that contain malicious code.

How is the Sophos solution different from other vendors' solutions?

The WS1000 is the industry’s first web security solution to provide truly integrated security against all web-based threats in an easy-to-manage appliance, setting a new standard for security and performance. It is industry-leading in terms of time to protection and has the fastest scanning engine available. Innovations include bi-dimensional URL classification and risk-sensitive scanning.

What is bi-dimensional URL classification?

Traditional URL filters allow or block access to websites based on a one-dimensional view of their assigned category (e.g. entertainment, media or search). The major limitation of this approach, aside from the challenge of simply keeping up with the proliferation of websites and how to categorize them, is that allowed sites may still pose a risk to network security based on their underlying code and file types.

Sophos’s bi-dimensional URL classification also inspects the conduct of the site (i.e. how it behaves regardless of its category), delivering a true assessment of both the security and productivity risk of a website. This approach evaluates a site’s history of malicious behavior, such as spyware distribution or the use of dangerous scripts and executables, and avoids the over-blocking that often plagues traditional URL filtering solutions attempting to ensure greater security.

What is risk-sensitive scanning?

Risk-sensitive scanning works in tandem with bi-dimensional URL classification to adapt the scope of the scan based on the web content’s assessed risk, enhancing the browsing performance of the WS1000. The result is faster access to safe web pages and more rigorous scanning of less safe pages.

A low-risk site, such as the sports site espn.com, would (if the administrator allows access to sports sites) not have its HTML and images scanned by the WS1000. However, a medium-risk site, such as download.com, would (if access to this category is permitted) have all files types and sub-directories scanned.

IMPORTANT NOTE: While the scope of the scan is variable, its depth remains the same. Files that are scanned are checked for the full spectrum of web-based threats (spyware, viruses, Trojans, worms, etc).

What are anonymizing proxies?

Anonymizing proxies disguise the true nature of a website, allowing users to bypass traditional web filters to access inappropriate content.

What are HTTPS-encrytped channels?

These are services such as Gmail that encrypt messages as they travel across the internet. Some web filters are unable to scan such pages.

How does Sophos achieve such a high degree of protection and control?

We offer this unique combination of protection and control through the visibility of SophosLabs™ - our global network of threat detection centers. SophosLabs maintain unrivaled visibility into the source and nature of web-based threats by constantly analyzing a database of billions of web pages and uncovering thousands of new malicious URLs every day. Our unrivaled visibility into web-based threats and the sites where they reside equips us to deliver unmatched security and control to our customers.

The WS1000 also scans web traffic for spyware, viruses and other malware, and is able to detect and block "phone home" traffic from bots (zombies) within the network.

How do I evaluate the WS1000?

You can request an evaluation. We will then contact you about your requirements and discuss system pre-configuration and signing our Hardware Loan Agreement.

What organization type is the WS1000 suitable for?

The WS1000 is ideal for organizations with 100-1,500 users per location that want to:

  • block spyware/malware/adware in web traffic
  • stop phishing and identity theft attempts
  • restrict access to malicious or questionable websites
  • enforce company-wide acceptable internet use policies
  • accelerate the delivery of web content through caching
[TOP]
 

Specifications and network requirements

What are the WS1000 hardware specifications?

Rack mount 1U
Dimensions (W x H x D) 16.7in x 1.7in x 14 in (424mm x 43mm x 356mm)
Processor Intel Pentium D dual-core, 3.4 GHz processor
Memory 4 GB
Hard drive 2 x 160 GB SATA 7,200 RPM hard drives
Power supply 260 W 100/240 V AC
Failover capability Network bypass card, shared configuration

What protocols does the WS1000 protect?

The WS1000 scans data transferred via HTTP (Hyper Text Transfer Protocol) and data sent on FTP (File Transfer Protocol) via HTTP. The WS1000 also ensures secure transmission via HTTPS by validating certificates. It takes a comprehensive approach to web filtering, scanning for security risks as well as offensive content and productivity concerns (such as adult or gambling sites).

What software is installed on the WS1000?

The WS1000 uses Sophos’s industry-leading scanning engine that combines anti-virus, anti-spyware and potentially unwanted application control on a hardened Linux operating system. It also features the industry’s most advanced web reputation filtering system, based on the millions of URLs captured by SophosLabs.

Do I need Linux or other software experience to use the WS1000?

No. All administration requirements are addressed via the web-based management console. Access to the command line is not required.

Does the WS1000 support Active Directory?

The WS1000 integrates seamlessly with Active Directory and Active Directory forests. Synchronization is configurable through the management console and occurs automatically.

How is the WS1000 configured?

A setup wizard walks the administrator through the basic steps. Manual configuration is also available using the web-based management console.

Can certain users or groups be opted out of content filtering?

The administrator can opt certain groups and IP addresses out of content filtering.

How is threat protection kept up to date?

Threat definition updates (distributed at no charge) are downloaded automatically every five minutes from SophosLabs. This process is monitored by Sophos, so if it detects that an appliance has not been downloading its updates on schedule, a support technician will proactively contact the administrator to inform them their WS1000 is not up to date and help take corrective action.

How are the URL filters kept up to date?

Sophos compiles a list that assesses sites based both on security risk and content category. This list is a combination of internal data from SophosLabs, third-party web indexing sources and customer feedback. We will respond in a timely fashion to all re-categorization requests.

How do upgrades work?

Software updates and upgrades occur automatically via the Sophos online repository, at no charge. The administrator can schedule non-critical updates to occur at convenient times. Critical patches and updates are installed automatically.

[TOP]
 

Management

How does the administrator manage the WS1000?

The WS1000 is a managed appliance - most of its functions are automated and its performance is maintained by Sophos, requiring negligible regular administrator involvement. All administrative functions are easily accessible through the web-based management console. This console is built around the principle of "three clicks to anywhere" - simplified navigation that ensures easy access to every function within the appliance. On-demand remote assistance and remote "heartbeat" monitoring also help to decrease the management time required for the WS1000.

Is there command-line access?

No. All administrative functions are available through the web-based management console.

What degree of policy control is possible?

Policy settings include:

  • controlling access to website categories, such as gambling, shopping or pornography
  • blocking specified file types, such as executables and streaming audio
  • preventing deliberate or accidental downloading of potentially unwanted applications or file types, such as peer-to-peer (P2P) and adware
  • blocking access to sites that contain malicious code
  • allowing IT administrators to set custom policies and groups to manage employee internet, network, and application use in order to balance work-related and personal internet use
  • enabling time-based policies so administrators can define web browsing policies that vary based on the time of day

The WS1000 combines site access control with advanced risk avoidance, allowing administrators to set policy according to website category and the degree of code or application risk posed by an individual site. For example, the administrator can allow access to sites that deliver streaming audio or video (category), and through the second dimension (risk), block access to a particular streaming audio site that is known by SophosLabs to host malicious content. This provides the optimum balance of control and security that competitive solutions cannot match, effectively eliminating the over-block/under-block risk and the immense administrative burden of constantly tweaking the security policy to handle such situations.

How can I control productivity by blocking URLs?

Our comprehensive 24 million URL classification database provides 54 focused categories so organizations can choose how best to protect against loss of productivity, risk of legal liability, and use of excessive bandwidth. With these features and more, the WS1000 combines powerful flexibility with rich functionality. For example:

  • IT administrators can set custom acceptable use policies to manage employee internet, network, and application use, balancing work-related and personal internet use.
  • Administration is easy with our central management console. It takes a minimum of effort to set, enforce, and maintain internet use policies.
  • Time-based policies enable administrators to define web browsing policies that vary based on the time of day. For example, organizations may wish to offer less restrictive browsing for their employees during lunchtime and after work.

Categories

  • Adult/Sexually Explicit
  • Advertisements & Pop-Ups
  • Alcohol & Tobacco
  • Arts
  • Blogs & Forums
  • Business
  • Chat
  • Computing & Internet
  • Criminal Activity
  • Downloads
  • Education
  • Entertainment
  • Fashion & Beauty
  • Finance & Investment
  • Food & Dining
  • Gambling
  • Games
  • Government
  • Hacking
  • Health & Medicine
  • Hobbies & Recreation
  • Hosting Sites
  • Illegal Drugs
  • Infrastructure
  • Intimate Apparel & Swimwear
  • Intolerance & Hate
  • Job Search & Career Development
  • Kid's Sites
  • Motor Vehicles
  • News
  • Peer-to-Peer
  • Personals and Dating
  • Philanthropic & Professional Orgs.
  • Phishing & Fraud
  • Photo Searches
  • Politics
  • Proxies & Translators
  • Real Estate
  • Reference
  • Religion
  • Ring tones/Mobile Phone Downloads
  • Search Engines
  • Sex Education
  • Shopping
  • Society & Culture
  • Spam URLs
  • Sports
  • Spyware
  • Streaming Media
  • Tasteless & Offensive
  • Travel
  • Violence
  • Weapons
  • Web-based email

How do administrators review policy settings, reports and logs?

All policy settings are easily reviewed and modified through the management console. Reports are also generated through the console. Logs can also be searched against a range of variables.

What kind of reporting is available from the WS1000?

Reports are available based on security and productivity concerns, and include:

  • Traffic patterns (page requests, downloads)
  • Blocked illegitimate traffic
  • System performance (throughput and latency)
  • User requests (site access)
  • Sites visited by user
  • Visitors by domain

Can users report errors and/or omissions?

Yes. Users who think a site is incorrectly blocked or allowed can submit a request directly to the administrator, who can then determine how to handle the specific URL. The administrator can add new sites and determine the access policy through the management console.

[TOP]
 

Support and service

How is the WS1000 supported?

You can access Sophos’s industry-leading support network via inbound telephone or email requests 24/7/365. You can also access the Sophos knowledgebase for extensive self-help. Sophos does not outsource support, and serves as the first and only line of contact on all matters relating to hardware and software.

Are the support contacts different from other Sophos products?

No. We maintain a single support structure for all Sophos products. Support is not outsourced, and is available 24 hours a day, seven days a week.

How is system health monitored?

The WS1000 uses an intelligent array of built-in sensors that constantly monitor and report on system status. These sensors monitor hardware health, network connectivity, threat definition and software update status, and more.

What technologies are used to support the WS1000?

The built-in sensors trigger email notifications that get sent to the system administrator and, for some issues, to Sophos as well. If we need to respond, we will do so via email or text messaging (Standard support). If you opt for Sophos’s Premium support package, we will respond via telephone.

What types of alert are sent to Sophos?

Sophos receives Event Driven Notifications (EDN) in the case of any mission-critical system failure. EDNs typically cover elements such as software updates and hardware performance such as disk space, temperature and component failure.

What if I need further assistance?

The WS1000 also offers instant remote assistance via a secure tunnel (SSH) connection between the appliance and Sophos.

How does Sophos maintain security during remote assistance sessions?

SSH connections are fully encrypted for security, and responses are restricted to Sophos IP addresses to eliminate interception. The connection can only be initiated by the appliance administrator, as an outbound request to Sophos. The session remains open until the administrator closes it or 4 hours have passed. Furthermore, all changes made to the appliance configuration and settings are logged, providing complete transparency into everything that a Sophos support engineer does.

Can remote monitoring be disabled?

Yes. The administrator can turn off the remote monitoring function.

What is the warranty on the WS1000?

The hardware comes with an Advance Replacement Warranty against manufacturer defects for up to three years and as long as a valid license is in place. In the event of hardware failure, Sophos will replace the appliance unit at no cost to the customer before the customer returns the failed unit to the local depot (Boston or Eindhoven).